Jump to content

Recommended Posts

A general question. I have something on my PC that shoudn't be there. It doesn't openly affect what I am doing, but there is a program running that shouldn't be. It disguises itself with the Firefox icon and runs through a dmw.exe file.

As with previous infections I attempted to enter safe mode but using the F8 key didn't work.

I used msconfig to make the pc boot in safe mode.

Tried to run Malwarebytes and the pc powered off.

In safe mode there is a fan that runs faster than usual (I don't normally hear it) that continues to speed up until the pc powers off. Note: this does not happen with a normal boot.

So, as things stand, I cannot perform an investigation in safe mode as the pc powers off before anything meaningful can be attempted.

 

I'm not that well versed in working on computers and I have no idea how to combat this. I think the solution is a complete reformat of the C: drive and start again. But I thought it may be an idea to ask if anyone has encountered this sort of thing before, or whether this is something new. My internet searches to date draw a blank. So if this is something new at least I have drawn it to someone's attention.

 

FYI, I'm using Windows XP SP3 and think I acquired this thing through a codec pack update (but I am not certain of that).

 

Link to post
Share on other sites

So, no one has heard of this business with the pc powering off when you try to do somethiing in safe mode? Oh well, it looks like I may be up the creek without a paddle then. I have found the following items on my pc that don't seem right:

 

A startup item MP116_8039 that runs from "C:\Documents and Settings\All Users\Application Data\116f1a\MP116_8039.exe" /s /d located at HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run. I cannot see this 116f1a folder, even though I show hidden files and folders.

 

A startup item = that runs from the command "=" located at HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

 

A startup item data that runs from wscript.exe "C:\Program Files\Common files\Cvent\data.js located at HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run. The Cvent folder contains a dmw.exe file with a firefox icon. This is the file that is running of its own accord when the pc is connected to the internet.

 

A startup item Updater that runs from "C:\Program Files\Ask.com\Updater\Updater.exe" located at SOFTWARE\Microsoft\Windows\CurrentVersion\Run. I can see this folder, but I cannot see Ask when I go to uninstall software.

 

An AMozilla folder located in C:\Documents and Settings\*username*\Application Data

An AMozilla folder located in C:\Documents and Settings\*username*\Local Settings\Application Data

An Ask.com folder located in C:\Program Files that I tried to delete but it keeps reappearing

An AskToolbar folder located in C:\Documents and Settings\*username*\Local Settings\Application Data

 

Has anyone heard of these files/folders before? Does it provide any clues as to what I may have on my pc? Any help would be appreciated.

Link to post
Share on other sites

  • Root Admin

Okay then we know that it's not hardware related.

Not normal for malware to shut down a computer but let's go ahead and scan for it and see what we find.

If you've not already done so please start here and post back the 2 log files DDS.txt and Attach.txt

If you've already posted the DDS logs then please read the following information below and post back the requested logs when ready.

General P2P/Piracy Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Before we proceed further, please read all of the following instructions carefully.

If there is anything that you do not understand kindly ask before proceeding.

If needed please print out these instructions.

  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
    • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly
  • Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive
  • Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you.
  • The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue.
  • You can check here if you're not sure if your computer is 32-bit or 64-bit
  • Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners.
  • When we are done, I'll give you instructions on how to cleanup all the tools and logs
  • Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.
  • Your topic will be closed if you haven't replied within 3 days
  • (If I have not responded within 24 hours, please send me a Private Message as a reminder)
STEP 0

RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes

so that your normal security software can then run and clean your computer of infections.

When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies

that stop us from using certain tools. When finished it will display a log file that shows the processes that were

terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot

your computer as any malware processes that are configured to start automatically will just be started again.

Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.

Link 1

Link 2

  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.
STEP 01

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.
  • Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe
STEP 02

Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • RogueKiller 32-bit | RogueKiller 64-bit
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.
Link to post
Share on other sites

Herewith are the 2 log files. I will provide the other two reports in the next post.

 

DDS.txt report

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.51.2
Run by Neil at 0:23:25 on 2014-02-21
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.3327.2478 [GMT 10:00]
.
AV: Total Defense Anti-Virus Plus *Enabled/Updated* {6B98D35F-BB76-41C0-876B-A50645ED099A}
FW: Total Defense Personal Firewall *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamsvc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe
C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\CA\CA Internet Security Suite\casc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\wscript.exe
C:\PROGRA~1\INTERN~2\mum.exe
C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe
C:\WINDOWS\system32\mdmcls32.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\CA\CA Internet Security Suite\ccevtmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WD\WD Anywhere Backup\MemeoBackup.exe
C:\Program Files\Common Files\Cvent\dmw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.

BHO: Total Defense Anti-Phishing Toolbar Helper: {45011CF5-E4A9-4F13-9093-F30A784EB9B2} - c:\program files\ca\ca internet security suite\ca anti-phishing\toolbar\caIEToolbar.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: CutePDF Editor Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Total Defense Anti-Phishing Toolbar: {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - c:\program files\ca\ca internet security suite\ca anti-phishing\toolbar\caIEToolbar.dll
TB: CutePDF Editor Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Total Defense Anti-Phishing Toolbar: {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - c:\program files\ca\ca internet security suite\ca anti-phishing\toolbar\caIEToolbar.dll
TB: CutePDF Editor Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [internodeUsage] c:\progra~1\intern~2\mum.exe
uRun: [News.net] c:\program files\news.net\breakingnews\DesktopContainer.exe
uRun: [Malware Protection Center] "c:\documents and settings\all users\application data\116f1a\MP116_8039.exe" /s /d
uRun: [bomgar_Cleanup_ZD700624733] cmd.exe /C rd /S /Q "c:\documents and settings\all users\application data\iyogi-scc-52f46a44" & reg delete hkcu\software\microsoft\windows\currentversion\Run /v Bomgar_Cleanup_ZD700624733 /f
mRun: [cctray] "c:\program files\ca\ca internet security suite\casc.exe"
mRun: [capfupgrade] c:\program files\ca\ca internet security suite\ca personal firewall\capfupgrade.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [WD Anywhere Backup] c:\program files\wd\wd anywhere backup\MemeoLauncher2.exe --silent
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [GEST] =
mRun: [Cvent] wscript.exe "c:\program files\common files\cvent\data.js"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\windows\system32\VetRedir.dll





Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
AppInit_DLLs= UmxSbxExw.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\neil\application data\mozilla\firefox\profiles\k8o5y3t4.default-1389765923406\

FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_43.dll
.
---- FIREFOX POLICIES ----
FF - user.js: plugin.state.npconduitfirefoxplugin - 0
FF - user.js: browser.newtab.url -
.
============= SERVICES / DRIVERS ===============
.
R0 KmxAMRT;KmxAMRT;c:\windows\system32\drivers\KmxAMRT.sys [2011-10-27 170064]
R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2011-9-6 123984]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2011-10-26 83536]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2011-9-6 63056]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2011-7-28 116304]
R1 WMDrive;WMDrive;c:\windows\system32\drivers\WMDrive.sys [2011-5-11 65856]
R2 CAAMSvc;CAAMSvc;c:\program files\ca\ca internet security suite\ca anti-virus plus\CAAMSvc.exe [2011-3-3 241360]
R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus plus\isafe.exe [2011-3-3 222544]
R2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\ca\ca internet security suite\ccschedulersvc.exe [2011-3-3 208392]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2011-9-6 150608]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2011-9-6 81488]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-11 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-3-4 701512]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\wd\wd anywhere backup\MemeoBackgroundService.exe [2009-11-13 25824]
R2 UmxEngine;TM Engine;c:\program files\ca\sharedcomponents\tmengine\UmxEngine.exe [2011-4-4 662096]
R2 WinExtManager;WinSock Extention Manager;c:\windows\system32\mdmcls32.exe [2011-3-3 3213712]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2011-9-6 331344]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-3-4 22856]
S1 vcdrom;Virtual CD-ROM Device Driver;\??\c:\windows\system32\drivers\vcdrom.sys --> c:\windows\system32\drivers\VCdRom.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-4-17 1691480]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-3-7 35144]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys --> c:\windows\system32\drivers\wdcsam.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== Created Last 30 ================
.
2014-02-13 13:56:49    --------    d-----w-    C:\AdwCleaner
2014-02-12 15:15:10    --------    d-----w-    C:\getservice
2014-02-08 02:26:08    35144    ----a-w-    c:\windows\system32\drivers\48230029.sys
2014-02-07 05:36:06    7168    ----a-w-    c:\documents and settings\all users\application data\Z@!-7dc178d1-9b3c-4d89-bbe5-f84c766f38d7.tmp
2014-01-23 14:03:00    --------    d-----w-    c:\documents and settings\neil\application data\MPC-HC
2014-01-23 13:56:18    217176    ----a-w-    c:\windows\system32\unrar.dll
2014-01-23 13:29:14    --------    d-----w-    c:\documents and settings\neil\local settings\application data\AMozilla
2014-01-23 13:28:51    --------    d-----w-    c:\documents and settings\neil\application data\AMozilla
2014-01-23 13:28:46    --------    d-----w-    c:\program files\common files\Cvent
2014-01-22 01:39:36    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
.
==================== Find3M  ====================
.
2014-02-08 05:16:10    35144    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-02-05 23:26:52    920064    ----a-w-    c:\windows\system32\wininet.dll
2014-02-05 23:26:43    43520    ------w-    c:\windows\system32\licmgr10.dll
2014-02-05 23:26:42    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2014-02-05 23:26:37    18944    ----a-w-    c:\windows\system32\corpol.dll
2014-02-05 22:24:05    385024    ------w-    c:\windows\system32\html.iec
2014-02-02 10:53:14    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-02 10:53:14    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-01-04 03:13:05    420864    ----a-w-    c:\windows\system32\vbscript.dll
2013-12-18 10:46:50    145408    ----a-w-    c:\windows\system32\javacpl.cpl
2013-12-05 11:26:06    1172992    ----a-w-    c:\windows\system32\msxml3.dll
2013-11-27 20:21:06    40960    ----a-w-    c:\windows\system32\drivers\ndproxy.sys
.
============= FINISH:  0:30:14.56 ===============

 

 

Attach.txt report

 

DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 17/04/2009 1:39:22 PM
System Uptime: 21/02/2014 12:17:45 AM (0 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. |  | M61PME-S2P
Processor: AMD Athlon 64 X2 Dual Core Processor 6000+ | Socket M2 | 3114/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 149.805 GiB free.
D: is FIXED (NTFS) - 932 GiB total, 58.884 GiB free.
E: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1598: 23/11/2013 5:03:46 PM - System Checkpoint
RP1599: 24/11/2013 5:34:19 PM - System Checkpoint
RP1600: 25/11/2013 6:18:57 PM - System Checkpoint
RP1601: 26/11/2013 6:34:19 PM - System Checkpoint
RP1602: 27/11/2013 7:34:17 PM - System Checkpoint
RP1603: 28/11/2013 7:34:19 PM - System Checkpoint
RP1604: 29/11/2013 7:47:33 PM - System Checkpoint
RP1605: 30/11/2013 8:34:19 PM - System Checkpoint
RP1606: 1/12/2013 8:58:38 PM - System Checkpoint
RP1607: 2/12/2013 9:33:40 PM - System Checkpoint
RP1608: 4/12/2013 1:52:12 AM - System Checkpoint
RP1609: 5/12/2013 2:34:48 AM - System Checkpoint
RP1610: 6/12/2013 3:31:01 AM - System Checkpoint
RP1611: 7/12/2013 3:57:34 AM - System Checkpoint
RP1612: 8/12/2013 4:57:13 AM - System Checkpoint
RP1613: 9/12/2013 5:57:13 AM - System Checkpoint
RP1614: 10/12/2013 6:57:13 AM - System Checkpoint
RP1615: 11/12/2013 7:57:13 AM - System Checkpoint
RP1616: 11/12/2013 8:10:26 PM - Software Distribution Service 3.0
RP1617: 12/12/2013 8:15:21 PM - System Checkpoint
RP1618: 13/12/2013 8:44:20 PM - System Checkpoint
RP1619: 14/12/2013 1:26:01 AM - Software Distribution Service 3.0
RP1620: 15/12/2013 1:43:19 AM - System Checkpoint
RP1621: 16/12/2013 1:33:55 PM - System Checkpoint
RP1622: 17/12/2013 1:41:31 PM - System Checkpoint
RP1623: 18/12/2013 2:41:31 PM - System Checkpoint
RP1624: 19/12/2013 2:41:31 PM - System Checkpoint
RP1625: 20/12/2013 2:41:31 PM - System Checkpoint
RP1626: 21/12/2013 2:41:33 PM - System Checkpoint
RP1627: 22/12/2013 3:40:29 PM - System Checkpoint
RP1628: 23/12/2013 4:38:09 PM - System Checkpoint
RP1629: 24/12/2013 4:40:29 PM - System Checkpoint
RP1630: 25/12/2013 5:15:46 PM - System Checkpoint
RP1631: 26/12/2013 6:26:20 PM - System Checkpoint
RP1632: 27/12/2013 6:40:30 PM - System Checkpoint
RP1633: 28/12/2013 8:02:31 PM - System Checkpoint
RP1634: 29/12/2013 9:09:31 PM - System Checkpoint
RP1635: 30/12/2013 8:48:10 PM - Software Distribution Service 3.0
RP1636: 1/01/2014 11:59:33 AM - System Checkpoint
RP1637: 2/01/2014 1:14:09 PM - System Checkpoint
RP1638: 3/01/2014 2:05:10 PM - System Checkpoint
RP1639: 4/01/2014 2:26:19 PM - System Checkpoint
RP1640: 5/01/2014 3:22:03 PM - System Checkpoint
RP1641: 6/01/2014 4:22:03 PM - System Checkpoint
RP1642: 7/01/2014 5:22:03 PM - System Checkpoint
RP1643: 8/01/2014 6:48:45 PM - System Checkpoint
RP1644: 9/01/2014 7:52:04 PM - System Checkpoint
RP1645: 10/01/2014 8:40:15 PM - System Checkpoint
RP1646: 11/01/2014 1:49:18 PM - Installed Realtek High Definition Audio Driver
RP1647: 11/01/2014 2:00:13 PM - Removed DriverUpdate
RP1648: 12/01/2014 2:46:23 PM - System Checkpoint
RP1649: 13/01/2014 2:48:22 PM - System Checkpoint
RP1650: 14/01/2014 2:03:02 PM - Software Distribution Service 3.0
RP1651: 15/01/2014 1:31:53 PM - Software Distribution Service 3.0
RP1652: 16/01/2014 1:35:57 PM - System Checkpoint
RP1653: 17/01/2014 2:34:56 PM - System Checkpoint
RP1654: 18/01/2014 2:35:16 PM - System Checkpoint
RP1655: 19/01/2014 2:45:05 PM - System Checkpoint
RP1656: 20/01/2014 3:31:05 PM - System Checkpoint
RP1657: 21/01/2014 3:33:09 PM - System Checkpoint
RP1658: 22/01/2014 11:39:06 AM - Installed Java 7 Update 51
RP1659: 23/01/2014 12:33:09 PM - System Checkpoint
RP1660: 24/01/2014 2:39:54 PM - System Checkpoint
RP1661: 25/01/2014 3:15:48 AM - Installed iTunes
RP1662: 26/01/2014 3:54:15 AM - System Checkpoint
RP1663: 27/01/2014 5:06:44 AM - System Checkpoint
RP1664: 28/01/2014 5:51:03 AM - System Checkpoint
RP1665: 29/01/2014 5:51:12 AM - System Checkpoint
RP1666: 30/01/2014 7:04:11 AM - System Checkpoint
RP1667: 31/01/2014 7:31:35 AM - System Checkpoint
RP1668: 1/02/2014 8:08:34 AM - System Checkpoint
RP1669: 2/02/2014 10:50:30 AM - System Checkpoint
RP1670: 3/02/2014 11:19:13 AM - System Checkpoint
RP1671: 4/02/2014 12:55:09 PM - System Checkpoint
RP1672: 5/02/2014 1:06:05 PM - System Checkpoint
RP1673: 6/02/2014 2:31:26 PM - System Checkpoint
RP1674: 7/02/2014 3:57:46 PM - Software Distribution Service 3.0
RP1675: 8/02/2014 2:58:11 PM - Removed LightScribe System Software  1.12.33.2.
RP1676: 12/02/2014 3:35:56 AM - System Checkpoint
RP1677: 12/02/2014 11:13:48 PM - Software Distribution Service 3.0
RP1678: 13/02/2014 11:36:36 PM - Restore Operation
RP1679: 13/02/2014 11:58:58 PM - Restore Operation
RP1680: 16/02/2014 8:02:46 PM - System Checkpoint
RP1681: 17/02/2014 9:32:02 PM - System Checkpoint
RP1682: 18/02/2014 9:44:08 PM - System Checkpoint
RP1683: 20/02/2014 5:06:50 PM - System Checkpoint
.
==== Installed Programs ======================
.
7-Zip 9.20
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader XI (11.0.06)
APH placeholder
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Audacity 2.0.5
Australian City Streets Version 4
Belarc Advisor 8.1
Bonjour
CA Anti-Virus Plus
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Compatibility Pack for the 2007 Office system
ConvertHelper 2.2
Critical Update for Windows Media Player 11 (KB959772)
CutePDF Editor Toolbar Updater
CutePDF Writer 3.0
DNAMigrator
e-tax 2012
e-tax 2013
FormatFactory 3.0.1
Foxit Reader 5.1
Google Earth
Google Earth Plug-in
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Internode Monthly Usage Meter 8.2a
IrfanView (remove only)
iTunes
Java 7 Update 51
Java Auto Updater
Java 6 Update 31
JavaFX 2.1.1
LAME v3.99.3 (for Windows)
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft_VC100_CRT_SP1_x86
Mozilla Firefox 25.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVC80_x86_v2
MSVC90_x86
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Nero 8
neroxml
NVIDIA Drivers
PDFTools Version 1.3 (08/26/2007)
Q-Dir
QuickTime
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2901110v2)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB2879017)
Security Update for Windows Internet Explorer 8 (KB2888505)
Security Update for Windows Internet Explorer 8 (KB2898785)
Security Update for Windows Internet Explorer 8 (KB2909210)
Security Update for Windows Internet Explorer 8 (KB2909921)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB2834904)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB2884256)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2893984)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB2914368)
Security Update for Windows XP (KB2916036)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Spelling Dictionaries Support For Adobe Reader 9
Total Defense Internet Security Suite
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB2904266)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VCRedistSetup
VLC media player 2.1.0
Vuze Remote Toolbar
WD Anywhere Backup
WD Win98 SE USB Disk Driver, v1.00.09
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
WinMount V3.5.0329
.
==== Event Viewer Messages From Past Week ========
.
17/02/2014 1:14:25 AM, error: Service Control Manager [7022]  - The Windows Firewall/Internet Connection Sharing (ICS) service hung on starting.
17/02/2014 1:14:25 AM, error: Service Control Manager [7022]  - The Security Center service hung on starting.
17/02/2014 1:14:25 AM, error: Service Control Manager [7022]  - The Canon Camera Access Library 8 service hung on starting.
14/02/2014 3:32:23 PM, error: Service Control Manager [7022]  - The WinSock Extention Manager service hung on starting.
14/02/2014 3:32:23 PM, error: Service Control Manager [7022]  - The Windows Image Acquisition (WIA) service hung on starting.
14/02/2014 3:32:23 PM, error: Service Control Manager [7022]  - The Terminal Services service hung on starting.
14/02/2014 3:32:23 PM, error: Service Control Manager [7022]  - The Computer Browser service hung on starting.
14/02/2014 3:32:23 PM, error: Service Control Manager [7022]  - The Automatic Updates service hung on starting.
14/02/2014 3:32:23 PM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.
14/02/2014 3:32:23 PM, error: Service Control Manager [7001]  - The Windows Firewall/Internet Connection Sharing (ICS) service depends on the Windows Management Instrumentation service which failed to start because of the following error:  After starting, the service hung in a start-pending state.
14/02/2014 3:32:23 PM, error: Service Control Manager [7001]  - The Security Center service depends on the Windows Management Instrumentation service which failed to start because of the following error:  After starting, the service hung in a start-pending state.
14/02/2014 3:32:23 PM, error: Service Control Manager [7001]  - The Fast User Switching Compatibility service depends on the Terminal Services service which failed to start because of the following error:  After starting, the service hung in a start-pending state.
14/02/2014 3:32:23 PM, error: Service Control Manager [7001]  - The Canon Camera Access Library 8 service depends on the Windows Image Acquisition (WIA) service which failed to start because of the following error:  After starting, the service hung in a start-pending state.
14/02/2014 3:32:23 PM, error: Service Control Manager [7000]  - The Google Update Service (gupdate) service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

Link to post
Share on other sites

Ah, you don't need the Rkill report, just this one:

 

Roguekiller.txt report

 

RogueKiller V8.8.8 [Feb 19 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Neil [Admin rights]
Mode : Scan -- Date : 02/21/2014 02:04:22
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤
[RUN][sUSP PATH] HKCU\[...]\Run : Malware Protection Center ("C:\Documents and Settings\All Users\Application Data\116f1a\MP116_8039.exe" /s /d [x]) -> FOUND
[RUN][sUSP PATH] HKCU\[...]\Run : Bomgar_Cleanup_ZD700624733 (cmd.exe /C rd /S /Q "C:\Documents and Settings\All Users\Application Data\iyogi-scc-52F46A44" & reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD700624733 /f [x][x][x][x][x]) -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-1123561945-1454471165-682003330-1004\[...]\Run : Malware Protection Center ("C:\Documents and Settings\All Users\Application Data\116f1a\MP116_8039.exe" /s /d [x]) -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-1123561945-1454471165-682003330-1004\[...]\Run : Bomgar_Cleanup_ZD700624733 (cmd.exe /C rd /S /Q "C:\Documents and Settings\All Users\Application Data\iyogi-scc-52F46A44" & reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD700624733 /f [x][x][x][x][x]) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] SSDT[11] : NtAdjustPrivilegesToken @ 0x805EC440 -> HOOKED (C:\WINDOWS\System32\DRIVERS\KmxSbx.sys @ 0xB1D7586C)
[Address] SSDT[41] : NtCreateKey @ 0x8062426A -> HOOKED (C:\WINDOWS\System32\DRIVERS\KmxSbx.sys @ 0xB1D739BC)
[Address] SSDT[52] : NtCreateSymbolicLinkObject @ 0x805C3A2E -> HOOKED (C:\WINDOWS\System32\DRIVERS\KmxSbx.sys @ 0xB1D75B30)
[Address] SSDT[105] : NtMakeTemporaryObject @ 0x805BC608 -> HOOKED (C:\WINDOWS\System32\DRIVERS\KmxSbx.sys @ 0xB1D75D1D)
[Address] SSDT[119] : NtOpenKey @ 0x80625648 -> HOOKED (C:\WINDOWS\System32\DRIVERS\KmxSbx.sys @ 0xB1D73920)
[Address] SSDT[122] : NtOpenProcess @ 0x805CB486 -> HOOKED (C:\WINDOWS\System32\DRIVERS\KmxSbx.sys @ 0xB1D74A29)
[Address] SSDT[125] : NtOpenSection @ 0x805AA420 -> HOOKED (C:\WINDOWS\System32\DRIVERS\KmxSbx.sys @ 0xB1D75A3B)
[Address] SSDT[128] : NtOpenThread @ 0x805CB712 -> HOOKED (C:\WINDOWS\System32\DRIVERS\KmxSbx.sys @ 0xB1D74A7A)
[Address] SSDT[200] : NtRequestWaitReplyPort @ 0x805A2DAA -> HOOKED (C:\WINDOWS\System32\DRIVERS\KmxSbx.sys @ 0xB1D74FA5)
[Address] SSDT[228] : NtSetInformationProcess @ 0x805CDED0 -> HOOKED (C:\WINDOWS\System32\DRIVERS\kmxagent.sys @ 0xB6178702)
[Address] SSDT[237] : NtSetSecurityObject @ 0x805C0662 -> HOOKED (C:\WINDOWS\System32\DRIVERS\KmxSbx.sys @ 0xB1D75BF6)
[Address] SSDT[240] : NtSetSystemInformation @ 0x8060FE98 -> HOOKED (C:\WINDOWS\System32\DRIVERS\KmxSbx.sys @ 0xB1D75C87)
[Address] Shadow SSDT[460] : NtUserMessageCall -> HOOKED (C:\WINDOWS\System32\DRIVERS\KmxSbx.sys @ 0xB1D76869)
[Address] Shadow SSDT[469] : NtUserOpenClipboard -> HOOKED (C:\WINDOWS\System32\DRIVERS\KmxSbx.sys @ 0xB1D76951)
[Address] Shadow SSDT[475] : NtUserPostMessage -> HOOKED (C:\WINDOWS\System32\DRIVERS\KmxSbx.sys @ 0xB1D7682F)
[Address] Shadow SSDT[476] : NtUserPostThreadMessage -> HOOKED (C:\WINDOWS\System32\DRIVERS\KmxSbx.sys @ 0xB1D768A3)
[Address] Shadow SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (C:\WINDOWS\System32\DRIVERS\KmxSbx.sys @ 0xB1D7639E)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST31000524AS +++++
--- User ---
[MBR] 4b0474e571eb378ef207a73f3fcfc3d7
[bSP] 614a15aaa37c35c1a72395c096cc113f : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x1] Incorrect function. )

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) ST3320418AS +++++
--- User ---
[MBR] 05038747709ce0be714cdc93b36aafa1
[bSP] 91c647045c91620ba5e672c86ae19e83 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305234 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x1] Incorrect function. )

Finished : << RKreport[0]_S_02212014_020422.txt >>

Link to post
Share on other sites

  • Root Admin

Okay, please FULLY disable your antivirus and run the following scanner and post back the log.

