Jump to content

can't start malwarebytes


Recommended Posts

Hello.   Was going to do some online banking but got directed somewhere that asked all kinds of personal questions about my banking.  Called my bank and they say I am infected.  I have run superantispyware, spybot, and cccleaner.. tried to run Malewarebytes but got a message stating that windows cannot open this program because it has been prevented by a software restriction policy. For more information, open Event Viewer or contact your system adm.   This is my home computer and I am the adm. Running windows xp pro.   Have run dds.com.  Following are the results:

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Owner at 15:33:31 on 2014-03-27
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3070.2360 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe"
uProxyOverride = <local>
mWinlogon: Userinit = c:\windows\system32\userinit.exe,c:\documents and settings\all users\application data\sprdvn7x\sprDvn7X.exe -sm,
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {739df940-c5ee-4bab-9d7e-270894ae687a} - <orphaned>
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Search Results Toolbar: {fa63398e-322b-4833-9af3-15837ad12138} - c:\program files\searchresults\searchresultsDx.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: &NetWorx Desk Band: {FEEA54B4-D80F-41C7-87B9-DC08E6D3255F} - c:\program files\networx\deskband.dll
TB: Search Results Toolbar: {fa63398e-322b-4833-9af3-15837ad12138} - c:\program files\searchresults\searchresultsDx.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [lhfdzwd] regsvr32.exe "c:\documents and settings\all users\application data\lhfdzwd.dat"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [Google Update] "c:\windows\system32\config\systemprofile\local settings\application data\google\update\GoogleUpdate.exe" /c
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: dontdisplaylastusername = dword:1
mPolicies-System: legalnoticecaption = WARNING
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableVirtualization = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {B2F88761-95A0-4f92-96FC-639C75332641} - {656EC4B7-072B-4698-B504-2A414C1F0037} - <orphaned>
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.







TCP: NameServer = 192.168.0.1
TCP: Interfaces\{3F42ADA3-DA9D-4C21-A40C-7B10690D85F6} : DHCPNameServer = 192.168.0.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 211560]
R1 networx;networx;c:\windows\system32\drivers\networx.sys [2011-2-11 52728]
R1 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [2011-1-24 38976]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-6-29 116608]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2010-11-27 398176]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2013-3-22 93072]
S1 nctodgfz;nctodgfz;\??\c:\windows\system32\drivers\nctodgfz.sys --> c:\windows\system32\drivers\nctodgfz.sys [?]
S1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys --> c:\windows\system32\drivers\sbaphd.sys [?]
S2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys --> c:\windows\system32\drivers\sbapifs.sys [?]
S3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys --> c:\windows\system32\drivers\gfiark.sys [?]
S3 jatmlano;jatmlano;\??\c:\docume~1\owner\locals~1\temp\jatmlano.sys --> c:\docume~1\owner\locals~1\temp\jatmlano.sys [?]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-10-30 18432]
S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\npf.sys [2013-9-29 50704]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2011-1-18 11232]
.
=============== File Associations ===============
.
ShellExec: Foxit Reader.exe: print="c:\program files\foxit software\foxit reader\Foxit Reader.exe"/p "%1"
ShellExec: Foxit Reader.exe: printto="c:\program files\foxit software\foxit reader\Foxit Reader.exe"/t "%1" "%2" "%3" "%4"
ShellExec: QPW.EXE: open=c:\corel\suite8\programs\QPW.EXE
ShellExec: QPW.EXE: print=c:\corel\suite8\programs\QPW.EXE
ShellExec: SC2Editor.exe: open="C:/Program Files/StarCraft II/Support/SC2Editor.exe" "%1"
ShellExec: SC2Switcher.exe: open="C:/Program Files/StarCraft II/Support/SC2Switcher.exe" "%1"
.
=============== Created Last 30 ================
.
2014-03-13 20:29:36 -------- d-----w- C:\Binaries
2014-03-13 20:29:35 -------- d-----w- C:\MSSoap
2014-03-13 20:28:31 -------- d-----w- c:\program files\UFile 2013
2014-03-13 20:28:31 -------- d-----w- c:\documents and settings\all users\application data\Dr Tax
2014-03-12 22:47:38 256680 ----a-w- c:\documents and settings\all users\application data\yiqpjfj.dat
.
==================== Find3M  ====================
.
2014-03-12 20:31:40 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-12 20:31:38 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-28 02:59:46 323848 ----a-w- c:\documents and settings\all users\application data\lhfdzwd.dat
2014-01-18 21:42:32 2829 ----a-w- c:\windows\War3Unin.pif
2014-01-18 21:42:32 139264 ----a-w- c:\windows\War3Unin.exe
2014-01-06 19:23:36 4558848 ----a-w- c:\windows\system32\GPhotos.scr
.
============= FINISH: 15:38:35.07 ===============

 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 01/10/2010 1:21:24 PM
System Uptime: 26/03/2014 3:52:15 PM (24 hours ago)
.
Motherboard: Hewlett-Packard |  | 0A64h
Processor: AMD Athlon 64 X2 Dual Core Processor 4600+ | XU1 PROCESSOR | 2394/1000mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 185.036 GiB free.
D: is CDROM (CDFS)
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F13\4&2B255CD7&0
Manufacturer: Microsoft
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F13\4&2B255CD7&0
Service: i8042prt
.
Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: YAMAHA Legacy DS1 WDM Driver
Device ID: DS1\LEGACY\5&64F6F73&0&0000
Manufacturer: Yamaha
Name: YAMAHA Legacy DS1 WDM Driver
PNP Device ID: DS1\LEGACY\5&64F6F73&0&0000
Service: ds1
.
==== System Restore Points ===================
.
RP1378: 27/12/2013 1:51:23 PM - System Checkpoint
RP1379: 28/12/2013 2:45:42 PM - System Checkpoint
RP1380: 29/12/2013 5:45:24 PM - System Checkpoint
RP1381: 30/12/2013 8:18:29 PM - System Checkpoint
RP1382: 31/12/2013 8:45:57 PM - System Checkpoint
RP1383: 01/01/2014 9:12:28 PM - System Checkpoint
RP1384: 02/01/2014 9:46:38 PM - System Checkpoint
RP1385: 03/01/2014 10:46:43 PM - System Checkpoint
RP1386: 04/01/2014 11:02:54 PM - System Checkpoint
RP1387: 05/01/2014 11:10:29 PM - System Checkpoint
RP1388: 06/01/2014 11:40:30 PM - System Checkpoint
RP1389: 08/01/2014 12:05:56 AM - System Checkpoint
RP1390: 09/01/2014 1:01:03 AM - System Checkpoint
RP1391: 10/01/2014 1:51:34 AM - System Checkpoint
RP1392: 11/01/2014 2:43:04 AM - System Checkpoint
RP1393: 12/01/2014 3:31:29 AM - System Checkpoint
RP1394: 13/01/2014 4:22:31 AM - System Checkpoint
RP1395: 14/01/2014 5:15:25 AM - System Checkpoint
RP1396: 15/01/2014 6:08:17 AM - System Checkpoint
RP1397: 16/01/2014 7:04:32 AM - System Checkpoint
RP1398: 17/01/2014 7:56:25 AM - System Checkpoint
RP1399: 18/01/2014 8:47:28 AM - System Checkpoint
RP1400: 19/01/2014 9:37:22 AM - System Checkpoint
RP1401: 20/01/2014 9:55:54 AM - System Checkpoint
RP1402: 21/01/2014 12:28:33 PM - System Checkpoint
RP1403: 22/01/2014 1:56:57 PM - System Checkpoint
RP1404: 23/01/2014 6:09:49 PM - System Checkpoint
RP1405: 24/01/2014 6:25:04 PM - System Checkpoint
RP1406: 25/01/2014 7:15:12 PM - System Checkpoint
RP1407: 26/01/2014 7:42:54 PM - System Checkpoint
RP1408: 27/01/2014 8:01:02 PM - System Checkpoint
RP1409: 28/01/2014 8:59:28 PM - System Checkpoint
RP1410: 29/01/2014 9:46:00 PM - System Checkpoint
RP1411: 30/01/2014 10:39:54 PM - System Checkpoint
RP1412: 01/02/2014 12:23:26 AM - System Checkpoint
RP1413: 02/02/2014 12:33:17 AM - System Checkpoint
RP1414: 03/02/2014 1:27:44 AM - System Checkpoint
RP1415: 04/02/2014 2:22:43 AM - System Checkpoint
RP1416: 05/02/2014 3:16:59 AM - System Checkpoint
RP1417: 06/02/2014 4:10:04 AM - System Checkpoint
RP1418: 07/02/2014 5:01:50 AM - System Checkpoint
RP1419: 08/02/2014 5:54:57 AM - System Checkpoint
RP1420: 09/02/2014 6:46:39 AM - System Checkpoint
RP1421: 10/02/2014 7:53:39 AM - System Checkpoint
RP1422: 11/02/2014 8:30:32 AM - System Checkpoint
RP1423: 12/02/2014 9:21:49 AM - System Checkpoint
RP1424: 13/02/2014 10:00:00 AM - System Checkpoint
RP1425: 14/02/2014 10:06:35 AM - System Checkpoint
RP1426: 15/02/2014 11:44:14 AM - System Checkpoint
RP1427: 16/02/2014 5:58:39 PM - System Checkpoint
RP1428: 17/02/2014 6:59:18 PM - System Checkpoint
RP1429: 18/02/2014 7:52:26 PM - System Checkpoint
RP1430: 19/02/2014 8:43:38 PM - System Checkpoint
RP1431: 20/02/2014 11:08:55 PM - System Checkpoint
RP1432: 22/02/2014 1:03:23 AM - System Checkpoint
RP1433: 23/02/2014 1:08:49 AM - System Checkpoint
RP1434: 24/02/2014 1:45:48 AM - System Checkpoint
RP1435: 25/02/2014 2:38:35 AM - System Checkpoint
RP1436: 26/02/2014 3:28:07 AM - System Checkpoint
RP1437: 27/02/2014 4:19:29 AM - System Checkpoint
RP1438: 28/02/2014 5:10:52 AM - System Checkpoint
RP1439: 01/03/2014 6:04:36 AM - System Checkpoint
RP1440: 02/03/2014 6:56:55 AM - System Checkpoint
RP1441: 03/03/2014 7:48:09 AM - System Checkpoint
RP1442: 04/03/2014 8:37:09 AM - System Checkpoint
RP1443: 05/03/2014 9:27:30 AM - System Checkpoint
RP1444: 06/03/2014 10:16:31 AM - System Checkpoint
RP1445: 07/03/2014 11:57:05 AM - System Checkpoint
RP1446: 08/03/2014 12:23:21 PM - System Checkpoint
RP1447: 09/03/2014 3:48:01 PM - System Checkpoint
RP1448: 10/03/2014 4:38:34 PM - System Checkpoint
RP1449: 11/03/2014 5:54:37 PM - System Checkpoint
RP1450: 12/03/2014 5:57:36 PM - System Checkpoint
RP1451: 13/03/2014 6:29:42 PM - System Checkpoint
RP1452: 14/03/2014 6:38:37 PM - System Checkpoint
RP1453: 15/03/2014 7:29:09 PM - System Checkpoint
RP1454: 16/03/2014 9:09:34 PM - System Checkpoint
RP1455: 17/03/2014 9:38:48 PM - System Checkpoint
RP1456: 18/03/2014 9:55:57 PM - System Checkpoint
RP1457: 19/03/2014 10:03:55 PM - System Checkpoint
RP1458: 20/03/2014 10:26:09 PM - System Checkpoint
RP1459: 21/03/2014 10:46:02 PM - System Checkpoint
RP1460: 22/03/2014 11:35:50 PM - System Checkpoint
RP1461: 24/03/2014 1:04:59 AM - System Checkpoint
RP1462: 25/03/2014 1:24:30 AM - System Checkpoint
RP1463: 26/03/2014 1:29:08 AM - System Checkpoint
RP1464: 27/03/2014 2:04:55 AM - System Checkpoint
.
==== Installed Programs ======================
.
1310
1310_Help
1310Tour
1310Trb
3DDreamBowl
7-zip v9.20
Adobe AIR
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
AiO_Scan
AiOSoftware
aMSN 0.98.4
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
ATI Problem Report Wizard
Audacity 1.2.6
Baldur's Gate II - Shadows of Amn
Belarc Advisor 8.1
Boggle
BufferChm
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon MP Navigator EX 5.1
Canon MX510 series MP Drivers
Canon MX510 series On-screen Manual
Canon My Printer
Canon Solution Menu EX
Canon Speed Dial Utility
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Cnxt 2011 D850 56K V.9x DF Modem
Content Manager
Copy
Corel WordPerfect Suite 8
CreativeProjects
CreativeProjectsTemplates
CueTour
Defraggler
Destinations
Direct Show Ogg Vorbis Filter (remove only)
Director
DocProc
DocumentViewer
EA Download Manager
Fax
Foxit Reader
Free Studio version 5.6.3.706
Free Text Pad
FrostWire 5.4.0
Fund Manager
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Google+ Auto Backup
GPGNet
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HP Diagnostic Assistant
HP Image Zone 4.2
HP Product Detection
HP PSC & OfficeJet 4.2
HP SetRefresh
HP Software Update
HP Unload DLL Patch
HPSystemDiagnostics
HydraVision
ImgBurn
InstantShare
iTunes
Java Auto Updater
Java 6 Update 24
K-Lite Codec Pack 6.3.0 (Full)
KeePass Password Safe 2.13
League of Legends
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Money Plus
Microsoft Money Shared Libraries
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Streets and Trips
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0 Runtime
MobileMe Control Panel
Monopoly Tycoon
MSN
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
MSXML 6.0 Parser
MSXML4SP2
Nero Media Player
Nero OEM
NeroVision Express 2
NetWorx 5.2.8
OpenOffice.org 3.4.1
Overland
Paint.NET v3.5.5
Pando Media Booster
Photo Story 3 for Windows
PhotoGallery
Picasa 3
PMB
PreReq
PrintProjects
PrintScreen
ProductContext
QFolder
QuickProjects
QuickTime
Readme
Realtek High Definition Audio Driver
RollerCoaster Tycoon® 3
Safari
Scan
Search Results Toolbar
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB2834904)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sid Meier's Civilization 4
SimCity 4 Deluxe
Skins
SkinsHP1
Soap 3.0 Toolkit
Soft Data Fax Modem with SmartCP
SoftPerfect WiFi Guard version 1.0.4
Software Update for Web Folders
Speccy
Spybot - Search & Destroy
StarCraft II
Steam
Stellarium 0.11.0
SUPERAntiSpyware
Supreme Commander
Switch Sound File Converter
TCPEye 1.0
Team Fortress 2
TeraCopy 2.12
The Sims™ 3
TomTom HOME
TomTom HOME Visual Studio Merge Modules
TrayApp
UFile 2010
UFile 2011
UFile 2012
UFile 2013
UFile Updater 2010
UFile Updater 2011
UFile Updater 2012
UFile Updater 2013
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2362765)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VLC media player 2.0.6
Warcraft III: All Products
WebFldrs XP
WebReg
WhiteSmoke New Toolbar
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell 1.0
Windows XP Service Pack 3
WinRAR archiver
Worms 2
Xmepk
Yahtzee
.
==== Event Viewer Messages From Past Week ========
.
25/03/2014 10:26:57 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  sbaphd
25/03/2014 10:26:57 PM, error: Service Control Manager [7023]  - The Computer Browser service terminated with the following error:  The specified service does not exist as an installed service.
25/03/2014 10:26:57 PM, error: Service Control Manager [7000]  - The sbapifs service failed to start due to the following error:  The system cannot find the file specified.
25/03/2014 10:26:57 PM, error: Service Control Manager [7000]  - The Microsoft Antimalware Service service failed to start due to the following error:  The file can not be accessed by the system.
25/03/2014 10:25:55 PM, error: Print [23]  - Printer Corel Barista failed to initialize because a suitable Corel Barista driver could not be found.
.
==== End Of File ===========================
 

