Jump to content

Internet Compromised


Recommended Posts

I discovered this weekend that my internet browsers are not working properly and my Microsoft Security Essentials is not accessible and the icon has been removed.  My dad uses Malwarebytes and recommended I try getting your assistance. 

 

Before uploading Malwarebytes:

  • Internet Explorer and Applie Safari - If I get to website requested and there is a log on process, the log on does not occur or I receive a timed out notice and am requested to log on again, which of course times out.  New tabs and windows open going to random sites, even while I've been on your website.  Also when a search engine is used and I select something I'm not taken to that website, but to random sites.  For example, I tried Walmart.com a few times and was taken to differnet sites each time.
  • Google Chrome and Mozilla Firefox - Received message that the certificate on the server has been refused or something like that.

 After uploading Malwarebytes, all my browsers take me to http://search.condui...1B-18B65C23B8B2

 

The Malwarebytes is constantly popping up "successfuly blocked access to a potentially malicious website.  Type: outgoing" even when I don't have a browser open.

  • 217.239.247
  • 195.3.145.57
  • 77.78.229.119
  • 89.28.104.253
  • 77.78.229.50

I ran the Perform Full Scan option and the following was found and the logs are attached.

  • PUP.WebCake
  • Addware.DomalQ
  • PUM.Disabled.SecurityCenter
  • Trojan.FakeMS
  • Trojan.Agent
  • Addware.MyWaySearch

I stil cannot access my Microsoft Security Essentials and things are still not right with my internet.  I paid bills online and am worried my information has been compromised, but I can't even log on to the sites now to change passwords.  Any help will be greatly appreciated. 

 

Also when I downloaded Malewarebytes, two other programs downloaded.  Should these be there?

  • Strongvault Online Backup
  • Optimizer Pro Performance Monitor

Attachments:

mbam-log-2013-07-15 (08-38-05).txt

mbam-log-2013-07-15 (10-56-03).txt

protection-log-2013-07-15.txt

Link to post
Share on other sites

Welcome to the forum, please start HERE

Post back the 2 logs here.....DDS.txt and Attach.txt

(please don't put logs in code or quotes)

P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

MrC

Note:

Please read all of my instructions completely including these.

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

I have posted the dds.txt and attach.txt logs, downloaded RogueKiller, and posted the roguekiller report.  Regadring the P2P/Piracy warning, I've never put anything like the information listed on my computer.  I checked Add or Remove Programs and none of these are listed in there.  Thank you so much for your help!

 

Here is the DDS.txt:

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 1.6.0_22
Run by Steven at 16:14:41 on 2013-07-15
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1022.104 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\SearchProtect\bin\CltMngSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\DefaultTab\DefaultTabSearch.exe
C:\Documents and Settings\Steven\Application Data\DefaultTab\DefaultTab\DTUpdate.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\ehome\McrdSvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\TOSHIBA\gigabeat room 2.0.2\TosGbWatcher.exe
C:\PROGRA~1\VISION~1\ONETOU~2.EXE
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\program files\real\realplayer\update\realsched.exe
C:\Documents and Settings\Steven\Local Settings\Application Data\Strongvault Online Backup\SMessaging.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Strongvault Online Backup\BackupAgent.exe
C:\Program Files\Optimizer Pro\OptProReminder.exe
C:\Documents and Settings\Steven\Application Data\SearchProtect\bin\cltmng.exe
C:\WINDOWS\EHOME\RMSysTry.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Yahoo!\Companion\Installs\cpn12\ytbb.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uWindow Title = Windows Internet Explorer provided by Yahoo!
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
uURLSearchHooks: ~4D25F926-B9FE-4682-BF72-8AB8210D6D75} - <orphaned>
uURLSearchHooks: ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - <orphaned>
uURLSearchHooks: ~EF99BD32-C1FB-11D2-892F-0090271D4F88} - <orphaned>
uURLSearchHooks: MyIdentityDefender: {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - c:\documents and settings\steven\local settings\application data\cyberdefender\cdmyidd.dll
uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn12\yt.dll
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn12\yt.dll
uURLSearchHooks: Vafmusic8 Toolbar: {2088f46c-e352-46dd-9434-bb81014359db} - c:\program files\vafmusic8\prxtbVafm.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn12\yt.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: IEPlugin Class: {11222041-111B-46E3-BD29-EFB2449479B1} - c:\program files\arcsoft\video downloader\ArcURLRecord.dll
BHO: Vafmusic8 Toolbar: {2088f46c-e352-46dd-9434-bb81014359db} - c:\program files\vafmusic8\prxtbVafm.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: <No Name>: {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - 
BHO: Yahoo! IE Services Button: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\documents and settings\steven\application data\defaulttab\defaulttab\DefaultTabBHO.dll
BHO: ToolbarBHO Class: {9519AF7E-638D-4933-BAD6-D33D23C79FE5} - c:\program files\arcsoft\raw thumbnail viewer\EXIFToolBar.dll
BHO: MyIdentityDefender: {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - c:\documents and settings\steven\local settings\application data\cyberdefender\cdmyidd.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn6\YTSingleInstance.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn12\yt.dll
TB: MyIdentityDefender: {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - c:\documents and settings\steven\local settings\application data\cyberdefender\cdmyidd.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Vafmusic8 Toolbar: {2088F46C-E352-46DD-9434-BB81014359DB} - c:\program files\vafmusic8\prxtbVafm.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn12\yt.dll
TB: MyIdentityDefender: {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - c:\documents and settings\steven\local settings\application data\cyberdefender\cdmyidd.dll
TB: RAW Thumbnail Viewer: {F301665A-12F8-4331-804A-5BCBD379668C} - c:\program files\arcsoft\raw thumbnail viewer\EXIFToolBar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Vafmusic8 Toolbar: {2088f46c-e352-46dd-9434-bb81014359db} - c:\program files\vafmusic8\prxtbVafm.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [PPWebCap] c:\progra~1\scansoft\paperp~1\PPWebCap.exe
uRun: [search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [YSearchProtection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Optimizer Pro] c:\program files\optimizer pro\OptProLauncher.exe
uRun: [searchProtect] c:\documents and settings\steven\application data\searchprotect\bin\cltmng.exe
uRun: [backupAgent] c:\program files\strongvault online backup\BackupAgent.exe
uRunOnce: [shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~2.EXE -Update -1103470 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; eMusic DLM/3; .NET CLR 3.0.04506.648; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; yie8)" -"http://games.yahoo.com/daily-games/wordsense"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [iAAnotif] c:\program files\intel\intel application accelerator\iaanotif.exe
mRun: [intelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [CTSysVol] c:\program files\creative\sound blaster live! 24-bit\surround mixer\CTSysVol.exe /r
mRun: [P17Helper] Rundll32 P17.dll,P17Helper
mRun: [updReg] c:\windows\UpdReg.EXE
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [Windows Media Connect 2] "c:\program files\windows media connect 2\WMCCFG.exe" /StartQuiet
mRun: [TosGbWatcher] "c:\program files\toshiba\gigabeat room 2.0.2\TosGbWatcher.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [OneTouch Monitor] c:\progra~1\vision~1\ONETOU~2.EXE
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [YMailAdvisor] "c:\program files\yahoo!\common\YMailAdvisor.exe"
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe"  -osboot
mRun: [searchProtectAll] c:\program files\searchprotect\bin\cltmng.exe
mRun: [sMessaging] "c:\documents and settings\steven\local settings\application data\strongvault online backup\SMessaging.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\steven\startm~1\programs\startup\strong~1.lnk - c:\documents and settings\steven\local settings\application data\strongvault\StrongVaultApp.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\extend~1.lnk - c:\windows\ehome\RMSysTry.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Read EXIF - c:\program files\arcsoft\raw thumbnail viewer\ArcEXIFM.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: mswsock.dll
Trusted Zone: lsac.org
Trusted Zone: lsac.org
Trusted Zone: turbotax.com
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{76757EC1-49B2-4E2A-AFBA-E59955971779} : DHCPNameServer = 192.168.0.1
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\28.0.1500.72\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
Hosts: 17.250.248.77 idisk0.mac.com idisk1.mac.com idisk2.mac.com idisk3.mac.com idisk4.mac.com idisk5.mac.com idisk6.mac.com idisk7.mac.com idisk8.mac.com idisk9.mac.com idisk10.mac.com idisk11.mac.com idisk12.mac.com idisk13.mac.com idisk14.mac.com idisk15.mac.com idisk16.mac.com idisk17.mac.com idisk18.mac.com idisk19.mac.com idisk20.mac.com idisk21.mac.com idisk22.mac.com idisk23.mac.com idisk24.mac.com idisk25.mac.com
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 195296]
R0 Spssys;Toshiba SPS Service;c:\windows\system32\drivers\spssys.sys [2006-3-1 164256]
R2 CltMngSvc;Search Protect by Conduit Updater;c:\program files\searchprotect\bin\CltMngSvc.exe [2013-5-8 97056]
R2 DefaultTabSearch;DefaultTabSearch;c:\program files\defaulttab\DefaultTabSearch.exe [2013-5-30 573952]
R2 DefaultTabUpdate;DefaultTabUpdate;c:\documents and settings\steven\application data\defaulttab\defaulttab\DTUpdate.exe [2013-7-15 107520]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2012-8-23 13672]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-7-15 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-7-15 701512]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\McrdSvc.exe [2005-10-20 96256]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-4-16 39056]
R3 Angel;Angel MPEG Device;c:\windows\system32\drivers\Angel.sys [1980-1-1 337536]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-7-15 22856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2010-4-10 266544]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-07-15 13:40:28 664 ----a-w- c:\windows\system32\d3d9caps.tmp
2013-07-15 13:31:00 -------- d-----w- c:\program files\Uninstaller
2013-07-15 13:27:44 -------- d-----w- c:\documents and settings\steven\application data\Malwarebytes
2013-07-15 13:27:22 -------- d-----w- c:\documents and settings\steven\application data\PriceGong
2013-07-15 13:26:43 -------- d-----w- c:\documents and settings\steven\application data\Strongvault
2013-07-15 13:26:08 -------- d-----w- c:\program files\Conduit
2013-07-15 13:25:49 -------- d-----w- c:\documents and settings\steven\local settings\application data\Vafmusic8
2013-07-15 13:25:47 -------- d-----w- c:\program files\Vafmusic8
2013-07-15 13:25:46 -------- d-----w- c:\documents and settings\steven\local settings\application data\Temp
2013-07-15 13:25:33 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2013-07-15 13:25:30 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-07-15 13:25:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-07-15 13:23:40 -------- d-----w- c:\documents and settings\steven\local settings\application data\CRE
2013-07-15 13:23:38 -------- d-----w- c:\documents and settings\steven\local settings\application data\Conduit
2013-07-15 13:23:35 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
2013-07-15 13:23:31 -------- d-----w- c:\documents and settings\steven\local settings\application data\Strongvault Online Backup
2013-07-15 13:23:30 -------- d-----w- c:\program files\Strongvault Online Backup
2013-07-15 13:23:30 -------- d-----w- c:\documents and settings\steven\local settings\application data\Strongvault
2013-07-15 13:23:30 -------- d-----w- c:\documents and settings\all users\application data\Strongvault Online Backup
2013-07-15 13:23:15 -------- d-----w- c:\program files\DefaultTab
2013-07-15 13:23:06 -------- d-----w- c:\documents and settings\steven\application data\DefaultTab
2013-07-15 13:23:02 -------- d-sh--w- C:\AI_RecycleBin
2013-07-15 13:22:48 -------- d-----w- c:\program files\SearchProtect
2013-07-15 13:22:35 -------- d-----w- c:\documents and settings\steven\application data\Optimizer Pro
2013-07-15 13:22:30 -------- d-----w- c:\documents and settings\steven\application data\SearchProtect
2013-07-15 13:22:08 -------- d-----w- c:\program files\Optimizer Pro
2013-07-15 13:21:56 -------- d-----w- c:\documents and settings\steven\application data\WebCake
2013-07-15 13:21:39 -------- d-----w- c:\documents and settings\all users\application data\Tarma Installer
2013-07-11 12:20:37 7068072 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a7f4ef89-9614-4e9e-8c41-e20ec5372b5e}\mpengine.dll
2013-07-05 13:20:47 7068072 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-06-17 12:03:05 -------- d-----w- c:\documents and settings\steven\application data\RealNetworks
2013-06-17 11:51:18 -------- d-----w- c:\program files\RealNetworks
2013-06-17 11:51:14 -------- d-----w- c:\documents and settings\all users\application data\RealNetworks
2013-06-17 11:50:47 -------- d-----w- c:\program files\common files\xing shared
2013-06-17 11:50:10 153736 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll
2013-06-17 11:49:51 124504 ----a-w- c:\program files\mozilla firefox\plugins\nprpplugin.dll
.
==================== Find3M  ====================
.
2013-07-12 12:35:54 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-12 12:35:54 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-17 11:48:46 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-06-17 11:48:46 348160 ----a-w- c:\windows\system32\msvcr71.dll
2013-06-08 04:55:44 385024 ------w- c:\windows\system32\html.iec
2013-06-07 21:56:06 920064 ----a-w- c:\windows\system32\wininet.dll
2013-06-07 21:56:06 43520 ------w- c:\windows\system32\licmgr10.dll
2013-06-07 21:56:05 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-06-04 07:23:02 562688 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 01:40:45 1876736 ----a-w- c:\windows\system32\win32k.sys
2013-05-09 05:28:02 1543680 ------w- c:\windows\system32\wmvdecod.dll
2013-05-08 06:10:12 421200 ----a-w- c:\windows\system32\msvcp100.dll
2013-05-03 01:30:20 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38:17 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-05-02 15:28:50 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-05-01 08:59:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2013-05-01 08:59:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
============= FINISH: 16:16:23.92 ===============
 