 

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


 

Link to post
Share on other sites

  • Root Admin

Okay that was able to remove some items for us.

Please go ahead and run through the following steps and post back the logs when ready.

STEP 03

Please download Malwarebytes Anti-Rootkit from here

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt
STEP 04

Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus
STEP 05

Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

STEP 06

button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.
STEP 07

Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.
Link to post
Share on other sites

STEP 03

The two Anti-Rootkit logs:

 

mbar-log-2014-02-22 (13-33-40).txt

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.02.22.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
 :: OEM-88B54A1D42A [administrator]

22/02/2014 1:33:40 PM
mbar-log-2014-02-22 (13-33-40).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 259489
Time elapsed: 11 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

system-log.txt

 

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_31

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 3.114000 GHz
Memory total: 3489116160, free: 2824536064

=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_31

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 3.114000 GHz
Memory total: 3489116160, free: 2838880256

=======================================
Initializing...
------------ Kernel report ------------
     02/22/2014 13:18:59
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
PartMgr.sys
VolSnap.sys
atapi.sys
nvata.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltMgr.sys
sr.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\system32\DRIVERS\processr.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\nvnetbus.sys
\SystemRoot\system32\DRIVERS\NVNRM.SYS
\SystemRoot\system32\DRIVERS\nv4_mini.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\System32\Drivers\RootMdm.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\NVENETFD.sys
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\??\C:\WINDOWS\system32\drivers\WMDrive.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\BANTExt.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_nvata.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\System32\ATMFD.DLL
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\srv.sys
\??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
\SystemRoot\System32\Drivers\Fastfat.SYS
\??\C:\DOCUME~1\Neil\LOCALS~1\Temp\catchme.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff8abccab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000059\
Lower Device Object: 0xffffffff8abca030
Lower Device Driver Name: \Driver\nvata\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8aba3ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000058\
Lower Device Object: 0xffffffff8aba3030
Lower Device Driver Name: \Driver\nvata\
<<<2>>>
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff8abccab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8abcabf0, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8abccab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8abddf18, DeviceName: \Device\0000005b\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8abca030, DeviceName: \Device\00000059\, DriverName: \Driver\nvata\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8aba3ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8abcae08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8aba3ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8ab90f18, DeviceName: \Device\0000005a\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8aba3030, DeviceName: \Device\00000058\, DriverName: \Driver\nvata\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 437FA5E2

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 1953520065

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 1000203804160 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-1953503055-1953523055)...
Done!
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: B114B114

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 625121217
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 320071851520 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-1-0-63-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_31

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 3.114000 GHz
Memory total: 3489116160, free: 2826485760

Downloaded database version: v2014.02.22.01
Downloaded database version: v2014.02.20.01
=======================================
Initializing...
------------ Kernel report ------------
     02/22/2014 13:33:30
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
PartMgr.sys
VolSnap.sys
atapi.sys
nvata.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltMgr.sys
sr.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\system32\DRIVERS\processr.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\nvnetbus.sys
\SystemRoot\system32\DRIVERS\NVNRM.SYS
\SystemRoot\system32\DRIVERS\nv4_mini.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\System32\Drivers\RootMdm.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\NVENETFD.sys
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\??\C:\WINDOWS\system32\drivers\WMDrive.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\BANTExt.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_nvata.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\System32\ATMFD.DLL
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\srv.sys
\??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
\SystemRoot\System32\Drivers\Fastfat.SYS
\??\C:\DOCUME~1\Neil\LOCALS~1\Temp\catchme.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff8abccab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000059\
Lower Device Object: 0xffffffff8abca030
Lower Device Driver Name: \Driver\nvata\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8aba3ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000058\
Lower Device Object: 0xffffffff8aba3030
Lower Device Driver Name: \Driver\nvata\
<<<2>>>
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff8abccab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8abcabf0, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8abccab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8abddf18, DeviceName: \Device\0000005b\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8abca030, DeviceName: \Device\00000059\, DriverName: \Driver\nvata\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8aba3ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8abcae08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8aba3ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8ab90f18, DeviceName: \Device\0000005a\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8aba3030, DeviceName: \Device\00000058\, DriverName: \Driver\nvata\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 437FA5E2

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 1953520065

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 1000203804160 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-1953503055-1953523055)...
Done!
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: B114B114

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 625121217
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 320071851520 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-1-0-63-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished

 

 

STEP 04

 

I downloaded Junkware Removal Tool and ran it. It ran OK as far as I could tell, but did not produce a JRT.txt file.

 

 

STEP 05

 

AdwCleaner[s0].txt

 

# AdwCleaner v3.019 - Report created 22/02/2014 at 13:58:33
# Updated 17/02/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Neil - OEM-88B54A1D42A
# Running from : C:\Documents and Settings\Neil\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\NCH Software
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\NCH Software
Folder Deleted : C:\Program Files\Vuze_Remote
Folder Deleted : C:\WINDOWS\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Folder Deleted : C:\Documents and Settings\Neil\Local Settings\Application Data\AskToolbar
Folder Deleted : C:\Documents and Settings\Neil\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Neil\Local Settings\Application Data\Vuze_Remote
Folder Deleted : C:\Documents and Settings\Neil\Application Data\NCH Software
File Deleted : C:\WINDOWS\system32\conduitEngine.tmp
File Deleted : C:\Documents and Settings\Neil\Application Data\Mozilla\Firefox\Profiles\k8o5y3t4.default-1389765923406\user.js
File Deleted : C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1BD487EC-4771-4955-8C00-9BB9CF04AD90}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9DCC44D5-133C-4214-B79D-0AC580763B76}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\NCH Software
Key Deleted : HKCU\Software\PIP
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Vuze_Remote
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\NCH Software
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Vuze_Remote
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vuze_Remote Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Vuze_Remote Toolbar
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Documents and Settings\Neil\Application Data\Mozilla\Firefox\Profiles\k8o5y3t4.default-1389765923406\prefs.js ]

Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 0);

-\\ Google Chrome v

[ File : C:\Documents and Settings\Neil\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [7853 octets] - [22/02/2014 13:50:34]
AdwCleaner[s0].txt - [7812 octets] - [22/02/2014 13:58:33]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [7872 octets] ##########

 

 

mbam-log-2014-02-22 (14-39-31).txt

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.22.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Neil :: OEM-88B54A1D42A [administrator]

Protection: Enabled

22/02/2014 2:39:31 PM
mbam-log-2014-02-22 (14-39-31).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 256092
Time elapsed: 2 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Link to post
Share on other sites

STEP 06

 

esetscan.txt

 

C:\AdwCleaner\Quarantine\C\Documents and Settings\Neil\Local Settings\Application Data\Vuze_Remote\hk64tbVuz0.dll.vir    Win64/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Documents and Settings\Neil\Local Settings\Application Data\Vuze_Remote\hktbVuz0.dll.vir    Win32/Toolbar.Conduit.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Documents and Settings\Neil\Local Settings\Application Data\Vuze_Remote\ldrtbVuz0.dll.vir    a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Documents and Settings\Neil\Local Settings\Application Data\Vuze_Remote\tbVuz0.dll.vir    a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Documents and Settings\Neil\Local Settings\Application Data\Vuze_Remote\tbVuz1.dll.vir    Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Documents and Settings\Neil\Local Settings\Application Data\Vuze_Remote\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll.vir    a variant of Win32/PriceGong.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Vuze_Remote\hk64tbVuz0.dll.vir    Win64/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Vuze_Remote\hktbVuz0.dll.vir    Win32/Toolbar.Conduit.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Vuze_Remote\ldrtbVuz0.dll.vir    a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Vuze_Remote\prxtbVuz0.dll.vir    Win32/Toolbar.Conduit.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Vuze_Remote\tbVuz0.dll.vir    a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Vuze_Remote\tbVuz1.dll.vir    Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Vuze_Remote\tbVuze.dll.vir    a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Documents and Settings\Neil\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\59\52418fb-523811a3    Java/Exploit.Agent.NON trojan
C:\System Volume Information\_restore{AC4A77E8-99BE-426C-9B3C-643B2C342819}\RP1646\A0157860.exe    a variant of Win32/Toolbar.Besttoolbars.G potentially unwanted application
C:\System Volume Information\_restore{AC4A77E8-99BE-426C-9B3C-643B2C342819}\RP1646\A0157861.exe    a variant of Win64/Toolbar.Besttoolbars.A potentially unwanted application
C:\System Volume Information\_restore{AC4A77E8-99BE-426C-9B3C-643B2C342819}\RP1651\A0158180.dll    a variant of Win32/PriceGong.A potentially unwanted application
C:\System Volume Information\_restore{AC4A77E8-99BE-426C-9B3C-643B2C342819}\RP1666\A0159045.dll    a variant of Win32/Toolbar.Conduit.Y potentially unwanted application
C:\System Volume Information\_restore{AC4A77E8-99BE-426C-9B3C-643B2C342819}\RP1666\A0159046.dll    a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\System Volume Information\_restore{AC4A77E8-99BE-426C-9B3C-643B2C342819}\RP1666\A0159047.dll    Win32/Toolbar.Conduit.W potentially unwanted application
C:\System Volume Information\_restore{AC4A77E8-99BE-426C-9B3C-643B2C342819}\RP1666\A0159048.dll    a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\System Volume Information\_restore{AC4A77E8-99BE-426C-9B3C-643B2C342819}\RP1666\A0159049.dll    a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\System Volume Information\_restore{AC4A77E8-99BE-426C-9B3C-643B2C342819}\RP1666\A0159050.dll    Win32/Toolbar.Conduit.W potentially unwanted application
C:\System Volume Information\_restore{AC4A77E8-99BE-426C-9B3C-643B2C342819}\RP1666\A0159051.dll    Win64/Toolbar.Conduit.A potentially unwanted application
C:\System Volume Information\_restore{AC4A77E8-99BE-426C-9B3C-643B2C342819}\RP1666\A0159052.dll    a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\System Volume Information\_restore{AC4A77E8-99BE-426C-9B3C-643B2C342819}\RP1666\A0159053.dll    Win32/Toolbar.Conduit.W potentially unwanted application
C:\System Volume Information\_restore{AC4A77E8-99BE-426C-9B3C-643B2C342819}\RP1666\A0159054.dll    Win64/Toolbar.Conduit.A potentially unwanted application
C:\System Volume Information\_restore{AC4A77E8-99BE-426C-9B3C-643B2C342819}\RP1668\A0159257.exe    Win32/DownloadAdmin.G potentially unwanted application
C:\System Volume Information\_restore{AC4A77E8-99BE-426C-9B3C-643B2C342819}\RP1676\A0172197.exe    a variant of Win32/CNETInstaller.B potentially unwanted application
C:\System Volume Information\_restore{AC4A77E8-99BE-426C-9B3C-643B2C342819}\RP1683\A0176314.dll    a variant of Win32/Bunndle potentially unsafe application
C:\System Volume Information\_restore{AC4A77E8-99BE-426C-9B3C-643B2C342819}\RP1683\A0176328.dll    a variant of Win32/Bunndle potentially unsafe application
C:\System Volume Information\_restore{AC4A77E8-99BE-426C-9B3C-643B2C342819}\RP1683\A0176329.exe    Win32/Somoto.F potentially unwanted application
C:\System Volume Information\_restore{AC4A77E8-99BE-426C-9B3C-643B2C342819}\RP1685\A0177070.dll    Win64/Toolbar.Conduit.B potentially unwanted application
C:\System Volume Information\_restore{AC4A77E8-99BE-426C-9B3C-643B2C342819}\RP1685\A0177071.dll    Win32/Toolbar.Conduit.X potentially unwanted application
C:\System Volume Information\_restore{AC4A77E8-99BE-426C-9B3C-643B2C342819}\RP1685\A0177072.dll    a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\System Volume Information\_restore{AC4A77E8-99BE-426C-9B3C-643B2C342819}\RP1685\A0177073.dll    Win32/Toolbar.Conduit.X potentially unwanted application
C:\System Volume Information\_restore{AC4A77E8-99BE-426C-9B3C-643B2C342819}\RP1685\A0177074.dll    a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\System Volume Information\_restore{AC4A77E8-99BE-426C-9B3C-643B2C342819}\RP1685\A0177075.dll    Win32/Toolbar.Conduit.Y potentially unwanted application
C:\System Volume Information\_restore{AC4A77E8-99BE-426C-9B3C-643B2C342819}\RP1685\A0177076.dll    a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\System Volume Information\_restore{AC4A77E8-99BE-426C-9B3C-643B2C342819}\RP1685\A0177082.dll    Win64/Toolbar.Conduit.B potentially unwanted application
C:\System Volume Information\_restore{AC4A77E8-99BE-426C-9B3C-643B2C342819}\RP1685\A0177083.dll    Win32/Toolbar.Conduit.X potentially unwanted application
C:\System Volume Information\_restore{AC4A77E8-99BE-426C-9B3C-643B2C342819}\RP1685\A0177084.dll    a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\System Volume Information\_restore{AC4A77E8-99BE-426C-9B3C-643B2C342819}\RP1685\A0177085.dll    a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\System Volume Information\_restore{AC4A77E8-99BE-426C-9B3C-643B2C342819}\RP1685\A0177086.dll    Win32/Toolbar.Conduit.Y potentially unwanted application
C:\System Volume Information\_restore{AC4A77E8-99BE-426C-9B3C-643B2C342819}\RP1685\A0177088.dll    a variant of Win32/PriceGong.A potentially unwanted application
D:\My Documents\Computer\Software\CuteWriter.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\My Documents\Computer\Software\FoxitReader514.0104_enu_Setup.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\My Documents\Computer\Software\switchsetup.exe    a variant of Win32/Toolbar.Conduit.H potentially unwanted application
D:\My Documents\Computer\Software\vppsetup.exe    a variant of Win32/Toolbar.Conduit.J potentially unwanted application
D:\My Documents\Computer\Software\winmount-3-5-0331-es-en-win.exe    a variant of Win32/UpToDown.B potentially unwanted application