 

Any help would be greatly appreiciated!!

 

Thanks

 

Link to post
Share on other sites

Welcome to the forum.

Please run a Quick Scan with Malwarebytes like this:

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

If you're using Malwarebytes 2.0, please run a Threat Scan

Then.......

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running. Create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

I have run the roguekiller. Here are the results:

 

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Scan -- Date : 03/27/2014 19:03:19
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[RUN][sUSP PATH] HKCU\[...]\Run : lhfdzwd (regsvr32.exe "C:\Documents and Settings\All Users\Application Data\lhfdzwd.dat" [x]) -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-515967899-1972579041-682003330-1003\[...]\Run : lhfdzwd (regsvr32.exe "C:\Documents and Settings\All Users\Application Data\lhfdzwd.dat" [x]) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][Folder] U : C:\RECYCLER\S-1-5-18\$7230831b77b76f78803fb12823658205\U [-] --> FOUND
[ZeroAccess][Folder] L : C:\RECYCLER\S-1-5-18\$7230831b77b76f78803fb12823658205\L [-] --> FOUND
[ZeroAccess][Junction] Backup : C:\Program Files\Microsoft Security Client\Backup >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] DbgHelp.dll : C:\Program Files\Microsoft Security Client\DbgHelp.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] Drivers : C:\Program Files\Microsoft Security Client\Drivers >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] en-us : C:\Program Files\Microsoft Security Client\en-us >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] EppManifest.dll : C:\Program Files\Microsoft Security Client\EppManifest.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] LegitLib.dll : C:\Program Files\Microsoft Security Client\LegitLib.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpAsDesc.dll : C:\Program Files\Microsoft Security Client\MpAsDesc.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpClient.dll : C:\Program Files\Microsoft Security Client\MpClient.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpCmdRun.exe : C:\Program Files\Microsoft Security Client\MpCmdRun.exe >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpCommu.dll : C:\Program Files\Microsoft Security Client\MpCommu.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] mpevmsg.dll : C:\Program Files\Microsoft Security Client\mpevmsg.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpOAv.dll : C:\Program Files\Microsoft Security Client\MpOAv.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpRTP.dll : C:\Program Files\Microsoft Security Client\MpRTP.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpSvc.dll : C:\Program Files\Microsoft Security Client\MpSvc.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MsMpCom.dll : C:\Program Files\Microsoft Security Client\MsMpCom.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MsMpEng.exe : C:\Program Files\Microsoft Security Client\MsMpEng.exe >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MsMpLics.dll : C:\Program Files\Microsoft Security Client\MsMpLics.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MsMpRes.dll : C:\Program Files\Microsoft Security Client\MsMpRes.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] msseces.exe : C:\Program Files\Microsoft Security Client\msseces.exe >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MsseWat.dll : C:\Program Files\Microsoft Security Client\MsseWat.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] Setup.exe : C:\Program Files\Microsoft Security Client\Setup.exe >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] SetupRes.dll : C:\Program Files\Microsoft Security Client\SetupRes.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] shellext.dll : C:\Program Files\Microsoft Security Client\shellext.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] SqmApi.dll : C:\Program Files\Microsoft Security Client\SqmApi.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] SymSrv.dll : C:\Program Files\Microsoft Security Client\SymSrv.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] SymSrv.yes : C:\Program Files\Microsoft Security Client\SymSrv.yes >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Folder] Install : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Desktop\Install [-] --> FOUND
[ZeroAccess][Folder] Install : C:\Program Files\Google\Desktop\Install [-] --> FOUND

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1       localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Maxtor 7H500F0 +++++
--- User ---
[MBR] 70af50db4c815cca741812dbc35c5187
[bSP] 18bea65b406b6965984b8e9f2aaad043 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476929 MB
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Canon MX510 series USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

Finished : << RKreport[0]_S_03272014_190319.txt >>

 

Link to post
Share on other sites

Use the standard font!


Please read the following information first.
 

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall
http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.

I would change all my passwords and keep a close eye on all your sensitive accounts.

Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.


-----------------------------------------

Please download Farbar Recovery Scan Tool (FRST) and save it to a folder.
(use correct version for your system.....Which system am I using?)
FRST <----for 32 bit systems
FRST64 <----for 64 bit systems

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.
reply1.jpg

New window that comes up.
replyer1.jpg

MrC

Link to post
Share on other sites

sorry  about the font..  I will continue and try to clean this computer.

