Jump to content

Vista SP2 Error 80070216 and SVCHost High CPU Usage


Recommended Posts

Hi,
 
I cant seem to get rid of what i suspect is malware on a customers Vista laptop. I've tried several removal tools but i am still unable to apply SP2 and also SVChost is hogging a lot of CPU and from what i can see it is related to Dcom/Plug and play. Below is a FRST log that i hope will help narrow down the problem. Thanks!
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-05-2014
Ran by janet (administrator) on JANET-PC on 23-05-2014 10:48:17
Running from C:\Users\janet\Desktop
Platform: Windows Vista Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Intel Corporation) C:\Windows\System32\GfxUI.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [202032 2008-08-01] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-02-18] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [brMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [622592 2007-02-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {66F68601-0E0C-42D4-82B7-190449980FA2} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
SearchScopes: HKLM - {66F68601-0E0C-42D4-82B7-190449980FA2} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
SearchScopes: HKCU - {8c9ef753-beb6-4582-b653-93ac59274437} URL = 
SearchScopes: HKCU - {cca2e567-1987-4100-a3c6-5b4267084510} URL = 
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKLM-x32 - No Name - {a0154e07-2b48-475c-a82a-80efd84ea33e} -  No File
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF Plugin-x32: @ei.RecipeHub_2j.com/Plugin - C:\Program Files (x86)\RecipeHub_2jEI\Installr\1.bin\NP2jEISB.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008-10-18]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
 
==================== Services (Whitelisted) =================
 
S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
S4 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
S4 Recovery Service for Windows; C:\Program Files (x86)\SMINST\BLService.exe [365904 2008-09-23] ()
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [241734 2008-06-29] ()
S4 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe [X]
S4 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\STacSV64.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
S1 Beep; No ImagePath
S3 libusb0; C:\Windows\SysWOW64\drivers\libusb0.sys [21504 2010-06-24] (http://libusb-win32.sourceforge.net)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SMSIVZAM5X64; C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\SMSIVZAM5X64.sys [43032 2009-03-20] (Smith Micro Inc.)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [27632 2008-09-26] (Cyberlink Corp.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-05-23 10:48 - 2014-05-23 10:50 - 00008249 _____ () C:\Users\janet\Desktop\FRST.txt
2014-05-23 10:43 - 2014-05-23 10:48 - 00000000 ____D () C:\FRST
2014-05-23 10:43 - 2014-05-23 10:42 - 02067456 _____ (Farbar) C:\Users\janet\Desktop\FRST64.exe
2014-05-23 10:32 - 2014-05-23 10:32 - 00000642 _____ () C:\Users\janet\Desktop\JRT.txt
2014-05-23 10:23 - 2014-05-20 12:24 - 01326389 _____ () C:\Users\janet\Desktop\AdwCleaner.exe
2014-05-23 10:23 - 2014-04-06 00:36 - 01016261 _____ (Thisisu) C:\Users\janet\Desktop\JRT_NEW.exe
2014-05-23 08:35 - 2014-05-23 10:38 - 00000658 _____ () C:\Windows\PFRO.log
2014-05-22 16:46 - 2014-05-22 16:46 - 00703388 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-05-22 15:50 - 2014-05-22 16:57 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2014-05-22 15:50 - 2014-05-22 15:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-05-22 15:50 - 2014-05-22 15:50 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-05-22 15:30 - 2014-05-23 10:50 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{7180427A-A6DD-4B79-8338-987C32BFF64B}
2014-05-22 15:30 - 2014-05-23 10:50 - 00000392 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{7180427A-A6DD-4B79-8338-987C32BFF64B}.job
2014-05-20 12:03 - 2014-05-20 12:03 - 00002996 _____ () C:\Windows\wsusofflineupdate.log
2014-05-20 11:41 - 2014-05-20 11:41 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-05-20 11:41 - 2014-05-20 11:41 - 00000770 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-20 11:41 - 2014-05-20 11:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-20 11:41 - 2014-05-20 11:41 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-20 11:09 - 2014-05-20 11:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2014-05-20 11:09 - 2014-05-20 11:09 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-05-20 10:57 - 2014-05-20 10:57 - 00000000 ____D () C:\Windows\ERUNT
2014-05-20 10:26 - 2014-05-20 10:26 - 00013013 _____ () C:\ComboFix.txt
2014-05-19 16:56 - 2014-05-19 16:56 - 00000000 ____D () C:\ProgramData\Sun
2014-05-19 16:55 - 2014-05-19 16:55 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-05-19 16:55 - 2014-05-19 16:55 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-05-19 16:55 - 2014-05-19 16:55 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-05-19 16:55 - 2014-05-19 16:55 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-05-19 16:55 - 2014-05-19 16:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-19 16:55 - 2014-05-19 16:55 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-19 15:57 - 2014-05-07 16:24 - 06331984 _____ (Auslogics Labs Pty Ltd ) C:\Users\janet\Desktop\registry-cleaner-setup.exe
2014-05-19 15:03 - 2014-05-20 11:44 - 00000000 ____D () C:\Users\janet\Desktop\Security
2014-05-19 14:50 - 2014-05-19 14:50 - 00000000 ____D () C:\Users\janet\AppData\Roaming\SUPERAntiSpyware.com
2014-05-19 14:49 - 2014-05-19 14:50 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-05-19 14:49 - 2014-05-19 14:49 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-05-19 14:49 - 2014-05-19 14:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-05-19 14:36 - 2014-05-23 10:37 - 00000000 ____D () C:\AdwCleaner
2014-05-19 14:00 - 2011-06-26 00:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-19 14:00 - 2010-11-07 11:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-19 14:00 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-19 14:00 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-19 14:00 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-19 14:00 - 2000-08-30 18:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-19 14:00 - 2000-08-30 18:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-19 14:00 - 2000-08-30 18:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-19 13:59 - 2014-05-20 10:26 - 00000000 ____D () C:\Qoobox
2014-05-19 13:42 - 2014-05-19 14:13 - 00000000 ____D () C:\Windows\erdnt
2014-05-19 13:38 - 2014-05-20 11:41 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-19 13:38 - 2014-05-20 09:17 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-19 13:09 - 2014-05-19 16:00 - 00000000 ____D () C:\ProgramData\Auslogics
2014-05-19 13:09 - 2014-05-19 15:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2014-05-19 13:09 - 2014-05-19 15:59 - 00000000 ____D () C:\Program Files (x86)\Auslogics
2014-05-17 12:32 - 2014-05-17 12:32 - 00003150 _____ () C:\Windows\System32\Tasks\{5052C532-9FCC-40B5-9E62-96AD6DC6E288}
2014-05-17 11:53 - 2014-05-21 10:11 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-17 11:52 - 2014-05-17 11:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-17 11:52 - 2014-05-17 11:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-17 11:52 - 2014-05-17 11:52 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-17 11:52 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-17 11:52 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-17 11:52 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
 