 
Here is the Attach.txt:
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 5/12/2005 4:42:03 PM
System Uptime: 7/15/2013 10:45:57 AM (6 hours ago)
.
Motherboard: Dell Inc.           |  | 0U7077
Processor:               Intel® Pentium® 4 CPU 3.20GHz | Microprocessor | 3192/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 144 GiB total, 41.269 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Linksys Wireless-G PCI Adapter
Device ID: PCI\VEN_1814&DEV_0201&SUBSYS_00321737&REV_01\4&10416D21&0&08F0
Manufacturer: Linksys, A Division of Cisco Systems, Inc.
Name: Linksys Wireless-G PCI Adapter
PNP Device ID: PCI\VEN_1814&DEV_0201&SUBSYS_00321737&REV_01\4&10416D21&0&08F0
Service: RT2500
.
==== System Restore Points ===================
.
RP2388: 4/14/2013 2:50:24 PM - System Checkpoint
RP2389: 4/15/2013 9:54:24 AM - Software Distribution Service 3.0
RP2390: 4/16/2013 9:53:52 AM - Software Distribution Service 3.0
RP2391: 4/17/2013 9:54:02 AM - Software Distribution Service 3.0
RP2392: 4/18/2013 9:54:43 AM - Software Distribution Service 3.0
RP2393: 4/19/2013 9:54:03 AM - Software Distribution Service 3.0
RP2394: 4/20/2013 2:31:32 AM - Software Distribution Service 3.0
RP2395: 4/20/2013 9:54:01 AM - Software Distribution Service 3.0
RP2396: 4/21/2013 9:54:50 AM - Software Distribution Service 3.0
RP2397: 4/22/2013 10:58:59 AM - Software Distribution Service 3.0
RP2398: 4/23/2013 10:59:42 AM - Software Distribution Service 3.0
RP2399: 4/24/2013 10:59:36 AM - Software Distribution Service 3.0
RP2400: 4/25/2013 10:59:43 AM - Software Distribution Service 3.0
RP2401: 4/26/2013 11:00:04 AM - Software Distribution Service 3.0
RP2402: 4/27/2013 2:17:57 AM - Software Distribution Service 3.0
RP2403: 4/27/2013 11:00:44 AM - Software Distribution Service 3.0
RP2404: 4/28/2013 10:59:55 AM - Software Distribution Service 3.0
RP2405: 4/29/2013 11:01:30 AM - Software Distribution Service 3.0
RP2406: 5/1/2013 3:37:38 PM - Software Distribution Service 3.0
RP2407: 5/2/2013 3:38:03 PM - Software Distribution Service 3.0
RP2408: 5/3/2013 3:38:02 PM - Software Distribution Service 3.0
RP2409: 5/4/2013 1:41:45 AM - Software Distribution Service 3.0
RP2410: 5/4/2013 3:38:13 PM - Software Distribution Service 3.0
RP2411: 5/5/2013 3:38:12 PM - Software Distribution Service 3.0
RP2412: 5/7/2013 6:33:49 AM - Software Distribution Service 3.0
RP2413: 5/8/2013 6:34:12 AM - Software Distribution Service 3.0
RP2414: 5/9/2013 6:34:15 AM - Software Distribution Service 3.0
RP2415: 5/10/2013 6:34:24 AM - Software Distribution Service 3.0
RP2416: 5/11/2013 2:05:58 AM - Software Distribution Service 3.0
RP2417: 5/11/2013 6:34:15 AM - Software Distribution Service 3.0
RP2418: 5/12/2013 6:34:18 AM - Software Distribution Service 3.0
RP2419: 5/13/2013 6:34:18 AM - Software Distribution Service 3.0
RP2420: 5/14/2013 6:34:47 AM - Software Distribution Service 3.0
RP2421: 5/16/2013 9:31:15 AM - Software Distribution Service 3.0
RP2422: 5/17/2013 3:00:45 AM - Software Distribution Service 3.0
RP2423: 5/18/2013 1:38:58 AM - Software Distribution Service 3.0
RP2424: 5/18/2013 3:43:39 AM - Software Distribution Service 3.0
RP2425: 5/20/2013 9:43:32 AM - Software Distribution Service 3.0
RP2426: 5/21/2013 9:43:47 AM - Software Distribution Service 3.0
RP2427: 5/22/2013 9:43:37 AM - Software Distribution Service 3.0
RP2428: 5/23/2013 9:44:10 AM - Software Distribution Service 3.0
RP2429: 5/24/2013 9:43:55 AM - Software Distribution Service 3.0
RP2430: 5/25/2013 1:31:36 AM - Software Distribution Service 3.0
RP2431: 5/25/2013 9:43:59 AM - Software Distribution Service 3.0
RP2432: 5/26/2013 9:43:49 AM - Software Distribution Service 3.0
RP2433: 5/27/2013 9:44:01 AM - Software Distribution Service 3.0
RP2434: 5/29/2013 6:58:03 AM - Software Distribution Service 3.0
RP2435: 5/30/2013 6:58:29 AM - Software Distribution Service 3.0
RP2436: 5/31/2013 6:58:08 AM - Software Distribution Service 3.0
RP2437: 6/1/2013 5:07:40 PM - Software Distribution Service 3.0
RP2438: 6/2/2013 5:07:44 PM - Software Distribution Service 3.0
RP2439: 6/3/2013 5:06:58 PM - Software Distribution Service 3.0
RP2440: 6/4/2013 5:07:18 PM - Software Distribution Service 3.0
RP2441: 6/5/2013 5:06:52 PM - Software Distribution Service 3.0
RP2442: 6/6/2013 5:06:07 PM - Software Distribution Service 3.0
RP2443: 6/7/2013 5:06:51 PM - Software Distribution Service 3.0
RP2444: 6/8/2013 1:44:42 AM - Software Distribution Service 3.0
RP2445: 6/8/2013 5:06:56 PM - Software Distribution Service 3.0
RP2446: 6/9/2013 5:06:55 PM - Software Distribution Service 3.0
RP2447: 6/10/2013 5:07:20 PM - Software Distribution Service 3.0
RP2448: 6/11/2013 5:13:19 PM - System Checkpoint
RP2449: 6/12/2013 12:10:37 PM - Software Distribution Service 3.0
RP2450: 6/13/2013 3:00:46 AM - Software Distribution Service 3.0
RP2451: 6/14/2013 3:29:59 AM - System Checkpoint
RP2452: 6/14/2013 3:37:45 AM - Software Distribution Service 3.0
RP2453: 6/15/2013 2:04:16 AM - Software Distribution Service 3.0
RP2454: 6/17/2013 6:47:52 AM - Software Distribution Service 3.0
RP2455: 6/18/2013 6:46:59 AM - Software Distribution Service 3.0
RP2456: 6/19/2013 6:46:33 AM - Software Distribution Service 3.0
RP2457: 6/20/2013 6:47:15 AM - Software Distribution Service 3.0
RP2458: 6/21/2013 7:34:50 AM - System Checkpoint
RP2459: 6/21/2013 9:44:00 AM - Software Distribution Service 3.0
RP2460: 6/22/2013 2:30:03 AM - Software Distribution Service 3.0
RP2461: 6/22/2013 9:43:02 AM - Software Distribution Service 3.0
RP2462: 6/23/2013 9:43:09 AM - Software Distribution Service 3.0
RP2463: 6/24/2013 9:43:29 AM - Software Distribution Service 3.0
RP2464: 6/26/2013 10:01:24 AM - Software Distribution Service 3.0
RP2465: 6/27/2013 10:01:13 AM - Software Distribution Service 3.0
RP2466: 6/28/2013 10:01:20 AM - Software Distribution Service 3.0
RP2467: 6/29/2013 1:40:06 AM - Software Distribution Service 3.0
RP2468: 6/29/2013 10:02:33 AM - Software Distribution Service 3.0
RP2469: 6/30/2013 10:03:23 AM - Software Distribution Service 3.0
RP2470: 7/1/2013 10:25:26 AM - System Checkpoint
RP2471: 7/2/2013 8:23:03 AM - Software Distribution Service 3.0
RP2472: 7/3/2013 8:20:42 AM - Software Distribution Service 3.0
RP2473: 7/4/2013 8:20:38 AM - Software Distribution Service 3.0
RP2474: 7/5/2013 8:20:44 AM - Software Distribution Service 3.0
RP2475: 7/11/2013 7:20:29 AM - Software Distribution Service 3.0
RP2476: 7/12/2013 3:00:43 AM - Software Distribution Service 3.0
RP2477: 7/15/2013 8:24:37 AM - Installed Strongvault Online Backup
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 8.1.3
Adobe Shockwave Player 11
AnswerWorks 4.0 Runtime - English
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft MediaImpression 2
ArcSoft Photo Book Screen Saver
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Brochures & Flyers
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Funhouse II
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Photo Prints
ArcSoft Print Creations - Poster Creator
ArcSoft Print Creations - Quick Photo Book
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
ArcSoft RAW Thumbnail Viewer
ArcSoft Software Suite
ArcSoft Video Downloader
ATT-PRT22
Auctioneer AddOns