 

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-02-2014
Ran by Neil (administrator) on OEM-88B54A1D42A on 22-02-2014 15:54:23
Running from C:\Documents and Settings\Neil\Desktop
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Memeo) C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe
(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
(Canon Inc.) C:\Program Files\Canon\CAL\CALMAIN.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Microsoft Corporation) C:\WINDOWS\system32\wscript.exe
(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
(Memeo Inc.) C:\Program Files\WD\WD Anywhere Backup\MemeoBackup.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Mozilla Corporation) C:\Program Files\Common Files\Cvent\dmw.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM\...\Run: [WD Anywhere Backup] - C:\Program Files\WD\WD Anywhere Backup\MemeoLauncher2.exe [222432 2009-11-13] (Memeo Inc.)
HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.EXE [20145368 2013-10-04] (Realtek Semiconductor Corp.)
HKLM\...\Run: [GEST] - =
HKLM\...\Run: [Cvent] - wscript.exe "C:\Program Files\Common Files\Cvent\data.js"
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [NeroFilterCheck] - C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [NBKeyScan] - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [1828136 2007-09-10] (Nero AG)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-1123561945-1454471165-682003330-1004\...\Run: [internodeUsage] - C:\Program Files\Internode\mum.exe [1361408 2011-02-19] (Angus Johnson)
HKU\S-1-5-21-1123561945-1454471165-682003330-1004\...\Run: [bomgar_Cleanup_ZD700624733] - cmd.exe /C rd /S /Q "C:\Documents and Settings\All Users\Application Data\iyogi-scc-52F46A44" & reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD700624733 /f
HKU\S-1-5-21-1123561945-1454471165-682003330-1004\...\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1422632 2007-08-21] (Nero AG)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x08F1D7B2C323CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} -  No File
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Neil\Application Data\Mozilla\Firefox\Profiles\k8o5y3t4.default-1389765923406
FF NewTab: user_pref("browser.newtab.url", "");

FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: DownloadHelper - C:\Documents and Settings\Neil\Application Data\Mozilla\Firefox\Profiles\k8o5y3t4.default-1389765923406\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-02-02]
FF Extension: Status-4-Evar - C:\Documents and Settings\Neil\Application Data\Mozilla\Firefox\Profiles\k8o5y3t4.default-1389765923406\Extensions\status4evar@caligonstudios.com.xpi [2014-02-02]
FF Extension: Adblock Plus - C:\Documents and Settings\Neil\Application Data\Mozilla\Firefox\Profiles\k8o5y3t4.default-1389765923406\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-04]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

Chrome:
=======

========================== Services (Whitelisted) =================

R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96341 2006-03-30] (Canon Inc.)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MemeoBackgroundService; C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe [25824 2009-11-13] (Memeo)

==================== Drivers (Whitelisted) ====================

S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R1 BANTExt; C:\WINDOWS\System32\Drivers\BANTExt.sys [3840 2008-02-27] ()
S3 gdrv; C:\WINDOWS\gdrv.sys [16608 2009-04-17] (Windows ® 2000 DDK provider)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R0 nvata; C:\WINDOWS\System32\DRIVERS\nvata.sys [105472 2006-10-18] (NVIDIA Corporation)
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [58368 2006-11-27] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [19968 2006-11-27] (NVIDIA Corporation)
R1 WMDrive; C:\WINDOWS\system32\drivers\WMDrive.sys [65856 2011-05-11] (WinMount International Inc)
S1 AmdK8; system32\DRIVERS\AmdK8.sys [X]
S1 AmdPPM; system32\DRIVERS\AmdPPM.sys [X]
S3 catchme; \??\C:\DOCUME~1\Neil\LOCALS~1\Temp\catchme.sys [X]
S4 IntelIde; No ImagePath
U3 TlntSvr;
S1 vcdrom; \??\C:\WINDOWS\system32\drivers\VCdRom.sys [X]
S3 WDC_SAM; system32\DRIVERS\wdcsam.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-22 15:54 - 2014-02-22 15:54 - 00010388 _____ () C:\Documents and Settings\Neil\Desktop\FRST.txt
2014-02-22 15:52 - 2014-02-22 15:54 - 00000000 ____D () C:\FRST
2014-02-22 15:52 - 2014-02-22 12:44 - 01142784 _____ (Farbar) C:\Documents and Settings\Neil\Desktop\FRST.exe
2014-02-22 15:50 - 2014-02-22 15:50 - 00007798 _____ () C:\Documents and Settings\Neil\Desktop\esetscan.txt
2014-02-22 14:46 - 2014-02-22 14:46 - 00000000 ____D () C:\Program Files\ESET
2014-02-22 13:50 - 2014-02-22 12:42 - 01241834 _____ () C:\Documents and Settings\Neil\Desktop\AdwCleaner.exe
2014-02-22 13:48 - 2014-02-22 13:48 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-02-22 13:47 - 2014-02-22 12:40 - 01037734 _____ (Thisisu) C:\Documents and Settings\Neil\Desktop\JRT.exe
2014-02-22 13:18 - 2014-02-22 13:46 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-02-22 13:17 - 2014-02-22 13:46 - 00000000 ____D () C:\Documents and Settings\Neil\Desktop\mbar
2014-02-22 13:16 - 2014-02-22 12:40 - 12589848 _____ (Malwarebytes Corp.) C:\Documents and Settings\Neil\Desktop\mbar-1.07.0.1009.exe
2014-02-21 21:38 - 2014-02-21 21:38 - 00011146 _____ () C:\ComboFix.txt
2014-02-21 21:29 - 2014-02-21 21:29 - 00000000 _RSHD () C:\cmdcons
2014-02-21 21:29 - 2014-02-14 15:33 - 00000223 _____ () C:\Boot.bak
2014-02-21 21:29 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr
2014-02-21 21:26 - 2011-06-26 16:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-02-21 21:26 - 2010-11-08 03:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-02-21 21:26 - 2009-04-20 14:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-02-21 21:26 - 2000-08-31 10:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-02-21 21:26 - 2000-08-31 10:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-02-21 21:26 - 2000-08-31 10:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-02-21 21:26 - 2000-08-31 10:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-02-21 21:26 - 2000-08-31 10:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-02-21 21:26 - 2000-08-31 10:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-02-21 21:25 - 2014-02-21 21:21 - 05183886 ____R (Swearware) C:\Documents and Settings\Neil\Desktop\ComboFix.exe
2014-02-21 21:12 - 2014-02-21 21:12 - 00001527 _____ () C:\WINDOWS\pcsetup.log
2014-02-21 17:30 - 2014-02-21 21:38 - 00000000 ____D () C:\Qoobox
2014-02-21 02:04 - 2014-02-21 02:04 - 00004987 _____ () C:\Documents and Settings\Neil\Desktop\RKreport[0]_S_02212014_020422.txt
2014-02-21 02:02 - 2014-02-21 02:07 - 00000000 ____D () C:\Documents and Settings\Neil\Desktop\RK_Quarantine
2014-02-21 02:01 - 2014-02-21 21:37 - 00000000 ____D () C:\WINDOWS\ERDNT
2014-02-21 02:00 - 2014-02-21 02:00 - 00000617 _____ () C:\Documents and Settings\Neil\Desktop\NTREGOPT.lnk
2014-02-21 02:00 - 2014-02-21 02:00 - 00000598 _____ () C:\Documents and Settings\Neil\Desktop\ERUNT.lnk
2014-02-21 02:00 - 2014-02-21 02:00 - 00000000 ____D () C:\Program Files\ERUNT
2014-02-21 02:00 - 2014-02-21 02:00 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
2014-02-21 01:54 - 2014-02-21 01:56 - 00002416 _____ () C:\Documents and Settings\Neil\Desktop\Rkill.txt
2014-02-21 01:53 - 2014-02-21 01:46 - 03817984 _____ () C:\Documents and Settings\Neil\Desktop\RogueKiller.exe
2014-02-21 01:53 - 2014-02-21 01:44 - 00791393 _____ (Lars Hederer ) C:\Documents and Settings\Neil\Desktop\erunt-setup.exe
2014-02-21 01:53 - 2014-02-07 12:06 - 01933048 _____ (Bleeping Computer, LLC) C:\Documents and Settings\Neil\Desktop\rkill.exe
2014-02-21 00:30 - 2014-02-21 00:30 - 00026293 _____ () C:\Documents and Settings\Neil\Desktop\attach.txt
2014-02-21 00:30 - 2014-02-21 00:30 - 00011003 _____ () C:\Documents and Settings\Neil\Desktop\dds.txt
2014-02-21 00:22 - 2014-02-09 19:05 - 00688992 ____R (Swearware) C:\Documents and Settings\Neil\Desktop\dds.com
2014-02-13 23:56 - 2014-02-22 14:29 - 00000000 ____D () C:\AdwCleaner
2014-02-13 23:55 - 2014-02-13 23:55 - 00000000 ____D () C:\Documents and Settings\Neil\Application Data\Audacity
2014-02-13 01:15 - 2014-02-13 23:56 - 00000000 ____D () C:\getservice
2014-02-13 01:14 - 2014-02-13 01:08 - 00130337 _____ () C:\getservices.zip
2014-02-12 23:31 - 2014-02-13 23:56 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-02-12 23:16 - 2014-02-12 23:17 - 00011502 _____ () C:\WINDOWS\KB2909921-IE8.log
2014-02-12 23:16 - 2014-02-12 23:16 - 00004699 _____ () C:\WINDOWS\KB2909210-IE8.log
2014-02-12 23:13 - 2014-02-12 23:31 - 00013794 _____ () C:\WINDOWS\KB2916036.log
2014-02-08 12:26 - 2014-02-08 12:26 - 00035144 _____ () C:\WINDOWS\system32\Drivers\48230029.sys
2014-02-07 15:32 - 2014-02-22 14:09 - 00000223 __RSH () C:\boot.ini
2014-02-07 15:11 - 2014-02-07 15:11 - 00000809 _____ () C:\Documents and Settings\Neil\Desktop\Internet Explorer.lnk
2014-02-07 00:35 - 2014-02-07 00:35 - 00000020 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-02-07 00:35 - 2014-02-07 00:35 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-02-07 00:35 - 2009-04-17 13:38 - 00001599 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2014-02-07 00:35 - 2009-04-17 13:38 - 00000792 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
2014-02-07 00:35 - 2009-04-17 13:38 - 00000000 ___RD () C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
2014-02-02 20:46 - 2014-02-13 23:55 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-02-02 20:46 - 2014-02-02 20:46 - 00001804 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2014-02-02 20:46 - 2014-02-02 20:46 - 00001740 _____ () C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
2014-01-30 23:46 - 2014-01-30 23:46 - 00000688 _____ () C:\Documents and Settings\All Users\Desktop\Audacity.lnk
2014-01-30 15:22 - 2014-01-30 15:23 - 00018740 _____ () C:\Documents and Settings\Neil\activity.txt
2014-01-24 00:03 - 2014-01-24 00:03 - 00000000 ____D () C:\Documents and Settings\Neil\Application Data\MPC-HC
2014-01-23 23:56 - 2013-08-23 04:09 - 00217176 _____ () C:\WINDOWS\system32\unrar.dll
2014-01-23 23:47 - 2014-01-23 23:47 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-01-23 23:29 - 2014-01-23 23:29 - 00000000 ____D () C:\Documents and Settings\Neil\Local Settings\Application Data\AMozilla
2014-01-23 23:28 - 2014-01-23 23:28 - 00000000 ____D () C:\Program Files\Common Files\Cvent
2014-01-23 23:28 - 2014-01-23 23:28 - 00000000 ____D () C:\Documents and Settings\Neil\Application Data\AMozilla

