Jump to content

Recommended Posts

I believe I am infected with zeroaccess. I can not run malwarebytes or any other removal tools. I am told it is due to a software restriction policy.

 

I have downloaded RogueKiller and the following is my report.

 

Thank you for any help you can give me.

 

RogueKiller V8.8.1 [Jan 14 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Compaq_Owner [Admin rights]
Mode : Scan -- Date : 01/15/2014 02:01:34
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[sUSP PATH][DLL] explorer.exe -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Ukrmmedia\BoostApint5.dll [x] -> UNLOADED

¤¤¤ Registry Entries : 8 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : Ukrmmedia (regsvr32.exe "C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Ukrmmedia\BoostApint5.dll" [x][-]) -> FOUND
[RUN][sUSP PATH] HKCU\[...]\Run : zhyxyyrg (regsvr32.exe /s "C:\Documents and Settings\All Users\Application Data\zhyxyyrg.dat" [x][x]) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-3220281547-2862786067-1113791140-1009\[...]\Run : Ukrmmedia (regsvr32.exe "C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Ukrmmedia\BoostApint5.dll" [x][-]) -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-3220281547-2862786067-1113791140-1009\[...]\Run : zhyxyyrg (regsvr32.exe /s "C:\Documents and Settings\All Users\Application Data\zhyxyyrg.dat" [x][x]) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 :  (C:\RECYCLER\S-1-5-21-3220281547-2862786067-1113791140-1009\$ff24043d55f85ce9a20a8337d9b4b888\n. [x]) -> FOUND

¤¤¤ Scheduled tasks : 1 ¤¤¤
[V1][sUSP PATH] DTReg.job : C:\Documents and Settings\Compaq_Owner\Application Data\DefaultTab\DefaultTab\DTReg.exe [7] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][File] @ : C:\RECYCLER\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\@ [-] --> FOUND
[ZeroAccess][File] @ : C:\RECYCLER\S-1-5-21-3220281547-2862786067-1113791140-1009\$ff24043d55f85ce9a20a8337d9b4b888\@ [-] --> FOUND
[ZeroAccess][Folder] U : C:\RECYCLER\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\U [-] --> FOUND
[ZeroAccess][Folder] U : C:\RECYCLER\S-1-5-21-3220281547-2862786067-1113791140-1009\$ff24043d55f85ce9a20a8337d9b4b888\U [-] --> FOUND
[ZeroAccess][Folder] L : C:\RECYCLER\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\L [-] --> FOUND
[ZeroAccess][Folder] L : C:\RECYCLER\S-1-5-21-3220281547-2862786067-1113791140-1009\$ff24043d55f85ce9a20a8337d9b4b888\L [-] --> FOUND

¤¤¤ Driver : [NOT LOADED 0xc0000033] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1       localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) SAMSUNG SP1604N/R +++++
--- User ---
[MBR] d816e46eedc873d374dd6c458bf320b5
[bSP] e53f08a2547f8ceb7cedf0196039bc96 : Toshiba MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 145330 Mo
1 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 297652320 | Size: 7287 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_01152014_020134.txt >>

 

 

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Kevin...

Link to post
Share on other sites

Thank you for responding and offering your help.

 

I downloaded the file and ran it. It gave me an error that said it encountered an error and had to close. This is what I copied from the FRST.txt file

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-01-2014 03
Ran by Compaq_Owner (administrator) on ELKNUT on 15-01-2014 20:39:43
Running from C:\Documents and Settings\Compaq_Owner\Desktop\Farbar Recovery Scan
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) ===================

(Avira GmbH) C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
(Ahead Software AG) C:\Program Files\Nero\Nero BackItUp\NBJ.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Microsoft Corporation) C:\WINDOWS\system32\regsvr32.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Documents and Settings\Compaq_Owner\Application Data\DefaultTab\DefaultTab\DTUpdate.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(LeapFrog Enterprises, Inc.) C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
() C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneBusEnum.exe
(Canon Inc.) C:\Program Files\Canon\CAL\CALMAIN.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
() C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\L4CY2AYE\RogueKiller[1].exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Zenographics) C:\WINDOWS\system32\zstatus.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvCplDaemon] - C:\WINDOWS\system32\NvCpl.dll [7311360 2006-05-09] (NVIDIA Corporation)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [Zune Launcher] - c:\Program Files\Zune\ZuneLauncher.exe [159456 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [userFaultCheck] - %systemroot%\system32\dumprep 0 -u
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [266497 2008-06-12] (Avira GmbH)
HKLM\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKCU\...\Run: [NBJ] - C:\Program Files\Nero\Nero BackItUp\NBJ.exe [2048000 2006-09-15] (Ahead Software AG)
HKCU\...\Run: [sUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5625624 2014-01-08] (SUPERAntiSpyware)
HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [451872 2007-07-18] (Hewlett-Packard Company)
HKCU\...\Run: [bcshcr] - C:\WINDOWS\system32\rundll32.exe  [33280 2008-04-13] (Microsoft Corporation)
HKCU\...\Run: [Download] - "C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\SupportSoft\quickcare2.2\Compaq_Owner\exec\SSGet.exe" 120 "http://www.qwest.com/internethelp/quickcare/downloads/QCSetup_2_7.exe" "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\QCSetup_2_7.exe" <===== ATTENTION
HKCU\...\Run: [ukrmmedia] - regsvr32.exe "C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Ukrmmedia\BoostApint5.dll" <===== ATTENTION
HKCU\...\Run: [zhyxyyrg] - regsvr32.exe /s "C:\Documents and Settings\All Users\Application Data\zhyxyyrg.dat" <===== ATTENTION
HKCU\...409d6c4515e9\InprocServer32: [Default-shell32] C:\RECYCLER\S-1-5-21-3220281547-2862786067-1113791140-1009\$ff24043d55f85ce9a20a8337d9b4b888\n. ATTENTION! ====> ZeroAccess/Alureon?
HKU\Administrator\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [ 2008-04-13] (Microsoft Corporation)
HKU\Administrator\...\RunOnce: [NeroHomeFirstStart] - "C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe"
HKU\Default User\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [ 2008-04-13] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [NeroHomeFirstStart] - "C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe"
AppInit_DLLs: mgtkon.dll [ ] ()
Lsa: [Authentication Packages] msv1_0 C:\WINDOWS\system32\geBTkHXP
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Pin.lnk
ShortcutTarget: Pin.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk
ShortcutTarget: Pin.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ksl.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =
URLSearchHook: HKCU - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} -  No File
SearchScopes: HKCU - DefaultScope {6C711DC6-6268-4496-9309-15276A58EBD0} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7ADFA_enUS447
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&q={searchTerms}
SearchScopes: HKCU - {6C711DC6-6268-4496-9309-15276A58EBD0} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7ADFA_enUS447
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO: DefaultTab Browser Helper - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Documents and Settings\Compaq_Owner\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
BHO: Related Searches - {96A25A24-2E87-4374-8A50-CC6F943FCE4D} - C:\Documents and Settings\Compaq_Owner\Application Data\DefaultTab\DefaultTab\Apps\RelatedLinksBHO.dll (Search Results)
BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (TODO: <Company name>)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Related Searches - {96A25A24-2E87-4374-8A50-CC6F943FCE4D} - C:\Documents and Settings\Compaq_Owner\Application Data\DefaultTab\DefaultTab\Apps\RelatedLinksBHO.dll (Search Results)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\Windows\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E3E02F12-2ADB-478C-8742-5F0819F9F0F4} http://qmedia.xlontech.net/100170/sdk/latest/qsp2ie06041001.cab
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2014-01-08] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.25

Chrome:
=======
CHR HomePage:
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\32.0.1700.72\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\32.0.1700.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\32.0.1700.72\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.170.4) - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java Platform SE 6 U17) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (NPCIG.dll) - C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (YouTube) - C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 [2013-04-15]
CHR Extension: (ChromeUpdateManager) - C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cdjbnddbclciabnckgeahmneohjlahdm\1.0_0 [2014-01-08]
CHR Extension: (Google Search) - C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 [2013-04-08]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0 [2014-01-09]
CHR Extension: (Gmail) - C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 [2012-11-06]
CHR HKLM\...\Chrome\Extension: [cdjbnddbclciabnckgeahmneohjlahdm] - C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\7c796e98-3a9e-4c6c-88e9-e01fe206df4d.crx [2013-01-03]

========================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2008-11-05] ()
R2 AntiVirScheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [68865 2008-10-15] (Avira GmbH)
R2 AntiVirService; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [151297 2008-10-15] (Avira GmbH)
R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96334 2009-09-08] (Canon Inc.)
R2 DefaultTabUpdate; C:\Documents and Settings\Compaq_Owner\Application Data\DefaultTab\DefaultTab\DTUpdate.exe [107520 2012-10-22] ()
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2010-03-26] (Sun Microsystems, Inc.)
S3 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [66112 2002-12-17] (Microsoft Corporation)
R2 Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [1247600 2007-09-22] ()
R2 ZuneBusEnum; c:\Program Files\Zune\ZuneBusEnum.exe [57056 2011-08-05] (Microsoft Corporation)
S3 MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -sSONY_MEDIAMGR [x]
S3 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [x]
S3 Smsiheitaisu;
S3 SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -i SONY_MEDIAMGR [x]