Banctec Service Agreement
Bonjour
Broadcom Advanced Control Suite 2
BufferChm
C5500
C5500_Help
CA Yahoo! Anti-Spy (remove only)
Calendar
Canon Camera Access Library
Canon Camera Support Core Library
Canon G.726 WMP-Decoder
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture DC
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Cards
Cards_Calendar_OrderGift_DoMorePlugout
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
Creative MediaSource
Critical Update for Windows Media Player 11 (KB959772)
CustomerResearchQFolder
Dark Age of Camelot - Gold Editon
Dark Age of Camelot - Trials of Atlantis
DefaultTab
Dell Driver Reset Tool
Dell Picture Studio v3.0
Dell System Restore
DellSupport
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DocProc
DocProcQFolder
EarthLink setup files
eMusic Download Manager 3.0
eSupportQFolder
GemMaster Mystic
getPlus®_ocx
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService
GPBaseService2
GRE POWERPREP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 11.0
HP Imaging Device Functions 11.0
HP Photosmart C5500 All-In-One Driver Software 11.0 Rel .4
HP Photosmart Essential 3.5
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Update
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotosmartEssential
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
HPSSupply
iDisk Utility for Windows
Intel Application Accelerator
Intel® 537EP V9x DF PCI Modem
Internet Explorer (Enable DEP)
Internet Explorer Default Page
iPhone Configuration Utility
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Java Auto Updater
Java 6 Update 22
Learn2 Player (Uninstall Only)
Macromedia Flash Player
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
MD Simple Burner 2.0.03
Media Center Extender
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB2604042)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.0 Security Update (KB2698035)
Microsoft .NET Framework 1.0 Security Update (KB2742607)
Microsoft .NET Framework 1.0 Security Update (KB2833951)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Automated Troubleshooting Services Shim
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Fix it Center
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Standard Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Windows Journal Viewer
MobileMe Control Panel
Modem Event Monitor
Modem Helper
Modem On Hold
Move Networks Media Player for Internet Explorer
Mozilla Firefox (1.5.0.12)
MSN Messenger 7.5
MSVCSetup
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
My Dell
My Sam's Club Digital Photo Center
My Way Search Assistant
MyIdentityDefender Toolbar (CyberDefender Corporation)
NetZeroInstallers
Nikon View 6
NVIDIA Drivers
OCR Software by I.R.I.S. 11.0
OneTouch Version 3.0
OpenMG Limited Patch 3.4-04-16-16-01
OpenMG Secure Module 3.4.01
Optimizer Pro v3.1
Otto
PanoStandAlone
PaperPort 7.02
PowerDVD 5.3
PS_AIO_04_C5500_ProductContext
PS_AIO_04_C5500_Software
PS_AIO_04_C5500_Software_Min
PSSWCORE
QuickTime
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
RealUpgrade 1.1
Safari
Scan
Scrapbook
Search Protect by conduit
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834904)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shop for HP Supplies
Skype 2.5
SmartWebPrinting
SolutionCenter
Sonic DLA
Sonic Encoders
Sonic RecordNow!
Sonic Update Manager
SonicStage 2.0.06
Sound Blaster Live! 24-bit
Status
Strongvault Online Backup
SurferNETWORK Player
TeamSpeak 2 RC2
Toolbox
Top 50 Blazing Games
TOSHIBA gigabeat applications 2.0.2
TrayApp
Turbo Tax Audit Support Center 2.0
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wmoiper
TurboTax 2008 wrapper
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wmoiper
TurboTax 2009 wrapper
TurboTax 2010
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wmoiper
TurboTax 2010 wrapper
TurboTax 2011
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wmoiper
TurboTax 2011 wrapper
TurboTax 2012
TurboTax 2012 WinPerFedFormset
TurboTax 2012 WinPerReleaseEngine
TurboTax 2012 WinPerTaxSupport
TurboTax 2012 wmoiper
TurboTax 2012 wrapper
TurboTax Deluxe 2005
TurboTax Deluxe 2007
TurboTax ItsDeductible 2005
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB960763)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Vafmusic8 Toolbar
Ventrilo Client
VideoToolkit01
Viewpoint Media Player
WebFldrs XP
WebReg
WexTech AnswerWorks
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows PowerShell 1.0
Windows Presentation Foundation
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB905589
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
Yahoo! Browser Services
Yahoo! Mail Advisor
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
7/15/2013 8:35:44 AM, error: Service Control Manager [7034]  - The MBAMService service terminated unexpectedly.  It has done this 1 time(s).
7/15/2013 6:11:55 AM, error: Service Control Manager [7023]  - The Network Location Awareness (NLA) service terminated with the following error:  The specified procedure could not be found.
7/15/2013 6:11:51 AM, error: Service Control Manager [7022]  - The HP CUE DeviceDiscovery Service service hung on starting.
7/15/2013 6:11:01 AM, error: Service Control Manager [7023]  - The Computer Browser service terminated with the following error:  The specified service does not exist as an installed service.
7/15/2013 6:11:01 AM, error: Service Control Manager [7000]  - The SupportSoft Sprocket Service (dellsupportcenter) service failed to start due to the following error:  The system cannot find the file specified.
7/15/2013 6:11:01 AM, error: Service Control Manager [7000]  - The Microsoft Antimalware Service service failed to start due to the following error:  The file can not be accessed by the system.
7/15/2013 6:09:35 AM, error: sr [1]  - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'afd.sys' on the volume 'HarddiskVolume2'.  It has stopped monitoring the volume.
7/15/2013 10:48:45 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde
7/15/2013 10:46:41 AM, error: Dhcp [1002]  - The IP address lease 192.168.1.109 for the Network Card with network address 0013201737FD has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
7/13/2013 11:20:06 AM, error: Service Control Manager [7034]  - The MD Simple Burner Service service terminated unexpectedly.  It has done this 1 time(s).
7/12/2013 3:45:30 PM, error: Dhcp [1002]  - The IP address lease 192.168.1.107 for the Network Card with network address 0013201737FD has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
7/12/2013 3:21:22 PM, error: Service Control Manager [7031]  - The Microsoft Antimalware Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 15000 milliseconds: Restart the service.
7/11/2013 7:03:17 AM, error: DCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {BA126AD1-2166-11D1-B1D0-00805FC1270E}  to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20).  This security permission can be modified using the Component Services administrative tool.
7/11/2013 6:59:44 PM, error: Dhcp [1002]  - The IP address lease 192.168.1.106 for the Network Card with network address 0013201737FD has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================
 