==================== One Month Modified Files and Folders =======

2014-02-22 15:54 - 2014-02-22 15:54 - 00010388 _____ () C:\Documents and Settings\Neil\Desktop\FRST.txt
2014-02-22 15:54 - 2014-02-22 15:52 - 00000000 ____D () C:\FRST
2014-02-22 15:50 - 2014-02-22 15:50 - 00007798 _____ () C:\Documents and Settings\Neil\Desktop\esetscan.txt
2014-02-22 15:47 - 2011-05-12 13:18 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-22 15:31 - 2013-12-23 11:12 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-22 14:46 - 2014-02-22 14:46 - 00000000 ____D () C:\Program Files\ESET
2014-02-22 14:29 - 2014-02-13 23:56 - 00000000 ____D () C:\AdwCleaner
2014-02-22 14:28 - 2009-04-17 13:37 - 01217592 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-22 14:27 - 2011-05-12 13:18 - 00000878 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-22 14:27 - 2009-04-17 23:30 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-02-22 14:27 - 2009-04-17 23:30 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-02-22 14:27 - 2009-04-17 13:41 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-22 14:26 - 2009-04-17 13:41 - 00032556 _____ () C:\WINDOWS\SchedLgU.Txt
2014-02-22 14:26 - 2009-04-17 13:41 - 00000278 ___SH () C:\Documents and Settings\Neil\ntuser.ini
2014-02-22 14:26 - 2009-04-17 13:41 - 00000000 ____D () C:\Documents and Settings\Neil
2014-02-22 14:09 - 2014-02-07 15:32 - 00000223 __RSH () C:\boot.ini
2014-02-22 14:09 - 2008-04-14 22:00 - 00000670 _____ () C:\WINDOWS\win.ini
2014-02-22 14:09 - 2008-04-14 22:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-02-22 14:01 - 2009-04-18 22:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\CA
2014-02-22 13:48 - 2014-02-22 13:48 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-02-22 13:46 - 2014-02-22 13:18 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-02-22 13:46 - 2014-02-22 13:17 - 00000000 ____D () C:\Documents and Settings\Neil\Desktop\mbar
2014-02-22 13:17 - 2012-03-07 21:43 - 00052312 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-02-22 12:44 - 2014-02-22 15:52 - 01142784 _____ (Farbar) C:\Documents and Settings\Neil\Desktop\FRST.exe
2014-02-22 12:42 - 2014-02-22 13:50 - 01241834 _____ () C:\Documents and Settings\Neil\Desktop\AdwCleaner.exe
2014-02-22 12:40 - 2014-02-22 13:47 - 01037734 _____ (Thisisu) C:\Documents and Settings\Neil\Desktop\JRT.exe
2014-02-22 12:40 - 2014-02-22 13:16 - 12589848 _____ (Malwarebytes Corp.) C:\Documents and Settings\Neil\Desktop\mbar-1.07.0.1009.exe
2014-02-22 01:50 - 2009-04-19 00:15 - 00000392 _____ () C:\WINDOWS\entpack.ini
2014-02-22 01:45 - 2011-11-11 22:51 - 00387624 _____ () C:\WINDOWS\setupapi.log
2014-02-21 21:38 - 2014-02-21 21:38 - 00011146 _____ () C:\ComboFix.txt
2014-02-21 21:38 - 2014-02-21 17:30 - 00000000 ____D () C:\Qoobox
2014-02-21 21:37 - 2014-02-21 02:01 - 00000000 ____D () C:\WINDOWS\ERDNT
2014-02-21 21:29 - 2014-02-21 21:29 - 00000000 _RSHD () C:\cmdcons
2014-02-21 21:21 - 2014-02-21 21:25 - 05183886 ____R (Swearware) C:\Documents and Settings\Neil\Desktop\ComboFix.exe
2014-02-21 21:16 - 2011-03-03 08:13 - 00978556 _____ () C:\WINDOWS\system32\Drivers\KmxAgent.asc
2014-02-21 21:16 - 2011-03-03 00:10 - 00000000 ____D () C:\WINDOWS\rnapxs
2014-02-21 21:16 - 2009-04-18 22:35 - 00000000 ____D () C:\Program Files\CA
2014-02-21 21:12 - 2014-02-21 21:12 - 00001527 _____ () C:\WINDOWS\pcsetup.log
2014-02-21 21:12 - 2013-10-09 21:21 - 176595510 _____ () C:\mdmcls.txt
2014-02-21 19:50 - 2009-04-18 13:48 - 00000000 ____D () C:\Documents and Settings\Neil\Application Data\U3
2014-02-21 02:07 - 2014-02-21 02:02 - 00000000 ____D () C:\Documents and Settings\Neil\Desktop\RK_Quarantine
2014-02-21 02:04 - 2014-02-21 02:04 - 00004987 _____ () C:\Documents and Settings\Neil\Desktop\RKreport[0]_S_02212014_020422.txt
2014-02-21 02:00 - 2014-02-21 02:00 - 00000617 _____ () C:\Documents and Settings\Neil\Desktop\NTREGOPT.lnk
2014-02-21 02:00 - 2014-02-21 02:00 - 00000598 _____ () C:\Documents and Settings\Neil\Desktop\ERUNT.lnk
2014-02-21 02:00 - 2014-02-21 02:00 - 00000000 ____D () C:\Program Files\ERUNT
2014-02-21 02:00 - 2014-02-21 02:00 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
2014-02-21 01:56 - 2014-02-21 01:54 - 00002416 _____ () C:\Documents and Settings\Neil\Desktop\Rkill.txt
2014-02-21 01:46 - 2014-02-21 01:53 - 03817984 _____ () C:\Documents and Settings\Neil\Desktop\RogueKiller.exe
2014-02-21 01:44 - 2014-02-21 01:53 - 00791393 _____ (Lars Hederer ) C:\Documents and Settings\Neil\Desktop\erunt-setup.exe
2014-02-21 00:30 - 2014-02-21 00:30 - 00026293 _____ () C:\Documents and Settings\Neil\Desktop\attach.txt
2014-02-21 00:30 - 2014-02-21 00:30 - 00011003 _____ () C:\Documents and Settings\Neil\Desktop\dds.txt
2014-02-20 22:32 - 2011-05-21 23:04 - 00000000 ____D () C:\Documents and Settings\Neil\dwhelper
2014-02-20 21:57 - 2009-04-25 22:32 - 00000000 ____D () C:\Program Files\Vuze
2014-02-20 20:00 - 2012-10-23 17:38 - 00000000 ____D () C:\Documents and Settings\Neil\Application Data\vlc
2014-02-20 19:47 - 2009-04-23 19:07 - 00000182 _____ () C:\WINDOWS\NeroDigital.ini
2014-02-19 21:01 - 2008-04-14 22:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-02-19 13:32 - 2011-08-30 23:43 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-02-17 18:22 - 2010-08-26 00:34 - 00014670 _____ () C:\WINDOWS\Q-Dir.ini
2014-02-17 18:14 - 2009-04-17 14:03 - 00000000 ____D () C:\Program Files\K-Lite Codec Pack
2014-02-17 17:16 - 2009-04-17 23:27 - 00186159 _____ () C:\WINDOWS\setupact.log
2014-02-17 15:59 - 2013-06-04 11:34 - 00000000 ____D () C:\Documents and Settings\Neil\My Documents\Centrelink
2014-02-14 19:44 - 2009-04-17 13:35 - 00168115 _____ () C:\WINDOWS\wmsetup.log
2014-02-14 15:33 - 2014-02-21 21:29 - 00000223 _____ () C:\Boot.bak
2014-02-13 23:56 - 2014-02-13 01:15 - 00000000 ____D () C:\getservice
2014-02-13 23:56 - 2014-02-12 23:31 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-02-13 23:56 - 2013-07-10 14:54 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-02-13 23:55 - 2014-02-13 23:55 - 00000000 ____D () C:\Documents and Settings\Neil\Application Data\Audacity
2014-02-13 23:55 - 2014-02-02 20:46 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-02-13 23:55 - 2013-10-17 11:22 - 00000000 ____D () C:\Documents and Settings\Neil\Local Settings\Application Data\Thunderbird
2014-02-13 23:55 - 2010-12-23 14:33 - 00000000 ____D () C:\Program Files\Audacity
2014-02-13 23:55 - 2009-04-25 22:34 - 00000000 ____D () C:\Documents and Settings\Neil\Application Data\Azureus
2014-02-13 23:55 - 2009-04-18 23:18 - 00000000 ____D () C:\Soulseek
2014-02-13 23:55 - 2009-04-17 13:56 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Adobe
2014-02-13 23:55 - 2009-04-17 13:55 - 00000000 ____D () C:\Documents and Settings\Neil\Local Settings\Application Data\Adobe
2014-02-13 23:54 - 2011-10-16 12:37 - 00000000 ____D () C:\Program Files\Adobe
2014-02-13 22:59 - 2013-04-10 11:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2813170$
2014-02-13 01:08 - 2014-02-13 01:14 - 00130337 _____ () C:\getservices.zip
2014-02-12 23:49 - 2009-10-02 21:30 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-02-12 23:31 - 2014-02-12 23:13 - 00013794 _____ () C:\WINDOWS\KB2916036.log
2014-02-12 23:31 - 2009-04-17 23:28 - 02134465 _____ () C:\WINDOWS\FaxSetup.log
2014-02-12 23:31 - 2009-04-17 23:28 - 01054526 _____ () C:\WINDOWS\ocgen.log
2014-02-12 23:31 - 2009-04-17 23:28 - 00822012 _____ () C:\WINDOWS\tsoc.log
2014-02-12 23:31 - 2009-04-17 23:28 - 00726220 _____ () C:\WINDOWS\comsetup.log
2014-02-12 23:31 - 2009-04-17 23:28 - 00443675 _____ () C:\WINDOWS\ntdtcsetup.log
2014-02-12 23:31 - 2009-04-17 23:28 - 00336013 _____ () C:\WINDOWS\iis6.log
2014-02-12 23:31 - 2009-04-17 23:28 - 00118654 _____ () C:\WINDOWS\ocmsn.log
2014-02-12 23:31 - 2009-04-17 23:28 - 00107501 _____ () C:\WINDOWS\msgsocm.log
2014-02-12 23:31 - 2009-04-17 23:28 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-02-12 23:31 - 2009-04-17 14:11 - 00304946 _____ () C:\WINDOWS\updspapi.log
2014-02-12 23:27 - 2009-04-17 23:28 - 00604672 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-12 23:22 - 2009-04-17 14:10 - 85946576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-02-12 23:17 - 2014-02-12 23:16 - 00011502 _____ () C:\WINDOWS\KB2909921-IE8.log
2014-02-12 23:17 - 2009-06-05 10:43 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-02-12 23:17 - 2009-04-17 23:28 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2014-02-12 23:16 - 2014-02-12 23:16 - 00004699 _____ () C:\WINDOWS\KB2909210-IE8.log
2014-02-12 13:16 - 2009-04-18 14:40 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Soulseek
2014-02-12 01:56 - 2009-04-17 13:52 - 00940794 _____ () C:\WINDOWS\system32\LoopyMusic.wav
2014-02-09 19:05 - 2014-02-21 00:22 - 00688992 ____R (Swearware) C:\Documents and Settings\Neil\Desktop\dds.com
2014-02-08 14:52 - 2009-04-17 13:41 - 00001605 _____ () C:\Documents and Settings\Neil\Start Menu\Programs\Remote Assistance.lnk
2014-02-08 12:26 - 2014-02-08 12:26 - 00035144 _____ () C:\WINDOWS\system32\Drivers\48230029.sys
2014-02-07 15:58 - 2013-12-11 20:13 - 00016188 _____ () C:\WINDOWS\KB2898785-IE8.log
2014-02-07 15:31 - 2009-04-17 23:27 - 00211288 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-02-07 15:11 - 2014-02-07 15:11 - 00000809 _____ () C:\Documents and Settings\Neil\Desktop\Internet Explorer.lnk
2014-02-07 14:58 - 2009-04-18 12:55 - 00046448 _____ () C:\Documents and Settings\Neil\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-02-07 12:06 - 2014-02-21 01:53 - 01933048 _____ (Bleeping Computer, LLC) C:\Documents and Settings\Neil\Desktop\rkill.exe
2014-02-07 00:47 - 2012-03-04 20:58 - 00000790 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-07 00:47 - 2012-03-04 20:58 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-07 00:47 - 2012-03-04 20:58 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-02-07 00:35 - 2014-02-07 00:35 - 00000020 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-02-07 00:35 - 2014-02-07 00:35 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-02-06 13:54 - 2013-02-07 14:41 - 00000000 ____D () C:\Documents and Settings\Neil\My Documents\Applications
2014-02-06 09:26 - 2012-06-13 14:40 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll
2014-02-06 09:26 - 2010-06-09 20:25 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll
2014-02-06 09:26 - 2009-06-10 22:37 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll
2014-02-06 09:26 - 2009-06-10 22:37 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll
2014-02-06 09:26 - 2009-04-17 14:11 - 11113472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieframe.dll
2014-02-06 09:26 - 2009-04-17 14:11 - 02006016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iertutil.dll
2014-02-06 09:26 - 2009-04-17 14:11 - 00630272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeeds.dll
2014-02-06 09:26 - 2009-04-17 14:11 - 00055296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2014-02-06 09:26 - 2009-04-17 13:36 - 00759296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vgx.dll
2014-02-06 09:26 - 2008-04-14 22:00 - 06021120 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2014-02-06 09:26 - 2008-04-14 22:00 - 06021120 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-06 09:26 - 2008-04-14 22:00 - 01469440 ____N (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-02-06 09:26 - 2008-04-14 22:00 - 01469440 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetcpl.cpl
2014-02-06 09:26 - 2008-04-14 22:00 - 01216000 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\urlmon.dll
2014-02-06 09:26 - 2008-04-14 22:00 - 01216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-06 09:26 - 2008-04-14 22:00 - 00920064 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wininet.dll
2014-02-06 09:26 - 2008-04-14 22:00 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-06 09:26 - 2008-04-14 22:00 - 00611840 ____N (Microsoft Corporation) C:\WINDOWS\system32\mstime.dll
2014-02-06 09:26 - 2008-04-14 22:00 - 00611840 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstime.dll
2014-02-06 09:26 - 2008-04-14 22:00 - 00387584 ____N (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-02-06 09:26 - 2008-04-14 22:00 - 00387584 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedkcs32.dll
2014-02-06 09:26 - 2008-04-14 22:00 - 00206848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\occache.dll
2014-02-06 09:26 - 2008-04-14 22:00 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2014-02-06 09:26 - 2008-04-14 22:00 - 00184320 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iepeers.dll
2014-02-06 09:26 - 2008-04-14 22:00 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-02-06 09:26 - 2008-04-14 22:00 - 00105984 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\url.dll
2014-02-06 09:26 - 2008-04-14 22:00 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2014-02-06 09:26 - 2008-04-14 22:00 - 00067072 ____N (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-02-06 09:26 - 2008-04-14 22:00 - 00067072 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtmled.dll
2014-02-06 09:26 - 2008-04-14 22:00 - 00043520 ____N (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2014-02-06 09:26 - 2008-04-14 22:00 - 00043520 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\licmgr10.dll
2014-02-06 09:26 - 2008-04-14 22:00 - 00025600 ____N (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-06 09:26 - 2008-04-14 22:00 - 00025600 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsproxy.dll
2014-02-06 09:26 - 2008-04-14 22:00 - 00018944 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\corpol.dll
2014-02-06 09:26 - 2008-04-14 22:00 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\corpol.dll
2014-02-06 09:26 - 2007-08-13 18:54 - 11113472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-06 09:26 - 2007-08-13 18:54 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-06 09:26 - 2007-08-13 18:54 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2014-02-06 09:26 - 2007-08-13 18:34 - 02006016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-06 08:24 - 2008-04-14 22:00 - 00385024 ____N (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-02-06 03:54 - 2008-04-14 22:00 - 00174592 ____N (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-06 03:54 - 2008-04-14 22:00 - 00174592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ie4uinit.exe
2014-02-02 20:53 - 2012-04-05 18:11 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-02-02 20:53 - 2011-06-06 09:49 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-02-02 20:46 - 2014-02-02 20:46 - 00001804 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2014-02-02 20:46 - 2014-02-02 20:46 - 00001740 _____ () C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
2014-02-02 10:14 - 2014-01-15 13:32 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$
2014-01-30 23:46 - 2014-01-30 23:46 - 00000688 _____ () C:\Documents and Settings\All Users\Desktop\Audacity.lnk
2014-01-30 23:46 - 2010-12-23 14:33 - 00000694 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Audacity.lnk
2014-01-30 16:49 - 2009-12-10 00:11 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB973904$
2014-01-30 15:23 - 2014-01-30 15:22 - 00018740 _____ () C:\Documents and Settings\Neil\activity.txt
2014-01-30 11:26 - 2014-01-11 10:56 - 00268800 _____ () C:\Documents and Settings\Neil\My Documents\Cycling 2014.xls
2014-01-25 03:02 - 2009-05-04 23:01 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Apple
2014-01-24 00:03 - 2014-01-24 00:03 - 00000000 ____D () C:\Documents and Settings\Neil\Application Data\MPC-HC
2014-01-23 23:47 - 2014-01-23 23:47 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-01-23 23:29 - 2014-01-23 23:29 - 00000000 ____D () C:\Documents and Settings\Neil\Local Settings\Application Data\AMozilla
2014-01-23 23:28 - 2014-01-23 23:28 - 00000000 ____D () C:\Program Files\Common Files\Cvent
2014-01-23 23:28 - 2014-01-23 23:28 - 00000000 ____D () C:\Documents and Settings\Neil\Application Data\AMozilla