==================== Drivers (Whitelisted) ====================

R1 AmdK8; C:\Windows\System32\DRIVERS\AmdK8.sys [36352 2005-03-09] (Advanced Micro Devices)
R1 avgio; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [11840 2007-02-27] (Avira GmbH)
R3 avgntflt; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [52032 2008-05-20] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [75072 2008-10-30] (Avira GmbH)
R0 bb-run; C:\Windows\System32\DRIVERS\bb-run.sys [17408 2003-11-05] (Promise Technology, Inc.)
S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [18560 2012-09-28] (LeapFrog)
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [61704 2011-03-18] (FTDI Ltd.)
R0 ftsata2; C:\Windows\System32\DRIVERS\ftsata2.sys [175104 2005-06-29] (Promise Technology, Inc.)
R3 NVENETFD; C:\Windows\System32\DRIVERS\NVENETFD.sys [34048 2005-07-29] (NVIDIA Corporation)
R3 nvnetbus; C:\Windows\System32\DRIVERS\nvnetbus.sys [12928 2005-07-29] (NVIDIA Corporation)
S3 RT25USBAP; C:\Windows\System32\DRIVERS\rt25usbap.sys [162816 2006-04-09] (Ralink Technology Inc.)
S3 rtl8139; C:\Windows\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12872 2010-03-20] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SASENUM; C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [12872 2010-03-20] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [67664 2014-01-08] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28352 2007-03-01] (Avira GmbH)
R2 symlcbrd; C:\WINDOWS\system32\drivers\symlcbrd.sys [10344 2006-02-21] (Symantec Corporation)
S3 W8335XP; C:\Windows\System32\DRIVERS\MRV8335XP.sys [280576 2006-09-22] (Marvell Semiconductor, Inc)
S3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
R2 zumbus; C:\Windows\System32\DRIVERS\zumbus.sys [41472 2011-08-05] (Microsoft Corporation)
U5 P3; C:\Windows\System32\Drivers\P3.sys [42752 2008-04-13] (Microsoft Corporation)
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 TrueSight; \??\ [x]
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-01-15 20:39 - 2014-01-15 20:39 - 00000000 ____D C:\FRST
2014-01-15 20:37 - 2014-01-15 20:39 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Desktop\Farbar Recovery Scan
2014-01-15 02:01 - 2014-01-15 02:01 - 00004050 _____ C:\Documents and Settings\Compaq_Owner\Desktop\RKreport[0]_S_01152014_020134.txt
2014-01-15 01:58 - 2014-01-15 02:01 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Desktop\RK_Quarantine
2014-01-15 01:58 - 2014-01-15 01:58 - 00026624 _____ C:\WINDOWS\system32\TrueSight.sys
2014-01-15 00:45 - 2014-01-15 01:22 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Desktop\mbam
2014-01-14 23:13 - 2014-01-14 23:13 - 00001859 _____ C:\Documents and Settings\All Users\Desktop\AntiVir PE Classic.lnk
2014-01-14 23:13 - 2014-01-14 23:13 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AntiVir PersonalEdition Classic
2014-01-14 23:13 - 2014-01-14 23:13 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Avira
2014-01-14 23:13 - 2008-10-30 10:21 - 00075072 _____ (Avira GmbH) C:\WINDOWS\system32\Drivers\avipbb.sys
2014-01-14 23:13 - 2008-05-09 12:15 - 00045376 _____ (Avira GmbH) C:\WINDOWS\system32\Drivers\avgntdd.sys
2014-01-14 23:13 - 2008-01-21 17:11 - 00022336 _____ (Avira GmbH) C:\WINDOWS\system32\Drivers\avgntmgr.sys
2014-01-14 23:13 - 2007-03-01 09:34 - 00028352 _____ (Avira GmbH) C:\WINDOWS\system32\Drivers\ssmdrv.sys
2014-01-14 23:11 - 2014-01-14 23:11 - 00000075 _____ C:\Documents and Settings\Compaq_Owner\Application Data\mbam.context.scan
2014-01-12 22:08 - 2014-01-12 22:08 - 00001804 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2014-01-12 22:08 - 2014-01-12 22:08 - 00001742 _____ C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
2014-01-10 15:01 - 2014-01-15 17:00 - 00000488 _____ C:\WINDOWS\Tasks\DTReg.job
2014-01-08 21:33 - 2014-01-08 21:33 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\Ukrmmedia
2014-01-08 21:07 - 2014-01-08 21:07 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Ukrmmedia
2014-01-06 23:02 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Idatpea
2014-01-06 23:02 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Fyoxlao
2014-01-06 22:57 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Byfaerl
2014-01-06 22:56 - 2014-01-08 22:27 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Saeppabe
2014-01-06 22:55 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Migaly
2014-01-06 22:54 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Ymiknem
2014-01-06 22:54 - 2014-01-08 22:27 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Qiseopa
2014-01-06 22:53 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Zebiria
2014-01-06 22:53 - 2014-01-08 22:27 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Usbykei
2014-01-06 22:52 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Gideeqyp
2014-01-06 22:51 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Zoetsoal
2014-01-06 22:51 - 2014-01-08 22:27 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Dypookag
2014-01-06 22:50 - 2014-01-08 22:27 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Ugfeyfi
2014-01-06 22:47 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Ufomxius
2014-01-06 22:47 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Riydqi
2014-01-06 22:46 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Omodni
2014-01-06 22:45 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Ahavepn
2014-01-06 22:44 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Texopiyv
2014-01-06 22:44 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Apolkua
2014-01-06 22:43 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Wiwyiw
2014-01-06 22:42 - 2014-01-08 22:27 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Obwukuy
2014-01-06 22:41 - 2014-01-08 22:27 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Utcyin
2014-01-06 22:41 - 2014-01-08 22:27 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Irekec
2014-01-06 22:39 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Qaagfyar
2014-01-06 22:39 - 2014-01-08 22:27 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Wewoip
2014-01-06 22:38 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Ubkypo
2014-01-06 22:37 - 2014-01-08 22:27 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Piusxi
2014-01-06 22:37 - 2014-01-08 22:27 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Oxboly
2014-01-06 22:36 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Erypyti
2014-01-06 22:35 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Nosyxu
2014-01-06 22:35 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Mimixey
2014-01-06 22:34 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Gaodvuik
2014-01-06 22:33 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Cebutieq
2014-01-06 22:32 - 2014-01-08 22:27 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Umetyqg
2014-01-06 22:31 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Zuywhy
2014-01-06 22:31 - 2014-01-08 22:27 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Ilawwa
2014-01-06 22:30 - 2014-01-08 22:27 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Luegigzi
2014-01-06 22:29 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Qyilruuz
2014-01-06 22:28 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Wadyov
2014-01-06 22:27 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Ubezvu
2014-01-06 22:26 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Opyxyge
2014-01-06 22:26 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Imiwli
2014-01-06 22:25 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Imeksei
2014-01-06 22:24 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Niigcoap
2014-01-06 22:24 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Izsuarki
2014-01-06 22:23 - 2014-01-08 22:27 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Aramosqi
2014-01-06 22:21 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Hyliomc
2014-01-06 22:20 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Fawokuc
2014-01-06 22:19 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Rahyos
2014-01-06 22:19 - 2014-01-08 22:27 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Ybehvoqe
2014-01-06 22:18 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Boloyzr
2014-01-06 22:17 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Ihahde
2014-01-06 22:14 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Rulaysb
2014-01-06 22:14 - 2014-01-08 22:27 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Gecuus
2014-01-06 22:13 - 2014-01-08 22:27 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Yffier
2014-01-06 22:12 - 2014-01-08 22:27 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Ehikmee
2014-01-06 22:12 - 2014-01-08 22:27 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Dyonaceq
2014-01-06 22:10 - 2014-01-08 22:27 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Anihry
2014-01-06 22:09 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Kocipia
2014-01-06 22:09 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Buvouw
2014-01-06 22:08 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Ynolufo
2014-01-06 22:08 - 2014-01-08 22:27 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Hubuiso
2014-01-06 22:07 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Syohxey
2014-01-06 22:06 - 2014-01-08 22:27 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Xukeyc
2014-01-06 22:05 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Eqiwqi
2014-01-06 22:05 - 2014-01-08 22:27 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Tirihea
2014-01-06 22:03 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Mepumox
2014-01-06 22:02 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Coemov
2014-01-06 22:02 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Axynoni
2014-01-06 22:01 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Ingexup
2014-01-06 22:00 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Bomiit
2014-01-06 21:59 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Pumeokmu
2014-01-06 21:58 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Heugduqy
2014-01-06 21:57 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Hufuem
2014-01-06 21:56 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Uzmiku
2014-01-06 21:55 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Hegoti
2014-01-06 21:55 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Eferky
2014-01-06 21:53 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Simigozi
2014-01-06 21:53 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Avavhai
2014-01-06 21:52 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Enatoty
2014-01-06 21:51 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Itcoysu
2014-01-06 21:50 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Zaahkea
2014-01-06 21:50 - 2014-01-08 22:27 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Duecon
2014-01-06 21:16 - 2014-01-06 21:17 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Ukrmmedia
2014-01-06 10:07 - 2014-01-06 10:07 - 00012288 _____ C:\Documents and Settings\Compaq_Owner\My Documents\whit party.php
2013-12-31 21:11 - 2008-04-13 18:11 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\hidserv.dll
2013-12-31 21:11 - 2008-04-13 18:11 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidserv.dll
2013-12-31 21:11 - 2008-04-13 12:45 - 00010368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys
2013-12-31 21:11 - 2008-04-13 12:45 - 00010368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidusb.sys

==================== One Month Modified Files and Folders =======

2014-01-15 20:39 - 2014-01-15 20:39 - 00000000 ____D C:\FRST
2014-01-15 20:39 - 2014-01-15 20:37 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Desktop\Farbar Recovery Scan
2014-01-15 20:39 - 2010-04-05 13:02 - 00000406 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{8E5A2F72-311D-4163-85DB-F11B984F3697}.job
2014-01-15 20:34 - 2009-01-20 19:54 - 01976597 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-15 20:03 - 2010-10-15 04:35 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-15 20:02 - 2012-12-26 12:47 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-01-15 19:39 - 2005-12-04 17:05 - 00031816 _____ C:\WINDOWS\SchedLgU.Txt
2014-01-15 19:03 - 2010-10-15 04:35 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-15 17:00 - 2014-01-10 15:01 - 00000488 _____ C:\WINDOWS\Tasks\DTReg.job
2014-01-15 02:01 - 2014-01-15 02:01 - 00004050 _____ C:\Documents and Settings\Compaq_Owner\Desktop\RKreport[0]_S_01152014_020134.txt
2014-01-15 02:01 - 2014-01-15 01:58 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Desktop\RK_Quarantine
2014-01-15 01:58 - 2014-01-15 01:58 - 00026624 _____ C:\WINDOWS\system32\TrueSight.sys
2014-01-15 01:49 - 2012-02-26 21:31 - 00000836 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-15 01:48 - 2010-04-06 13:33 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-15 01:29 - 2010-04-06 13:33 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-01-15 01:22 - 2014-01-15 00:45 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Desktop\mbam
2014-01-15 01:00 - 2009-01-15 15:55 - 00000330 _____ C:\WINDOWS\Tasks\tlnbqvkm.job
2014-01-15 00:42 - 2006-02-21 20:41 - 00043531 _____ C:\WINDOWS\system32\nvapps.xml
2014-01-15 00:42 - 2005-12-04 17:05 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-15 00:42 - 2005-12-04 08:46 - 00000159 _____ C:\WINDOWS\wiadebug.log
2014-01-15 00:42 - 2005-12-04 08:46 - 00000049 _____ C:\WINDOWS\wiaservc.log
2014-01-15 00:39 - 2006-07-07 18:20 - 00000278 ___SH C:\Documents and Settings\Compaq_Owner\ntuser.ini
2014-01-14 23:13 - 2014-01-14 23:13 - 00001859 _____ C:\Documents and Settings\All Users\Desktop\AntiVir PE Classic.lnk
2014-01-14 23:13 - 2014-01-14 23:13 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AntiVir PersonalEdition Classic
2014-01-14 23:13 - 2014-01-14 23:13 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Avira
2014-01-14 23:13 - 2010-04-06 13:33 - 00000000 ____D C:\Program Files\Avira
2014-01-14 23:11 - 2014-01-14 23:11 - 00000075 _____ C:\Documents and Settings\Compaq_Owner\Application Data\mbam.context.scan
2014-01-14 18:21 - 2008-12-11 17:15 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\My Documents\ashley
2014-01-14 18:04 - 2008-08-25 21:15 - 00002489 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
2014-01-12 22:09 - 2006-08-20 09:51 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Adobe
2014-01-12 22:08 - 2014-01-12 22:08 - 00001804 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2014-01-12 22:08 - 2014-01-12 22:08 - 00001742 _____ C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
2014-01-12 22:07 - 2009-12-26 09:03 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe
2014-01-12 22:07 - 2006-02-21 20:58 - 00000000 ____D C:\Program Files\Common Files\Adobe
2014-01-12 22:07 - 2006-02-21 20:58 - 00000000 ____D C:\Program Files\Adobe
2014-01-11 22:00 - 2011-04-25 21:13 - 00000274 _____ C:\WINDOWS\Tasks\Disk Cleanup.job
2014-01-09 18:30 - 2008-11-12 03:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB954459$
2014-01-09 17:45 - 2011-12-25 07:04 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-01-08 22:33 - 2014-01-06 23:02 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Idatpea
2014-01-08 22:33 - 2014-01-06 23:02 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Fyoxlao
2014-01-08 22:33 - 2014-01-06 22:57 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Byfaerl
2014-01-08 22:33 - 2014-01-06 22:55 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Migaly
2014-01-08 22:33 - 2014-01-06 22:54 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Ymiknem
2014-01-08 22:33 - 2014-01-06 22:53 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Zebiria
2014-01-08 22:33 - 2014-01-06 22:52 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Gideeqyp
2014-01-08 22:33 - 2014-01-06 22:51 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Zoetsoal
2014-01-08 22:33 - 2014-01-06 22:47 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Ufomxius
2014-01-08 22:33 - 2014-01-06 22:47 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Riydqi
2014-01-08 22:33 - 2014-01-06 22:46 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Omodni
2014-01-08 22:33 - 2014-01-06 22:45 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Ahavepn
2014-01-08 22:33 - 2014-01-06 22:44 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Texopiyv
2014-01-08 22:33 - 2014-01-06 22:44 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Apolkua
2014-01-08 22:33 - 2014-01-06 22:43 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Wiwyiw
2014-01-08 22:33 - 2014-01-06 22:39 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Qaagfyar
2014-01-08 22:33 - 2014-01-06 22:38 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Ubkypo
2014-01-08 22:33 - 2014-01-06 22:36 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Erypyti
2014-01-08 22:33 - 2014-01-06 22:35 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Nosyxu
2014-01-08 22:33 - 2014-01-06 22:35 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Mimixey
2014-01-08 22:33 - 2014-01-06 22:34 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Gaodvuik
2014-01-08 22:33 - 2014-01-06 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Cebutieq
2014-01-08 22:33 - 2014-01-06 22:31 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Zuywhy
2014-01-08 22:33 - 2014-01-06 22:29 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Qyilruuz
2014-01-08 22:33 - 2014-01-06 22:28 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Wadyov
2014-01-08 22:33 - 2014-01-06 22:27 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Ubezvu
2014-01-08 22:33 - 2014-01-06 22:26 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Opyxyge
2014-01-08 22:33 - 2014-01-06 22:26 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Imiwli
2014-01-08 22:33 - 2014-01-06 22:25 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Imeksei
2014-01-08 22:33 - 2014-01-06 22:24 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Niigcoap
2014-01-08 22:33 - 2014-01-06 22:24 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Izsuarki
2014-01-08 22:33 - 2014-01-06 22:21 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Hyliomc
2014-01-08 22:33 - 2014-01-06 22:20 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Fawokuc
2014-01-08 22:33 - 2014-01-06 22:19 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Rahyos
2014-01-08 22:33 - 2014-01-06 22:18 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Boloyzr
2014-01-08 22:33 - 2014-01-06 22:17 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Ihahde
2014-01-08 22:33 - 2014-01-06 22:14 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Rulaysb
2014-01-08 22:33 - 2014-01-06 22:09 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Kocipia
2014-01-08 22:33 - 2014-01-06 22:09 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Buvouw
2014-01-08 22:33 - 2014-01-06 22:08 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Ynolufo
2014-01-08 22:33 - 2014-01-06 22:07 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Syohxey
2014-01-08 22:33 - 2014-01-06 22:05 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Eqiwqi
2014-01-08 22:33 - 2014-01-06 22:03 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Mepumox
2014-01-08 22:33 - 2014-01-06 22:02 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Coemov
2014-01-08 22:33 - 2014-01-06 22:02 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Axynoni
2014-01-08 22:33 - 2014-01-06 22:01 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Ingexup
2014-01-08 22:33 - 2014-01-06 22:00 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Bomiit
2014-01-08 22:33 - 2014-01-06 21:59 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Pumeokmu
2014-01-08 22:33 - 2014-01-06 21:58 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Heugduqy
2014-01-08 22:33 - 2014-01-06 21:57 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Hufuem
2014-01-08 22:33 - 2014-01-06 21:56 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Uzmiku
2014-01-08 22:33 - 2014-01-06 21:55 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Hegoti
2014-01-08 22:33 - 2014-01-06 21:55 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Eferky
2014-01-08 22:33 - 2014-01-06 21:53 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Simigozi
2014-01-08 22:33 - 2014-01-06 21:53 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Avavhai
2014-01-08 22:33 - 2014-01-06 21:52 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Enatoty
2014-01-08 22:33 - 2014-01-06 21:51 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Itcoysu
2014-01-08 22:33 - 2014-01-06 21:50 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Zaahkea
2014-01-08 22:27 - 2014-01-06 22:56 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Saeppabe
2014-01-08 22:27 - 2014-01-06 22:54 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Qiseopa
2014-01-08 22:27 - 2014-01-06 22:53 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Usbykei
2014-01-08 22:27 - 2014-01-06 22:51 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Dypookag
2014-01-08 22:27 - 2014-01-06 22:50 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Ugfeyfi
2014-01-08 22:27 - 2014-01-06 22:42 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Obwukuy
2014-01-08 22:27 - 2014-01-06 22:41 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Utcyin
2014-01-08 22:27 - 2014-01-06 22:41 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Irekec
2014-01-08 22:27 - 2014-01-06 22:39 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Wewoip
2014-01-08 22:27 - 2014-01-06 22:37 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Piusxi
2014-01-08 22:27 - 2014-01-06 22:37 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Oxboly
2014-01-08 22:27 - 2014-01-06 22:32 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Umetyqg
2014-01-08 22:27 - 2014-01-06 22:31 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Ilawwa
2014-01-08 22:27 - 2014-01-06 22:30 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Luegigzi
2014-01-08 22:27 - 2014-01-06 22:23 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Aramosqi
2014-01-08 22:27 - 2014-01-06 22:19 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Ybehvoqe
2014-01-08 22:27 - 2014-01-06 22:14 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Gecuus
2014-01-08 22:27 - 2014-01-06 22:13 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Yffier
2014-01-08 22:27 - 2014-01-06 22:12 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Ehikmee
2014-01-08 22:27 - 2014-01-06 22:12 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Dyonaceq
2014-01-08 22:27 - 2014-01-06 22:10 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Anihry
2014-01-08 22:27 - 2014-01-06 22:08 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Hubuiso
2014-01-08 22:27 - 2014-01-06 22:06 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Xukeyc
2014-01-08 22:27 - 2014-01-06 22:05 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Tirihea
2014-01-08 22:27 - 2014-01-06 21:50 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Duecon
2014-01-08 21:33 - 2014-01-08 21:33 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\Ukrmmedia
2014-01-08 21:07 - 2014-01-08 21:07 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Ukrmmedia
2014-01-08 21:04 - 2013-01-08 05:04 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2014-01-08 21:04 - 2009-01-19 12:59 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2014-01-06 21:17 - 2014-01-06 21:16 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Ukrmmedia
2014-01-06 20:35 - 2008-02-08 12:36 - 00157128 _____ C:\Documents and Settings\Compaq_Owner\Application Data\GDIPFONTCACHEV1.DAT
2014-01-06 10:07 - 2014-01-06 10:07 - 00012288 _____ C:\Documents and Settings\Compaq_Owner\My Documents\whit party.php
2014-01-06 10:07 - 2010-04-06 13:33 - 00000000 ____D C:\Program Files\Microsoft Home Publishing 2000
2014-01-05 22:36 - 2010-05-07 20:37 - 00095572 ____H C:\WINDOWS\system32\mlfcache.dat
2013-12-31 21:11 - 2013-10-19 17:34 - 00120927 _____ C:\WINDOWS\setupapi.log