 
Here is the RogueKiller report:
 
RogueKiller V8.6.2 [Jul  5 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Steven [Admin rights]
Mode : Scan -- Date : 07/15/2013 16:26:32
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 2 ¤¤¤
[sUSP PATH] SMessaging.exe -- C:\Documents and Settings\Steven\Local Settings\Application Data\Strongvault Online Backup\SMessaging.exe [7] -> KILLED [TermProc]
[sUSP PATH] cltmng.exe -- C:\Documents and Settings\Steven\Application Data\SearchProtect\bin\cltmng.exe [7] -> KILLED [TermProc]
 
¤¤¤ Registry Entries : 4 ¤¤¤
[RUN][sUSP PATH] HKCU\[...]\Run : SearchProtect (C:\Documents and Settings\Steven\Application Data\SearchProtect\bin\cltmng.exe [7]) -> FOUND
[RUN][sUSP PATH] HKLM\[...]\Run : SMessaging ("C:\Documents and Settings\Steven\Local Settings\Application Data\Strongvault Online Backup\SMessaging.exe" [7]) -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-4069269864-3427646250-2521742739-1005\[...]\Run : SearchProtect (C:\Documents and Settings\Steven\Application Data\SearchProtect\bin\cltmng.exe [7]) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 1 ¤¤¤
[steven][sUSP PATH] StrongVaultApp.lnk : C:\Documents and Settings\Steven\Start Menu\Programs\Startup\StrongVaultApp.lnk @C:\Documents and Settings\Steven\Local Settings\Application Data\Strongvault\StrongVaultApp.exe [-][7] -> FOUND
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][Junction] $NtUninstallKB58195$ : C:\WINDOWS\$NtUninstallKB58195$ >> \systemroot\system32\config [-] --> FOUND
 
¤¤¤ Driver : [LOADED] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection : ZeroAccess ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       localhost
17.250.248.77 idisk0.mac.com idisk1.mac.com idisk2.mac.com idisk3.mac.com idisk4.mac.com idisk5.mac.com idisk6.mac.com idisk7.mac.com idisk8.mac.com idisk9.mac.com idisk10.mac.com idisk11.mac.com idisk12.mac.com idisk13.mac.com idisk14.mac.com idisk15.mac.com idisk16.mac.com idisk17.mac.com idisk18.mac.com idisk19.mac.com idisk20.mac.com idisk21.mac.com idisk22.mac.com idisk23.mac.com idisk24.mac.com idisk25.mac.com
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: ARRAY +++++
--- User ---
[MBR] 73ab501e01a8d382dee98ac7d9f1807d
[bSP] 9e8cc5107820818e58b975ed41c3fcaf : MBR Code unknown
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 96390 | Size: 147777 Mo
2 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 302760990 | Size: 4753 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
 
+++++ PhysicalDrive1: ARRAY +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!
 
Finished : << RKreport[0]_S_07152013_162632.txt >>
 
 
 
 
Link to post
Share on other sites

Please uninstall these from your add/remove programs if you can:

DefaultTab
Search Protect by conduit
Viewpoint Media Player


--------------------------------------

Next:

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

To attach a log if needed:

Bottom right corner of this page.
more-reply-options.jpg

New window that comes up.
choose-files1.jpg

MrC

Link to post
Share on other sites

I ran the steps you posted under "Next."  When I re-ran the mbar.exe, it found no malware.  yay!  I have attached the logs from Malwarebytes Anti-Rootkit.

 

The next steps you posted to do are under "Then."  It seems to be the exact same steps as what was under Next.  Just wanted to make sure that I do need to do this again.  I have a 12 hour day tomorrow, so I won't be back to work on this until tomorrow night.  Thanks so much for your help.  We seem to be making some progress!!

 

Attachments:

mbar-log-2013-07-15 (18-46-55).txt

mbar-log-2013-07-15 (21-05-08).txt

system-log.txt

Link to post
Share on other sites

OK, I copied and pasted the wrong program the second time...it's corrected now.

anyway..........please read this:

 

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan also.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall

http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.

-----------------------------------------

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

 

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

I disabled Malwarebytes prior to running the combofix, should I?  I cannot get to Microsoft Security Essentials to disable it.  The icon is missing from my tray and when I try to access it from all programs I get an error message that the file cannot be accessed by the system.  I also tried to remove it from add/remove programs, but it advises it is already unistalled.

 

Now the Combifix is stuck with an error advising me not to click ok until I disable Microsoft Security Essentials.  Any suggestions?

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Thanks for re-opening this issue.  Sorry for the delayed response!

 

I tried running ComboFix in safemode but received the error that Microsoft Security Essentials is still running.  i cannot access MSE or uninstall it.  I tried to reinstall it and also received an error that it could not be downloaded.  It said an error has prevented the security essentials wizard from completing successfully.

 

Is my computer just expensive trash now?  What about other devices using my same internet feed?  Are they compromised too?

Link to post
Share on other sites

Please download Farbar Recovery Scan Tool and save it to a folder. (32bit version)

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
MrC
Link to post
Share on other sites

Addition.txt

 

Here is the result for the FRST.txt log and I've attached the result for the addition.txt log.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-07-2013
Ran by Steven (administrator) on 28-07-2013 08:33:18
Running from C:\Documents and Settings\Steven\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Google Inc.) C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Creative Technology Ltd) C:\WINDOWS\system32\CTsvcCDA.EXE
(Microsoft Corporation) C:\WINDOWS\eHome\ehRecvr.exe
(Microsoft Corporation) C:\WINDOWS\eHome\ehSched.exe
(Intel Corporation) C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Sony Corporation) C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\WINDOWS\ehome\RMSvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\MsPMSPSv.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) C:\WINDOWS\ehome\McrdSvc.exe
(Canon Inc.) C:\Program Files\Canon\CAL\CALMAIN.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(Intel Corporation) C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
(Creative Technology Ltd) C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
(Sonic Solutions) C:\WINDOWS\system32\dla\tfswctrl.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\gigabeat room 2.0.2\TosGbWatcher.exe
(Visioneer Inc) C:\PROGRA~1\VISION~1\ONETOU~2.EXE
(Yahoo! Inc) C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(RealNetworks, Inc.) C:\program files\real\realplayer\update\realsched.exe
(Gteko Ltd.) C:\Program Files\DellSupport\DSAgnt.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\WMPNSCFG.exe
(Microsoft Corporation) C:\WINDOWS\EHOME\RMSysTry.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\WINDOWS\eHome\ehmsas.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
(Yahoo! Inc.) C:\Program Files\Yahoo!\Companion\Installs\cpn13\ytbb.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ehTray] - C:\WINDOWS\ehome\ehtray.exe [64512 2005-08-05] (Microsoft Corporation)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [x]
HKLM\...\Run: [iAAnotif] - C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe [135168 2004-03-23] (Intel Corporation)
HKLM\...\Run: [intelMeM] - C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe [221184 2003-09-03] (Intel Corporation)
HKLM\...\Run: [CTSysVol] - C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe [57344 2003-09-17] (Creative Technology Ltd)
HKLM\...\Run: [P17Helper] - Rundll32 P17.dll,P17Helper [x]
HKLM\...\Run: [updReg] - C:\WINDOWS\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM\...\Run: [dla] - C:\WINDOWS\system32\dla\tfswctrl.exe [127035 2004-12-06] (Sonic Solutions)
HKLM\...\Run: [Windows Media Connect 2] - C:\Program Files\Windows Media Connect 2\WMCCFG.exe [8704 2006-10-18] (Microsoft Corporation)
HKLM\...\Run: [TosGbWatcher] - C:\Program Files\TOSHIBA\gigabeat room 2.0.2\TosGbWatcher.exe [118837 2005-04-26] (TOSHIBA CORPORATION)
HKLM\...\Run: [DellSupportCenter] - "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [x]
HKLM\...\Run: [OneTouch Monitor] - C:\PROGRA~1\VISION~1\ONETOU~2.EXE [86016 2001-10-16] (Visioneer Inc)
HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)
HKLM\...\Run: [YSearchProtection] - C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [111856 2009-02-03] (Yahoo! Inc)
HKLM\...\Run: [YMailAdvisor] - C:\Program Files\Yahoo!\Common\YMailAdvisor.exe [174424 2009-05-08] (Yahoo! Inc.)
HKLM\...\Run: [hpqSRMon] - C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [150016 2008-08-20] (Hewlett-Packard)
HKLM\...\Run: [ArcSoft Connection Service] - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [sunJavaUpdateSched] - "C:\Program Files\Java\jre6\bin\jusched.exe" [x]
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2008-10-15] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM\...\Run: [TkBellExe] - C:\program files\real\realplayer\update\realsched.exe [295512 2013-06-17] (RealNetworks, Inc.)
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
HKCU\...\Run: [DellSupport] - C:\Program Files\DellSupport\DSAgnt.exe [460784 2007-03-15] (Gteko Ltd.)
HKCU\...\Run: [DellSupportCenter] - "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [x]
HKCU\...\Run: [PPWebCap] - C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe [40960 2001-08-10] (Scansoft Inc.)
HKCU\...\Run: [search Protection] - C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [111856 2009-02-03] (Yahoo! Inc)
HKCU\...\Run: [YSearchProtection] - C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [111856 2009-02-03] (Yahoo! Inc)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [204288 2006-10-18] (Microsoft Corporation)
HKU\Administrator\...\Run: [DellSupport] - C:\Program Files\DellSupport\DSAgnt.exe [ 2007-03-15] (Gteko Ltd.)
HKU\Default User\...\Run: [DellSupport] - C:\Program Files\DellSupport\DSAgnt.exe [ 2007-03-15] (Gteko Ltd.)
HKU\MCX1\...\Run: [DellSupport] - C:\Program Files\DellSupport\DSAgnt.exe [ 2007-03-15] (Gteko Ltd.)
HKU\MCX1\...\Winlogon: [shell] C:\WINDOWS\eHome\McrMgr.exe [ 2005-10-26] (Microsoft Corporation) <==== ATTENTION
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Extender Resource Monitor.lnk
ShortcutTarget: Extender Resource Monitor.lnk -> C:\WINDOWS\EHOME\RMSysTry.exe (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/?fr=yfp-t-403
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Documents and Settings\Steven\Local Settings\Application Data\CyberDefender\cdmyidd.dll (CyberDefender Corp.)
URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn13\yt.dll (Yahoo! Inc.)
URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn13\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM - DefaultScope {AADD2D9D-B033-48E2-A926-C672C7251FF1} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - DefaultScope {C378ACF6-9A50-479F-9D63-0DAAD2AB5278} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {A0EC5691-FE34-413E-93F9-67978B599088} URL = http://search.conduit.com/Results.aspx?ctid=CT3300023&SearchSource=45&UM=2&q={searchTerms}
SearchScopes: HKCU - {AADD2D9D-B033-48E2-A926-C672C7251FF1} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3303001&CUI=UN25442100702618854&UM=2
SearchScopes: HKCU - {C378ACF6-9A50-479F-9D63-0DAAD2AB5278} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn13\yt.dll (Yahoo! Inc.)
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~1\ArcSoft\VIDEOD~1\ARCURL~1.DLL (ArcSoft, Inc.)
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: No Name - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll No File
BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: ToolbarBHO Class - {9519AF7E-638D-4933-BAD6-D33D23C79FE5} - C:\PROGRA~1\ArcSoft\RAWTHU~1\EXIFToolBar.dll (ArcSoft Inc.)
BHO: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Documents and Settings\Steven\Local Settings\Application Data\CyberDefender\cdmyidd.dll (CyberDefender Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\YTSingleInstance.dll (Yahoo! Inc)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn13\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Documents and Settings\Steven\Local Settings\Application Data\CyberDefender\cdmyidd.dll (CyberDefender Corp.)
Toolbar: HKLM - RAW Thumbnail Viewer - {F301665A-12F8-4331-804A-5BCBD379668C} - C:\PROGRA~1\ArcSoft\RAWTHU~1\EXIFToolBar.dll (ArcSoft Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -No Name - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} -  No File
Toolbar: HKCU -Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn13\yt.dll (Yahoo! Inc.)
Toolbar: HKCU -MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Documents and Settings\Steven\Local Settings\Application Data\CyberDefender\cdmyidd.dll (CyberDefender Corp.)
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/download/ipixx.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish.com/SnapfishActivia.cab
DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} http://rd1.surfernetwork.com/surferplugin.ocx
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {6E49B4EF-9FE5-44DF-8D04-445AA94F83DB} http://99.164.155.201/program/SonyNetworkCameraViewer.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {B2FCED61-570E-11D3-B160-00A0C9E70E84} https://www4.lsac.org/LSACD_XMLWebServices/Http/OIFActiveX/ofmctl.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5247/mcfscan.cab
Handler: ipp - No CLSID Value -
Handler: msdaipp - No CLSID Value -
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\msgrapp.dll (Microsoft Corporation)
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 03 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\m82kbsug.default
FF user.js: detected! => C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\m82kbsug.default\user.js
FF SelectedSearchEngine: Yahoo


FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 - C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF Plugin: @real.com/nppl3260;version=16.0.2.32 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.2 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.2 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.2 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.2.32 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @macromedia.com/FlashPlayer8 - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
FF SearchPlugin: C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\m82kbsug.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.png
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.src
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.png
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.src
FF Extension: No Name - C:\Documents and Settings\Steven\Application Data\Mozilla\Extensions\mozswing@mozswing.org
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\m82kbsug.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: Yahoo! Toolbar - C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\m82kbsug.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF Extension: Firefox (default) - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM\...\Firefox\Extensions: [{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}] C:\Program Files\ArcSoft\Video Downloader\Plugin_FireFox
FF Extension: ArcSoft Video Downloader Extension - C:\Program Files\ArcSoft\Video Downloader\Plugin_FireFox
FF HKLM\...\Firefox\Extensions: [RAWThumbnailViewer@arcsoft.com.cn] C:\Program Files\ArcSoft\RAW Thumbnail Viewer\FireFox Extension
FF Extension: No Name - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\FireFox Extension
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF StartMenuInternet: FIREFOX.EXE - C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

Chrome:
=======

CHR RestoreOnStartup: "https://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java Platform SE 6 U22) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Shockwave for Director) - C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Canon Online Photo Plugin Module) - C:\Program Files\Mozilla Firefox\plugins\NPCIG.dll (CANON INC.)
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
CHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll No File
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll (RealPlayer)
CHR Plugin: (RealNetworks Chrome Background Extension Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Motive Plugin) - C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Drive) - C:\DOCUME~1\Steven\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (Splendid) - C:\DOCUME~1\Steven\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\bdfkbdkkfmmckaadapdipihjfaacnkgd\3_0
CHR Extension: (YouTube) - C:\DOCUME~1\Steven\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\DOCUME~1\Steven\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (RealDownloader) - C:\DOCUME~1\Steven\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.2_0
CHR Extension: (Gmail) - C:\DOCUME~1\Steven\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx
CHR HKLM\...\Chrome\Extension: [mogmppbjfkngfoaecoialclfiabnpndg] - C:\Documents and Settings\Steven\Local Settings\Application Data\CRE\mogmppbjfkngfoaecoialclfiabnpndg.crx

========================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96370 2007-01-31] (Canon Inc.)
R2 Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [44032 1999-12-13] (Creative Technology Ltd)
S3 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [76848 2007-03-07] ()
R2 IAANTMon; C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe [73852 2004-03-23] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 McrdSvc; C:\WINDOWS\ehome\McrdSvc.exe [96256 2005-10-20] (Microsoft Corporation)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] ()
R2 NetMDSB; C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe [778240 2004-04-21] (Sony Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
R2 RMSvc; C:\WINDOWS\ehome\RMSvc.exe [28160 2005-10-20] (Microsoft Corporation)
S3 SPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe [65622 2004-01-30] (Sony Corporation)
R2 WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [53520 2000-06-26] (Microsoft Corporation)
R2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x]
S2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter [x]

==================== Drivers (Whitelisted) ====================

R3 Angel; C:\Windows\System32\DRIVERS\Angel.sys [337536 2004-10-27] (Emuzed, Inc.)
R3 b57w2k; C:\Windows\System32\DRIVERS\b57xp32.sys [186112 2004-05-29] (Broadcom Corporation)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R2 drvnddm; C:\Windows\System32\drivers\drvnddm.sys [40480 2004-11-23] (Sonic Solutions)
R3 DSproct; C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [4736 2006-10-05] (Gteko Ltd.)
R3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2008-04-15] (HP)
R3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2008-04-15] (HP)
R3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2008-04-15] (HP)
S3 IntelC51; C:\Windows\System32\DRIVERS\IntelC51.sys [1233525 2004-03-05] (Intel Corporation)
S3 IntelC52; C:\Windows\System32\DRIVERS\IntelC52.sys [647929 2004-03-05] (Intel Corporation)
S3 IntelC53; C:\Windows\System32\DRIVERS\IntelC53.sys [61157 2004-06-15] (Intel Corporation)
S3 IrBus; C:\Windows\System32\DRIVERS\IrBus.sys [46592 2008-04-13] (Microsoft Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 mohfilt; C:\Windows\System32\DRIVERS\mohfilt.sys [37048 2004-03-05] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
S3 MREMP50; C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [21248 2009-08-14] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [20096 2009-08-14] (Printing Communications Assoc., Inc. (PCAUSA))
S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 P17; C:\Windows\System32\drivers\P17.sys [840960 2004-06-09] (Creative Technology Ltd.)
S3 RT2500; C:\Windows\System32\DRIVERS\RT2500.sys [243328 2005-10-20] (Ralink Technology Inc.)
S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation)
R0 Spssys; C:\Windows\System32\drivers\spssys.sys [164256 2004-05-07] (Toshiba Corporation)
R1 sscdbhk5; C:\Windows\System32\drivers\sscdbhk5.sys [5627 2004-07-14] (Sonic Solutions)
R1 ssrtln; C:\Windows\System32\drivers\ssrtln.sys [23545 2004-07-14] (Sonic Solutions)
S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation)
R2 tfsnboio; C:\Windows\System32\dla\tfsnboio.sys [25883 2004-12-06] (Sonic Solutions)
R2 tfsncofs; C:\Windows\System32\dla\tfsncofs.sys [34843 2004-12-06] (Sonic Solutions)
R2 tfsndrct; C:\Windows\System32\dla\tfsndrct.sys [4123 2004-12-06] (Sonic Solutions)
R2 tfsndres; C:\Windows\System32\dla\tfsndres.sys [2239 2004-12-06] (Sonic Solutions)
R2 tfsnifs; C:\Windows\System32\dla\tfsnifs.sys [86586 2004-12-06] (Sonic Solutions)
R2 tfsnopio; C:\Windows\System32\dla\tfsnopio.sys [15227 2004-12-06] (Sonic Solutions)
R2 tfsnpool; C:\Windows\System32\dla\tfsnpool.sys [6363 2004-12-06] (Sonic Solutions)
R2 tfsnudf; C:\Windows\System32\dla\tfsnudf.sys [98714 2004-12-06] (Sonic Solutions)
R2 tfsnudfa; C:\Windows\System32\dla\tfsnudfa.sys [100603 2004-12-06] (Sonic Solutions)
S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation)
S3 bvrp_pci; No ImagePath
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
S3 wanatw; system32\DRIVERS\wanatw4.sys [x]