 

Here are the results of Farbar:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by Owner (administrator) on HENRY-CA5171C61 on 27-03-2014 19:20:53
Running from C:\Documents and Settings\Owner\My Documents\Downloads
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(Sony Corporation) C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corporation) C:\WINDOWS\system32\fxssvc.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKLM\...\Winlogon: [userinit] C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\All Users\Application Data\sprDvn7X\sprDvn7X.exe -sm,
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\TPSvc: TPSvc.dll [X]
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  ATTENTION! ====> ZeroAccess?
HKU\.DEFAULT\...\Run: [DWQueuedReporting] - C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation)
HKU\.DEFAULT\...\Run: [Google Update] - C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [116648 2014-02-07] (Google Inc.)
HKU\S-1-5-21-515967899-1972579041-682003330-1003\...\Run: [sUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5625624 2014-01-28] (SUPERAntiSpyware)
HKU\S-1-5-21-515967899-1972579041-682003330-1003\...\Run: [lhfdzwd] - regsvr32.exe "C:\Documents and Settings\All Users\Application Data\lhfdzwd.dat"
HKU\S-1-5-21-515967899-1972579041-682003330-1003\...\MountPoints2: {b6fd4554-faa2-11e0-9930-001b78834a07} - G:\LaunchU3.exe -a
HKU\S-1-5-21-515967899-1972579041-682003330-1003\...\MountPoints2: {d1fae928-e159-11df-98cc-fde54110b7f7} - E:\LiteAuto.exe
HKU\S-1-5-21-515967899-1972579041-682003330-1003\...409d6c4515e9\InprocServer32: [Default-shell32] shell32.dll ATTENTION! ====> ZeroAccess?
Startup: C:\Documents and Settings\Henry\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} -  No File
HKLM\...\AppCertDlls: [clearApp] -> C:\WINDOWS\system32\cacledit.dll [65024 2013-09-29] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: No Name - {739df940-c5ee-4bab-9d7e-270894ae687a} -  No File
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
BHO: Search Results Toolbar - {fa63398e-322b-4833-9af3-15837ad12138} - C:\Program Files\searchresults\searchresultsDx.dll (Ask.com)
Toolbar: HKLM - &NetWorx Desk Band - {FEEA54B4-D80F-41C7-87B9-DC08E6D3255F} - C:\Program Files\NetWorx\deskband.dll (SoftPerfect Research)
Toolbar: HKLM - No Name - {b278d9f8-0fa9-465e-9938-0c392605d8e3} -  No File
Toolbar: HKLM - Search Results Toolbar - {fa63398e-322b-4833-9af3-15837ad12138} - C:\Program Files\searchresults\searchresultsDx.dll (Ask.com)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM - No Name - {739df940-c5ee-4bab-9d7e-270894ae687a} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKCU - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-10-04] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Software Company)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 - C:\Documents and Settings\All Users\Application Data\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @tools.google.com/Google Update;version=8 - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010-10-01]

Chrome:
=======
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Google Gears 0.5.33.0) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\33.0.1750.154\gears.dll No File
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\33.0.1750.154\gcswf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java Platform SE 6 U24) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (RocketLife Secure Plug-In Layer) - C:\Documents and Settings\All Users\Application Data\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
CHR Plugin: (Google Update) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility for IJ) - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Software Company)
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Sophisticated Black) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dbpcpioacpihllfmmapmbephlpncjbec [2014-03-24]
CHR Extension: (WeatherBug) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\njkkjobcechefaoknodniidfjapgfoco [2014-03-24]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-23]
CHR HKLM\...\Chrome\Extension: [cdjbnddbclciabnckgeahmneohjlahdm] - C:\Documents and Settings\Owner\Local Settings\Application Data\f2986ad8-a790-11e2-8274-b8ac6f996f26.crx [2014-03-23]
CHR HKLM\...\Chrome\Extension: [iadcfamdnjoeonconafhahnnbmnoklkm] - C:\Documents and Settings\Owner\Local Settings\Application Data\iBryte\Implementations\playbryte\Chrome\iadcfamdnjoeonconafhahnnbmnoklkm.crx [2011-08-17]
CHR HKLM\...\Chrome\Extension: [jbpkiefagocgkmemidfngdkamloieekf] - C:\Program Files\TornTV.com\torn11.crx [2011-08-17]
CHR HKLM\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Documents and Settings\Owner\Local Settings\Application Data\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2013-03-13]
CHR HKLM\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Program Files\Yontoo Layers Runtime\YontooLayers.crx [2013-03-15]
CHR HKCU\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Documents and Settings\Owner\Local Settings\Application Data\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2013-03-13]
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-09-07] (SUPERAntiSpyware.com)
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2011-02-02] (Sun Microsystems, Inc.)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-06-20] ()

==================== Drivers (Whitelisted) ====================

R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [36864 2006-07-01] (Advanced Micro Devices)
R1 BANTExt; C:\WINDOWS\System32\Drivers\BANTExt.sys [3840 2008-02-27] ()
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 ds1; C:\WINDOWS\System32\drivers\ds1wdm.sys [334208 2001-08-17] (Yamaha Corp.)
R3 gameenum; C:\WINDOWS\System32\drivers\gameenum.sys [10624 2008-04-14] (Microsoft Corporation)
S3 hamachi; C:\WINDOWS\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
S3 HdAudAddService; C:\WINDOWS\System32\drivers\HdAudio.sys [145920 2006-07-23] (Windows ® Server 2003 DDK provider)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2009-08-26] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2009-08-26] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2009-08-26] (HP)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [1035008 2005-07-22] (Conexant Systems, Inc.)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R1 networx; C:\WINDOWS\System32\drivers\networx.sys [52728 2013-01-25] (NetFilterSDK.com)
S3 nm; C:\WINDOWS\System32\DRIVERS\NMnt.sys [40320 2008-04-14] (Microsoft Corporation)
S3 NPF; C:\WINDOWS\System32\drivers\NPF.sys [50704 2013-09-29] (CACE Technologies, Inc.)
R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-14] (Microsoft Corporation)
R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2004-08-04] (Microsoft Corporation)
R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2004-08-04] (Microsoft Corporation)
R1 PSSDK42; C:\WINDOWS\system32\Drivers\pssdk42.sys [38976 2011-01-24] (microOLAP Technologies LTD)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-10-04] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-10-04] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SWDUMon; C:\WINDOWS\System32\DRIVERS\SWDUMon.sys [11232 2011-01-18] ()
S3 gfiark; system32\drivers\gfiark.sys [X]
S4 IntelIde; No ImagePath
S3 jatmlano; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\jatmlano.sys [X]
S1 nctodgfz; \??\C:\WINDOWS\system32\drivers\nctodgfz.sys [X]
S3 PCASp50; System32\Drivers\PCASp50.sys [X]
S3 SABProcEnum; \??\C:\Program Files\Internet Explorer\SABProcEnum.sys [X]
S1 sbaphd; system32\drivers\sbaphd.sys [X]
S2 sbapifs; system32\drivers\sbapifs.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U3 mbr; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-03-27 19:20 - 2014-03-27 19:20 - 00000000 ____D () C:\FRST
2014-03-27 19:03 - 2014-03-27 19:03 - 00005980 _____ () C:\Documents and Settings\Owner\Desktop\RKreport[0]_S_03272014_190319.txt
2014-03-27 18:57 - 2014-03-27 19:08 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\RK_Quarantine
2014-03-27 18:43 - 2014-03-27 18:43 - 03972608 _____ () C:\Documents and Settings\Owner\Desktop\RogueKiller.exe
2014-03-27 15:38 - 2014-03-27 15:40 - 00009646 _____ () C:\Documents and Settings\Owner\Desktop\dds.txt
2014-03-27 15:38 - 2014-03-27 15:38 - 00024778 _____ () C:\Documents and Settings\Owner\Desktop\attach.txt
2014-03-27 15:31 - 2014-03-27 15:31 - 00688992 ____R (Swearware) C:\Documents and Settings\Owner\Desktop\dds.com
2014-03-26 19:16 - 2014-03-26 19:16 - 00003014 _____ () C:\Documents and Settings\Owner\My Documents\cc_20140326_191619.reg
2014-03-26 09:24 - 2014-03-26 09:24 - 02064043 ____R () C:\Documents and Settings\Owner\My Documents\My Money Backup_2014-03-26_092354.mbf
2014-03-26 09:23 - 2014-03-26 09:23 - 02063733 ____R () C:\Documents and Settings\Owner\My Documents\My Money Backup_2014-03-26_092341.mbf
2014-03-24 08:59 - 2014-03-24 08:59 - 00002316 _____ () C:\Documents and Settings\Owner\Desktop\Chrome App Launcher.lnk
2014-03-17 21:16 - 2014-03-17 21:16 - 00014754 _____ () C:\Documents and Settings\Owner\My Documents\cc_20140317_211655.reg
2014-03-13 22:08 - 2014-03-13 22:08 - 00013558 _____ () C:\Documents and Settings\Owner\My Documents\Nicholas Janssen tax 2013.u13
2014-03-13 16:29 - 2014-03-13 16:29 - 00001629 _____ () C:\Documents and Settings\All Users\Desktop\UFile 2013.lnk
2014-03-13 16:29 - 2014-03-13 16:29 - 00000000 ____D () C:\MSSoap
2014-03-13 16:29 - 2014-03-13 16:29 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\UFile 2013
2014-03-13 16:29 - 2014-03-13 16:29 - 00000000 ____D () C:\Binaries
2014-03-13 16:28 - 2014-03-13 16:32 - 00000000 ____D () C:\Program Files\UFile 2013
2014-03-13 16:28 - 2014-03-13 16:28 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Dr Tax
2014-03-12 18:47 - 2014-03-12 18:47 - 00256680 _____ (Microsoft Corporation) C:\Documents and Settings\All Users\Application Data\yiqpjfj.dat
2014-03-12 15:35 - 2014-03-27 18:26 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-03-11 22:31 - 2014-03-11 22:31 - 02276137 ____R () C:\Documents and Settings\Owner\My Documents\My Money Backup_2014-03-11_223115.mbf
2014-03-03 15:56 - 2014-03-03 15:56 - 02586439 ____R () C:\Documents and Settings\Owner\My Documents\My Money Backup_2014-03-03_145645.mbf
2014-03-03 15:56 - 2014-03-03 15:56 - 02586439 ____R () C:\Documents and Settings\Owner\My Documents\My Money Backup_2014-03-03_145622.mbf
2014-02-26 00:13 - 2014-02-27 09:27 - 00011459 _____ () C:\Documents and Settings\Nick\My Documents\quotehouse.xlsx