ZeroAccess:
C:\RECYCLER\S-1-5-21-3220281547-2862786067-1113791140-1009\$ff24043d55f85ce9a20a8337d9b4b888

 

 

 

I will wait for your relply before proceeding further.

 

Thank you for your help!!

Link to post
Share on other sites

OK as we only have a partial log do the following:

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.


The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Run FRST again and post fresh logs, this time ensure "Addition.txt" is ticked under "Optional scan" and all boxes under "White list"

 

fixlist.txt

Link to post
Share on other sites

Here is the Fixlog after the first scan

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 15-01-2014 03
Ran by Compaq_Owner at 2014-01-16 17:51:09 Run:1
Running from C:\Documents and Settings\Compaq_Owner\Desktop\Farbar Recovery Scan
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?
HKCU\...\Run: [Download] - "C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\SupportSoft\quickcare2.2\Compaq_Owner\exec\SSGet.exe" 120 "http://www.qwest.com...QCSetup_2_7.exe" "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\QCSetup_2_7.exe" <===== ATTENTION
HKCU\...\Run: [ukrmmedia] - regsvr32.exe "C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Ukrmmedia\BoostApint5.dll" <===== ATTENTION
HKCU\...\Run: [zhyxyyrg] - regsvr32.exe /s "C:\Documents and Settings\All Users\Application Data\zhyxyyrg.dat" <===== ATTENTION
HKCU\...409d6c4515e9\InprocServer32: [Default-shell32] C:\RECYCLER\S-1-5-21-3220281547-2862786067-1113791140-1009\$ff24043d55f85ce9a20a8337d9b4b888\n. ATTENTION! ====> ZeroAccess/Alureon?
AppInit_DLLs: mgtkon.dll [ ] ()
Lsa: [Authentication Packages] msv1_0 C:\WINDOWS\system32\geBTkHXP
U3 TrueSight; \??\ [x]
U1 WS2IFSL;
2014-01-08 21:33 - 2014-01-08 21:33 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\Ukrmmedia
2014-01-08 21:07 - 2014-01-08 21:07 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Ukrmmedia
2014-01-06 23:02 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Idatpea
2014-01-06 23:02 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Fyoxlao
2014-01-06 22:57 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Byfaerl
2014-01-06 22:56 - 2014-01-08 22:27 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Saeppabe
2014-01-06 22:55 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Migaly
2014-01-06 22:54 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Ymiknem
2014-01-06 22:54 - 2014-01-08 22:27 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Qiseopa
2014-01-06 22:53 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Zebiria
2014-01-06 22:53 - 2014-01-08 22:27 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Usbykei
2014-01-06 22:52 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Gideeqyp
2014-01-06 22:51 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Zoetsoal
2014-01-06 22:51 - 2014-01-08 22:27 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Dypookag
2014-01-06 22:50 - 2014-01-08 22:27 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Ugfeyfi
2014-01-06 22:47 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Ufomxius
2014-01-06 22:47 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Riydqi
2014-01-06 22:46 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Omodni
2014-01-06 22:45 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Ahavepn
2014-01-06 22:44 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Texopiyv
2014-01-06 22:44 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Apolkua
2014-01-06 22:43 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Wiwyiw
2014-01-06 22:42 - 2014-01-08 22:27 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Obwukuy
2014-01-06 22:41 - 2014-01-08 22:27 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Utcyin
2014-01-06 22:41 - 2014-01-08 22:27 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Irekec
2014-01-06 22:39 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Qaagfyar
2014-01-06 22:39 - 2014-01-08 22:27 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Wewoip
2014-01-06 22:38 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Ubkypo
2014-01-06 22:37 - 2014-01-08 22:27 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Piusxi
2014-01-06 22:37 - 2014-01-08 22:27 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Oxboly
2014-01-06 22:36 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Erypyti
2014-01-06 22:35 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Nosyxu
2014-01-06 22:35 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Mimixey
2014-01-06 22:34 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Gaodvuik
2014-01-06 22:33 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Cebutieq
2014-01-06 22:32 - 2014-01-08 22:27 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Umetyqg
2014-01-06 22:31 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Zuywhy
2014-01-06 22:31 - 2014-01-08 22:27 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Ilawwa
2014-01-06 22:30 - 2014-01-08 22:27 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Luegigzi
2014-01-06 22:29 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Qyilruuz
2014-01-06 22:28 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Wadyov
2014-01-06 22:27 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Ubezvu
2014-01-06 22:26 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Opyxyge
2014-01-06 22:26 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Imiwli
2014-01-06 22:25 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Imeksei
2014-01-06 22:24 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Niigcoap
2014-01-06 22:24 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Izsuarki
2014-01-06 22:23 - 2014-01-08 22:27 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Aramosqi
2014-01-06 22:21 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Hyliomc
2014-01-06 22:20 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Fawokuc
2014-01-06 22:19 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Rahyos
2014-01-06 22:19 - 2014-01-08 22:27 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Ybehvoqe
2014-01-06 22:18 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Boloyzr
2014-01-06 22:17 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Ihahde
2014-01-06 22:14 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Rulaysb
2014-01-06 22:14 - 2014-01-08 22:27 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Gecuus
2014-01-06 22:13 - 2014-01-08 22:27 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Yffier
2014-01-06 22:12 - 2014-01-08 22:27 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Ehikmee
2014-01-06 22:12 - 2014-01-08 22:27 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Dyonaceq
2014-01-06 22:10 - 2014-01-08 22:27 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Anihry
2014-01-06 22:09 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Kocipia
2014-01-06 22:09 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Buvouw
2014-01-06 22:08 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Ynolufo
2014-01-06 22:08 - 2014-01-08 22:27 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Hubuiso
2014-01-06 22:07 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Syohxey
2014-01-06 22:06 - 2014-01-08 22:27 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Xukeyc
2014-01-06 22:05 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Eqiwqi
2014-01-06 22:05 - 2014-01-08 22:27 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Tirihea
2014-01-06 22:03 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Mepumox
2014-01-06 22:02 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Coemov
2014-01-06 22:02 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Axynoni
2014-01-06 22:01 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Ingexup
2014-01-06 22:00 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Bomiit
2014-01-06 21:59 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Pumeokmu
2014-01-06 21:58 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Heugduqy
2014-01-06 21:57 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Hufuem
2014-01-06 21:56 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Uzmiku
2014-01-06 21:55 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Hegoti
2014-01-06 21:55 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Eferky
2014-01-06 21:53 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Simigozi
2014-01-06 21:53 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Avavhai
2014-01-06 21:52 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Enatoty
2014-01-06 21:51 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Itcoysu
2014-01-06 21:50 - 2014-01-08 22:33 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Zaahkea
2014-01-06 21:50 - 2014-01-08 22:27 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Duecon
C:\RECYCLER\S-1-5-21-3220281547-2862786067-1113791140-1009\$ff24043d55f85ce9a20a8337d9b4b888
End
*****************

HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Download => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Ukrmmedia => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\zhyxyyrg => Value deleted successfully.
HKCU\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} => Key deleted successfully. If the key returned, move the associated file, reboot and list the key for deletion.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.
HKLM\System\CurrentControlSet\Control\Lsa\\Authentication Packages => Value was restored successfully.
TrueSight => Service deleted successfully.
WS2IFSL => Service deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Ukrmmedia => Moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Ukrmmedia => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Idatpea => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Fyoxlao => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Byfaerl => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Saeppabe => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Migaly => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Ymiknem => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Qiseopa => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Zebiria => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Usbykei => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Gideeqyp => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Zoetsoal => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Dypookag => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Ugfeyfi => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Ufomxius => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Riydqi => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Omodni => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Ahavepn => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Texopiyv => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Apolkua => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Wiwyiw => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Obwukuy => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Utcyin => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Irekec => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Qaagfyar => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Wewoip => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Ubkypo => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Piusxi => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Oxboly => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Erypyti => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Nosyxu => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Mimixey => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Gaodvuik => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Cebutieq => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Umetyqg => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Zuywhy => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Ilawwa => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Luegigzi => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Qyilruuz => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Wadyov => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Ubezvu => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Opyxyge => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Imiwli => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Imeksei => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Niigcoap => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Izsuarki => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Aramosqi => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Hyliomc => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Fawokuc => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Rahyos => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Ybehvoqe => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Boloyzr => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Ihahde => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Rulaysb => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Gecuus => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Yffier => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Ehikmee => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Dyonaceq => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Anihry => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Kocipia => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Buvouw => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Ynolufo => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Hubuiso => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Syohxey => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Xukeyc => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Eqiwqi => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Tirihea => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Mepumox => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Coemov => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Axynoni => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Ingexup => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Bomiit => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Pumeokmu => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Heugduqy => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Hufuem => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Uzmiku => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Hegoti => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Eferky => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Simigozi => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Avavhai => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Enatoty => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Itcoysu => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Zaahkea => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Duecon => Moved successfully.
C:\RECYCLER\S-1-5-21-3220281547-2862786067-1113791140-1009\$ff24043d55f85ce9a20a8337d9b4b888 => Moved successfully.

==== End of Fixlog ====

 

 

 

AFTER THE SCAN

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-01-2014 03
Ran by Compaq_Owner (administrator) on ELKNUT on 16-01-2014 17:54:41
Running from C:\Documents and Settings\Compaq_Owner\Desktop\Farbar Recovery Scan
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) ===================

(Avira GmbH) C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
(Ahead Software AG) C:\Program Files\Nero\Nero BackItUp\NBJ.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Microsoft Corporation) C:\WINDOWS\system32\regsvr32.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Documents and Settings\Compaq_Owner\Application Data\DefaultTab\DefaultTab\DTUpdate.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(LeapFrog Enterprises, Inc.) C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
() C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneBusEnum.exe
(Canon Inc.) C:\Program Files\Canon\CAL\CALMAIN.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
() C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\L4CY2AYE\RogueKiller[1].exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
(Zenographics) C:\WINDOWS\system32\zstatus.exe
(Search Results, LLC) C:\Documents and Settings\Compaq_Owner\Application Data\DefaultTab\DefaultTab\update.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvCplDaemon] - C:\WINDOWS\system32\NvCpl.dll [7311360 2006-05-09] (NVIDIA Corporation)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [Zune Launcher] - c:\Program Files\Zune\ZuneLauncher.exe [159456 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [userFaultCheck] - %systemroot%\system32\dumprep 0 -u
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [266497 2008-06-12] (Avira GmbH)
HKLM\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKCU\...\Run: [NBJ] - C:\Program Files\Nero\Nero BackItUp\NBJ.exe [2048000 2006-09-15] (Ahead Software AG)
HKCU\...\Run: [sUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5625624 2014-01-08] (SUPERAntiSpyware)
HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [451872 2007-07-18] (Hewlett-Packard Company)
HKCU\...\Run: [bcshcr] - C:\WINDOWS\system32\rundll32.exe  [33280 2008-04-13] (Microsoft Corporation)
HKU\Administrator\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [ 2008-04-13] (Microsoft Corporation)
HKU\Administrator\...\RunOnce: [NeroHomeFirstStart] - "C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe"
HKU\Default User\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [ 2008-04-13] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [NeroHomeFirstStart] - "C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe"
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Pin.lnk
ShortcutTarget: Pin.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk
ShortcutTarget: Pin.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ksl.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =
URLSearchHook: HKCU - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} -  No File
SearchScopes: HKCU - DefaultScope {6C711DC6-6268-4496-9309-15276A58EBD0} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7ADFA_enUS447
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&q={searchTerms}
SearchScopes: HKCU - {6C711DC6-6268-4496-9309-15276A58EBD0} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7ADFA_enUS447
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO: DefaultTab Browser Helper - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Documents and Settings\Compaq_Owner\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
BHO: Related Searches - {96A25A24-2E87-4374-8A50-CC6F943FCE4D} - C:\Documents and Settings\Compaq_Owner\Application Data\DefaultTab\DefaultTab\Apps\RelatedLinksBHO.dll (Search Results)
BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (TODO: <Company name>)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Related Searches - {96A25A24-2E87-4374-8A50-CC6F943FCE4D} - C:\Documents and Settings\Compaq_Owner\Application Data\DefaultTab\DefaultTab\Apps\RelatedLinksBHO.dll (Search Results)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\Windows\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E3E02F12-2ADB-478C-8742-5F0819F9F0F4} http://qmedia.xlontech.net/100170/sdk/latest/qsp2ie06041001.cab
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2014-01-08] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.25