==================== NetSvcs (Whitelisted) ===================

NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

==================== One Month Created Files and Folders ========

2013-07-28 08:32 - 2013-07-28 08:32 - 01221130 _____ (Farbar) C:\Documents and Settings\Steven\Desktop\FRST.exe
2013-07-28 08:32 - 2013-07-28 08:32 - 00000000 ____D C:\FRST
2013-07-24 13:08 - 2013-07-24 13:08 - 00000000 ____D C:\WINDOWS\CSC
2013-07-16 19:50 - 2013-07-16 19:50 - 00000720 _____ C:\Documents and Settings\All Users\Desktop\Microsoft Fix it Center.lnk
2013-07-16 19:47 - 2013-07-16 19:52 - 00005038 _____ C:\FixitRegBackup.reg
2013-07-16 19:14 - 2013-07-16 19:14 - 00000000 ____D C:\Qoobox
2013-07-16 19:13 - 2013-07-24 13:14 - 05092950 ____R (Swearware) C:\Documents and Settings\Steven\Desktop\ComboFix.exe
2013-07-16 19:10 - 2013-07-24 13:17 - 00000000 ___SD C:\32788R22FWJFW
2013-07-16 19:10 - 2013-07-16 19:10 - 00000000 ____D C:\WINDOWS\erdnt
2013-07-15 21:42 - 2013-07-15 21:42 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\Vafmusic8
2013-07-15 18:42 - 2013-07-15 18:42 - 00000000 ____D C:\Documents and Settings\Steven\Desktop\mbar file
2013-07-15 16:26 - 2013-07-15 16:26 - 00138496 _____ C:\WINDOWS\system32\Drivers\afd.sys.dump
2013-07-15 16:26 - 2013-07-15 16:26 - 00003161 _____ C:\Documents and Settings\Steven\Desktop\RKreport[0]_S_07152013_162632.txt
2013-07-15 16:26 - 2013-07-15 16:26 - 00000000 ____D C:\WINDOWS\snack
2013-07-15 16:18 - 2013-07-15 16:28 - 00000000 ____D C:\Documents and Settings\Steven\Desktop\RK_Quarantine
2013-07-15 16:16 - 2013-07-15 16:16 - 00032996 _____ C:\Documents and Settings\Steven\Desktop\attach.txt
2013-07-15 16:16 - 2013-07-15 16:16 - 00024568 _____ C:\Documents and Settings\Steven\Desktop\dds.txt
2013-07-15 10:46 - 2013-07-15 20:13 - 00000000 ____D C:\Avenger
2013-07-15 08:27 - 2013-07-15 11:32 - 00000000 ____D C:\Documents and Settings\Steven\Application Data\PriceGong
2013-07-15 08:27 - 2013-07-15 08:27 - 00000000 ____D C:\Documents and Settings\Steven\Application Data\Malwarebytes
2013-07-15 08:26 - 2013-07-16 19:02 - 00000000 ____D C:\Documents and Settings\Steven\Application Data\Strongvault
2013-07-15 08:26 - 2013-07-15 08:26 - 00000000 ____D C:\Program Files\Conduit
2013-07-15 08:25 - 2013-07-15 08:35 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-15 08:25 - 2013-07-15 08:35 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-15 08:25 - 2013-07-15 08:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-07-15 08:25 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-07-15 08:23 - 2013-07-16 19:02 - 00000000 __SHD C:\WINDOWS\system32\AI_RecycleBin
2013-07-15 08:23 - 2013-07-16 19:02 - 00000000 __SHD C:\AI_RecycleBin
2013-07-15 08:23 - 2013-07-16 19:02 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Strongvault Online Backup
2013-07-15 08:23 - 2013-07-16 18:43 - 00000000 ____D C:\Documents and Settings\Steven\Local Settings\Application Data\Conduit
2013-07-15 08:23 - 2013-07-15 08:24 - 00000000 ____D C:\Documents and Settings\Steven\Local Settings\Application Data\CRE
2013-07-15 08:23 - 2013-07-15 08:23 - 00000884 __RSH C:\Documents and Settings\Steven\ntuser.pol
2013-07-15 08:23 - 2013-07-15 08:23 - 00000000 ____D C:\Documents and Settings\Steven\Application Data\DefaultTab
2013-07-15 08:21 - 2013-07-15 10:46 - 00000000 ____D C:\Documents and Settings\Steven\Application Data\WebCake
2013-07-15 08:21 - 2013-07-15 08:26 - 00000009 _____ C:\END
2013-07-15 06:14 - 2013-07-15 06:14 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Macromedia
2013-07-15 06:14 - 2013-07-15 06:14 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Adobe
2013-07-13 06:12 - 2013-07-13 06:12 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Real
2013-07-12 15:27 - 2013-07-12 15:27 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Macromedia
2013-07-12 15:26 - 2013-07-12 15:26 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Adobe
2013-07-12 03:44 - 2013-07-15 20:12 - 00796488 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2013-07-12 03:28 - 2013-07-12 03:28 - 00129116 _____ C:\WINDOWS\KB2834904.log
2013-07-12 03:28 - 2013-07-12 03:28 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904_WM11$
2013-07-12 03:26 - 2013-07-12 03:27 - 00129309 _____ C:\WINDOWS\KB2834886.log
2013-07-12 03:26 - 2013-07-12 03:26 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834886$
2013-07-12 03:25 - 2013-07-12 03:25 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850851$
2013-07-12 03:24 - 2013-07-12 03:24 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2845187$
2013-07-12 03:09 - 2013-07-12 03:11 - 00134353 _____ C:\WINDOWS\KB2846071-IE8.log
2013-07-12 03:09 - 2013-07-12 03:09 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2833951$
2013-07-12 03:07 - 2013-07-12 03:09 - 00138562 _____ C:\WINDOWS\KB2833951.log
2013-07-11 07:18 - 2013-07-12 03:25 - 00134403 _____ C:\WINDOWS\KB2850851.log
2013-07-11 07:17 - 2013-07-12 03:24 - 00135315 _____ C:\WINDOWS\KB2845187.log