==================== One Month Modified Files and Folders =======

2014-03-27 19:20 - 2014-03-27 19:20 - 00000000 ____D () C:\FRST
2014-03-27 19:18 - 2012-11-10 20:53 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Canon Easy-WebPrint EX
2014-03-27 19:08 - 2014-03-27 18:57 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\RK_Quarantine
2014-03-27 19:03 - 2014-03-27 19:03 - 00005980 _____ () C:\Documents and Settings\Owner\Desktop\RKreport[0]_S_03272014_190319.txt
2014-03-27 18:50 - 2010-10-01 08:53 - 00000000 ____D () C:\WINDOWS\Help
2014-03-27 18:43 - 2014-03-27 18:43 - 03972608 _____ () C:\Documents and Settings\Owner\Desktop\RogueKiller.exe
2014-03-27 18:39 - 2014-02-07 20:34 - 00000998 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job
2014-03-27 18:37 - 2011-08-17 14:11 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-27 18:36 - 2012-09-23 13:01 - 00000470 _____ () C:\WINDOWS\Tasks\PrintProjects Communicator.job
2014-03-27 18:26 - 2014-03-12 15:35 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-03-27 17:36 - 2013-07-11 11:30 - 00032588 _____ () C:\WINDOWS\SchedLgU.Txt
2014-03-27 15:40 - 2014-03-27 15:38 - 00009646 _____ () C:\Documents and Settings\Owner\Desktop\dds.txt
2014-03-27 15:38 - 2014-03-27 15:38 - 00024778 _____ () C:\Documents and Settings\Owner\Desktop\attach.txt
2014-03-27 15:31 - 2014-03-27 15:31 - 00688992 ____R (Swearware) C:\Documents and Settings\Owner\Desktop\dds.com
2014-03-27 12:00 - 2013-07-15 09:14 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\PMB Files
2014-03-27 12:00 - 2013-07-15 09:14 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\PMB Files
2014-03-27 12:00 - 2012-10-19 14:38 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\.minecraft
2014-03-27 09:10 - 2011-12-04 15:42 - 00000422 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{23E04EFE-BD08-4D66-8056-EF9CF2A89B18}.job
2014-03-27 04:37 - 2011-08-17 14:11 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-26 19:39 - 2014-02-07 20:34 - 00000946 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job
2014-03-26 19:16 - 2014-03-26 19:16 - 00003014 _____ () C:\Documents and Settings\Owner\My Documents\cc_20140326_191619.reg
2014-03-26 19:15 - 2010-10-01 14:57 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-03-26 19:15 - 2010-10-01 13:24 - 00000000 ____D () C:\Documents and Settings\Owner
2014-03-26 17:38 - 2011-06-12 13:29 - 00000682 _____ () C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2014-03-26 17:38 - 2010-10-01 14:43 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-26 16:36 - 2013-10-20 19:14 - 00003182 _____ () C:\Documents and Settings\Owner\Desktop\Rkill.txt
2014-03-26 16:08 - 2010-10-01 09:03 - 00622316 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-26 16:06 - 2004-08-04 08:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-03-26 16:04 - 2013-10-19 17:42 - 00000159 ____N () C:\WINDOWS\wiadebug.log
2014-03-26 16:04 - 2013-10-19 17:42 - 00000049 ____N () C:\WINDOWS\wiaservc.log
2014-03-26 16:03 - 2010-10-01 13:23 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-26 15:47 - 2010-10-01 13:24 - 00000178 ___SH () C:\Documents and Settings\Owner\ntuser.ini
2014-03-26 15:26 - 2010-10-26 17:17 - 00000000 ____D () C:\Corel User Files
2014-03-26 09:24 - 2014-03-26 09:24 - 02064043 ____R () C:\Documents and Settings\Owner\My Documents\My Money Backup_2014-03-26_092354.mbf
2014-03-26 09:23 - 2014-03-26 09:23 - 02063733 ____R () C:\Documents and Settings\Owner\My Documents\My Money Backup_2014-03-26_092341.mbf
2014-03-25 22:19 - 2013-06-16 08:30 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Wes
2014-03-24 08:59 - 2014-03-24 08:59 - 00002316 _____ () C:\Documents and Settings\Owner\Desktop\Chrome App Launcher.lnk
2014-03-24 08:59 - 2010-10-01 14:42 - 00000000 ____D () C:\Documents and Settings\Owner\Start Menu\Programs\Google Chrome
2014-03-23 02:26 - 2013-08-18 00:00 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2014-03-17 21:21 - 2011-11-11 21:51 - 00000000 ____D () C:\WINDOWS\Minidump
2014-03-17 21:16 - 2014-03-17 21:16 - 00014754 _____ () C:\Documents and Settings\Owner\My Documents\cc_20140317_211655.reg
2014-03-17 18:40 - 2013-06-19 18:17 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Graduation 2013
2014-03-16 16:00 - 2010-10-26 16:43 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\vlc
2014-03-13 22:08 - 2014-03-13 22:08 - 00013558 _____ () C:\Documents and Settings\Owner\My Documents\Nicholas Janssen tax 2013.u13
2014-03-13 16:37 - 2011-02-16 10:24 - 00000000 ____D () C:\Taxes
2014-03-13 16:32 - 2014-03-13 16:28 - 00000000 ____D () C:\Program Files\UFile 2013
2014-03-13 16:29 - 2014-03-13 16:29 - 00001629 _____ () C:\Documents and Settings\All Users\Desktop\UFile 2013.lnk
2014-03-13 16:29 - 2014-03-13 16:29 - 00000000 ____D () C:\MSSoap
2014-03-13 16:29 - 2014-03-13 16:29 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\UFile 2013
2014-03-13 16:29 - 2014-03-13 16:29 - 00000000 ____D () C:\Binaries
2014-03-13 16:28 - 2014-03-13 16:28 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Dr Tax
2014-03-12 18:47 - 2014-03-12 18:47 - 00256680 _____ (Microsoft Corporation) C:\Documents and Settings\All Users\Application Data\yiqpjfj.dat
2014-03-12 16:31 - 2012-04-02 11:22 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-03-12 16:31 - 2011-05-16 08:45 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-03-12 15:39 - 2013-05-17 19:52 - 00000785 _____ () C:\Documents and Settings\All Users\Desktop\SoftPerfect WiFi Guard.lnk
2014-03-12 15:39 - 2013-05-17 19:52 - 00000000 ____D () C:\Program Files\SoftPerfect WiFi Guard
2014-03-12 15:39 - 2013-05-17 19:52 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SoftPerfect WiFi Guard
2014-03-11 22:31 - 2014-03-11 22:31 - 02276137 ____R () C:\Documents and Settings\Owner\My Documents\My Money Backup_2014-03-11_223115.mbf
2014-03-09 17:09 - 2011-03-29 19:39 - 00013030 _____ () C:\PDOXUSRS.NET
2014-03-09 16:59 - 2010-10-31 12:54 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\Corel User Files
2014-03-03 15:56 - 2014-03-03 15:56 - 02586439 ____R () C:\Documents and Settings\Owner\My Documents\My Money Backup_2014-03-03_145645.mbf
2014-03-03 15:56 - 2014-03-03 15:56 - 02586439 ____R () C:\Documents and Settings\Owner\My Documents\My Money Backup_2014-03-03_145622.mbf
2014-02-27 22:59 - 2014-02-20 20:41 - 00323848 _____ (Microsoft Corporation) C:\Documents and Settings\All Users\Application Data\lhfdzwd.dat
2014-02-27 09:27 - 2014-02-26 00:13 - 00011459 _____ () C:\Documents and Settings\Nick\My Documents\quotehouse.xlsx
ZeroAccess:
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Desktop\Install
ZeroAccess:
C:\Program Files\Google\Desktop\Install

Files to move or delete:
====================
C:\Documents and Settings\Owner\jagex_cl_runescape_LIVE.dat
C:\Documents and Settings\Owner\random.dat

Some content of TEMP:
====================
C:\Documents and Settings\Nick\Local Settings\Temp\jna8263508104152205886.dll
C:\Documents and Settings\Owner\Local Settings\Temp\ntdll_dump.dll

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client

==================== End Of Log ============================

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014  01
Ran by Owner at 2014-03-27 19:22:05
Running from C:\Documents and Settings\Owner\My Documents\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials (Disabled - Up to date) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