==================== One Month Modified Files and Folders =======
 
2014-05-23 10:53 - 2014-04-21 11:44 - 00037888 _____ () C:\Windows\system32\xyrz.vya
2014-05-23 10:50 - 2014-05-23 10:48 - 00008249 _____ () C:\Users\janet\Desktop\FRST.txt
2014-05-23 10:50 - 2014-05-22 15:30 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{7180427A-A6DD-4B79-8338-987C32BFF64B}
2014-05-23 10:50 - 2014-05-22 15:30 - 00000392 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{7180427A-A6DD-4B79-8338-987C32BFF64B}.job
2014-05-23 10:48 - 2014-05-23 10:43 - 00000000 ____D () C:\FRST
2014-05-23 10:47 - 2009-10-30 15:51 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-05-23 10:47 - 2006-11-02 09:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-23 10:47 - 2006-11-02 09:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-23 10:47 - 2006-11-02 09:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-23 10:47 - 2006-11-02 09:07 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-05-23 10:46 - 2009-03-31 02:09 - 02041984 _____ () C:\Windows\WindowsUpdate.log
2014-05-23 10:46 - 2006-11-02 09:42 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-23 10:44 - 2014-04-20 19:06 - 00000103 _____ () C:\Windows\system32\ktkt.qlc
2014-05-23 10:42 - 2014-05-23 10:43 - 02067456 _____ (Farbar) C:\Users\janet\Desktop\FRST64.exe
2014-05-23 10:42 - 2009-05-03 19:13 - 00075848 _____ () C:\Users\janet\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-23 10:38 - 2014-05-23 08:35 - 00000658 _____ () C:\Windows\PFRO.log
2014-05-23 10:37 - 2014-05-19 14:36 - 00000000 ____D () C:\AdwCleaner
2014-05-23 10:32 - 2014-05-23 10:32 - 00000642 _____ () C:\Users\janet\Desktop\JRT.txt
2014-05-23 10:07 - 2013-08-18 03:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-23 10:07 - 2008-10-18 17:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-05-23 09:59 - 2014-04-21 12:29 - 00000082 _____ () C:\Windows\system32\isfso.iuz
2014-05-23 09:18 - 2011-08-31 15:16 - 04846880 _____ (Sysinternals - www.sysinternals.com) C:\Users\janet\Desktop\procexp.exe
2014-05-23 08:42 - 2006-11-02 07:34 - 00000000 ____D () C:\Windows\tracing
2014-05-23 08:41 - 2006-11-02 06:46 - 00703388 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-23 08:35 - 2006-11-02 09:21 - 00309240 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-22 16:57 - 2014-05-22 15:50 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2014-05-22 16:53 - 2006-11-02 06:34 - 00000180 _____ () C:\Windows\win.ini
2014-05-22 16:46 - 2014-05-22 16:46 - 00703388 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-05-22 15:50 - 2014-05-22 15:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-05-22 15:50 - 2014-05-22 15:50 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-05-22 15:31 - 2011-03-23 15:57 - 00000000 ____D () C:\Users\janet\AppData\Roaming\HpUpdate
2014-05-21 10:11 - 2014-05-17 11:53 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-20 13:38 - 2008-10-18 17:59 - 00003578 _____ () C:\Windows\System32\Tasks\HP Health Check
2014-05-20 12:24 - 2014-05-23 10:23 - 01326389 _____ () C:\Users\janet\Desktop\AdwCleaner.exe
2014-05-20 12:03 - 2014-05-20 12:03 - 00002996 _____ () C:\Windows\wsusofflineupdate.log
2014-05-20 11:44 - 2014-05-19 15:03 - 00000000 ____D () C:\Users\janet\Desktop\Security
2014-05-20 11:41 - 2014-05-20 11:41 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-05-20 11:41 - 2014-05-20 11:41 - 00000770 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-20 11:41 - 2014-05-20 11:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-20 11:41 - 2014-05-20 11:41 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-20 11:41 - 2014-05-19 13:38 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-20 11:41 - 2012-02-22 16:29 - 00000000 ____D () C:\Users\janet\AppData\Local\CrashDumps