==================== One Month Modified Files and Folders =======

2013-07-28 08:32 - 2013-07-28 08:32 - 01221130 _____ (Farbar) C:\Documents and Settings\Steven\Desktop\FRST.exe
2013-07-28 08:32 - 2013-07-28 08:32 - 00000000 ____D C:\FRST
2013-07-28 08:31 - 2006-07-05 21:11 - 00000366 _____ C:\WINDOWS\Tasks\Symantec NetDetect.job
2013-07-28 08:26 - 2005-05-10 14:17 - 01827503 _____ C:\WINDOWS\WindowsUpdate.log
2013-07-28 08:21 - 2013-06-17 07:03 - 00000288 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4069269864-3427646250-2521742739-1005.job
2013-07-28 08:21 - 2013-06-17 07:03 - 00000280 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4069269864-3427646250-2521742739-1005.job
2013-07-28 08:21 - 2010-03-11 18:15 - 00000280 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-4069269864-3427646250-2521742739-1005.job
2013-07-28 08:21 - 2005-05-10 13:56 - 00000000 ____D C:\WINDOWS\Registration
2013-07-28 08:21 - 2005-05-10 13:52 - 00000000 ____D C:\WINDOWS\system32\IAS
2013-07-28 08:20 - 1980-01-01 00:00 - 00007275 _____ C:\WINDOWS\system32\nvapps.xml
2013-07-28 08:19 - 2004-08-19 16:00 - 00000157 _____ C:\WINDOWS\WIADEBUG.LOG
2013-07-28 08:19 - 2004-08-19 16:00 - 00000049 _____ C:\WINDOWS\WIASERVC.LOG
2013-07-28 08:18 - 2012-11-13 07:17 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-28 08:18 - 2010-09-07 18:27 - 00000616 ____H C:\WINDOWS\Tasks\ConfigExec.job
2013-07-28 08:18 - 2005-05-10 14:17 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-07-28 08:18 - 2005-05-10 14:15 - 00002206 _____ C:\WINDOWS\system32\WPA.DBL
2013-07-24 20:52 - 2010-09-07 18:19 - 00720896 _____ C:\WINDOWS\system32\config\WindowsPowerShell.evt
2013-07-24 20:52 - 2005-05-10 14:17 - 00032460 _____ C:\WINDOWS\SchedLgU.Txt
2013-07-24 20:51 - 2005-05-12 16:42 - 00000278 ___SH C:\Documents and Settings\Steven\NTUSER.INI
2013-07-24 20:48 - 2012-11-13 07:17 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-24 20:08 - 2012-07-14 07:36 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-07-24 18:27 - 2010-09-07 18:27 - 00000580 ____H C:\WINDOWS\Tasks\DataUpload.job
2013-07-24 14:08 - 2011-01-25 19:54 - 00001965 ____C C:\WINDOWS\epplauncher.mif
2013-07-24 13:17 - 2013-07-16 19:10 - 00000000 ___SD C:\32788R22FWJFW
2013-07-24 13:14 - 2013-07-16 19:13 - 05092950 ____R (Swearware) C:\Documents and Settings\Steven\Desktop\ComboFix.exe
2013-07-24 13:08 - 2013-07-24 13:08 - 00000000 ____D C:\WINDOWS\CSC
2013-07-16 19:52 - 2013-07-16 19:47 - 00005038 _____ C:\FixitRegBackup.reg
2013-07-16 19:50 - 2013-07-16 19:50 - 00000720 _____ C:\Documents and Settings\All Users\Desktop\Microsoft Fix it Center.lnk
2013-07-16 19:50 - 2010-09-07 18:21 - 00000000 ____D C:\WINDOWS\MATS
2013-07-16 19:50 - 2010-09-07 18:21 - 00000000 ____D C:\Program Files\Microsoft Fix it Center
2013-07-16 19:49 - 2010-09-07 18:32 - 00000000 ____D C:\Documents and Settings\Steven\Local Settings\Application Data\FixItCenter
2013-07-16 19:14 - 2013-07-16 19:14 - 00000000 ____D C:\Qoobox
2013-07-16 19:10 - 2013-07-16 19:10 - 00000000 ____D C:\WINDOWS\erdnt
2013-07-16 19:02 - 2013-07-15 08:26 - 00000000 ____D C:\Documents and Settings\Steven\Application Data\Strongvault
2013-07-16 19:02 - 2013-07-15 08:23 - 00000000 __SHD C:\WINDOWS\system32\AI_RecycleBin
2013-07-16 19:02 - 2013-07-15 08:23 - 00000000 __SHD C:\AI_RecycleBin
2013-07-16 19:02 - 2013-07-15 08:23 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Strongvault Online Backup
2013-07-16 18:43 - 2013-07-15 08:23 - 00000000 ____D C:\Documents and Settings\Steven\Local Settings\Application Data\Conduit
2013-07-16 18:25 - 2008-01-27 09:43 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2013-07-15 22:35 - 2009-10-27 18:34 - 00026112 _____ C:\Documents and Settings\Steven\My Documents\Passwords.xls
2013-07-15 22:10 - 2006-01-14 16:26 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-15 21:42 - 2013-07-15 21:42 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\Vafmusic8
2013-07-15 21:42 - 2007-02-13 21:36 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2013-07-15 20:13 - 2013-07-15 10:46 - 00000000 ____D C:\Avenger
2013-07-15 20:13 - 2005-05-10 13:55 - 00000000 ____D C:\WINDOWS\IME
2013-07-15 20:13 - 2005-05-10 13:53 - 00000000 _SHDC C:\WINDOWS\$NtUninstallKB58195$
2013-07-15 20:12 - 2013-07-12 03:44 - 00796488 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2013-07-15 19:05 - 2005-12-21 13:10 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2013-07-15 18:42 - 2013-07-15 18:42 - 00000000 ____D C:\Documents and Settings\Steven\Desktop\mbar file
2013-07-15 18:30 - 2005-05-10 14:32 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Viewpoint
2013-07-15 16:28 - 2013-07-15 16:18 - 00000000 ____D C:\Documents and Settings\Steven\Desktop\RK_Quarantine
2013-07-15 16:26 - 2013-07-15 16:26 - 00138496 _____ C:\WINDOWS\system32\Drivers\afd.sys.dump
2013-07-15 16:26 - 2013-07-15 16:26 - 00003161 _____ C:\Documents and Settings\Steven\Desktop\RKreport[0]_S_07152013_162632.txt
2013-07-15 16:26 - 2013-07-15 16:26 - 00000000 ____D C:\WINDOWS\snack
2013-07-15 16:16 - 2013-07-15 16:16 - 00032996 _____ C:\Documents and Settings\Steven\Desktop\attach.txt
2013-07-15 16:16 - 2013-07-15 16:16 - 00024568 _____ C:\Documents and Settings\Steven\Desktop\dds.txt
2013-07-15 13:22 - 2013-05-16 10:02 - 00353474 _____ C:\WINDOWS\setupapi.log
2013-07-15 13:21 - 2013-05-22 10:11 - 00000408 _____ C:\WINDOWS\Tasks\SystemToolsDailyTest.job
2013-07-15 11:32 - 2013-07-15 08:27 - 00000000 ____D C:\Documents and Settings\Steven\Application Data\PriceGong
2013-07-15 10:46 - 2013-07-15 08:21 - 00000000 ____D C:\Documents and Settings\Steven\Application Data\WebCake
2013-07-15 10:46 - 2009-03-22 21:27 - 00000000 ___HD C:\WINDOWS\msdownld.tmp
2013-07-15 08:35 - 2013-07-15 08:25 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-15 08:35 - 2013-07-15 08:25 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-15 08:27 - 2013-07-15 08:27 - 00000000 ____D C:\Documents and Settings\Steven\Application Data\Malwarebytes
2013-07-15 08:26 - 2013-07-15 08:26 - 00000000 ____D C:\Program Files\Conduit
2013-07-15 08:26 - 2013-07-15 08:21 - 00000009 _____ C:\END
2013-07-15 08:25 - 2013-07-15 08:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-07-15 08:24 - 2013-07-15 08:23 - 00000000 ____D C:\Documents and Settings\Steven\Local Settings\Application Data\CRE
2013-07-15 08:23 - 2013-07-15 08:23 - 00000884 __RSH C:\Documents and Settings\Steven\ntuser.pol
2013-07-15 08:23 - 2013-07-15 08:23 - 00000000 ____D C:\Documents and Settings\Steven\Application Data\DefaultTab
2013-07-15 06:14 - 2013-07-15 06:14 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Macromedia
2013-07-15 06:14 - 2013-07-15 06:14 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Adobe
2013-07-13 06:12 - 2013-07-13 06:12 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Real
2013-07-13 02:22 - 2013-03-05 04:11 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2013-07-12 23:54 - 2012-11-13 07:19 - 00001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2013-07-12 17:53 - 2005-05-10 13:57 - 00000000 __SHD C:\Documents and Settings\NetworkService
2013-07-12 15:27 - 2013-07-12 15:27 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Macromedia
2013-07-12 15:26 - 2013-07-12 15:26 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Adobe
2013-07-12 07:36 - 2005-07-06 13:53 - 00000000 ____D C:\Documents and Settings\Steven\Local Settings\Application Data\Adobe
2013-07-12 07:35 - 2012-04-13 06:36 - 00692104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-07-12 07:35 - 2011-06-05 16:29 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-07-12 06:41 - 2010-03-11 18:15 - 00000288 _____ C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-4069269864-3427646250-2521742739-1005.job
2013-07-12 03:45 - 2008-08-10 09:29 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-12 03:45 - 2004-08-19 16:13 - 00173872 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-07-12 03:31 - 2005-05-10 13:55 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-07-12 03:28 - 2013-07-12 03:28 - 00129116 _____ C:\WINDOWS\KB2834904.log
2013-07-12 03:28 - 2013-07-12 03:28 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904_WM11$
2013-07-12 03:28 - 2005-05-10 14:16 - 03177535 _____ C:\WINDOWS\FaxSetup.log
2013-07-12 03:28 - 2005-05-10 14:16 - 01531651 _____ C:\WINDOWS\OCGEN.LOG
2013-07-12 03:28 - 2005-05-10 14:16 - 01477003 _____ C:\WINDOWS\iis6.log
2013-07-12 03:28 - 2005-05-10 14:16 - 01456029 _____ C:\WINDOWS\TSOC.LOG
2013-07-12 03:28 - 2005-05-10 14:16 - 00977732 _____ C:\WINDOWS\MSMQINST.LOG
2013-07-12 03:28 - 2005-05-10 14:16 - 00639892 _____ C:\WINDOWS\ntdtcsetup.log
2013-07-12 03:28 - 2005-05-10 14:16 - 00569822 _____ C:\WINDOWS\NETFXOCM.LOG
2013-07-12 03:28 - 2005-05-10 14:16 - 00360310 _____ C:\WINDOWS\PLUSOC.LOG
2013-07-12 03:28 - 2005-05-10 14:16 - 00333854 _____ C:\WINDOWS\MedCtrOC.log
2013-07-12 03:28 - 2005-05-10 14:16 - 00176089 _____ C:\WINDOWS\ehOCGen.log
2013-07-12 03:28 - 2005-05-10 14:16 - 00175386 _____ C:\WINDOWS\OCMSN.LOG
2013-07-12 03:28 - 2005-05-10 14:16 - 00159749 _____ C:\WINDOWS\TABLETOC.LOG
2013-07-12 03:28 - 2005-05-10 14:16 - 00158949 _____ C:\WINDOWS\MSGSOCM.LOG
2013-07-12 03:28 - 2005-05-10 14:16 - 00006148 _____ C:\WINDOWS\COMSETUP.LOG
2013-07-12 03:28 - 1980-01-01 00:00 - 00001374 _____ C:\WINDOWS\imsins.log
2013-07-12 03:27 - 2013-07-12 03:26 - 00129309 _____ C:\WINDOWS\KB2834886.log
2013-07-12 03:27 - 1980-01-01 00:00 - 00001374 _____ C:\WINDOWS\imsins.BAK
2013-07-12 03:26 - 2013-07-12 03:26 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834886$
2013-07-12 03:25 - 2013-07-12 03:25 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850851$
2013-07-12 03:25 - 2013-07-11 07:18 - 00134403 _____ C:\WINDOWS\KB2850851.log
2013-07-12 03:24 - 2013-07-12 03:24 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2845187$
2013-07-12 03:24 - 2013-07-11 07:17 - 00135315 _____ C:\WINDOWS\KB2845187.log
2013-07-12 03:22 - 2005-05-10 14:17 - 00557946 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-07-12 03:13 - 2005-05-24 17:43 - 75699896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-07-12 03:11 - 2013-07-12 03:09 - 00134353 _____ C:\WINDOWS\KB2846071-IE8.log
2013-07-12 03:11 - 2009-03-22 21:29 - 00000000 ____D C:\WINDOWS\ie8updates
2013-07-12 03:11 - 2005-05-24 17:43 - 00659801 _____ C:\WINDOWS\updspapi.log
2013-07-12 03:09 - 2013-07-12 03:09 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2833951$
2013-07-12 03:09 - 2013-07-12 03:07 - 00138562 _____ C:\WINDOWS\KB2833951.log
2013-07-12 03:01 - 2007-02-11 21:30 - 00000000 ____D C:\WINDOWS\system32\XPSViewer
2013-07-11 13:46 - 2005-05-10 13:53 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2013-07-11 13:43 - 2010-11-11 13:48 - 00000000 ____D C:\Documents and Settings\Steven\My Documents\My Scans

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Microsoft Security Client\MsMpEng.exe => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client

==================== End Of Log ============================

Link to post
Share on other sites

Please download AdwCleaner from here and save it on your Desktop.