Chrome:
=======
CHR HomePage:
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\32.0.1700.72\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\32.0.1700.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\32.0.1700.72\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.170.4) - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java Platform SE 6 U17) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (NPCIG.dll) - C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (YouTube) - C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 [2013-04-15]
CHR Extension: (ChromeUpdateManager) - C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cdjbnddbclciabnckgeahmneohjlahdm\1.0_0 [2014-01-08]
CHR Extension: (Google Search) - C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 [2013-04-08]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0 [2014-01-09]
CHR Extension: (Gmail) - C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 [2012-11-06]
CHR HKLM\...\Chrome\Extension: [cdjbnddbclciabnckgeahmneohjlahdm] - C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\7c796e98-3a9e-4c6c-88e9-e01fe206df4d.crx [2013-01-03]

========================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2008-11-05] ()
R2 AntiVirScheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [68865 2008-10-15] (Avira GmbH)
R2 AntiVirService; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [151297 2008-10-15] (Avira GmbH)
R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96334 2009-09-08] (Canon Inc.)
R2 DefaultTabUpdate; C:\Documents and Settings\Compaq_Owner\Application Data\DefaultTab\DefaultTab\DTUpdate.exe [107520 2012-10-22] ()
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2010-03-26] (Sun Microsystems, Inc.)
S3 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [66112 2002-12-17] (Microsoft Corporation)
R2 Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [1247600 2007-09-22] ()
R2 ZuneBusEnum; c:\Program Files\Zune\ZuneBusEnum.exe [57056 2011-08-05] (Microsoft Corporation)
S3 MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -sSONY_MEDIAMGR [x]
S3 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [x]
S3 Smsiheitaisu;
S3 SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -i SONY_MEDIAMGR [x]

==================== Drivers (Whitelisted) ====================

R1 AmdK8; C:\Windows\System32\DRIVERS\AmdK8.sys [36352 2005-03-09] (Advanced Micro Devices)
R1 avgio; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [11840 2007-02-27] (Avira GmbH)
R3 avgntflt; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [52032 2008-05-20] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [75072 2008-10-30] (Avira GmbH)
R0 bb-run; C:\Windows\System32\DRIVERS\bb-run.sys [17408 2003-11-05] (Promise Technology, Inc.)
S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [18560 2012-09-28] (LeapFrog)
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [61704 2011-03-18] (FTDI Ltd.)
R0 ftsata2; C:\Windows\System32\DRIVERS\ftsata2.sys [175104 2005-06-29] (Promise Technology, Inc.)
R3 NVENETFD; C:\Windows\System32\DRIVERS\NVENETFD.sys [34048 2005-07-29] (NVIDIA Corporation)
R3 nvnetbus; C:\Windows\System32\DRIVERS\nvnetbus.sys [12928 2005-07-29] (NVIDIA Corporation)
S3 RT25USBAP; C:\Windows\System32\DRIVERS\rt25usbap.sys [162816 2006-04-09] (Ralink Technology Inc.)
S3 rtl8139; C:\Windows\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12872 2010-03-20] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SASENUM; C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [12872 2010-03-20] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [67664 2014-01-08] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28352 2007-03-01] (Avira GmbH)
R2 symlcbrd; C:\WINDOWS\system32\drivers\symlcbrd.sys [10344 2006-02-21] (Symantec Corporation)
S3 W8335XP; C:\Windows\System32\DRIVERS\MRV8335XP.sys [280576 2006-09-22] (Marvell Semiconductor, Inc)
S3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
R2 zumbus; C:\Windows\System32\DRIVERS\zumbus.sys [41472 2011-08-05] (Microsoft Corporation)
U5 P3; C:\Windows\System32\Drivers\P3.sys [42752 2008-04-13] (Microsoft Corporation)
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-01-15 20:39 - 2014-01-15 20:39 - 00000000 ____D C:\FRST
2014-01-15 20:37 - 2014-01-16 17:54 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Desktop\Farbar Recovery Scan
2014-01-15 02:01 - 2014-01-15 02:01 - 00004050 _____ C:\Documents and Settings\Compaq_Owner\Desktop\RKreport[0]_S_01152014_020134.txt
2014-01-15 01:58 - 2014-01-15 02:01 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Desktop\RK_Quarantine
2014-01-15 01:58 - 2014-01-15 01:58 - 00026624 _____ C:\WINDOWS\system32\TrueSight.sys
2014-01-15 00:45 - 2014-01-15 01:22 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Desktop\mbam
2014-01-14 23:13 - 2014-01-14 23:13 - 00001859 _____ C:\Documents and Settings\All Users\Desktop\AntiVir PE Classic.lnk
2014-01-14 23:13 - 2014-01-14 23:13 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AntiVir PersonalEdition Classic
2014-01-14 23:13 - 2014-01-14 23:13 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Avira
2014-01-14 23:13 - 2008-10-30 10:21 - 00075072 _____ (Avira GmbH) C:\WINDOWS\system32\Drivers\avipbb.sys
2014-01-14 23:13 - 2008-05-09 12:15 - 00045376 _____ (Avira GmbH) C:\WINDOWS\system32\Drivers\avgntdd.sys
2014-01-14 23:13 - 2008-01-21 17:11 - 00022336 _____ (Avira GmbH) C:\WINDOWS\system32\Drivers\avgntmgr.sys
2014-01-14 23:13 - 2007-03-01 09:34 - 00028352 _____ (Avira GmbH) C:\WINDOWS\system32\Drivers\ssmdrv.sys
2014-01-14 23:11 - 2014-01-14 23:11 - 00000075 _____ C:\Documents and Settings\Compaq_Owner\Application Data\mbam.context.scan
2014-01-12 22:08 - 2014-01-12 22:08 - 00001804 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2014-01-12 22:08 - 2014-01-12 22:08 - 00001742 _____ C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
2014-01-10 15:01 - 2014-01-16 17:00 - 00000488 _____ C:\WINDOWS\Tasks\DTReg.job
2014-01-06 21:16 - 2014-01-06 21:17 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Ukrmmedia
2014-01-06 10:07 - 2014-01-06 10:07 - 00012288 _____ C:\Documents and Settings\Compaq_Owner\My Documents\whit party.php
2013-12-31 21:11 - 2008-04-13 18:11 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\hidserv.dll
2013-12-31 21:11 - 2008-04-13 18:11 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidserv.dll
2013-12-31 21:11 - 2008-04-13 12:45 - 00010368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys
2013-12-31 21:11 - 2008-04-13 12:45 - 00010368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidusb.sys

==================== One Month Modified Files and Folders =======

2014-01-16 17:54 - 2014-01-15 20:37 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Desktop\Farbar Recovery Scan
2014-01-16 17:54 - 2010-04-05 13:02 - 00000406 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{8E5A2F72-311D-4163-85DB-F11B984F3697}.job
2014-01-16 17:45 - 2011-12-25 07:04 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-01-16 17:42 - 2009-01-20 19:54 - 02002020 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-16 17:29 - 2005-12-04 17:05 - 00032260 _____ C:\WINDOWS\SchedLgU.Txt
2014-01-16 17:03 - 2010-10-15 04:35 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-16 17:02 - 2012-12-26 12:47 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-01-16 17:00 - 2014-01-10 15:01 - 00000488 _____ C:\WINDOWS\Tasks\DTReg.job
2014-01-16 10:55 - 2010-04-06 13:33 - 00000000 ____D C:\Program Files\Microsoft Home Publishing 2000
2014-01-16 10:55 - 2008-08-25 21:15 - 00002489 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
2014-01-15 20:39 - 2014-01-15 20:39 - 00000000 ____D C:\FRST
2014-01-15 19:03 - 2010-10-15 04:35 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-15 02:01 - 2014-01-15 02:01 - 00004050 _____ C:\Documents and Settings\Compaq_Owner\Desktop\RKreport[0]_S_01152014_020134.txt
2014-01-15 02:01 - 2014-01-15 01:58 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Desktop\RK_Quarantine
2014-01-15 01:58 - 2014-01-15 01:58 - 00026624 _____ C:\WINDOWS\system32\TrueSight.sys
2014-01-15 01:49 - 2012-02-26 21:31 - 00000836 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-15 01:48 - 2010-04-06 13:33 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-15 01:29 - 2010-04-06 13:33 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-01-15 01:22 - 2014-01-15 00:45 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Desktop\mbam
2014-01-15 01:00 - 2009-01-15 15:55 - 00000330 _____ C:\WINDOWS\Tasks\tlnbqvkm.job
2014-01-15 00:42 - 2006-02-21 20:41 - 00043531 _____ C:\WINDOWS\system32\nvapps.xml
2014-01-15 00:42 - 2005-12-04 17:05 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-15 00:42 - 2005-12-04 08:46 - 00000159 _____ C:\WINDOWS\wiadebug.log
2014-01-15 00:42 - 2005-12-04 08:46 - 00000049 _____ C:\WINDOWS\wiaservc.log
2014-01-15 00:39 - 2006-07-07 18:20 - 00000278 ___SH C:\Documents and Settings\Compaq_Owner\ntuser.ini
2014-01-14 23:13 - 2014-01-14 23:13 - 00001859 _____ C:\Documents and Settings\All Users\Desktop\AntiVir PE Classic.lnk
2014-01-14 23:13 - 2014-01-14 23:13 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AntiVir PersonalEdition Classic
2014-01-14 23:13 - 2014-01-14 23:13 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Avira
2014-01-14 23:13 - 2010-04-06 13:33 - 00000000 ____D C:\Program Files\Avira
2014-01-14 23:11 - 2014-01-14 23:11 - 00000075 _____ C:\Documents and Settings\Compaq_Owner\Application Data\mbam.context.scan
2014-01-14 18:21 - 2008-12-11 17:15 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\My Documents\ashley
2014-01-12 22:09 - 2006-08-20 09:51 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Adobe
2014-01-12 22:08 - 2014-01-12 22:08 - 00001804 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2014-01-12 22:08 - 2014-01-12 22:08 - 00001742 _____ C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
2014-01-12 22:07 - 2009-12-26 09:03 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe
2014-01-12 22:07 - 2006-02-21 20:58 - 00000000 ____D C:\Program Files\Common Files\Adobe
2014-01-12 22:07 - 2006-02-21 20:58 - 00000000 ____D C:\Program Files\Adobe
2014-01-11 22:00 - 2011-04-25 21:13 - 00000274 _____ C:\WINDOWS\Tasks\Disk Cleanup.job
2014-01-09 18:30 - 2008-11-12 03:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB954459$
2014-01-08 21:04 - 2013-01-08 05:04 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2014-01-08 21:04 - 2009-01-19 12:59 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2014-01-06 21:17 - 2014-01-06 21:16 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Ukrmmedia
2014-01-06 20:35 - 2008-02-08 12:36 - 00157128 _____ C:\Documents and Settings\Compaq_Owner\Application Data\GDIPFONTCACHEV1.DAT
2014-01-06 10:07 - 2014-01-06 10:07 - 00012288 _____ C:\Documents and Settings\Compaq_Owner\My Documents\whit party.php
2014-01-05 22:36 - 2010-05-07 20:37 - 00095572 ____H C:\WINDOWS\system32\mlfcache.dat
2013-12-31 21:11 - 2013-10-19 17:34 - 00120927 _____ C:\WINDOWS\setupapi.log

Some content of TEMP:
====================
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\2SKKKKKKK.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\AskSLib.dll
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\converter.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\GoogleToolbarInstaller_en32_signed.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\HSS-2.53-install-plain-441-silent.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\incredibar_installer.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\install_reader11_en_gtbd_chrd_dn_aaa_aih[1].exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Java_Update_56d5d823.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\jre-7u15-windows-i586-iftw.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\jre-7u21-windows-i586-iftw.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\jre-7u25-windows-i586-iftw.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\jre-7u40-windows-i586-iftw.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\mny1AC.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\ntdll_dump.dll
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\PricePeep_BetterInstaller_2012-10-02.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\SSUPDATE.EXE
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\_is18F.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\_is190.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\_is191.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\_is251.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\_is252.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\_is253.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\_is2DD.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\_is5F2.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\_is5F3.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\_is5F4.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\_is91.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\_is92.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\_is93.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

 

 

Addition Scan Logs

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-01-2014 03
Ran by Compaq_Owner at 2014-01-16 17:55:08
Running from C:\Documents and Settings\Compaq_Owner\Desktop\Farbar Recovery Scan
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Avira AntiVir PersonalEdition (Disabled - Up to date) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Norton Internet Worm Protection (Disabled) {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