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

 

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-02-2014
Ran by Neil at 2014-02-22 15:54:55
Running from C:\Documents and Settings\Neil\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================


==================== Installed Programs ======================

7-Zip 9.20 (HKLM\...\7-Zip Version:  - )
Adobe AIR (HKLM\...\Adobe AIR Version: 1.0.4990 - Adobe Systems Inc.)
Adobe AIR (Version: 1.0.8.4990 - Adobe Systems Inc.) Hidden
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX Version: 10.0.12.36 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin Version: 12.0.0.43 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001} Version: 11.0.06 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D} Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{10E3A6DD-84D8-4D8A-BB11-5E5314BCA7FD} Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE} Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.5 (HKLM\...\Audacity_is1 Version: 2.0.5 - Audacity Team)
Australian City Streets Version 4 (HKLM\...\{4E06D571-1595-47B0-ACC7-3E3576FDFF7C} Version: 5.0.0.4 - UBD)
Belarc Advisor 8.1 (HKLM\...\Belarc Advisor Version:  - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B} Version: 3.0.0.10 - Apple Inc.)
Canon Camera Access Library (HKLM\...\CAL Version: 8.3.0.1 - )
Canon Camera Support Core Library (HKLM\...\CSCLIB Version: 7.3.1.6 - )
Canon Camera Window DC_DV 5 for ZoomBrowser EX (HKLM\...\CameraWindowDVC5 Version: 5.4.5.17 - )
Canon Camera Window DC_DV 6 for ZoomBrowser EX (HKLM\...\CameraWindowDVC6 Version: 6.4.0.9 - )
Canon Camera Window MC 6 for ZoomBrowser EX (HKLM\...\CameraWindowMC Version: 6.3.0.8 - )
Canon G.726 WMP-Decoder (HKLM\...\Canon G.726 WMP-Decoder Version: 1.1.0.4 - )
Canon MovieEdit Task for ZoomBrowser EX (HKLM\...\MovieEditTask Version: 2.4.0.14 - )
Canon RAW Image Task for ZoomBrowser EX (HKLM\...\RAW Image Task Version: 2.5.0.8 - )
Canon RemoteCapture Task for ZoomBrowser EX (HKLM\...\RemoteCaptureTask Version: 1.7.0.8 - )
Canon Utilities EOS Utility (HKLM\...\EOS Utility Version: 1.1.0.8 - )
Canon Utilities PhotoStitch (HKLM\...\PhotoStitch Version: 3.1.18.42 - )
Canon Utilities ZoomBrowser EX (HKLM\...\ZoomBrowser EX Version: 5.8.0.74 - )
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE} Version: 12.0.6612.1000 - Microsoft Corporation)
ConvertHelper 2.2 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1 Version:  - DownloadHelper)
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11 Version:  - Microsoft Corporation)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation Version:  - )
ERUNT 1.1j (HKLM\...\ERUNT_is1 Version:  - Lars Hederer)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner Version:  - )
e-tax 2012 (HKLM\...\{B0F1B02F-47A6-411D-A38B-E44CC7F53CCC} Version: 6.0.577 - Australian Taxation Office)
e-tax 2013 (HKLM\...\{FFF14233-FE39-4671-A38E-76FD8F24A879} Version: 0.8.509 - Australian Taxation Office)
FormatFactory 3.0.1 (HKLM\...\FormatFactory Version: 3.0.1 - Free Time)
Foxit Reader 5.1 (HKLM\...\Foxit Reader_is1 Version: 5.1.4.104 - Foxit Corporation)
Google Earth (HKLM\...\{468D22C0-8080-11E2-B86E-B8AC6F98CCE3} Version: 7.0.3.8542 - Google)
Google Earth Plug-in (HKLM\...\{33286280-8617-11E1-8FF6-B8AC6F97B88E} Version: 6.2.2.6613 - Google)
Google Update Helper (Version: 1.3.21.149 - Google Inc.) Hidden
Internode Monthly Usage Meter 8.2a (HKLM\...\Internode Monthly Usage Meter_is1 Version:  - )
IrfanView (remove only) (HKLM\...\IrfanView Version:  - )
iTunes (HKLM\...\{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C} Version: 11.0.4.4 - Apple Inc.)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF} Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java 6 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF} Version: 6.0.310 - Oracle)
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10} Version: 2.1.1 - Oracle Corporation)
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1 Version:  - )
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1 Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1 Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1 Version: 1 - Microsoft Corporation)
Microsoft Internationalized Domain Names Mitigation APIs (Version:  - Microsoft Corporation) Hidden
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 (Version:  - Microsoft Corporation) Hidden
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version:  - Microsoft Corporation) Hidden
Microsoft National Language Support Downlevel APIs (Version:  - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE} Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{91110409-6000-11D3-8CFE-0150048383C9} Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.9 (HKLM\...\Wudf01009 Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c} Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475} Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F} Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1 - Nokia) Hidden
Mozilla Firefox 25.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 25.0.1 (x86 en-US) Version: 25.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService Version: 25.0.1 - Mozilla)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E} Version: 6.10.1200.0 - Microsoft Corporation)
Nero 8 (HKLM\...\{A39DAD32-3515-438D-8617-F8AE2A301033} Version: 8.0.293 - Nero AG)
neroxml (Version: 1.0.0 - Nero AG) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers Version:  - )
PDFTools Version 1.3 (08/26/2007) (HKLM\...\PDFTools_is1 Version: 1.3 - www.SheelApps.com - Sheel Khanna)
Q-Dir (HKLM\...\Q-Dir Version:  - )
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044} Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} Version: 5.10.0.7083 - Realtek Semiconductor Corp.)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004} Version: 9.0.0 - Adobe Systems Incorporated)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707 Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8 Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (HKLM\...\KB2141007 Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886 Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659 Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763 Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (HKLM\...\KB2607712 Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676) (HKLM\...\KB2616676 Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690 Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2 Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704 Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233 Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655 Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058 Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266 Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (HKLM\...\KB898461 Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (HKLM\...\KB955759 Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955839) (HKLM\...\KB955839 Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715 Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389 Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029 Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737 Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687 Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815 Version: 1 - Microsoft Corporation)
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
VLC media player 2.1.0 (HKLM\...\VLC media player Version: 2.1.0 - VideoLAN)
WD Anywhere Backup (HKLM\...\{68131B0A-D78D-4aed-B74E-33A6C7324E50} Version:  - Memeo Inc.)
WD Win98 SE USB Disk Driver, v1.00.09 (HKLM\...\{6F512339-216D-4FBE-8A83-3EDCC3F03F51} Version: 1.00.09 - Western Digital Technologies)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130 Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 7 (Version: 20070813.185237 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8 Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
WinMount V3.5.0329 (HKLM\...\WinMount_is1 Version: 3.5.0329 - WinMount)