==================== Installed Programs ======================

1310 (Version: 43.0.217.000 - Hewlett-Packard) Hidden
1310_Help (Version: 43.0.217.000 -  Hewlett-Packard) Hidden
1310Tour (Version: 43.0.217.000 -  Hewlett-Packard) Hidden
1310Trb (Version: 43.0.217.000 -  Hewlett-Packard) Hidden
3DDreamBowl (HKLM\...\{B76DFCA6-5DEF-4083-B157-8982C176D83C}) (Version: 1.02.0000 - Absorb Games)
7-zip v9.20 (HKLM\...\7-zip) (Version: v9.20 - TUGUU SL)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe AIR (Version: 2.6.0.19120 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
AiO_Scan (Version: 43.0.217.000 - Hewlett-Packard) Hidden
AiOSoftware (Version: 43.0.217.000 - Hewlett-Packard) Hidden
aMSN 0.98.4 (HKLM\...\aMSN) (Version:  - )
Apple Application Support (HKLM\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{459699C3-9430-4381-964B-4248D87B49F9}) (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI - Software Uninstall Utility (HKLM\...\All ATI Software) (Version: 6.14.10.1022 - )
ATI Catalyst Control Center (HKLM\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.008.1112.2131 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.56-081112a-072992C-HP - )
ATI Problem Report Wizard (HKLM\...\{5DA6F06A-B389-407B-BF8C-1548767914D8}) (Version: 8.10 - ATI Technologies)
Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version:  - )
Baldur's Gate II - Shadows of Amn (HKLM\...\{8DAE4336-2B71-11D4-9A6C-006067325E47}) (Version:  - )
Belarc Advisor 8.1 (HKLM\...\Belarc Advisor) (Version:  - )
Boggle (HKLM\...\Bogglev1) (Version:  - )
BufferChm (Version: 43.1.5.000 - Hewlett-Packard) Hidden
Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version:  - )
Canon MP Navigator EX 5.1 (HKLM\...\MP Navigator EX 5.1) (Version:  - )
Canon MX510 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX510_series) (Version:  - )
Canon MX510 series On-screen Manual (HKLM\...\Canon MX510 series On-screen Manual) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM\...\CanonSolutionMenuEX) (Version:  - )
Canon Speed Dial Utility (HKLM\...\Speed Dial Utility) (Version:  - )
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (Version: 2008.1112.2132.38643 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2008.1112.2132.38643 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2008.1112.2132.38643 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2008.1112.2132.38643 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2008.1112.2132.38643 - ATI) Hidden
Catalyst Control Center HydraVision Full (Version: 2008.1112.2132.38643 - ATI) Hidden
Catalyst Control Center Localization Chinese Standard (Version: 2008.1112.2132.38643 - ATI) Hidden
Catalyst Control Center Localization Chinese Traditional (Version: 2008.1112.2132.38643 - ATI) Hidden
Catalyst Control Center Localization Czech (Version: 2008.1112.2132.38643 - ATI) Hidden
Catalyst Control Center Localization Danish (Version: 2008.1112.2132.38643 - ATI) Hidden
Catalyst Control Center Localization Dutch (Version: 2008.1112.2132.38643 - ATI) Hidden
Catalyst Control Center Localization Finnish (Version: 2008.1112.2132.38643 - ATI) Hidden
Catalyst Control Center Localization French (Version: 2008.1112.2132.38643 - ATI) Hidden
Catalyst Control Center Localization German (Version: 2008.1112.2132.38643 - ATI) Hidden
Catalyst Control Center Localization Greek (Version: 2008.1112.2132.38643 - ATI) Hidden
Catalyst Control Center Localization Hungarian (Version: 2008.1112.2132.38643 - ATI) Hidden
Catalyst Control Center Localization Italian (Version: 2008.1112.2132.38643 - ATI) Hidden
Catalyst Control Center Localization Japanese (Version: 2008.1112.2132.38643 - ATI) Hidden
Catalyst Control Center Localization Korean (Version: 2008.1112.2132.38643 - ATI) Hidden
Catalyst Control Center Localization Norwegian (Version: 2008.1112.2132.38643 - ATI) Hidden
Catalyst Control Center Localization Polish (Version: 2008.1112.2132.38643 - ATI) Hidden
Catalyst Control Center Localization Portuguese (Version: 2008.1112.2132.38643 - ATI) Hidden
Catalyst Control Center Localization Russian (Version: 2008.1112.2132.38643 - ATI) Hidden
Catalyst Control Center Localization Spanish (Version: 2008.1112.2132.38643 - ATI) Hidden
Catalyst Control Center Localization Swedish (Version: 2008.1112.2132.38643 - ATI) Hidden
Catalyst Control Center Localization Thai (Version: 2008.1112.2132.38643 - ATI) Hidden
Catalyst Control Center Localization Turkish (Version: 2008.1112.2132.38643 - ATI) Hidden
CCC Help Chinese Standard (Version: 2008.1112.2131.38643 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2008.1112.2131.38643 - ATI) Hidden
CCC Help Czech (Version: 2008.1112.2131.38643 - ATI) Hidden
CCC Help Danish (Version: 2008.1112.2131.38643 - ATI) Hidden
CCC Help Dutch (Version: 2008.1112.2131.38643 - ATI) Hidden
CCC Help English (Version: 2008.1112.2131.38643 - ATI) Hidden
CCC Help Finnish (Version: 2008.1112.2131.38643 - ATI) Hidden
CCC Help French (Version: 2008.1112.2131.38643 - ATI) Hidden
CCC Help German (Version: 2008.1112.2131.38643 - ATI) Hidden
CCC Help Greek (Version: 2008.1112.2131.38643 - ATI) Hidden
CCC Help Hungarian (Version: 2008.1112.2131.38643 - ATI) Hidden
CCC Help Italian (Version: 2008.1112.2131.38643 - ATI) Hidden
CCC Help Japanese (Version: 2008.1112.2131.38643 - ATI) Hidden
CCC Help Korean (Version: 2008.1112.2131.38643 - ATI) Hidden
CCC Help Norwegian (Version: 2008.1112.2131.38643 - ATI) Hidden
CCC Help Polish (Version: 2008.1112.2131.38643 - ATI) Hidden
CCC Help Portuguese (Version: 2008.1112.2131.38643 - ATI) Hidden
CCC Help Russian (Version: 2008.1112.2131.38643 - ATI) Hidden
CCC Help Spanish (Version: 2008.1112.2131.38643 - ATI) Hidden
CCC Help Swedish (Version: 2008.1112.2131.38643 - ATI) Hidden
CCC Help Thai (Version: 2008.1112.2131.38643 - ATI) Hidden
CCC Help Turkish (Version: 2008.1112.2131.38643 - ATI) Hidden
ccc-core-preinstall (Version: 2008.1112.2132.38643 - ATI) Hidden
ccc-core-static (Version: 2008.1112.2132.38643 - ATI) Hidden
ccc-utility (Version: 2008.1112.2132.38643 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
Cnxt 2011 D850 56K V.9x DF Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_201114F1) (Version:  - )
Content Manager (HKLM\...\{B64BC516-2406-43AE-A21A-1E387A2343B1}) (Version: 2.70 - Magellan)
Copy (Version: 43.1.5.000 - Hewlett-Packard) Hidden
Corel WordPerfect Suite 8 (HKLM\...\Corel WordPerfect Suite 8) (Version:  - )
CreativeProjects (Version: 43.1.5.000 - Hewlett-Packard) Hidden
CreativeProjectsTemplates (Version: 43.1.5.000 - Hewlett-Packard) Hidden
CueTour (Version: 43.1.5.000 - Hewlett-Packard) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.16 - Piriform)
Destinations (Version: 43.1.5.000 - Hewlett-Packard) Hidden
Direct Show Ogg Vorbis Filter (remove only) (HKLM\...\OggDS) (Version:  - )
Director (Version: 43.1.5.000 - Hewlett-Packard) Hidden
DocProc (Version: 4.0.0.0 - Hewlett-Packard) Hidden
DocumentViewer (Version: 43.0.217.000 - Hewlett-Packard) Hidden
EA Download Manager (HKLM\...\EADM) (Version: 7.2.0.32 - Electronic Arts, Inc.)
Fax (Version: 43.0.217.000 - Hewlett-Packard) Hidden
Foxit Reader (HKLM\...\{549197A2-8484-426C-814F-81A6535A24D6}) (Version: 4.2.0.928 - Foxit Corporation)
Free Studio version 5.6.3.706 (HKLM\...\Free Studio_is1) (Version: 5.6.3.706 - DVDVideoSoft Ltd.)
Free Text Pad (HKLM\...\Free Text Pad) (Version: 1.0 - Zenith Technology Limited)
FrostWire 5.4.0 (HKLM\...\FrostWire 5) (Version: 5.4.0.0 - FrostWire Team)
Fund Manager (HKLM\...\Fund Manager) (Version:  - Beiley Software)
Google Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
GPGNet (HKLM\...\{C194D333-B84A-4BB7-B35E-060732D98DC4}) (Version: 1.0.0 - Gas Powered Games)
HP Diagnostic Assistant (Version: 1.0.1.0 - Hewlett-Packard) Hidden
HP Image Zone 4.2 (HKLM\...\HP Photo & Imaging) (Version: 4.2 - HP)
HP Product Detection (HKLM\...\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}) (Version: 10.7.9.0 - Hewlett-Packard Company)
HP PSC & OfficeJet 4.2 (HKLM\...\{A1062847-0846-427A-92A1-BB8251A91E91}) (Version:  - HP)
HP SetRefresh (HKLM\...\{F5242227-2051-4158-AC42-0F2BAA3CD3D6}) (Version: 1.2.1.3 - Hewlett-Packard Company)
HP Software Update (HKLM\...\{457791C5-D702-4143-A7B2-2744BE9573F2}) (Version: 2.0.39.20040212 - Hewlett-Packard)
HP Unload DLL Patch (HKLM\...\{595D0DE8-C38A-4432-B851-47DECC1A99BD}) (Version: 1.00.0000 - Hewlett-Packard)
HPSystemDiagnostics (Version: 1.5.0.0 - Your Company Name) Hidden
HydraVision (HKLM\...\{FCCDE84B-0154-459E-A8F2-C6B3FA5C1881}) (Version: 4.0.2.0 - ATI Technologies Inc.)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.4.0 - LIGHTNING UK!)
InstantShare (Version: 4.0.0.40 - Hewlett-Packard) Hidden
iTunes (HKLM\...\{B0261E53-B6F1-474A-864B-E7C3CBF468E0}) (Version: 11.0.1.12 - Apple Inc.)
Java Auto Updater (Version: 2.0.3.1 - Sun Microsystems, Inc.) Hidden
Java 6 Update 24 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216021FF}) (Version: 6.0.240 - Oracle)
KeePass Password Safe 2.13 (HKLM\...\KeePassPasswordSafe2_is1) (Version:  - Dominik Reichl)
K-Lite Codec Pack 6.3.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 6.3.0 - )
League of Legends (HKLM\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
League of Legends (HKLM\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (Version: 3.0.0 - Riot Games) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version:  - Microsoft Corporation) Hidden
Microsoft Money Plus (HKLM\...\Money2008b) (Version: 17 - Microsoft)
Microsoft Money Shared Libraries (Version: 17.0.0.3817 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.3.0215.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.3.215.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft Streets and Trips (HKLM\...\{142492FC-7686-4B29-8E23-8C738FFCCB01}) (Version: 10.00.09.1300 - Microsoft)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MobileMe Control Panel (HKLM\...\{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}) (Version: 3.1.8.0 - Apple Inc.)
Monopoly Tycoon (HKLM\...\{B975F4A1-63B6-11D4-BFEC-005004AF2D32}) (Version:  - )
MSN (HKLM\...\MSNINST) (Version:  - )
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MSXML 6.0 Parser (HKLM\...\{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}) (Version: 6.10.1129.0 - Microsoft Corporation)
MSXML4SP2 (HKLM\...\{451BB54C-8B23-4455-8BDC-14FC7D43E056}) (Version: 1.00.0000 - Logiciel Dr Tax Software Inc.)
Nero Media Player (HKLM\...\NMPUninstallKey) (Version:  - )
Nero OEM (HKLM\...\Nero - Burning Rom!UninstallKey) (Version:  - )
NeroVision Express 2 (HKLM\...\NeroVision!UninstallKey) (Version:  - )
NetWorx 5.2.8 (HKLM\...\NetWorx_is1) (Version:  - Softperfect Research)
OpenOffice.org 3.4.1 (HKLM\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
Overland (Version: 2.1.5 - Hewlett-Packard) Hidden
Paint.NET v3.5.5 (HKLM\...\{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}) (Version: 3.55.0 - dotPDN LLC)
Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Photo Story 3 for Windows (HKLM\...\{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}) (Version: 3.0.1115.0 - Microsoft Corporation)
PhotoGallery (Version: 43.1.5.000 - Hewlett-Packard) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PMB (HKLM\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.5.02.12220 - Sony Corporation)
PreReq (Version: 6.2.4.0 - Eastman Kodak Company) Hidden
PrintProjects (HKLM\...\PrintProjects) (Version: 1.0.0.8812 - RocketLife Inc.)
PrintScreen (Version: 43.1.5.000 - Hewlett-Packard) Hidden
ProductContext (Version: 43.0.217.000 - Hewlett-Packard) Hidden
QFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
QuickProjects (Version: 43.1.5.000 - Hewlett-Packard) Hidden
QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Readme (Version: 43.0.217.000 - Hewlett-Packard) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
RollerCoaster Tycoon® 3 (HKLM\...\{907B4640-266B-4A21-92FB-CD1A86CD0F63}) (Version: 1.00.000 - )
Safari (HKLM\...\{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}) (Version: 5.34.52.7 - Apple Inc.)
Scan (Version: 4.1.0.0 - Hewlett-Packard) Hidden
Search Results Toolbar (HKLM\...\searchresults) (Version: 1.0.0.12 - )
Sid Meier's Civilization 4 (HKLM\...\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}) (Version: 1.61 - Firaxis Games)
Sid Meier's Civilization 4 (Version: 1.61 - Firaxis Games) Hidden
SimCity 4 Deluxe (HKLM\...\{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}) (Version:  - )
Skins (Version: 2008.1112.2132.38643 - ATI) Hidden
SkinsHP1 (Version: 43.1.5.000 - Hewlett-Packard) Hidden
Soap 3.0 Toolkit (HKLM\...\{2C464EC1-2B0C-4490-9CAC-D4562DD8377A}) (Version: 1.00.0000 - Your Company Name)
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1) (Version:  - )
SoftPerfect WiFi Guard version 1.0.4 (HKLM\...\{38AFD787-4D2E-4442-92D2-7739F5F92CF4}_is1) (Version: 1.0.4 - SoftPerfect Research)
Software Update for Web Folders (Version: 9.60.6715.0 - Microsoft Corporation) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.22 - Piriform)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
StarCraft II (HKLM\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stellarium 0.11.0 (HKLM\...\Stellarium_is1) (Version:  - )
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 4.44.1000 - SUPERAntiSpyware.com)
Supreme Commander (HKLM\...\{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}) (Version: 1.00.0000 - Gas Powered Games)
Switch Sound File Converter (HKLM\...\Switch) (Version:  - NCH Software)
TCPEye 1.0 (HKLM\...\{998C9435-DAF8-4BDF-B9A5-F844B01D524C}_is1) (Version:  - Free Software Relase)
Team Fortress 2 (HKLM\...\Steam App 440) (Version:  - Valve)
TeraCopy 2.12 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector Inc.)
The Sims™ 3 (HKLM\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.55.4 - Electronic Arts)
TomTom HOME (HKLM\...\{EC5F4C1B-F838-4CB7-8561-8F809296428B}) (Version: 2.9.5 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TrayApp (Version: 43.1.5.000 - Hewlett-Packard) Hidden
UFile 2010 (HKLM\...\{585D96E5-1A6A-410C-8F5F-F606CA1CCE1C}) (Version: 14.14.0000 - Logiciel Dr Tax Software Inc.)
UFile 2011 (HKLM\...\{7C8626FA-408B-4A90-9EDC-9D128ABD61F8}) (Version: 15.20.0000 - Logiciel Dr Tax Software Inc.)
UFile 2012 (HKLM\...\{AF54F043-62F9-47AB-A2B2-795CD1EA4C56}) (Version: 16.21.0000 - Logiciel Dr Tax Software Inc.)
UFile 2013 (HKLM\...\{D3D79DA4-68EA-450F-A916-0E854CA30984}) (Version: 17.15.0000 - Thomson Reuters DT Tax and Accounting Inc.)
UFile Updater 2010 (HKLM\...\{A859FA27-05AF-4295-BF2C-A9D3A5A707EE}) (Version: 6.01.0000 - Logiciel Dr Tax Software Inc.)
UFile Updater 2011 (HKLM\...\{7087457A-98F4-4F77-967D-0685C8F18308}) (Version: 7.01.0000 - Logiciel Dr Tax Software Inc.)
UFile Updater 2012 (HKLM\...\{EBD3E558-C070-474B-9CC5-CBCA7147EB25}) (Version: 8.01.0000 - Logiciel Dr Tax Software Inc.)
UFile Updater 2013 (HKLM\...\{B37F0361-9323-44F6-83DD-FCA9390F5712}) (Version: 9.01.0000 - Thomson Reuters DT Tax and Accounting Inc.)
Unload (Version: 4.0.0 - Hewlett-Packard) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2362765) (HKLM\...\KB2362765-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2447568) (HKLM\...\KB2447568-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2632503) (HKLM\...\KB2632503-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2492386) (HKLM\...\KB2492386) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676-v2) (HKLM\...\KB2616676-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
VLC media player 2.0.6 (HKLM\...\VLC media player) (Version: 2.0.6 - VideoLAN)
Warcraft III: All Products (HKCU\...\Warcraft III) (Version:  - )
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 43.1.5.000 - Hewlett-Packard) Hidden
WhiteSmoke New Toolbar (HKLM\...\WhiteSmoke_New Toolbar) (Version: 6.11.2.6 - WhiteSmoke New)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - Microsoft Corporation)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows PowerShell 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
Worms 2 (HKLM\...\Worms 2) (Version:  - )
Xmepk (HKCU\...\Xmepk) (Version:  - dror)
Yahtzee (HKLM\...\Yahtzeev1) (Version:  - )