==================== Installed Programs ======================

42 Bit Scanner (Version:  - )
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (Version: 1.1.377 - Adobe Systems Incorporated)
Actiontec Gateway (Version:  - )
Adobe AIR (Version: 3.9.0.1030 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.9.0.1030 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Photoshop CS (Version: CS - Adobe Systems, Inc.)
Adobe Reader XI (11.0.04) (Version: 11.0.04 - Adobe Systems Incorporated)
Adobe SVG Viewer (Version: 1.0 - Adobe Systems, Inc.)
Agere Systems PCI-SV92PP Soft Modem (Version:  - )
AnswerWorks 4.0 Runtime - English (Version: 4.0.101 - Vantage Software Technologies)
Apple Application Support (Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
Avira AntiVir Personal - Free Antivirus (Version:  - Avira GmbH)
BufferChm (Version: 60.0.155.000 - Hewlett-Packard) Hidden
Camera Window (Version: 4.6.1 - Canon) Hidden
Canon Camera Access Library (Version: 8.5.0.2 - Canon Inc.)
Canon Camera Support Core Library (Version: 7.3.1.6 - Canon Inc.)
Canon Camera Window for ZoomBrowser EX (Version: 4.6.1 - Canon)
CANON iMAGE GATEWAY MyCamera Download Plugin (Version: 3.1.1.2 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (Version: 1.6.0.12 - Canon Inc.)
Canon Internet Library for ZoomBrowser EX (Version: 1.6.2.7 - Canon Inc.)
Canon MOV Decoder (Version: 1.8.0.7 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (Version: 1.1.1.41 - Canon)
Canon PhotoRecord (Version: 02.00.00029 - Cisra)
Canon RAW Image Task for ZoomBrowser EX (Version: 1.0 - Canon)
Canon Utilities CameraWindow DC (Version: 7.2.0.10 - Canon Inc.)
Canon Utilities CameraWindow DC 8 (Version: 8.4.0.3 - Canon Inc.)
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX (Version: 5.4.6.18 - Canon Inc.)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (Version: 6.4.2.16 - Canon Inc.)
Canon Utilities CameraWindow Launcher (Version: 7.5.0.2 - Canon Inc.)
Canon Utilities Movie Uploader for YouTube (Version: 1.2.0.7 - Canon Inc.)
Canon Utilities MyCamera (Version: 7.4.0.2 - Canon Inc.)
Canon Utilities MyCamera DC (Version: 7.1.0.4 - Canon Inc.)
Canon Utilities PhotoStitch 3.1 (Version: 3.1.13 - Canon)
Canon Utilities RemoteCapture DC (Version: 3.1.0.5 - Canon Inc.)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (Version: 1.7.1.9 - Canon Inc.)
Canon Utilities ZoomBrowser EX (Version: 6.2.0.29 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (Version: 1.2.0.9 - Canon Inc.)
CK Creative Clips and Fonts for Girls (Version: 5.3.2.61 - ©2003 Primedia Inc, all rights reserved.)
Compaq Connections (remove only) (Version:  - )
Compaq Organize (Version:  - )
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000 - Microsoft Corporation)
CP_AtenaShokunin1Config (Version: 60.0.155.000 - Hewlett-Packard) Hidden
CP_CalendarTemplates1 (Version: 60.0.155.000 - Hewlett-Packard) Hidden
cp_LightScribeConfig (Version: 60.0.155.000 - Hewlett-Packard) Hidden
cp_OnlineProjectsConfig (Version: 60.0.155.000 - Hewlett-Packard) Hidden
CP_Package_Basic1 (Version: 60.0.155.000 - Hewlett-Packard) Hidden
CP_Package_Variety1 (Version: 60.0.155.000 - Hewlett-Packard) Hidden
CP_Package_Variety2 (Version: 60.0.155.000 - Hewlett-Packard) Hidden
CP_Package_Variety3 (Version: 60.0.155.000 - Hewlett-Packard) Hidden
CP_Panorama1Config (Version: 60.0.155.000 - Hewlett-Packard) Hidden
cp_PosterPrintConfig (Version: 60.0.155.000 - Hewlett-Packard) Hidden
cp_UpdateProjectsConfig (Version: 60.0.155.000 - Hewlett-Packard) Hidden
Creative Lettering Combo (Version:  - )
Creative Lettering Super Combo (Version: 3.0.3.63 - ©2002 Primedia Inc, all rights reserved.)
CueTour (Version: 60.0.155.000 - Hewlett-Packard) Hidden
Customer Experience Enhancement (Version: Customer Experience Enhancement -1.0.0.1680 - Hewlett-Packard)
Customer Experience Enhancement (Version: Customer Experience Enhancement -1.0.0.1680 - Hewlett-Packard) Hidden
CutePDF Writer 2.8 (Version:  - )
DefaultTab (Version: 1.2.8.0 - Search Results, LLC) <==== ATTENTION
Destinations (Version: 60.0.155.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Dollhouse (Version: 1.0 - Disney Interactive)
DVDFab 6.0.6.0 (04/09/2009) (Version:  - Fengtao Software Inc.)
EZ Fonts (Version: 1.0.0 - EZ Fonts)
FullDPAppQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Garmin TOPO U.S. 2008 (Version: 4.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (Version: 2.4.1.1 - Garmin Ltd or its subsidiaries)
Google Chrome (Version: 32.0.1700.76 - Google Inc.)
Google SketchUp (Version: 5.0.305 - )
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000 - Microsoft Corporation)
HP Boot Optimizer (Version: 2.0.5.1 - Hewlett-Packard Company)
HP DVD Play 1.0 (Version:  - )
HP Imaging Device Functions 6.0 (Version: 6.0 - HP)
hp LaserJet 1000 (Version:  - )
HP Photosmart Premier Software 6.0 (Version: 6.0 - HP)
HP Software Update (Version: 3.0.6.002 - HEWLET~1|Hewlett-Packard)
HP Support Overview (Version: 1.0.0 - Hewlett-Packard Company)
HP Web Helper (Version:  - )
HpSdpAppCoreApp (Version: 3.00.0000 - Hewlett-Packard) Hidden
InstantShareDevices (Version: 60.0.155.000 - Hewlett-Packard) Hidden
iPod for Windows 2005-06-26 (Version: 3.8.0 - Apple Computer, Inc.)
iPod for Windows 2005-06-26 (Version: 3.8.0 - Apple Computer, Inc.) Hidden
iTunes (Version: 11.0.1.12 - Apple Inc.)
J2SE Runtime Environment 5.0 Update 5 (Version: 1.5.0.50 - Sun Microsystems, Inc.)
Java 6 Update 17 (Version: 6.0.170 - Sun Microsystems, Inc.)
LeapFrog Connect (Version: 4.2.9.15649 - LeapFrog)
LeapFrog Connect (Version: 4.2.9.15649 - LeapFrog) Hidden
LeapFrog Tag Junior Plugin (Version: 4.2.9.15649 - LeapFrog) Hidden
LightScribe  1.8.15.1 (Version: 1.8.15.1 - http://www.lightscribe.com) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2656353) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2656370) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1 - Microsoft Corporation)
Microsoft Home Publishing 2000 (Version: 4.0.0000 - Microsoft Corporation)
Microsoft Internationalized Domain Names Mitigation APIs (Version:  - Microsoft Corporation) Hidden
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version:  - Microsoft Corporation) Hidden
Microsoft National Language Support Downlevel APIs (Version:  - Microsoft Corporation) Hidden
Microsoft Office XP Media Content (Version: 10.0.2619.0 - Microsoft Corporation)
Microsoft Office XP Professional (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) (Version: 8.00.761 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.9 (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WinUsb 1.0 (Version:  - Microsoft Corporation)
Move Networks Media Player for Internet Explorer (Version:  - )
MovieEdit Task (Version: 1.1.1.41 - Canon) Hidden
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero Media Player (Version:  - )
Nero OEM (Version:  - )
NeroVision Express 2 (Version:  - )
neroxml (Version: 1.0.0 - Nero AG) Hidden
NVIDIA Drivers (Version:  - )
OptionalContentQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
PC-Doctor 5 for Windows (Version: 5.00.3311.03 - PC-Doctor, Inc.)
PhotoGallery (Version: 60.0.155.000 - Hewlett-Packard) Hidden
PhotoStitch (Version: 3.1.13 - Canon) Hidden
PL-2303 USB-to-Serial (Version:  - )
QuickConnect (Version: 3.6 - Qwest) Hidden
QuickTime (Version: 7.71.80.42 - Apple Inc.)
RandMap (Version: 60.0.155.000 - Hewlett-Packard) Hidden
RAW Image Task 1.0 (Version: 1.0 - Canon) Hidden
RealPlayer (Version:  - )
Realtek High Definition Audio Driver (Version:  - Realtek Semiconductor Corp.)
Sheet Music Plus Digital Print (Version: 255.11.14 - Sheet Music Plus, LLC) Hidden
Sheet Music Plus Digital Print (Version: v2011.11.14 - Sheet Music Plus, LLC)
SkinsHP1 (Version: 60.0.155.000 - Hewlett-Packard) Hidden
Sonic Express Labeler (Version: 2.1.0 - Sonic Solutions)
Sonic MyDVD Plus (Version: 6.2.0 - Sonic Solutions)
Sonic RecordNow Audio (Version: 2.0.4 - Sonic Solutions)
Sonic RecordNow Copy (Version: 2.0.4 - Sonic Solutions)
Sonic RecordNow Data (Version: 2.0.4 - Sonic Solutions)
Sonic Update Manager (Version: 3.0.0 - Sonic Solutions)
Sonic_PrimoSDK (Version: 60.0.155.000 - Hewlett-Packard) Hidden
Sony DVD Architect Studio 3.0b (Version: 3.0.93 - Sony)
Sony Vegas Movie Studio 6.0b (Version: 6.0.126 - Sony)
SUPERAntiSpyware Free Edition (Version: 4.24.0.1004 - SUPERAntiSpyware.com)
Symantec KB-DocID:2003093015493306 (Version: 1.0.0.1 - Symantec Corporation) Hidden
The Font Factory (Version:  - )
TOPO! (Version:  - )
TOPO! (Version: 03.04.3000 - National Geographic Maps)
TOPO! (Version: 03.04.3000 - National Geographic Maps) Hidden
TurboTax 2011 (Version:  - Intuit, Inc)
TurboTax 2011 WinPerFedFormset (Version: 011.000.2999 - Intuit Inc.) Hidden
TurboTax 2011 WinPerReleaseEngine (Version: 011.000.0474 - Intuit Inc.) Hidden
TurboTax 2011 WinPerTaxSupport (Version: 011.000.0214 - Intuit Inc.) Hidden
TurboTax 2011 wrapper (Version: 011.000.0121 - Intuit Inc.) Hidden
TurboTax 2011 wutiper (Version: 011.000.1401 - Intuit Inc.) Hidden
TurboTax 2012 (Version: 2012.0 - Intuit, Inc)
TurboTax 2012 WinPerFedFormset (Version: 012.000.2114 - Intuit Inc.) Hidden
TurboTax 2012 WinPerReleaseEngine (Version: 012.000.0451 - Intuit Inc.) Hidden
TurboTax 2012 WinPerTaxSupport (Version: 012.000.0179 - Intuit Inc.) Hidden
TurboTax 2012 wrapper (Version: 012.000.0127 - Intuit Inc.) Hidden
TurboTax 2012 wutiper (Version: 012.000.1329 - Intuit Inc.) Hidden
TurboTax Premier 2007 (Version:  - )
Unload (Version: 6.0.0 - Hewlett-Packard) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 7 (KB980182) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951072-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB953356) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955839) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (Version: 1 - Microsoft Corporation)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Junior Plugin) (Version:  - LeapFrog)
Viewpoint Media Player (Version:  - )
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Driver Package - LeapFrog (FlyUsb) USB  (11/05/2008 1.1.1.0) (Version: 11/05/2008 1.1.1.0 - LeapFrog)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Internet Explorer 7 (Version: 20061107.210142 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows Mobile Device Updater Component (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Windows XP Service Pack 3 (Version: 20080414.031525 - Microsoft Corporation)
WLTB Custom Buttons (Version: 1.0.0 - Microsoft)
Zune (Version: 04.08.2345.00 - Microsoft Corporation)
Zune (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CHS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CHT) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CSY) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (DAN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (DEU) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ELL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ESP) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (FIN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (FRA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (HUN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (IND) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ITA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (JPN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (KOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (MSL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (NLD) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (NOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PLK) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PTB) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PTG) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (RUS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (SVE) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