2014-05-20 11:09 - 2014-05-20 11:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2014-05-20 11:09 - 2014-05-20 11:09 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-05-20 10:57 - 2014-05-20 10:57 - 00000000 ____D () C:\Windows\ERUNT
2014-05-20 10:26 - 2014-05-20 10:26 - 00013013 _____ () C:\ComboFix.txt
2014-05-20 10:26 - 2014-05-19 13:59 - 00000000 ____D () C:\Qoobox
2014-05-20 10:20 - 2006-11-02 06:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-20 10:20 - 2006-11-02 06:34 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts_bak_352
2014-05-20 09:17 - 2014-05-19 13:38 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-19 16:56 - 2014-05-19 16:56 - 00000000 ____D () C:\ProgramData\Sun
2014-05-19 16:55 - 2014-05-19 16:55 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-05-19 16:55 - 2014-05-19 16:55 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-05-19 16:55 - 2014-05-19 16:55 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-05-19 16:55 - 2014-05-19 16:55 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-05-19 16:55 - 2014-05-19 16:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-19 16:55 - 2014-05-19 16:55 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-19 16:31 - 2008-10-18 16:43 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-19 16:30 - 2008-10-18 17:36 - 00000000 ____D () C:\ProgramData\CyberLink
2014-05-19 16:00 - 2014-05-19 13:09 - 00000000 ____D () C:\ProgramData\Auslogics
2014-05-19 15:59 - 2014-05-19 13:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2014-05-19 15:59 - 2014-05-19 13:09 - 00000000 ____D () C:\Program Files (x86)\Auslogics
2014-05-19 14:50 - 2014-05-19 14:50 - 00000000 ____D () C:\Users\janet\AppData\Roaming\SUPERAntiSpyware.com
2014-05-19 14:50 - 2014-05-19 14:49 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-05-19 14:49 - 2014-05-19 14:49 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-05-19 14:49 - 2014-05-19 14:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-05-19 14:48 - 2011-01-11 14:12 - 00003964 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{194658AD-F064-4F02-8E56-399291138B21}
2014-05-19 14:17 - 2006-11-02 07:33 - 00000000 __RHD () C:\Users\Default
2014-05-19 14:13 - 2014-05-19 13:42 - 00000000 ____D () C:\Windows\erdnt
2014-05-19 14:12 - 2009-05-03 18:58 - 00000000 ____D () C:\Users\janet
2014-05-19 13:32 - 2014-04-20 19:07 - 00000000 ____D () C:\Windows\Minidump
2014-05-19 13:32 - 2008-10-18 16:48 - 00000000 ____D () C:\Windows\panther
2014-05-19 13:12 - 2008-10-18 17:30 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-17 12:32 - 2014-05-17 12:32 - 00003150 _____ () C:\Windows\System32\Tasks\{5052C532-9FCC-40B5-9E62-96AD6DC6E288}
2014-05-17 12:30 - 2008-10-18 17:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My HP Games
2014-05-17 12:30 - 2008-10-18 17:00 - 00000000 ____D () C:\ProgramData\WildTangent
2014-05-17 12:30 - 2008-10-18 17:00 - 00000000 ____D () C:\Program Files (x86)\HP Games
2014-05-17 12:30 - 2006-11-02 09:07 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-05-17 12:27 - 2008-10-18 17:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-05-17 12:20 - 2006-11-02 09:07 - 00000000 ____D () C:\Windows\DigitalLocker
2014-05-17 12:16 - 2014-03-18 11:49 - 00000000 ____D () C:\ProgramData\LuckyShoupper
2014-05-17 11:52 - 2014-05-17 11:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-17 11:52 - 2014-05-17 11:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-17 11:52 - 2014-05-17 11:52 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-08 08:41 - 2011-10-06 09:51 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-05-07 16:24 - 2014-05-19 15:57 - 06331984 _____ (Auslogics Labs Pty Ltd ) C:\Users\janet\Desktop\registry-cleaner-setup.exe
2014-05-04 17:12 - 2006-11-02 06:35 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
 