==================== Restore Points  =========================

24-11-2013 07:34:19 System Checkpoint
25-11-2013 08:18:57 System Checkpoint
26-11-2013 08:34:19 System Checkpoint
27-11-2013 09:34:17 System Checkpoint
28-11-2013 09:34:19 System Checkpoint
29-11-2013 09:47:33 System Checkpoint
30-11-2013 10:34:19 System Checkpoint
01-12-2013 10:58:38 System Checkpoint
02-12-2013 11:33:40 System Checkpoint
03-12-2013 15:52:12 System Checkpoint
04-12-2013 16:34:48 System Checkpoint
05-12-2013 17:31:01 System Checkpoint
06-12-2013 17:57:34 System Checkpoint
07-12-2013 18:57:13 System Checkpoint
08-12-2013 19:57:13 System Checkpoint
09-12-2013 20:57:13 System Checkpoint
10-12-2013 21:57:13 System Checkpoint
11-12-2013 10:10:26 Software Distribution Service 3.0
12-12-2013 10:15:21 System Checkpoint
13-12-2013 10:44:20 System Checkpoint
13-12-2013 15:26:01 Software Distribution Service 3.0
14-12-2013 15:43:19 System Checkpoint
16-12-2013 03:33:55 System Checkpoint
17-12-2013 03:41:31 System Checkpoint
18-12-2013 04:41:31 System Checkpoint
19-12-2013 04:41:31 System Checkpoint
20-12-2013 04:41:31 System Checkpoint
21-12-2013 04:41:33 System Checkpoint
22-12-2013 05:40:29 System Checkpoint
23-12-2013 06:38:09 System Checkpoint
24-12-2013 06:40:29 System Checkpoint
25-12-2013 07:15:46 System Checkpoint
26-12-2013 08:26:20 System Checkpoint
27-12-2013 08:40:30 System Checkpoint
28-12-2013 10:02:31 System Checkpoint
29-12-2013 11:09:31 System Checkpoint
30-12-2013 10:48:10 Software Distribution Service 3.0
01-01-2014 01:59:33 System Checkpoint
02-01-2014 03:14:09 System Checkpoint
03-01-2014 04:05:10 System Checkpoint
04-01-2014 04:26:19 System Checkpoint
05-01-2014 05:22:03 System Checkpoint
06-01-2014 06:22:03 System Checkpoint
07-01-2014 07:22:03 System Checkpoint
08-01-2014 08:48:45 System Checkpoint
09-01-2014 09:52:04 System Checkpoint
10-01-2014 10:40:15 System Checkpoint
11-01-2014 03:49:18 Installed Realtek High Definition Audio Driver
11-01-2014 04:00:13 Removed DriverUpdate
12-01-2014 04:46:23 System Checkpoint
13-01-2014 04:48:22 System Checkpoint
14-01-2014 04:03:02 Software Distribution Service 3.0
15-01-2014 03:31:53 Software Distribution Service 3.0
16-01-2014 03:35:57 System Checkpoint
17-01-2014 04:34:56 System Checkpoint
18-01-2014 04:35:16 System Checkpoint
19-01-2014 04:45:05 System Checkpoint
20-01-2014 05:31:05 System Checkpoint
21-01-2014 05:33:09 System Checkpoint
22-01-2014 01:39:06 Installed Java 7 Update 51
23-01-2014 02:33:09 System Checkpoint
24-01-2014 04:39:54 System Checkpoint
24-01-2014 17:15:48 Installed iTunes
25-01-2014 17:54:15 System Checkpoint
26-01-2014 19:06:44 System Checkpoint
27-01-2014 19:51:03 System Checkpoint
28-01-2014 19:51:12 System Checkpoint
29-01-2014 21:04:11 System Checkpoint
30-01-2014 21:31:35 System Checkpoint
31-01-2014 22:08:34 System Checkpoint
02-02-2014 00:50:30 System Checkpoint
03-02-2014 01:19:13 System Checkpoint
04-02-2014 02:55:09 System Checkpoint
05-02-2014 03:06:05 System Checkpoint
06-02-2014 04:31:26 System Checkpoint
07-02-2014 05:57:46 Software Distribution Service 3.0
08-02-2014 04:58:11 Removed LightScribe System Software  1.12.33.2.
11-02-2014 17:35:56 System Checkpoint
12-02-2014 13:13:48 Software Distribution Service 3.0
13-02-2014 13:36:36 Restore Operation
13-02-2014 13:58:58 Restore Operation
16-02-2014 10:02:46 System Checkpoint
17-02-2014 11:32:02 System Checkpoint
18-02-2014 11:44:08 System Checkpoint
20-02-2014 07:06:50 System Checkpoint
21-02-2014 08:12:12 System Checkpoint
21-02-2014 11:12:22 Removed CA Parental Controls

==================== Hosts content: ==========================

2012-03-04 21:55 - 2014-02-21 21:37 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-09-25 19:22 - 2012-03-11 14:55 - 00088656 _____ () C:\WINDOWS\system32\cpwmon2k.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 00087328 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 01241888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2007-03-13 11:28 - 2007-03-13 11:28 - 00823296 _____ () C:\Program Files\Common Files\Nero\Lib\log4cxx.dll
2009-11-13 12:30 - 2009-11-13 12:30 - 01804000 _____ () C:\Program Files\WD\WD Anywhere Backup\Memeo.Client.UI.dll
2009-10-22 08:04 - 2009-10-22 08:04 - 00504293 _____ () C:\Program Files\WD\WD Anywhere Backup\sqlite3.dll
2014-01-23 23:28 - 2010-03-31 11:58 - 01015256 _____ () C:\Program Files\Common Files\Cvent\js3250.dll
2014-01-23 23:28 - 2012-01-06 21:09 - 00044032 _____ () C:\Program Files\Common Files\Cvent\js3260.dll

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5} => ""=""

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/21/2014 07:37:56 PM) (Source: Application Hang) (User: )
Description: Hanging application ComboFix.exe, version 14.2.5.2, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/21/2014 05:45:02 PM) (Source: Application Hang) (User: )
Description: Hanging application casc.exe, version 9.0.0.26, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/21/2014 00:14:41 AM) (Source: Application Hang) (User: )
Description: Hanging application dds.com, version 2012.11.20.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/20/2014 11:06:35 PM) (Source: Application Hang) (User: )
Description: Hanging application casc.exe, version 9.0.0.26, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/20/2014 07:33:43 PM) (Source: Application Hang) (User: )
Description: Hanging application wmplayer.exe, version 11.0.5721.5145, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/17/2014 01:11:47 AM) (Source: UmxAgent) (User: )
Description: C:\Program Files\CA\CA Internet Security Suite\ccevtmgr.exe

Error: (02/16/2014 11:56:58 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module log4cplusu.dll, version 0.0.0.0, fault address 0x00045119.
Processing media-specific event for [explorer.exe!ws!]

Error: (02/16/2014 11:52:53 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module log4cplusu.dll, version 0.0.0.0, fault address 0x00045119.
Processing media-specific event for [explorer.exe!ws!]

Error: (02/12/2014 11:36:26 PM) (Source: UmxAgent) (User: )
Description: C:\Program Files\CA\CA Internet Security Suite\ccevtmgr.exe

Error: (02/12/2014 01:56:15 AM) (Source: UmxAgent) (User: )
Description: C:\Program Files\CA\CA Internet Security Suite\ccevtmgr.exe


System errors:
=============
Error: (02/22/2014 02:27:30 PM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%1053

Error: (02/22/2014 02:27:30 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.

Error: (02/22/2014 02:21:55 PM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%1053

Error: (02/22/2014 02:21:55 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.

Error: (02/22/2014 02:10:21 PM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%1053

Error: (02/22/2014 02:10:21 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.

Error: (02/22/2014 02:08:31 PM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%1053

Error: (02/22/2014 02:08:31 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.

Error: (02/22/2014 02:01:09 PM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%1053

Error: (02/22/2014 02:01:09 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.


Microsoft Office Sessions:
=========================
Error: (02/21/2014 07:37:56 PM) (Source: Application Hang)(User: )
Description: ComboFix.exe14.2.5.2hungapp0.0.0.000000000

Error: (02/21/2014 05:45:02 PM) (Source: Application Hang)(User: )
Description: casc.exe9.0.0.26hungapp0.0.0.000000000

Error: (02/21/2014 00:14:41 AM) (Source: Application Hang)(User: )
Description: dds.com2012.11.20.1hungapp0.0.0.000000000

Error: (02/20/2014 11:06:35 PM) (Source: Application Hang)(User: )
Description: casc.exe9.0.0.26hungapp0.0.0.000000000

Error: (02/20/2014 07:33:43 PM) (Source: Application Hang)(User: )
Description: wmplayer.exe11.0.5721.5145hungapp0.0.0.000000000

Error: (02/17/2014 01:11:47 AM) (Source: UmxAgent)(User: )
Description: C:\Program Files\CA\CA Internet Security Suite\ccevtmgr.exe

Error: (02/16/2014 11:56:58 PM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.5512log4cplusu.dll0.0.0.000045119

Error: (02/16/2014 11:52:53 PM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.5512log4cplusu.dll0.0.0.000045119

Error: (02/12/2014 11:36:26 PM) (Source: UmxAgent)(User: )
Description: C:\Program Files\CA\CA Internet Security Suite\ccevtmgr.exe

Error: (02/12/2014 01:56:15 AM) (Source: UmxAgent)(User: )
Description: C:\Program Files\CA\CA Internet Security Suite\ccevtmgr.exe


==================== Memory info ===========================

Percentage of memory in use: 23%
Total physical RAM: 3327.48 MB
Available physical RAM: 2539.21 MB
Total Pagefile: 5211.77 MB
Available Pagefile: 4609.19 MB
Total Virtual: 2047.88 MB
Available Virtual: 1953.34 MB

==================== Drives ================================

Drive c: (Neil_C) (Fixed) (Total:298.08 GB) (Free:152.86 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (Neil_D) (Fixed) (Total:931.51 GB) (Free:58.88 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: 437FA5E2)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 298 GB) (Disk ID: B114B114)

Partition: GPT Partition Type.