19-10-2013 17:00:32 System Checkpoint
20-10-2013 17:59:26 System Checkpoint
21-10-2013 19:11:27 System Checkpoint
22-10-2013 19:59:27 System Checkpoint
23-10-2013 20:59:30 System Checkpoint
24-10-2013 21:00:40 System Checkpoint
25-10-2013 21:59:28 System Checkpoint
26-10-2013 23:00:33 System Checkpoint
27-10-2013 23:59:28 System Checkpoint
29-10-2013 00:08:49 System Checkpoint
30-10-2013 00:27:30 System Checkpoint
31-10-2013 00:38:49 System Checkpoint
01-11-2013 01:27:39 System Checkpoint
02-11-2013 02:27:41 System Checkpoint
03-11-2013 03:27:40 System Checkpoint
04-11-2013 04:27:44 System Checkpoint
05-11-2013 05:27:41 System Checkpoint
06-11-2013 06:27:41 System Checkpoint
07-11-2013 07:27:50 System Checkpoint
08-11-2013 08:27:41 System Checkpoint
09-11-2013 09:27:40 System Checkpoint
10-11-2013 10:27:40 System Checkpoint
11-11-2013 11:27:42 System Checkpoint
12-11-2013 12:27:40 System Checkpoint
13-11-2013 13:27:41 System Checkpoint
14-11-2013 15:03:49 System Checkpoint
15-11-2013 15:28:46 System Checkpoint
16-11-2013 15:50:57 System Checkpoint
17-11-2013 16:53:35 System Checkpoint
18-11-2013 17:28:42 System Checkpoint
19-11-2013 18:29:08 System Checkpoint
20-11-2013 18:44:32 System Checkpoint
21-11-2013 19:27:42 System Checkpoint
22-11-2013 19:31:50 System Checkpoint
23-11-2013 20:27:35 System Checkpoint
24-11-2013 21:27:35 System Checkpoint
25-11-2013 21:34:35 System Checkpoint
26-11-2013 22:27:36 System Checkpoint
27-11-2013 22:53:15 System Checkpoint
28-11-2013 23:54:17 System Checkpoint
30-11-2013 00:39:20 System Checkpoint
01-12-2013 00:40:35 System Checkpoint
02-12-2013 01:26:51 System Checkpoint
03-12-2013 02:27:09 System Checkpoint
04-12-2013 03:26:51 System Checkpoint
05-12-2013 04:31:55 System Checkpoint
06-12-2013 05:25:58 System Checkpoint
07-12-2013 05:26:44 System Checkpoint
08-12-2013 06:25:33 System Checkpoint
08-12-2013 23:42:38 Removed Data Lifeguard Diagnostic for Windows
08-12-2013 23:45:42 Removed Qwest QuickAssist Desktop Tools
08-12-2013 23:46:57 Removed Qwest Installer
09-12-2013 03:17:15 Printer Driver hp LaserJet 1000 Installed
09-12-2013 03:18:13 Printer Driver hp LaserJet 1000 DOS Installed
09-12-2013 03:18:35 Printer Driver hp LaserJet 1000 Installed
09-12-2013 03:55:40 Printer Driver hp LaserJet 1000 Installed
09-12-2013 03:55:53 Printer Driver hp LaserJet 1000 Installed
09-12-2013 03:56:04 Printer Driver hp LaserJet 1000 DOS Installed
09-12-2013 03:56:14 Printer Driver hp LaserJet 1000 Installed
10-12-2013 04:18:39 System Checkpoint
11-12-2013 05:18:41 System Checkpoint
12-12-2013 06:18:40 System Checkpoint
12-12-2013 06:48:03 Software Distribution Service 3.0
12-12-2013 06:50:30 Installed Zune 4.8
13-12-2013 00:29:10 Installed Windows XP Wudf01009.
13-12-2013 00:31:03 Installed Windows XP winusb0100.
13-12-2013 00:31:54 Installed Windows XP winusb0100.
13-12-2013 04:51:08 Installed Windows XP winusb0100.
14-12-2013 05:41:20 System Checkpoint
15-12-2013 06:41:13 System Checkpoint
16-12-2013 07:41:11 System Checkpoint
17-12-2013 10:00:30 System Checkpoint
18-12-2013 10:41:12 System Checkpoint
19-12-2013 11:41:27 System Checkpoint
20-12-2013 12:41:12 System Checkpoint
21-12-2013 13:41:07 System Checkpoint
22-12-2013 14:24:13 System Checkpoint
23-12-2013 14:41:11 System Checkpoint
24-12-2013 15:41:10 System Checkpoint
25-12-2013 16:53:09 System Checkpoint
26-12-2013 17:42:22 System Checkpoint
27-12-2013 17:46:21 System Checkpoint
28-12-2013 18:41:06 System Checkpoint
29-12-2013 19:41:06 System Checkpoint
30-12-2013 20:41:07 System Checkpoint
31-12-2013 21:41:06 System Checkpoint
01-01-2014 22:41:05 System Checkpoint
02-01-2014 23:53:12 System Checkpoint
04-01-2014 00:41:06 System Checkpoint
05-01-2014 01:41:05 System Checkpoint
06-01-2014 03:24:26 System Checkpoint
07-01-2014 06:02:31 System Checkpoint
08-01-2014 06:41:18 System Checkpoint
09-01-2014 07:57:54 System Checkpoint
10-01-2014 08:36:22 System Checkpoint
11-01-2014 09:36:23 System Checkpoint
12-01-2014 10:36:21 System Checkpoint
13-01-2014 03:29:20 Removed Google Earth.
14-01-2014 03:42:56 System Checkpoint
15-01-2014 06:12:52 Avira AntiVir Personal - 1/14/2014 23:12
16-01-2014 06:46:34 System Checkpoint

==================== Hosts content: ==========================

2004-08-03 21:00 - 2004-08-03 21:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\Disk Cleanup.job => C:\WINDOWS\system32\cleanmgr.exe
Task: C:\WINDOWS\Tasks\DTReg.job => C:\Documents and Settings\Compaq_Owner\Application Data\DefaultTab\DefaultTab\DTReg.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\tlnbqvkm.job => C:\WINDOWS\system32\cbXoNfed.dll
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{8E5A2F72-311D-4163-85DB-F11B984F3697}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2012-01-03 23:15 - 2009-11-05 08:39 - 00087552 _____ () C:\WINDOWS\system32\cpwmon2k.dll
2014-01-14 23:13 - 2008-01-22 18:28 - 00339968 _____ () C:\Program Files\Avira\AntiVir PersonalEdition Classic\sqlite3.dll
2014-01-06 21:16 - 2014-01-06 21:16 - 00026112 _____ () C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Ukrmmedia\BoostApint5.dll
2007-02-16 16:40 - 2007-02-16 16:40 - 01466368 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll
2007-02-16 16:40 - 2007-02-16 16:40 - 05521408 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll
2014-01-14 23:13 - 2007-08-24 16:38 - 00077312 _____ () C:\Program Files\Avira\AntiVir PersonalEdition Classic\unacev2.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2006-02-21 21:23 - 2007-09-22 15:41 - 00361328 _____ () C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcnet.dll
2006-02-21 20:41 - 2006-05-09 21:50 - 00466944 _____ () C:\WINDOWS\system32\nvshell.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot => "AlternateShell"=""

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (01/15/2014 11:00:36 PM) (Source: Application Error) (User: )
Description: Faulting application update.exe, version 1.6.0.3, faulting module kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.
Processing media-specific event for [update.exe!ws!]

Error: (01/15/2014 08:40:31 PM) (Source: Application Error) (User: )
Description: Faulting application frst.exe, version 0.0.0.0, faulting module frst.exe, version 0.0.0.0, fault address 0x0001fcbe.
Processing media-specific event for [frst.exe!ws!]

Error: (01/15/2014 01:58:40 AM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x100032bb.
Processing media-specific event for [explorer.exe!ws!]

Error: (01/14/2014 11:00:29 PM) (Source: Application Error) (User: )
Description: Faulting application update.exe, version 1.6.0.3, faulting module kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.
Processing media-specific event for [update.exe!ws!]

Error: (01/14/2014 10:39:09 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/13/2014 07:38:11 PM) (Source: Application Error) (User: )
Description: Faulting application update.exe, version 1.6.0.3, faulting module kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.
Processing media-specific event for [update.exe!ws!]

Error: (01/12/2014 07:39:18 PM) (Source: Application Error) (User: )
Description: Faulting application update.exe, version 1.6.0.3, faulting module kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.
Error in creating result PEAP-TLV in response to received PEAP-TLV (update.exe!ld!)

Error: (01/12/2014 07:38:13 PM) (Source: Application Error) (User: )
Description: Faulting application update.exe, version 1.6.0.3, faulting module kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.
Processing media-specific event for [update.exe!ws!]

Error: (01/12/2014 06:49:03 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/10/2014 03:01:10 PM) (Source: Application Error) (User: )
Description: Faulting application update.exe, version 1.6.0.1, faulting module kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.
Processing media-specific event for [update.exe!ws!]

System errors:
=============
Error: (01/16/2014 09:01:51 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (01/15/2014 07:37:48 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (01/15/2014 00:43:21 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (01/14/2014 11:37:00 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (01/14/2014 11:00:37 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (01/14/2014 07:38:11 PM) (Source: Service Control Manager) (User: )
Description: The DefaultTabUpdate service terminated with the following error:
%%3

Error: (01/12/2014 07:39:33 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (01/12/2014 03:01:10 PM) (Source: Service Control Manager) (User: )
Description: The DefaultTabUpdate service terminated with the following error:
%%3

Error: (01/09/2014 06:33:00 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
iaStor
IntelIde
ViaIde

Error: (01/09/2014 06:33:00 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Microsoft Office Sessions:
=========================
Error: (01/15/2014 11:00:36 PM) (Source: Application Error)(User: )
Description: update.exe1.6.0.3kernel32.dll5.1.2600.578100012afb

Error: (01/15/2014 08:40:31 PM) (Source: Application Error)(User: )
Description: frst.exe0.0.0.0frst.exe0.0.0.00001fcbe

Error: (01/15/2014 01:58:40 AM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.5512unknown0.0.0.0100032bb

Error: (01/14/2014 11:00:29 PM) (Source: Application Error)(User: )
Description: update.exe1.6.0.3kernel32.dll5.1.2600.578100012afb

Error: (01/14/2014 10:39:09 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (01/13/2014 07:38:11 PM) (Source: Application Error)(User: )
Description: update.exe1.6.0.3kernel32.dll5.1.2600.578100012afb

Error: (01/12/2014 07:39:18 PM) (Source: Application Error)(User: )
Description: update.exe1.6.0.3kernel32.dll5.1.2600.578100012afb

Error: (01/12/2014 07:38:13 PM) (Source: Application Error)(User: )
Description: update.exe1.6.0.3kernel32.dll5.1.2600.578100012afb

Error: (01/12/2014 06:49:03 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (01/10/2014 03:01:10 PM) (Source: Application Error)(User: )
Description: update.exe1.6.0.1kernel32.dll5.1.2600.578100012afb

==================== Memory info ===========================

Percentage of memory in use: 47%
Total physical RAM: 1470.38 MB
Available physical RAM: 767.05 MB
Total Pagefile: 2790.48 MB
Available Pagefile: 2007.23 MB
Total Virtual: 2047.88 MB
Available Virtual: 1933.43 MB

==================== Drives ================================

Drive c: (PRESARIO) (Fixed) (Total:141.92 GB) (Free:7.67 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (PRESARIO_RP) (Fixed) (Total:7.1 GB) (Free:0.38 GB) FAT32 ==>[Drive with boot components (Windows XP)]
Drive k: (My Book) (Fixed) (Total:931.28 GB) (Free:748.74 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149 GB) (Disk ID: CAB10BEE)
Partition 00: (Not Active) - (Size=0) - (Type=00) ATTENTION ===> 0 byte partition bootkit.
Partition 1: (Active) - (Size=142 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=7 GB) - (Type=0C)

========================================================
Disk: 5 (Size: 932 GB) (Disk ID: E8900690)
Partition 1: (Not Active) - (Size=932 GB) - (Type=0C)

==================== End Of Log ============================

 

 

Thank you for your help and please let me know how to proceed.

Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.


The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 

  • Double click on AdwCleaner.exe to run the tool.
  • Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Uncheck any elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review.
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted (if necessary):
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

Next,

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Full scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced logs, also let me know if any remaining issues or concerns..

 

Kevin

 

 

 

fixlist.txt

Link to post
Share on other sites

Scan with fixlist

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-01-2014 03
Ran by Compaq_Owner (administrator) on ELKNUT on 17-01-2014 17:27:55
Running from C:\Documents and Settings\Compaq_Owner\Desktop\Farbar Recovery Scan
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) ===================

(Avira GmbH) C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
(Ahead Software AG) C:\Program Files\Nero\Nero BackItUp\NBJ.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Microsoft Corporation) C:\WINDOWS\system32\regsvr32.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(LeapFrog Enterprises, Inc.) C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
() C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneBusEnum.exe
(Canon Inc.) C:\Program Files\Canon\CAL\CALMAIN.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
(Zenographics) C:\WINDOWS\system32\zstatus.exe
(Search Results, LLC) C:\Documents and Settings\Compaq_Owner\Application Data\DefaultTab\DefaultTab\update.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvCplDaemon] - C:\WINDOWS\system32\NvCpl.dll [7311360 2006-05-09] (NVIDIA Corporation)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [Zune Launcher] - c:\Program Files\Zune\ZuneLauncher.exe [159456 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [userFaultCheck] - %systemroot%\system32\dumprep 0 -u
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [266497 2008-06-12] (Avira GmbH)
HKLM\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKCU\...\Run: [NBJ] - C:\Program Files\Nero\Nero BackItUp\NBJ.exe [2048000 2006-09-15] (Ahead Software AG)
HKCU\...\Run: [sUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5625624 2014-01-08] (SUPERAntiSpyware)
HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [451872 2007-07-18] (Hewlett-Packard Company)
HKCU\...\Run: [bcshcr] - C:\WINDOWS\system32\rundll32.exe  [33280 2008-04-13] (Microsoft Corporation)
HKU\Administrator\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [ 2008-04-13] (Microsoft Corporation)
HKU\Administrator\...\RunOnce: [NeroHomeFirstStart] - "C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe"
HKU\Default User\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [ 2008-04-13] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [NeroHomeFirstStart] - "C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe"
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Pin.lnk
ShortcutTarget: Pin.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk
ShortcutTarget: Pin.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ksl.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =
URLSearchHook: HKCU - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} -  No File
SearchScopes: HKCU - DefaultScope {6C711DC6-6268-4496-9309-15276A58EBD0} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7ADFA_enUS447
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&q={searchTerms}
SearchScopes: HKCU - {6C711DC6-6268-4496-9309-15276A58EBD0} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7ADFA_enUS447
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO: DefaultTab Browser Helper - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Documents and Settings\Compaq_Owner\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
BHO: Related Searches - {96A25A24-2E87-4374-8A50-CC6F943FCE4D} - C:\Documents and Settings\Compaq_Owner\Application Data\DefaultTab\DefaultTab\Apps\RelatedLinksBHO.dll (Search Results)
BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (TODO: <Company name>)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Related Searches - {96A25A24-2E87-4374-8A50-CC6F943FCE4D} - C:\Documents and Settings\Compaq_Owner\Application Data\DefaultTab\DefaultTab\Apps\RelatedLinksBHO.dll (Search Results)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\Windows\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E3E02F12-2ADB-478C-8742-5F0819F9F0F4} http://qmedia.xlontech.net/100170/sdk/latest/qsp2ie06041001.cab
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2014-01-08] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.25