==================== Restore Points  =========================

28-12-2013 19:45:42 System Checkpoint
29-12-2013 22:45:24 System Checkpoint
31-12-2013 01:18:29 System Checkpoint
01-01-2014 01:45:57 System Checkpoint
02-01-2014 02:12:28 System Checkpoint
03-01-2014 02:46:38 System Checkpoint
04-01-2014 03:46:43 System Checkpoint
05-01-2014 04:02:54 System Checkpoint
06-01-2014 04:10:29 System Checkpoint
07-01-2014 04:40:30 System Checkpoint
08-01-2014 05:05:56 System Checkpoint
09-01-2014 06:01:03 System Checkpoint
10-01-2014 06:51:34 System Checkpoint
11-01-2014 07:43:04 System Checkpoint
12-01-2014 08:31:29 System Checkpoint
13-01-2014 09:22:31 System Checkpoint
14-01-2014 10:15:25 System Checkpoint
15-01-2014 11:08:17 System Checkpoint
16-01-2014 12:04:32 System Checkpoint
17-01-2014 12:56:25 System Checkpoint
18-01-2014 13:47:28 System Checkpoint
19-01-2014 14:37:22 System Checkpoint
20-01-2014 14:55:54 System Checkpoint
21-01-2014 17:28:33 System Checkpoint
22-01-2014 18:56:57 System Checkpoint
23-01-2014 23:09:49 System Checkpoint
24-01-2014 23:25:04 System Checkpoint
26-01-2014 00:15:12 System Checkpoint
27-01-2014 00:42:54 System Checkpoint
28-01-2014 01:01:02 System Checkpoint
29-01-2014 01:59:28 System Checkpoint
30-01-2014 02:46:00 System Checkpoint
31-01-2014 03:39:54 System Checkpoint
01-02-2014 05:23:26 System Checkpoint
02-02-2014 05:33:17 System Checkpoint
03-02-2014 06:27:44 System Checkpoint
04-02-2014 07:22:43 System Checkpoint
05-02-2014 08:16:59 System Checkpoint
06-02-2014 09:10:04 System Checkpoint
07-02-2014 10:01:50 System Checkpoint
08-02-2014 10:54:57 System Checkpoint
09-02-2014 11:46:39 System Checkpoint
10-02-2014 12:53:39 System Checkpoint
11-02-2014 13:30:32 System Checkpoint
12-02-2014 14:21:49 System Checkpoint
13-02-2014 15:00:00 System Checkpoint
14-02-2014 15:06:35 System Checkpoint
15-02-2014 16:44:14 System Checkpoint
16-02-2014 22:58:39 System Checkpoint
17-02-2014 23:59:18 System Checkpoint
19-02-2014 00:52:26 System Checkpoint
20-02-2014 01:43:38 System Checkpoint
21-02-2014 04:08:55 System Checkpoint
22-02-2014 06:03:23 System Checkpoint
23-02-2014 06:08:49 System Checkpoint
24-02-2014 06:45:48 System Checkpoint
25-02-2014 07:38:35 System Checkpoint
26-02-2014 08:28:07 System Checkpoint
27-02-2014 09:19:29 System Checkpoint
28-02-2014 10:10:52 System Checkpoint
01-03-2014 11:04:36 System Checkpoint
02-03-2014 11:56:55 System Checkpoint
03-03-2014 12:48:09 System Checkpoint
04-03-2014 13:37:09 System Checkpoint
05-03-2014 14:27:30 System Checkpoint
06-03-2014 15:16:31 System Checkpoint
07-03-2014 16:57:05 System Checkpoint
08-03-2014 17:23:21 System Checkpoint
09-03-2014 19:48:01 System Checkpoint
10-03-2014 20:38:34 System Checkpoint
11-03-2014 21:54:37 System Checkpoint
12-03-2014 21:57:36 System Checkpoint
13-03-2014 22:29:42 System Checkpoint
14-03-2014 22:38:37 System Checkpoint
15-03-2014 23:29:09 System Checkpoint
17-03-2014 01:09:34 System Checkpoint
18-03-2014 01:38:48 System Checkpoint
19-03-2014 01:55:57 System Checkpoint
20-03-2014 02:03:55 System Checkpoint
21-03-2014 02:26:09 System Checkpoint
22-03-2014 02:46:02 System Checkpoint
23-03-2014 03:35:50 System Checkpoint
24-03-2014 05:04:59 System Checkpoint
25-03-2014 05:24:30 System Checkpoint
26-03-2014 05:29:08 System Checkpoint
27-03-2014 06:04:55 System Checkpoint
27-03-2014 22:56:00 before malware ajustment