==================== End Of Log ============================

Link to post
Share on other sites

  • Root Admin

Please uninstall ALL versions of Java from Control Panel, Add/Remove
Then run the following
 
Please download JavaRa-1.16 and save it to your computer.

  • Double click to open the zip file and then select all and choose Copy.
  • Create a new folder on your Desktop named RemoveJava and paste the files into this new folder.
  • Quit all browsers and other running applications.
  • Right-click on JavaRa.exe in RemoveJava folder and choose Run as administrator to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it in your next reply.

 

 

Next run this

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.
 

 

Getting a little late here and I have an early morning wake up to run errands all day so I'll check back on you sometime later this weekend as I have time.

 

Thanks

 

fixlist.txt

Link to post
Share on other sites

I had a bit of trouble getting this to work. I couldn't get JavaRa to run properly. It kept giving a "encountered a problem and had to close" message. Then it dawned on me that there are some programs that run at startup. So I ran msconfig and unchecked everything that I thought shouldn't start like the WD backup, itunes helper etc. So if anything looks a bit odd in the reports it may be down to me not running a normal boot.

 

Thanks for everything so far, hope the weekend was good.

 

JavaRa.log

 

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sun Feb 23 00:02:24 2014

Found and removed: C:\Documents and Settings\Neil\Application Data\Sun\Java\jre1.6.0_20

Found and removed: C:\Documents and Settings\Neil\Application Data\Sun\Java\jre1.6.0_21

Found and removed: C:\Documents and Settings\Neil\Application Data\Sun\Java\jre1.6.0_22

Found and removed: C:\Documents and Settings\Neil\Application Data\Sun\Java\jre1.6.0_23

Found and removed: C:\Documents and Settings\Neil\Application Data\Sun\Java\jre1.6.0_24

Found and removed: C:\Documents and Settings\Neil\Application Data\Sun\Java\jre1.6.0_26

Found and removed: C:\Documents and Settings\Neil\Application Data\Sun\Java\jre1.6.0_29

Found and removed: C:\Documents and Settings\Neil\Application Data\Sun\Java\jre1.7.0_05

Found and removed: C:\Documents and Settings\Neil\Application Data\Sun\Java\jre1.7.0_07

Found and removed: C:\Documents and Settings\Neil\Application Data\Sun\Java\jre1.7.0_09

Found and removed: C:\Documents and Settings\Neil\Application Data\Sun\Java\jre1.7.0_11

Found and removed: C:\Documents and Settings\Neil\Application Data\Sun\Java\jre1.7.0_13

Found and removed: C:\Documents and Settings\Neil\Application Data\Sun\Java\jre1.7.0_15

Found and removed: C:\Documents and Settings\Neil\Application Data\Sun\Java\jre1.7.0_17

Found and removed: C:\Documents and Settings\Neil\Application Data\Sun\Java\jre1.7.0_21

Found and removed: C:\Documents and Settings\Neil\Application Data\Sun\Java\jre1.7.0_45

Found and removed: Software\Classes\JavaPlugin.160_31

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.6.0.0

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3412062B02

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3412062B03

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3412062B04

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3412062B06

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3612062B02

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3612062B03

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3612062B04

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3612062B06

Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}

Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}

Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkit

Found and removed: SOFTWARE\Microsoft\Internet Explorer\Low Rights

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

Found and removed: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\ATs

Found and removed: SOFTWARE\JavaSoft

Found and removed: SOFTWARE\JreMetrics

Found and removed: SOFTWARE\MozillaPlugins

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Mon Feb 24 23:28:18 2014

------------------------------------

Finished reporting.

 

 

Fixlog.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 23-02-2014 02
Ran by Neil at 2014-02-24 23:46:57 Run:1
Running from C:\Documents and Settings\Neil\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM\...\Run: [GEST] - =
HKLM\...\Run: [Cvent] - wscript.exe "C:\Program Files\Common Files\Cvent\data.js"
HKU\S-1-5-21-1123561945-1454471165-682003330-1004\...\Run: [bomgar_Cleanup_ZD700624733] - cmd.exe /C rd /S /Q "C:\Documents and Settings\All Users\Application Data\iyogi-scc-52F46A44" & reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD700624733 /f
HKU\S-1-5-21-1123561945-1454471165-682003330-1004\...\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1422632 2007-08-21] (Nero AG)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} -  No File
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation)

*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\GEST => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Cvent => Unable to delete value
HKU\S-1-5-21-1123561945-1454471165-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Run\\Bomgar_Cleanup_ZD700624733 => Value deleted successfully.
HKU\S-1-5-21-1123561945-1454471165-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Run\\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => Unable to delete value
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found.
HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found.
HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0123B506-0AD9-43AA-B0CF-916C122AD4C5} => Value deleted successfully.
HKCR\CLSID\{0123B506-0AD9-43AA-B0CF-916C122AD4C5} => Key not found.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{17492023-C23A-453E-A040-C7C580BBF700} => Key deleted successfully.
HKCR\CLSID\{17492023-C23A-453E-A040-C7C580BBF700} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93} => Key not found.
HKCR\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93} => Key not found.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} => Key not found.
HKCR\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} => Key not found.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} => Key not found.
HKCR\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} => Key not found.
HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2 => Key not found.
C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll not found.
HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2 => Key not found.
C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll not found.
JavaQuickStarterService => Service not found.

==== End of Fixlog ====

Link to post
Share on other sites

Sorry, I made a mistake when I modified the programs that run at startup. I stopped Cvent and the report said unable to delete.

I changed msconfig to run Cvent, rebooted and then ran the fixlist again. The report from the 2nd run is below.

 

Fixlog.txt (2nd run)

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 23-02-2014 02
Ran by Neil at 2014-02-25 00:27:50 Run:2
Running from C:\Documents and Settings\Neil\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM\...\Run: [GEST] - =
HKLM\...\Run: [Cvent] - wscript.exe "C:\Program Files\Common Files\Cvent\data.js"
HKU\S-1-5-21-1123561945-1454471165-682003330-1004\...\Run: [bomgar_Cleanup_ZD700624733] - cmd.exe /C rd /S /Q "C:\Documents and Settings\All Users\Application Data\iyogi-scc-52F46A44" & reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD700624733 /f
HKU\S-1-5-21-1123561945-1454471165-682003330-1004\...\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1422632 2007-08-21] (Nero AG)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} -  No File
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation)

*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\GEST => Unable to delete value
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Cvent => Value deleted successfully.
HKU\S-1-5-21-1123561945-1454471165-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Run\\Bomgar_Cleanup_ZD700624733 => Unable to delete value
HKU\S-1-5-21-1123561945-1454471165-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Run\\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => Unable to delete value
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found.
HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found.
HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0123B506-0AD9-43AA-B0CF-916C122AD4C5} => Unable to delete value
HKCR\CLSID\{0123B506-0AD9-43AA-B0CF-916C122AD4C5} => Key not found.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{17492023-C23A-453E-A040-C7C580BBF700} => Key not found.
HKCR\CLSID\{17492023-C23A-453E-A040-C7C580BBF700} => Key not found.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93} => Key not found.
HKCR\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93} => Key not found.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} => Key not found.
HKCR\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} => Key not found.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} => Key not found.
HKCR\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} => Key not found.
HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2 => Key not found.
C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll not found.
HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2 => Key not found.
C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll not found.
JavaQuickStarterService => Service not found.

==== End of Fixlog ====

Link to post
Share on other sites

I have had a look round the PC and done a few things, as follows.

 

Looked in the Applications Data folder and deleted the AMozilla and Cvent folders without a problem.

 

Looked in the Program Files folder and deleted the Java folder.

 

Everything seems to be running OK, so I decided to check Safe mode. I tried a Malwarebytes scan - the fan started to run faster and the PC powered down. Curious, I rebooted in Safe mode and the fan was already running faster than usual. I left the PC running on its own and it powered down again. It would seem the fan issue is totally independent (and weird) thing.

 

I reinstalled my TD Internet Security Suite. It would only install if I uninstalled Malwarebytes, so I did, then I reinstalled Malwarebytes.

 

The initial scan by TD indicated that it found and quarantined WinSpywareProtect. The Malwarebytes scan found nothing.

 

So far I have not seen any unknown programs running. So it looks like the PC is clear. Do you know what it was that I had? My initial queries on AMozilla suggested that something called Troj/Drop-FS may be responsible, but that was a couple of years ago and my protection would surely have picked it up.

 

On Java; should I install this or not? You get messages on the internet that say "you need Java to run this", so I installed it.

 

On Windows Security Centre; should I have this on or off? I don't know if it causes conflicts with TD and/or Malwarebytes. If you switch it off you get a constant stream of pop-up messages that are very annoying.

 

Thanks for the help, let me know what you would like me to do next.

Link to post
Share on other sites

  • Root Admin

Not really sure but it would seem that some type of infection was bothering your power management software which can control fan speed.  Possibly the computer is set in BIOS to shut down if fan speeds are too slow or system is too hot and maybe this aggravated it?

 

Java - if at all possible try to go without using it.  The vast majority of sites that say they need Java are trying to infect you.  There is a difference between Java and JavaScript.  Most site want or need JavaScript to run well but do not need Java.  If in doubt post and ask us and we'll check for you.

 

Windows Security Center should be enabled but up to you - it's just another tool/means to alert you if it finds something wrong.

 

 

At this time there are no more signs of an infection on your system.
However if you are still seeing any signs of an infection please let me know.

Let's go ahead and remove the tools and logs we've used during this process.

Most of the tools used are potentially dangerous to use unsupervised or if ran at the wrong time.
They are often updated daily so if you went to use them again in the future they would be outdated anyways.

The following procedures will implement some cleanup procedures to remove these tools.
It will also reset your System Restore by flushing out previous restore points and create a new restore point.
It will also remove all the backups our tools may have created.

Uninstall ComboFix (if used):

  • Turn off all active protection software including your antivirus.
  • Push the "Windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • Please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.

CF-Uninstall.png

 
Remove the rest of the tools used:
 
Please download
OTCleanIt
and save it to your Desktop. This tool will remove all the tools we used to clean your pc.

  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not go ahead and delete it by yourself.
  • If asked to restart the computer, please do so


Note:

If you receive a warning from your firewall or other security programs regarding
OTCleanIt
attempting to contact the internet, please allow it to do so.


AdwCleaner Removal:
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Uninstall
  • Confirm with Yes

ESET antivirus Removal:
  • This tool can be uninstalled via the Control Panel, Programs, Uninstall


 
 
If there are any other left over Folders, Files, Logs then you can delete them on your own.
 
Please visit the following link to see how to delete old System Restore Points. Please delete all of them and create a new one at this time.
How to Delete System Protection Restore Points in Windows 7 and Windows 8

Remove all but the most recent Restore Point on Windows XP


As Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsers
How do I disable Java in my web browser? - Disable Java

A lot of reading here but if you take the time to read a bit of it you'll see why/how infections and general damage are so easily inflicted on the computer. There is also advice on how to prevent it and keep the system working well. Don't forget about good, solid backups of your data to an external drive that is not connected except when backing up your data. If you leave a backup drive connected and you do get infected it can easily damage, encrypt, delete, or corrupt your backups as well and then you'd lose all data.
Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor.


If you're not currently using Malwarebytes PRO then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection.

Link to post
Share on other sites

Not sure about the business of powering down in safe mode. At the start of the process we ran the PC in BIOS for half a day and nothing happened. Then I went into safe mode with the PC clean and it happened again. I know nothing about these things, but it seems that the power management software does not load and operate in safe mode. But it is working in BIOS mode and normal boot. This may be completely impossible for all I know, but that is the net effect. It happens in safe mode and at no other time. However, it's not a problem at the moment so we can just leave it.

 

I have cleared all the tools and logs OK and created the new Restore Point. I do keep backups of my data to an external drive in addition to the external drive that is connected to the modem. It is still useful for picking up files when I am using the laptop. I installed Malwarebytes PRO after the last infection I had a couple of years ago. Between it and TD I thought I was fairly safe, that's why I was surprised to see this infection.

 

Thanks for the help, I shall keep up to date with what is going on via these forums and the sites that you provided.

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.