Chrome:
=======
CHR HomePage:
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\32.0.1700.72\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\32.0.1700.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\32.0.1700.72\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.170.4) - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java Platform SE 6 U17) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (NPCIG.dll) - C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (YouTube) - C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-02]
CHR Extension: (ChromeUpdateManager) - C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cdjbnddbclciabnckgeahmneohjlahdm [2014-01-08]
CHR Extension: (Google Search) - C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-02]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-15]
CHR Extension: (Gmail) - C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-02]
CHR HKLM\...\Chrome\Extension: [cdjbnddbclciabnckgeahmneohjlahdm] - C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\7c796e98-3a9e-4c6c-88e9-e01fe206df4d.crx [2013-01-03]

========================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2008-11-05] ()
R2 AntiVirScheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [68865 2008-10-15] (Avira GmbH)
R2 AntiVirService; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [151297 2008-10-15] (Avira GmbH)
R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96334 2009-09-08] (Canon Inc.)
S2 DefaultTabUpdate; C:\Documents and Settings\Compaq_Owner\Application Data\DefaultTab\DefaultTab\DTUpdate.exe [107520 2012-10-22] ()
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2010-03-26] (Sun Microsystems, Inc.)
S3 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [66112 2002-12-17] (Microsoft Corporation)
R2 Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [1247600 2007-09-22] ()
R2 ZuneBusEnum; c:\Program Files\Zune\ZuneBusEnum.exe [57056 2011-08-05] (Microsoft Corporation)
S3 MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -sSONY_MEDIAMGR [x]
S3 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [x]
S3 Smsiheitaisu;
S3 SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -i SONY_MEDIAMGR [x]

==================== Drivers (Whitelisted) ====================

R1 AmdK8; C:\Windows\System32\DRIVERS\AmdK8.sys [36352 2005-03-09] (Advanced Micro Devices)
R1 avgio; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [11840 2007-02-27] (Avira GmbH)
R3 avgntflt; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [52032 2008-05-20] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [75072 2008-10-30] (Avira GmbH)
R0 bb-run; C:\Windows\System32\DRIVERS\bb-run.sys [17408 2003-11-05] (Promise Technology, Inc.)
S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [18560 2012-09-28] (LeapFrog)
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [61704 2011-03-18] (FTDI Ltd.)
R0 ftsata2; C:\Windows\System32\DRIVERS\ftsata2.sys [175104 2005-06-29] (Promise Technology, Inc.)
R3 NVENETFD; C:\Windows\System32\DRIVERS\NVENETFD.sys [34048 2005-07-29] (NVIDIA Corporation)
R3 nvnetbus; C:\Windows\System32\DRIVERS\nvnetbus.sys [12928 2005-07-29] (NVIDIA Corporation)
S3 RT25USBAP; C:\Windows\System32\DRIVERS\rt25usbap.sys [162816 2006-04-09] (Ralink Technology Inc.)
S3 rtl8139; C:\Windows\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12872 2010-03-20] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SASENUM; C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [12872 2010-03-20] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [67664 2014-01-08] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28352 2007-03-01] (Avira GmbH)
R2 symlcbrd; C:\WINDOWS\system32\drivers\symlcbrd.sys [10344 2006-02-21] (Symantec Corporation)
S3 W8335XP; C:\Windows\System32\DRIVERS\MRV8335XP.sys [280576 2006-09-22] (Marvell Semiconductor, Inc)
S3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
R2 zumbus; C:\Windows\System32\DRIVERS\zumbus.sys [41472 2011-08-05] (Microsoft Corporation)
U5 P3; C:\Windows\System32\Drivers\P3.sys [42752 2008-04-13] (Microsoft Corporation)
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-01-15 20:39 - 2014-01-17 17:27 - 00000000 ____D C:\FRST
2014-01-15 20:37 - 2014-01-17 17:27 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Desktop\Farbar Recovery Scan
2014-01-15 02:01 - 2014-01-15 02:01 - 00004050 _____ C:\Documents and Settings\Compaq_Owner\Desktop\RKreport[0]_S_01152014_020134.txt
2014-01-15 01:58 - 2014-01-15 02:01 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Desktop\RK_Quarantine
2014-01-15 00:45 - 2014-01-15 01:22 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Desktop\mbam
2014-01-14 23:13 - 2014-01-14 23:13 - 00001859 _____ C:\Documents and Settings\All Users\Desktop\AntiVir PE Classic.lnk
2014-01-14 23:13 - 2014-01-14 23:13 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AntiVir PersonalEdition Classic
2014-01-14 23:13 - 2014-01-14 23:13 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Avira
2014-01-14 23:13 - 2008-10-30 10:21 - 00075072 _____ (Avira GmbH) C:\WINDOWS\system32\Drivers\avipbb.sys
2014-01-14 23:13 - 2008-05-09 12:15 - 00045376 _____ (Avira GmbH) C:\WINDOWS\system32\Drivers\avgntdd.sys
2014-01-14 23:13 - 2008-01-21 17:11 - 00022336 _____ (Avira GmbH) C:\WINDOWS\system32\Drivers\avgntmgr.sys
2014-01-14 23:13 - 2007-03-01 09:34 - 00028352 _____ (Avira GmbH) C:\WINDOWS\system32\Drivers\ssmdrv.sys
2014-01-14 23:11 - 2014-01-14 23:11 - 00000075 _____ C:\Documents and Settings\Compaq_Owner\Application Data\mbam.context.scan
2014-01-12 22:08 - 2014-01-12 22:08 - 00001804 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2014-01-12 22:08 - 2014-01-12 22:08 - 00001742 _____ C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
2014-01-10 15:01 - 2014-01-17 17:00 - 00000488 _____ C:\WINDOWS\Tasks\DTReg.job
2014-01-06 21:16 - 2014-01-06 21:17 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Ukrmmedia
2014-01-06 10:07 - 2014-01-06 10:07 - 00012288 _____ C:\Documents and Settings\Compaq_Owner\My Documents\whit party.php
2013-12-31 21:11 - 2008-04-13 18:11 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\hidserv.dll
2013-12-31 21:11 - 2008-04-13 18:11 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidserv.dll
2013-12-31 21:11 - 2008-04-13 12:45 - 00010368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys
2013-12-31 21:11 - 2008-04-13 12:45 - 00010368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidusb.sys

==================== One Month Modified Files and Folders =======

2014-01-17 17:27 - 2014-01-15 20:39 - 00000000 ____D C:\FRST
2014-01-17 17:27 - 2014-01-15 20:37 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Desktop\Farbar Recovery Scan
2014-01-17 17:24 - 2010-04-05 13:02 - 00000406 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{8E5A2F72-311D-4163-85DB-F11B984F3697}.job
2014-01-17 17:15 - 2009-12-26 09:03 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe
2014-01-17 17:03 - 2010-10-15 04:35 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-17 17:02 - 2012-12-26 12:47 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-01-17 17:00 - 2014-01-10 15:01 - 00000488 _____ C:\WINDOWS\Tasks\DTReg.job
2014-01-17 15:25 - 2009-01-20 19:54 - 02026620 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-17 15:19 - 2005-12-04 17:05 - 00032402 _____ C:\WINDOWS\SchedLgU.Txt
2014-01-17 14:00 - 2006-08-20 09:51 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Application Data\Adobe
2014-01-16 19:03 - 2010-10-15 04:35 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-16 17:45 - 2011-12-25 07:04 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-01-16 10:55 - 2010-04-06 13:33 - 00000000 ____D C:\Program Files\Microsoft Home Publishing 2000
2014-01-16 10:55 - 2008-08-25 21:15 - 00002489 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
2014-01-15 02:01 - 2014-01-15 02:01 - 00004050 _____ C:\Documents and Settings\Compaq_Owner\Desktop\RKreport[0]_S_01152014_020134.txt
2014-01-15 02:01 - 2014-01-15 01:58 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Desktop\RK_Quarantine
2014-01-15 01:49 - 2012-02-26 21:31 - 00000836 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-15 01:48 - 2010-04-06 13:33 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-15 01:29 - 2010-04-06 13:33 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-01-15 01:22 - 2014-01-15 00:45 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Desktop\mbam
2014-01-15 01:00 - 2009-01-15 15:55 - 00000330 _____ C:\WINDOWS\Tasks\tlnbqvkm.job
2014-01-15 00:42 - 2006-02-21 20:41 - 00043531 _____ C:\WINDOWS\system32\nvapps.xml
2014-01-15 00:42 - 2005-12-04 17:05 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-15 00:42 - 2005-12-04 08:46 - 00000159 _____ C:\WINDOWS\wiadebug.log
2014-01-15 00:42 - 2005-12-04 08:46 - 00000049 _____ C:\WINDOWS\wiaservc.log
2014-01-15 00:39 - 2006-07-07 18:20 - 00000278 ___SH C:\Documents and Settings\Compaq_Owner\ntuser.ini
2014-01-14 23:13 - 2014-01-14 23:13 - 00001859 _____ C:\Documents and Settings\All Users\Desktop\AntiVir PE Classic.lnk
2014-01-14 23:13 - 2014-01-14 23:13 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AntiVir PersonalEdition Classic
2014-01-14 23:13 - 2014-01-14 23:13 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Avira
2014-01-14 23:13 - 2010-04-06 13:33 - 00000000 ____D C:\Program Files\Avira
2014-01-14 23:11 - 2014-01-14 23:11 - 00000075 _____ C:\Documents and Settings\Compaq_Owner\Application Data\mbam.context.scan
2014-01-14 18:21 - 2008-12-11 17:15 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\My Documents\ashley
2014-01-12 22:09 - 2006-08-20 09:51 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Adobe
2014-01-12 22:08 - 2014-01-12 22:08 - 00001804 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2014-01-12 22:08 - 2014-01-12 22:08 - 00001742 _____ C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
2014-01-12 22:07 - 2006-02-21 20:58 - 00000000 ____D C:\Program Files\Common Files\Adobe
2014-01-12 22:07 - 2006-02-21 20:58 - 00000000 ____D C:\Program Files\Adobe
2014-01-11 22:00 - 2011-04-25 21:13 - 00000274 _____ C:\WINDOWS\Tasks\Disk Cleanup.job
2014-01-09 18:30 - 2008-11-12 03:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB954459$
2014-01-08 21:04 - 2013-01-08 05:04 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2014-01-08 21:04 - 2009-01-19 12:59 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2014-01-06 21:17 - 2014-01-06 21:16 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Ukrmmedia
2014-01-06 20:35 - 2008-02-08 12:36 - 00157128 _____ C:\Documents and Settings\Compaq_Owner\Application Data\GDIPFONTCACHEV1.DAT
2014-01-06 10:07 - 2014-01-06 10:07 - 00012288 _____ C:\Documents and Settings\Compaq_Owner\My Documents\whit party.php
2014-01-05 22:36 - 2010-05-07 20:37 - 00095572 ____H C:\WINDOWS\system32\mlfcache.dat
2013-12-31 21:11 - 2013-10-19 17:34 - 00120927 _____ C:\WINDOWS\setupapi.log

Some content of TEMP:
====================
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\2SKKKKKKK.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\AskSLib.dll
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\converter.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\GoogleToolbarInstaller_en32_signed.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\HSS-2.53-install-plain-441-silent.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\incredibar_installer.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\install_reader11_en_gtbd_chrd_dn_aaa_aih[1].exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Java_Update_56d5d823.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\jre-7u15-windows-i586-iftw.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\jre-7u21-windows-i586-iftw.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\jre-7u25-windows-i586-iftw.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\jre-7u40-windows-i586-iftw.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\mny1AC.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\ntdll_dump.dll
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\PricePeep_BetterInstaller_2012-10-02.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\SSUPDATE.EXE
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\_is18F.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\_is190.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\_is191.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\_is251.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\_is252.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\_is253.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\_is2DD.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\_is5F2.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\_is5F3.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\_is5F4.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\_is91.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\_is92.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\_is93.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

Fixlog

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 17-01-2014 03
Ran by Compaq_Owner at 2014-01-17 17:36:18 Run:2
Running from C:\Documents and Settings\Compaq_Owner\Desktop\Farbar Recovery Scan
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
HKCU\...\Run: [bcshcr] - C:\WINDOWS\system32\rundll32.exe  [33280 2008-04-13] (Microsoft Corporation)
S3 Smsiheitaisu;
2014-01-15 01:00 - 2009-01-15 15:55 - 00000330 _____ C:\WINDOWS\Tasks\tlnbqvkm.job
C:\WINDOWS\system32\cbXoNfed.dll
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\2SKKKKKKK.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\AskSLib.dll
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\converter.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\GoogleToolbarInstaller_en32_signed.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\HSS-2.53-install-plain-441-silent.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\incredibar_installer.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\install_reader11_en_gtbd_chrd_dn_aaa_aih[1].exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Java_Update_56d5d823.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\jre-7u15-windows-i586-iftw.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\jre-7u21-windows-i586-iftw.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\jre-7u25-windows-i586-iftw.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\jre-7u40-windows-i586-iftw.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\mny1AC.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\ntdll_dump.dll
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\PricePeep_BetterInstaller_2012-10-02.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\SSUPDATE.EXE
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\_is18F.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\_is190.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\_is191.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\_is251.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\_is252.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\_is253.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\_is2DD.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\_is5F2.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\_is5F3.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\_is5F4.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\_is91.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\_is92.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\_is93.exe
End
*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\bcshcr => Value deleted successfully.
Smsiheitaisu => Service deleted successfully.
C:\WINDOWS\Tasks\tlnbqvkm.job => Moved successfully.
"C:\WINDOWS\system32\cbXoNfed.dll" => File/Directory not found.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\2SKKKKKKK.exe => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\AskSLib.dll => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\converter.exe => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\GoogleToolbarInstaller_en32_signed.exe => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\HSS-2.53-install-plain-441-silent.exe => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\incredibar_installer.exe => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\install_reader11_en_gtbd_chrd_dn_aaa_aih[1].exe => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Java_Update_56d5d823.exe => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\jre-7u15-windows-i586-iftw.exe => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\jre-7u21-windows-i586-iftw.exe => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\jre-7u25-windows-i586-iftw.exe => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\jre-7u40-windows-i586-iftw.exe => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\mny1AC.exe => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\ntdll_dump.dll => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\PricePeep_BetterInstaller_2012-10-02.exe => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\SSUPDATE.EXE => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\_is18F.exe => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\_is190.exe => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\_is191.exe => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\_is251.exe => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\_is252.exe => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\_is253.exe => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\_is2DD.exe => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\_is5F2.exe => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\_is5F3.exe => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\_is5F4.exe => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\_is91.exe => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\_is92.exe => Moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\_is93.exe => Moved successfully.