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.

AdwCleaner is a tool that deletes :

· Adwares (software ads)

· PUP/LPI (Potentially Undesirable Program)

· Toolbars

· Hijacker (Hijack of the browser's homepage)

It works with a Search and Deletion method. It can be easily uninstalled using the "Uninstall" mode.

  • Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
  • Now click on the Search tab.
  • Please post the contents of the log-file created in your next post.
Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Note:

Please look over what was found......especially any folders, we're going to permanently delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.

If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

Please note that Antivir Webguard uses ASK Toolbar as part of its web security. If you remove ASK by using Adwcleaner, Antivir Webguard will no longer work properly. Therefore, if you use this program please use the instructions below to access the options screen where you should enable /DisableAskDetections before using AdwCleaner.

You can click on the question mark (?) in the upper left corner of the program and then click on Options. You will then be presented with a dialog where you can disable various detections. These options are described below:

/DisableAskDetection - This option disables Ask Toolbar detection.

MrC

Link to post
Share on other sites

Here is the log-file.  I don't see anything on here that I need to keep.  Thanks for helping today, by the way.  For some reason the replies earlier in the week went to spam mail.  So sorry for not getting back with you sooner.

 

# AdwCleaner v2.306 - Logfile created 07/28/2013 at 09:49:52
# Updated 19/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Steven - GDPC
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Steven\Desktop\adwcleaner.exe
# Option [search]

***** [services] *****

***** [Files / Folders] *****

File Found : C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\m82kbsug.default\searchplugins\Conduit.xml
File Found : C:\Documents and Settings\Steven\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Found : C:\Documents and Settings\Steven\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Found : C:\END
File Found : C:\Program Files\Mozilla Firefox\.autoreg
Folder Found : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Found : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Found : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Found : C:\Documents and Settings\Steven\Application Data\DefaultTab
Folder Found : C:\Documents and Settings\Steven\Application Data\iWin
Folder Found : C:\Documents and Settings\Steven\Application Data\PriceGong
Folder Found : C:\Documents and Settings\Steven\Application Data\Viewpoint
Folder Found : C:\Documents and Settings\Steven\Application Data\WebCake
Folder Found : C:\Documents and Settings\Steven\Local Settings\Application Data\Conduit
Folder Found : C:\Program Files\Conduit

***** [Registry] *****

Key Found : HKCU\Software\01192419711007700772702288657707
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\ConduitSearchScopes
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\PriceGong
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3303001
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Found : HKLM\Software\Tarma Installer
Key Found : HKLM\Software\Viewpoint
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v1.5.0.12 (en-US)

File : C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\m82kbsug.default\prefs.js

Found : user_pref("CT3303001.FF19Solved", "true");
Found : user_pref("CT3303001.UserID", "UN32236964502889311");
Found : user_pref("CT3303001.addressUrlXPETakeover", "true");
Found : user_pref("CT3303001.autoDisableScopes", -1);
Found : user_pref("CT3303001.browser.search.defaultthis.engineName", "true");
Found : user_pref("CT3303001.defaultSearchXPETakeover", "true");
Found : user_pref("CT3303001.fullUserID", "UN32236964502889311.IN.2013071582228");
Found : user_pref("CT3303001.installDate", "15/07/2013 8:22:30");
Found : user_pref("CT3303001.installSessionId", "{9FB605BD-B48B-4808-839E-6CAA19B30FB5}");
Found : user_pref("CT3303001.installSp", "TRUE");
Found : user_pref("CT3303001.installerVersion", "1.4.3.3");
Found : user_pref("CT3303001.keyword", "true");


Found : user_pref("CT3303001.originalSearchEngine", "Yahoo");
Found : user_pref("CT3303001.originalSearchEngineName", "Yahoo");
Found : user_pref("CT3303001.searchRevert", "false");
Found : user_pref("CT3303001.searchUserMode", "2");
Found : user_pref("CT3303001.smartbar.homepage", "true");
Found : user_pref("CT3303001.startPageXPETakeover", "true");
Found : user_pref("CT3303001.versionFromInstaller", "10.16.4.19");

Found : user_pref("browser.search.defaultthis.engineName", "Vafmusic8 Customized Web Search");


Found : user_pref("smartbar.addressBarOwnerCTID", "CT3303001");


Found : user_pref("smartbar.defaultSearchOwnerCTID", "CT3303001");
Found : user_pref("smartbar.homePageOwnerCTID", "CT3303001");
Found : user_pref("smartbar.machineId", "7DUYKKVHHGF2PTPUSTB1LS/DRJRVZ5GRE8DOYVCR2PF+SERH8BQYNROZB8RILHBIPQ3[...]

-\\ Google Chrome v28.0.1500.72

File : C:\Documents and Settings\Steven\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [7818 octets] - [28/07/2013 09:49:52]

########## EOF - C:\AdwCleaner[R1].txt - [7878 octets] ##########

Link to post
Share on other sites

Lots of adware found....lets clear it out.....

  • Please re-run AdwCleaner
  • Click on Delete button.
  • Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.
Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

Then......

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites

The AdwCleaner[sn}.txt and malwarebytes logs are posted below.  Is there anything else we need to do to my computer?

 

The Microsoft Security Essentials is removed from my computer now.  Should I reinstall this?  I'm a little concerned since I got this problem under their protection.  Is Malwarebytes also a security product or is it to use in conjunction with a security product?

 

# AdwCleaner v2.306 - Logfile created 07/28/2013 at 10:12:43
# Updated 19/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Steven - GDPC
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Steven\Desktop\adwcleaner.exe
# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\m82kbsug.default\searchplugins\Conduit.xml
File Deleted : C:\Documents and Settings\Steven\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\Documents and Settings\Steven\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Deleted : C:\END
File Deleted : C:\Program Files\Mozilla Firefox\.autoreg
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\Steven\Application Data\DefaultTab
Folder Deleted : C:\Documents and Settings\Steven\Application Data\iWin
Folder Deleted : C:\Documents and Settings\Steven\Application Data\PriceGong
Folder Deleted : C:\Documents and Settings\Steven\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\Steven\Application Data\WebCake
Folder Deleted : C:\Documents and Settings\Steven\Local Settings\Application Data\Conduit
Folder Deleted : C:\Program Files\Conduit

***** [Registry] *****

Key Deleted : HKCU\Software\01192419711007700772702288657707
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\PriceGong
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3303001
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\Software\Viewpoint
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v1.5.0.12 (en-US)

File : C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\m82kbsug.default\prefs.js

C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\m82kbsug.default\user.js ... Deleted !

Deleted : user_pref("CT3303001.FF19Solved", "true");
Deleted : user_pref("CT3303001.UserID", "UN32236964502889311");
Deleted : user_pref("CT3303001.addressUrlXPETakeover", "true");
Deleted : user_pref("CT3303001.autoDisableScopes", -1);
Deleted : user_pref("CT3303001.browser.search.defaultthis.engineName", "true");
Deleted : user_pref("CT3303001.defaultSearchXPETakeover", "true");
Deleted : user_pref("CT3303001.fullUserID", "UN32236964502889311.IN.2013071582228");
Deleted : user_pref("CT3303001.installDate", "15/07/2013 8:22:30");
Deleted : user_pref("CT3303001.installSessionId", "{9FB605BD-B48B-4808-839E-6CAA19B30FB5}");
Deleted : user_pref("CT3303001.installSp", "TRUE");
Deleted : user_pref("CT3303001.installerVersion", "1.4.3.3");
Deleted : user_pref("CT3303001.keyword", "true");


Deleted : user_pref("CT3303001.originalSearchEngine", "Yahoo");
Deleted : user_pref("CT3303001.originalSearchEngineName", "Yahoo");
Deleted : user_pref("CT3303001.searchRevert", "false");
Deleted : user_pref("CT3303001.searchUserMode", "2");
Deleted : user_pref("CT3303001.smartbar.homepage", "true");
Deleted : user_pref("CT3303001.startPageXPETakeover", "true");
Deleted : user_pref("CT3303001.versionFromInstaller", "10.16.4.19");

Deleted : user_pref("browser.search.defaultthis.engineName", "Vafmusic8 Customized Web Search");


Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3303001");


Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3303001");
Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3303001");
Deleted : user_pref("smartbar.machineId", "7DUYKKVHHGF2PTPUSTB1LS/DRJRVZ5GRE8DOYVCR2PF+SERH8BQYNROZB8RILHBIPQ3[...]

-\\ Google Chrome v28.0.1500.72

File : C:\Documents and Settings\Steven\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [7947 octets] - [28/07/2013 09:49:52]
AdwCleaner[s1].txt - [8163 octets] - [28/07/2013 10:12:43]

########## EOF - C:\AdwCleaner[s1].txt - [8223 octets] ##########

 

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.28.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Steven :: GDPC [administrator]

Protection: Enabled

7/28/2013 10:23:02 AM
mbam-log-2013-07-28 (10-23-02).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 288885
Time elapsed: 17 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Documents and Settings\Steven\Local Settings\Temp\DIQM\malwarebytes-anti-malware_037\setup__120.exe (PUP.Optional.Amonetize) -> Quarantined and deleted successfully.

(end)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.