==================== Hosts content: ==========================

2004-08-04 08:00 - 2013-10-20 19:23 - 00000736 ___RA C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job => C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job => C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\PrintProjects Communicator.job => C:\Documents and Settings\All Users\Application Data\PrintProjects\Communicator.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{23E04EFE-BD08-4D66-8056-EF9CF2A89B18}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-29 15:49 - 2013-09-29 15:49 - 00065024 _____ () C:\WINDOWS\system32\cacledit.dll
2010-10-01 14:43 - 2010-03-15 11:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2010-10-31 12:52 - 1997-08-08 04:00 - 00121344 ____N () C:\Corel\Suite8\Versions\VERS232.dll
2010-10-31 12:52 - 1997-08-08 04:00 - 00017920 ____N () C:\Corel\Suite8\Versions\IMPLODE.DLL
2010-10-01 14:43 - 2009-06-21 23:26 - 00305664 _____ () C:\Program Files\TeraCopy\TeraCopyExt.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\24233212.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\24233212.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk => C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk => C:\WINDOWS\pss\OpenOffice.org 3.4.1.lnkStartup
MSCONFIG\startupfolder: C:^Documents and Settings^Owner^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk => C:\WINDOWS\pss\RollerCoaster Tycoon 3 Registration.lnkStartup
MSCONFIG\startupreg: 7-Zip => Rundll32.exe "C:\Documents and Settings\Owner\Local Settings\Application Data\7-Zip\unrqidol.dll",RegisterEmitter
MSCONFIG\startupreg: Alcmtr => ALCMTR.EXE
MSCONFIG\startupreg: ApnUpdater => "C:\Program Files\Ask.com\Updater\Updater.exe"
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenuEx => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
MSCONFIG\startupreg: Conime => %windir%\system32\conime.exe
MSCONFIG\startupreg: EKIJ5000StatusMonitor => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
MSCONFIG\startupreg: FlashPlayerUpdate => C:\WINDOWS\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe -update activex
MSCONFIG\startupreg: Google Update => "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: High Definition Audio Property Page Shortcut => HDAShCut.exe
MSCONFIG\startupreg: HP Component Manager => "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
MSCONFIG\startupreg: HP Software Update => "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
MSCONFIG\startupreg: iBryte playbryte Desktop => C:\Program Files\iBryte\playbryte\ibrytedesktop.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KeePass 2 PreLoad => "C:\Program Files\KeePass Password Safe 2\KeePass.exe" --preload
MSCONFIG\startupreg: lhfdzwd => regsvr32.exe "C:\Documents and Settings\All Users\Application Data\lhfdzwd.dat"
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: NeroFilterCheck => C:\WINDOWS\system32\NeroCheck.exe
MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
MSCONFIG\startupreg: Propel Accelerator => "C:\Program Files\Propel Accelerator\trayctl.exe" /STARTUPLAUNCH
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: ROC_ROC_JULY_P1 => "C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
MSCONFIG\startupreg: Rogers SHS => C:\Program Files\Rogers\SelfHealing\shs.exe
MSCONFIG\startupreg: RogersServicepointAgent.exe => "C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe" /AUTORUN
MSCONFIG\startupreg: RTHDCPL => RTHDCPL.EXE
MSCONFIG\startupreg: SearchProtect => C:\Documents and Settings\Owner\Application Data\SearchProtect\bin\cltmng.exe
MSCONFIG\startupreg: SearchProtectAll => C:\Program Files\SearchProtect\bin\cltmng.exe
MSCONFIG\startupreg: SetRefresh => C:\Program Files\COMPAQ\SetRefresh\\SetRefresh.exe
MSCONFIG\startupreg: StartCCC => "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: Steam => "C:\Documents and Settings\Wes\My Documents\Steam\New Folder\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
MSCONFIG\startupreg: vProt => "C:\Program Files\AVG Secure Search\vprot.exe"
MSCONFIG\startupreg: yiqpjfj => regsvr32.exe "C:\Documents and Settings\All Users\Application Data\yiqpjfj.dat"

==================== Faulty Device Manager Devices =============

Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: YAMAHA Legacy DS1 WDM Driver
Description: YAMAHA Legacy DS1 WDM Driver
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: Yamaha
Service: ds1
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (03/25/2014 10:15:08 PM) (Source: Application Error) (User: )
Description: Faulting application league of legends.exe, version 4.4.0.1858, faulting module league of legends.exe, version 4.4.0.1858, fault address 0x005787d0.
Processing media-specific event for [league of legends.exe!ws!]

Error: (03/17/2014 11:26:10 PM) (Source: Application Error) (User: )
Description: Faulting application league of legends.exe, version 4.3.0.495, faulting module league of legends.exe, version 4.3.0.495, fault address 0x005801e0.
Processing media-specific event for [league of legends.exe!ws!]

Error: (03/12/2014 03:47:23 PM) (Source: Application Hang) (User: )
Description: Hanging application msmoney.exe, version 17.0.0.3817, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/11/2014 11:49:58 PM) (Source: Application Error) (User: )
Description: Faulting application league of legends.exe, version 4.3.0.495, faulting module league of legends.exe, version 4.3.0.495, fault address 0x005801e0.
Processing media-specific event for [league of legends.exe!ws!]

Error: (03/04/2014 03:58:42 PM) (Source: Application Error) (User: )
Description: Faulting application league of legends.exe, version 4.3.0.487, faulting module league of legends.exe, version 4.3.0.487, fault address 0x005c7fd0.
Processing media-specific event for [league of legends.exe!ws!]

Error: (03/02/2014 00:12:34 PM) (Source: Application Error) (User: )
Description: Faulting application league of legends.exe, version 4.3.0.487, faulting module league of legends.exe, version 4.3.0.487, fault address 0x005c7fd0.
Processing media-specific event for [league of legends.exe!ws!]

Error: (02/20/2014 08:42:50 PM) (Source: Application Error) (User: )
Description: Fault bucket 83712486.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication.  The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (02/20/2014 08:41:58 PM) (Source: Application Error) (User: )
Description: Faulting application 2skkkkkkk.exe, version 1.9.0.326, faulting module unknown, version 0.0.0.0, fault address 0x00415000.
Processing media-specific event for [2skkkkkkk.exe!ws!]

Error: (02/16/2014 00:55:46 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/12/2014 09:39:52 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

System errors:
=============
Error: (03/26/2014 04:05:28 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sbaphd

Error: (03/26/2014 04:05:28 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (03/26/2014 04:05:28 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service failed to start due to the following error:
%%1920

Error: (03/26/2014 04:05:28 PM) (Source: Service Control Manager) (User: )
Description: The sbapifs service failed to start due to the following error:
%%2

Error: (03/26/2014 04:04:25 PM) (Source: Print) (User: NT AUTHORITY)
Description: Printer Corel Barista failed to initialize because a suitable Corel Barista driver could not be found.

Error: (03/25/2014 10:26:57 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sbaphd

Error: (03/25/2014 10:26:57 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (03/25/2014 10:26:57 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service failed to start due to the following error:
%%1920

Error: (03/25/2014 10:26:57 PM) (Source: Service Control Manager) (User: )
Description: The sbapifs service failed to start due to the following error:
%%2

Error: (03/25/2014 10:25:55 PM) (Source: Print) (User: NT AUTHORITY)
Description: Printer Corel Barista failed to initialize because a suitable Corel Barista driver could not be found.

Microsoft Office Sessions:
=========================
Error: (03/25/2014 10:15:08 PM) (Source: Application Error)(User: )
Description: league of legends.exe4.4.0.1858league of legends.exe4.4.0.1858005787d0

Error: (03/17/2014 11:26:10 PM) (Source: Application Error)(User: )
Description: league of legends.exe4.3.0.495league of legends.exe4.3.0.495005801e0

Error: (03/12/2014 03:47:23 PM) (Source: Application Hang)(User: )
Description: msmoney.exe17.0.0.3817hungapp0.0.0.000000000

Error: (03/11/2014 11:49:58 PM) (Source: Application Error)(User: )
Description: league of legends.exe4.3.0.495league of legends.exe4.3.0.495005801e0

Error: (03/04/2014 03:58:42 PM) (Source: Application Error)(User: )
Description: league of legends.exe4.3.0.487league of legends.exe4.3.0.487005c7fd0

Error: (03/02/2014 00:12:34 PM) (Source: Application Error)(User: )
Description: league of legends.exe4.3.0.487league of legends.exe4.3.0.487005c7fd0

Error: (02/20/2014 08:42:50 PM) (Source: Application Error)(User: )
Description: 83712486

Error: (02/20/2014 08:41:58 PM) (Source: Application Error)(User: )
Description: 2skkkkkkk.exe1.9.0.326unknown0.0.0.000415000

Error: (02/16/2014 00:55:46 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (02/12/2014 09:39:52 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

==================== Memory info ===========================

Percentage of memory in use: 21%
Total physical RAM: 3070.26 MB
Available physical RAM: 2421.29 MB
Total Pagefile: 4956.12 MB
Available Pagefile: 4419.38 MB
Total Virtual: 2047.88 MB
Available Virtual: 1946.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.75 GB) (Free:184.99 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (UFile Offer 2013) (CDROM) (Total:0.15 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: 11111111)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Link to post
Share on other sites

These are from CCleaner, regcleaners are not recommended and usually cause more problems and do little good!
C:\Documents and Settings\Owner\My Documents\cc_20140326_191619.reg
C:\Documents and Settings\Owner\My Documents\cc_20140317_211655.reg

----------------------------------------------

Please make sure you create a new system restore point before you continue and also backup the registry.

To back up the registry:
bwebb7v.jpgDownload Delfix from here and save it to your desktop.
Uncheck all the boxes except:

  • Create registry backup

delfix.jpg

  • Click the Run button.
  • When the tool is finished, a log will open in notepad. Please copy and paste the log in your next reply.

    Then............


    Download the attached fixlist.txt to the same folder as FRST.
    Run FRST.exe and click Fix only once and wait
    The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

    MrC
     
Link to post
Share on other sites

1st step done.  created restoe point and backed up registry.  Starting next step.

 

# DelFix v10.6 - Logfile created 27/03/2014 at 20:15:12
# Updated 11/11/2013 by Xplode
# Username : Owner - HENRY-CA5171C61
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

~ Creating registry backup ... OK

########## - EOF - ##########

Link to post
Share on other sites

Second step done. Ran FRST.EXE again and hit fix.  Here are the results.  Farbar said the computer has to restart.   Sending results ,then will restart.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014  01
Ran by Owner at 2014-03-27 20:20:06 Run:1
Running from C:\Documents and Settings\Owner\My Documents\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKLM\...\Winlogon: [userinit] C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\All Users\Application Data\sprDvn7X\sprDvn7X.exe -sm,
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-515967899-1972579041-682003330-1003\...\Run: [lhfdzwd] - regsvr32.exe "C:\Documents and Settings\All Users\Application Data\lhfdzwd.dat"
C:\Documents and Settings\All Users\Application Data\lhfdzwd.dat
HKU\S-1-5-21-515967899-1972579041-682003330-1003\...409d6c4515e9\InprocServer32: [Default-shell32] shell32.dll ATTENTION! ====> ZeroAccess?
BHO: No Name - {739df940-c5ee-4bab-9d7e-270894ae687a} -  No File
Toolbar: HKLM - No Name - {b278d9f8-0fa9-465e-9938-0c392605d8e3} -  No File
Toolbar: HKLM - No Name - {739df940-c5ee-4bab-9d7e-270894ae687a} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
CHR Plugin: (Google Gears 0.5.33.0) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\33.0.1750.154\gears.dll No File
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\33.0.1750.154\gcswf32.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
S4 IntelIde; No ImagePath
S3 jatmlano; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\jatmlano.sys [X]
S1 nctodgfz; \??\C:\WINDOWS\system32\drivers\nctodgfz.sys [X]
C:\WINDOWS\system32\drivers\nctodgfz.sys
2014-03-12 18:47 - 2014-03-12 18:47 - 00256680 _____ (Microsoft Corporation) C:\Documents and Settings\All Users\Application Data\yiqpjfj.dat
C:\Documents and Settings\All Users\Application Data\yiqpjfj.dat
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Desktop\Install
C:\Program Files\Google\Desktop\Install
C:\Documents and Settings\Owner\jagex_cl_runescape_LIVE.dat
C:\Documents and Settings\Owner\random.dat
C:\Documents and Settings\Nick\Local Settings\Temp\jna8263508104152205886.dll
C:\Documents and Settings\Owner\Local Settings\Temp\ntdll_dump.dll
DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
*****************

HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => Value was restored successfully.
HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.
HKU\S-1-5-21-515967899-1972579041-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run\\lhfdzwd => Value deleted successfully.
C:\Documents and Settings\All Users\Application Data\lhfdzwd.dat => Moved successfully.
HKU\S-1-5-21-515967899-1972579041-682003330-1003\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{739df940-c5ee-4bab-9d7e-270894ae687a} => Key deleted successfully.
HKCR\CLSID\{739df940-c5ee-4bab-9d7e-270894ae687a} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{b278d9f8-0fa9-465e-9938-0c392605d8e3} => Value deleted successfully.
HKCR\CLSID\{b278d9f8-0fa9-465e-9938-0c392605d8e3} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{739df940-c5ee-4bab-9d7e-270894ae687a} => Value deleted successfully.
HKCR\CLSID\{739df940-c5ee-4bab-9d7e-270894ae687a} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Value deleted successfully.
HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\33.0.1750.154\gears.dll not found.
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\33.0.1750.154\gcswf32.dll not found.
IntelIde => Service deleted successfully.
jatmlano => Service deleted successfully.
nctodgfz => Service deleted successfully.
"C:\WINDOWS\system32\drivers\nctodgfz.sys" => File/Directory not found.
C:\Documents and Settings\All Users\Application Data\yiqpjfj.dat => Moved successfully.
"C:\Documents and Settings\All Users\Application Data\yiqpjfj.dat" => File/Directory not found.
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Desktop\Install => Moved successfully.
C:\Program Files\Google\Desktop\Install => Moved successfully.
C:\Documents and Settings\Owner\jagex_cl_runescape_LIVE.dat => Moved successfully.
C:\Documents and Settings\Owner\random.dat => Moved successfully.
C:\Documents and Settings\Nick\Local Settings\Temp\jna8263508104152205886.dll => Moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\ntdll_dump.dll => Moved successfully.
"C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking started.
"C:\Program Files\Microsoft Security Client\Backup" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\DbgHelp.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\Drivers" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\en-us" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\EppManifest.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\LegitLib.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpAsDesc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpClient.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpCmdRun.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpCommu.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\mpevmsg.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpOAv.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpRTP.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpSvc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MsMpCom.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MsMpEng.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MsMpLics.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MsMpRes.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\msseces.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MsseWat.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\Setup.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\SetupRes.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\shellext.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\SqmApi.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\SymSrv.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\SymSrv.yes" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking completed.
C:\Documents and Settings\All Users\Application Data\TEMP => ":D1B5B4F1" ADS removed successfully.

The system needed a reboot.

==== End of Fixlog ====

Link to post
Share on other sites

That went well....Next:

Please read the directions carefully so you don't end up deleting something that is good!!

If in doubt about an entry....please ask or choose Skip!!!!

Don't Delete anything unless instructed to!

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If a suspicious object is detected, the default action will be Skip, click on Continue

Please note that TDSSKiller can be run in safe mode if needed.

Please download the latest version of TDSSKiller from HERE and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters. (Leave the KSN box checked)

    image000q.png

  • Put a checkmark beside loaded modules.

    2012081514h0118.png

  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.

    clip.jpg

  • Click the Start Scan button.

    19695967.jpg

  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    67776163.jpg

    Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

    If in doubt about an entry....please ask or choose Skip

  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.

    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    62117367.jpg

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
  • Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

Here's a summary of what to do if you would like to print it out:

If in doubt about an entry....please ask or choose Skip

Don't Delete anything unless instructed to!

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Link to post
Share on other sites

Those were clean and I don't need to see the others.

Next:

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

http://www.bleepingcomputer.com/download/combofix/dl/12/ <---ComboFix direct download

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.
 

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC (be back in the AM)

 

Link to post
Share on other sites

Well that was a chore.  Thought I had all anti virus programs stopped so I started Combofix.  It warned me I had Microsoft Security Essentials still running. Tried to open it but it wouldn't let me. Checked running processes, couldn't find it. Tried uninstalling it, comp said it wasn't there.  So I went ahead and ran Combofix anyways even with the warning.  Took a long time running but finally done. Here is the Combofix txt file:

 

 

ComboFix.txt

Link to post
Share on other sites

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

 

Looks like there's 2 references to MSE

-----------------------------------------------------

Is your SUPERAntiSpyware the free version or the paid version?

Delete your copy of RogueKiller and download a fresh copy.

Run it as before and post the log.

 

MrC

Link to post
Share on other sites

Results of roguekiller:

 

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Scan -- Date : 03/28/2014 09:52:39
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[sVCHOST] svchost.exe -- C:\WINDOWS\system32\svchost.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][Folder] U : C:\RECYCLER\S-1-5-18\$7230831b77b76f78803fb12823658205\U [-] --> FOUND
[ZeroAccess][Folder] L : C:\RECYCLER\S-1-5-18\$7230831b77b76f78803fb12823658205\L [-] --> FOUND

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1       localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Maxtor 7H500F0 +++++
--- User ---
[MBR] 70af50db4c815cca741812dbc35c5187
[bSP] 18bea65b406b6965984b8e9f2aaad043 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476929 MB
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Canon MX510 series USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

Finished : << RKreport[0]_S_03282014_095239.txt >>
RKreport[0]_S_03272014_190319.txt

Link to post
Share on other sites

Run RogueKiller again and click Scan

When the scan completes > click on the Files tab

Put a check next to all of these and uncheck the rest: (if found)

 

[ZeroAccess][Folder] U : C:\RECYCLER\S-1-5-18\$7230831b77b76f78803fb12823658205\U [-] --> FOUND

[ZeroAccess][Folder] L : C:\RECYCLER\S-1-5-18\$7230831b77b76f78803fb12823658205\L [-] --> FOUND

Now click Delete on the right hand column under Options

-------------

Reboot and run another scan, post the log.

MrC

Link to post
Share on other sites

ok deleted files,rebooted, and rescanned.  Results:

 

 

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Scan -- Date : 03/28/2014 10:34:21
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1       localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Maxtor 7H500F0 +++++
--- User ---
[MBR] 70af50db4c815cca741812dbc35c5187
[bSP] 18bea65b406b6965984b8e9f2aaad043 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476929 MB
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Canon MX510 series USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

Finished : << RKreport[0]_S_03282014_103421.txt >>
RKreport[0]_D_03282014_100913.txt;RKreport[0]_S_03272014_190319.txt;RKreport[0]_S_03282014_095239.txt
RKreport[0]_S_03282014_100703.txt

Link to post
Share on other sites

Looks much better now.

 

------------------------

Have you tried to run Malwarebytes?

 

--------------------------------

Please uninstall Search Results Toolbar from your add/remove programs if possible.

Then.............

Please download AdwCleaner from HERE or HERE to your desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Then.............

Please run a Quick Scan with Malwarebytes like this:
Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.
Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.
Make sure that everything is checked, and click Remove Selected.

Let me know....MrC

Link to post
Share on other sites

uninstalled Search Results Toolbar.

Ran AdwCleaner deleted all files it found

Log file:

# AdwCleaner v3.022 - Report created 28/03/2014 at 11:19:27

# Updated 13/03/2014 by Xplode

# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

# Username : Owner - HENRY-CA5171C61

# Running from : C:\Documents and Settings\Owner\Desktop\AdwCleaner.exe

# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia

Folder Deleted : C:\Program Files\Yontoo Layers Runtime

Folder Deleted : C:\Program Files\WhiteSmoke_New

Folder Deleted : C:\Program Files\Common Files\DVDVideoSoft\TB

Folder Deleted : C:\WINDOWS\system32\AI_RecycleBin

Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\apn

Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\iBryte

Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\WhiteSmoke_New

Folder Deleted : C:\Documents and Settings\Owner\Application Data\Ask.com

Folder Deleted : C:\Documents and Settings\Owner\Application Data\dvdvideosoftiehelpers

Folder Deleted : C:\Documents and Settings\Owner\Application Data\Yontoo

Folder Deleted : C:\Documents and Settings\Nick\Application Data\searchresults

Folder Deleted : C:\Documents and Settings\Henry\Application Data\AVG Secure Search

Folder Deleted : C:\Documents and Settings\Henry\Application Data\searchresults

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc

Key Deleted : HKLM\SOFTWARE\Classes\AxSHDocVw.AxWebBrowser

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6823F25B-4D75-38A1-A163-7C696B45701F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{739DF940-C5EE-4BAB-9D7E-270894AE687A}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKCU\Software\APN DTX

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\IGearSettings

Key Deleted : HKCU\Software\YahooPartnerToolbar

Key Deleted : HKCU\Software\WhiteSmoke_New

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\Trymedia Systems

Key Deleted : HKLM\Software\WhiteSmoke_New

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_New Toolbar

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PriceGong

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WhiteSmoke_New Toolbar

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v

-\\ Google Chrome v

[ File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [4696 octets] - [28/03/2014 11:13:35]

AdwCleaner[s0].txt - [4745 octets] - [28/03/2014 11:19:27]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4805 octets] ##########

Cannot run Malwarebytes

or microsoft security essentials. Still get the popup saying windows cannot start program due to software restriction policy

Link to post
Share on other sites

that looks wierd?

try again

cannot run malware bytes yet

 

results from adwcleaner:

 

# AdwCleaner v3.022 - Report created 28/03/2014 at 11:19:27
# Updated 13/03/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Owner - HENRY-CA5171C61
# Running from : C:\Documents and Settings\Owner\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : C:\Program Files\Yontoo Layers Runtime
Folder Deleted : C:\Program Files\WhiteSmoke_New
Folder Deleted : C:\Program Files\Common Files\DVDVideoSoft\TB
Folder Deleted : C:\WINDOWS\system32\AI_RecycleBin
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\apn
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\iBryte
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\WhiteSmoke_New
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Ask.com
Folder Deleted : C:\Documents and Settings\Owner\Application Data\dvdvideosoftiehelpers
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Yontoo
Folder Deleted : C:\Documents and Settings\Nick\Application Data\searchresults
Folder Deleted : C:\Documents and Settings\Henry\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Henry\Application Data\searchresults

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Classes\AxSHDocVw.AxWebBrowser
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6823F25B-4D75-38A1-A163-7C696B45701F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{739DF940-C5EE-4BAB-9D7E-270894AE687A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\APN DTX
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\WhiteSmoke_New
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Trymedia Systems
Key Deleted : HKLM\Software\WhiteSmoke_New
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_New Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PriceGong
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WhiteSmoke_New Toolbar
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v

-\\ Google Chrome v

[ File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [4696 octets] - [28/03/2014 11:13:35]
AdwCleaner[s0].txt - [4745 octets] - [28/03/2014 11:19:27]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4805 octets] ##########

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.