==== End of Fixlog ====

Link to post
Share on other sites

# AdwCleaner v3.017 - Report created 18/01/2014 at 14:55:44
# Updated 12/01/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Compaq_Owner - ELKNUT
# Running from : C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\L4CY2AYE\AdwCleaner[1].exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : DefaultTabUpdate

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\PC Optimizer Pro
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\open it!
Folder Deleted : C:\Program Files\openit
Folder Deleted : C:\Program Files\Viewpoint
Folder Deleted : C:\Documents and Settings\Compaq_Owner\Application Data\DefaultTab
File Deleted : C:\Documents and Settings\All Users\Desktop\Open It!.lnk

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{38495740-0035-4471-851E-F5BBB86AB085}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BF0118D4-63FF-4138-9327-F3028FB1A578}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\pc optimizer pro
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OpenIt Open It!
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Google Chrome v32.0.1700.76

[ File : C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [5917 octets] - [18/01/2014 14:45:41]
AdwCleaner[s0].txt - [5978 octets] - [18/01/2014 14:55:44]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [6038 octets] ##########

Link to post
Share on other sites

Thank you so much for your help with all of this. It has taken me a while to complete your last set of instructions due to prior commitments, but I have finally completed the malwarebytes scan. I have posted the report below. Sorry it has taken me a little while to complete this.

 

The programs seem to be functioning just fine and I have not noticed any problems yet. Should I Clean out any prior restore points and set a new one, or do some kind of back up?

 

Thank you again for your help!

 

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.18.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Compaq_Owner :: ELKNUT [administrator]

1/18/2014 5:24:05 PM
mbam-log-2014-01-18 (17-24-05).txt

Scan type: Full scan (C:\|D:\|K:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 499312
Time elapsed: 5 hour(s), 13 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAD84EE2-624D-4e7c-A8BB-41EFD720FD77} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Digital Sites (PUP.Optional.Updater) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Documents and Settings\Compaq_Owner\Application Data\DigitalSites\UpdateProc (PUP.Optional.Updater) -> Quarantined and deleted successfully.

Files Detected: 64
C:\AdwCleaner\Quarantine\C\Documents and Settings\Compaq_Owner\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll.vir (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Documents and Settings\Compaq_Owner\Application Data\DefaultTab\DefaultTab\DefaultTabStart.exe.vir (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Documents and Settings\Compaq_Owner\Application Data\DefaultTab\DefaultTab\DefaultTabStart64.exe.vir (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Documents and Settings\Compaq_Owner\Application Data\DefaultTab\DefaultTab\DefaultTabWrap.dll.vir (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Documents and Settings\Compaq_Owner\Application Data\DefaultTab\DefaultTab\DefaultTabWrap64.dll.vir (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Documents and Settings\Compaq_Owner\Application Data\DefaultTab\DefaultTab\DTUpdate.exe.vir (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\PricePeep_BetterInstaller_2012-10-02.exe (PUP.Optional.PricePeep.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP2347\A0253318.dll (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP2347\A0253319.exe (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP2347\A0253320.exe (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP2347\A0253321.dll (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP2347\A0253322.dll (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP2349\A0253374.dll (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP2349\A0253375.exe (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP2349\A0253376.exe (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP2349\A0253377.dll (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP2349\A0253378.dll (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP2350\A0253398.dll (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP2350\A0253399.exe (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP2350\A0253400.exe (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP2350\A0253401.dll (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP2350\A0253402.dll (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP2351\A0253421.dll (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP2351\A0253417.dll (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP2351\A0253418.exe (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP2351\A0253419.exe (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP2351\A0253420.dll (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP2352\A0253472.dll (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP2352\A0253473.exe (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP2352\A0253474.exe (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP2352\A0253475.dll (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP2352\A0253476.dll (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP2353\A0253501.dll (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP2353\A0253502.exe (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP2353\A0253503.exe (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP2353\A0253504.dll (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP2353\A0253505.dll (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP2354\A0253524.dll (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP2354\A0253525.exe (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP2354\A0253526.exe (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP2354\A0253527.dll (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP2354\A0253528.dll (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP2374\A0254073.dll (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP2374\A0254074.exe (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP2374\A0254075.exe (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP2374\A0254076.dll (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP2374\A0254077.dll (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP2410\A0255216.dll (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP2410\A0255217.exe (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP2410\A0255218.exe (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP2410\A0255219.dll (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP2410\A0255220.dll (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP2445\A0256617.exe (PUP.Optional.JumpyApps) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP2445\A0256656.dll (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP2445\A0256657.exe (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP2445\A0256658.exe (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP2445\A0256659.dll (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP2445\A0256660.dll (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP2445\A0256663.exe (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\DigitalSites\UpdateProc\UpdateTask.exe (PUP.Optional.Updater) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\DigitalSites\UpdateProc\config.dat (PUP.Optional.Updater) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\DigitalSites\UpdateProc\prod.dat (PUP.Optional.Updater) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\DigitalSites\UpdateProc\STTL.DAT (PUP.Optional.Updater) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\DigitalSites\UpdateProc\TTL.DAT (PUP.Optional.Updater) -> Quarantined and deleted successfully.

(end)

Link to post
Share on other sites

Leave System restore for now, we can reset that at the end. For now we still need to run an online AV scan to ensure there are no remnants of any infection left on your system that we may have missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    Click Start
  • When asked, allow the add/on to be installed
    Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

 

When the scan is complete

 

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

 

If threats were found

 

  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish

 

close program

 

copy and paste the report in next reply

 

Next,

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Let me see those logs, also let me know if there any remaining issues or concerns...

 

Thanks,

 

Kevin...

Link to post
Share on other sites

Hi Kevin,

 

Here are the logs from your last sets of instructions

 

ESET:

 

C:\Cute PDF Converter\CuteWriter.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cdjbnddbclciabnckgeahmneohjlahdm\1.0_0\manager.js JS/Redirector.NCG trojan
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\mecpgkmdhhnbamafodhmanbbabpibfdp\6.0.1\background.js Win32/Boaxxe.BE trojan
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\28D.tmp Win32/Olmarik.AYY trojan
C:\FRST\Quarantine\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask application
C:\Program Files\Nero\Nero-7.10.1.0_eng_trial_wch.exe Win32/Toolbar.AskSBar application
C:\Program Files\Nero\Nero 6 update\Nero-6.6.1.15d_wch.exe Win32/Toolbar.AskSBar application
C:\WINDOWS\system32\wbwiffga.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\Temp\28E.tmp Win32/Olmarik.AWO trojan
C:\WINDOWS\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask application
C:\WINDOWS\Temp\avnwldrtemp\setup\Offercast_AVIRAV7_.exe a variant of Win32/Bundled.Toolbar.Ask.D application
D:\I386\APPS\APP01444\src\CompaqPresario_Spring06.exe a variant of Win32/AdInstaller application
D:\I386\APPS\APP01444\src\HPPavillion_Spring06.exe a variant of Win32/AdInstaller application
 

 

Security Check up

 

 Results of screen317's Security Check version 0.99.79 
   x86  
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 Avira AntiVir Personal - Free Antivirus
`````````Anti-malware/Other Utilities Check:`````````
 SUPERAntiSpyware Free Edition  
 Malwarebytes Anti-Malware version 1.75.0.1300 
 Java 6 Update 17 
 Java version out of Date!
 Adobe Flash Player  11.9.900.170 
 Google Chrome 32.0.1700.72 
 Google Chrome 32.0.1700.76 
````````Process Check: objlist.exe by Laurent```````` 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 20% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

 

When we ran the eset, it found 13 detections as you should see in the log. Did we need to remove those somehow? Was it the uninstall on close that would have removed them, or is that something we will do next?

 

Thank you again for all your help.

Link to post
Share on other sites

Download OTM from either of the following links and save to your Desktop: (If your security alerts to OTM, either accept the alert or turn off security to allow OTM to run)

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe  

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...

  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Files :Files

    :FilesC:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cdjbnddbclciabnckgeahmneohjlahdm\1.0_0\manager.jsC:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\mecpgkmdhhnbamafodhmanbbabpibfdp\6.0.1\background.jsC:\Documents and Settings\Compaq_Owner\Local Settings\Temp\28D.tmpC:\WINDOWS\system32\wbwiffga.iniC:\WINDOWS\Temp\28E.tmpC:\WINDOWS\Temp\AskSLib.dllC:\WINDOWS\Temp\avnwldrtemp\setup\Offercast_AVIRAV7_.exe:Commands[EmptyTemp]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red btnmoveit.png button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM


Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

Next,

 

Your Java javaicon.gif is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version of Java components and upgrade the application.

 

Upgrading Java:

 

Go to http://java.com/en/ and click on "Do I have Java"

It will check your current version and then offer to update to the latest version

Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

 

***Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if so - remove them.

 

Post OTM log, let me know if Java updates successfully. Give an update on any remaining issues or concerns....

 

Kevin

Link to post
Share on other sites

Hi Kevin,

 

Here is the OTM log:

 

All processes killed
========== FILES ==========
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cdjbnddbclciabnckgeahmneohjlahdm\1.0_0\manager.js moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\mecpgkmdhhnbamafodhmanbbabpibfdp\6.0.1\background.js moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\28D.tmp moved successfully.
C:\WINDOWS\system32\wbwiffga.ini moved successfully.
C:\WINDOWS\Temp\28E.tmp moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\Temp\AskSLib.dll
C:\WINDOWS\Temp\AskSLib.dll moved successfully.
C:\WINDOWS\Temp\avnwldrtemp\setup\Offercast_AVIRAV7_.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 184978 bytes
 
User: All Users
 
User: Compaq_Owner
->Temp folder emptied: 59695151 bytes
->Temporary Internet Files folder emptied: 103538875 bytes
->Java cache emptied: 51105161 bytes
->Google Chrome cache emptied: 257394109 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 299413 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 57513 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 36083683 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1334245 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1262967 bytes
%systemroot%\System32 .tmp files removed: 36428964 bytes
%systemroot%\System32\dllcache .tmp files removed: 28057088 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 406464016 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 363371651 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 112094 bytes
RecycleBin emptied: 3906281 bytes
 
Total Files Cleaned = 1,287.00 mb
 
 
OTM by OldTimer - Version 3.1.21.0 log created on 01222014_221810

Files moved on Reboot...

Registry entries deleted on Reboot...

 

 

 

I updated java successfully and removed 2 older versions.

 

I will play with the system a bit tonight and update you on any other issues.

 

Thank you for all of your help!

Link to post
Share on other sites

Thanks for the update, if no remaining issues we can clean up:

 

We need to remove FRST,  first it is very important to deal with its own Quarantine folder by using FRST itself..

OK, we continue:

Delete any fixlist.txt file previously used, continue:
 
Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.
 
Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). That will confirm the removal action, delete if successful.

Next,
 
Delete FRST.exe from your Desktop or the folder it was saved to, navigate to and delete its folder C:\FRST
 

Next,

 

Uninstall adwcleaner.exe

  •   Please close all open programs and internet browsers.
  •   Double click on adwcleaner.exe to run the tool.
  •   Click on Uninstall
  • Click Yes at Would you like to Uninstall Adwcleaner

 

 

Next,

 

Download "Delfix by Xplode" and save it to your desktop.

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 

 

  •  

       

  • Activate UAC

     

       

  • Remove disinfection tools

     

       

  • Purge System Restore

     

     

 

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Next,

 

Read the following link to fully understand PC security and best practices, you may find it useful....

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

Thanks,

 

Kevin....

 

fixlist.txt

Link to post
Share on other sites

Thanks for the update, if no remaining issues we can clean up:

 

We need to remove FRST,  first it is very important to deal with its own Quarantine folder by using FRST itself..

OK, we continue:

Delete any fixlist.txt file previously used, continue:

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). That will confirm the removal action, delete if successful.

Next,

 

Delete FRST.exe from your Desktop or the folder it was saved to, navigate to and delete its folder C:\FRST

 

Next,

 

Uninstall adwcleaner.exe

  •   Please close all open programs and internet browsers.
  •   Double click on adwcleaner.exe to run the tool.
  •   Click on Uninstall
  • Click Yes at Would you like to Uninstall Adwcleaner

 

 

Next,

 

Download "Delfix by Xplode" and save it to your desktop.

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 

 

  •  

       

  • Activate UAC

     

       

  • Remove disinfection tools

     

       

  • Purge System Restore

     

     

 

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Next,

 

Read the following link to fully understand PC security and best practices, you may find it useful....

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

Thanks,

 

Kevin....

 

 

Kevin,

 

Therre is not attached fixlist.txt file.

 

Thanks

Ryan

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.