Some content of TEMP:
====================
C:\Users\janet\AppData\Local\temp\HPQSi.exe
C:\Users\janet\AppData\Local\temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-05-03 21:33] - [2009-03-02 22:57] - 0722432 ____A (Microsoft Corporation) 954427E5BAFFDDD5BB5A4DD9EED78D83
 
 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-05-23 10:53
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-05-2014
Ran by janet at 2014-05-23 10:54:23
Running from C:\Users\janet\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (x32 Version: 1.0 - Microsoft Corporation) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.0.8.4990 - Adobe Systems Inc.) Hidden
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.1.53.64 - Adobe Systems Incorporated)
Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - Agere Systems)
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.5.4.0 - Auslogics Labs Pty Ltd)
Auslogics Registry Cleaner (HKLM-x32\...\{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1) (Version: 3.5.4.0 - Auslogics Labs Pty Ltd)
Begin Converter (HKLM-x32\...\Begin Converter) (Version: 1.0 - Begin Converter)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 5.10.38.14 - Broadcom Corporation)
Brother MFL-Pro Suite (HKLM-x32\...\{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}) (Version: 1.00 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2126 - CyberLink Corp.)
CyberLink DVD Suite (x32 Version: 6.0.2126 - CyberLink Corp.) Hidden
ESU for Microsoft Vista (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Hewlett-Packard Active Check for Health Check (x32 Version: 1.1.15.2 - Hewlett-Packard) Hidden
Hewlett-Packard Asset Agent for Health Check (x32 Version: 2.0.64.0 - HP) Hidden
HP Active Support Library (x32 Version: 3.1.6.1 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (HKLM-x32\...\{57A5AEC1-97FC-474D-92C4-908FCC2253D4}) (Version: 5.7.0.2664 - Hewlett-Packard)
HP Deskjet 1000 J110 series Basic Device Software (HKLM\...\{883B114D-BD3E-498F-9DAD-5E4A8E1C43BA}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Deskjet 1000 J110 series Help (HKLM-x32\...\{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}) (Version: 140.0.65.65 - Hewlett Packard)
HP Deskjet 1000 J110 series Product Improvement Study (HKLM\...\{1A570BFA-D775-47EE-8071-06E9559C14F5}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Doc Viewer (HKLM-x32\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.03.0001 - Hewlett-Packard)
HP Help and Support (HKLM-x32\...\{0054A0F6-00C9-4498-B821-B5C9578F433E}) (Version: 2.1.0.0 - Hewlett-Packard Company)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 2.0.2126 - Hewlett-Packard)
HP MediaSmart DVD (x32 Version: 2.0.2126 - Hewlett-Packard) Hidden
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 2.0.2125 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (x32 Version: 2.0.2125 - Hewlett-Packard) Hidden
HP MediaSmart SmartMenu (HKLM\...\{D2F7994F-661E-46D1-A1DF-67F2887AAA7E}) (Version: 2.0.8 - Hewlett-Packard)
HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.0926 - Hewlett-Packard)
HP MediaSmart Webcam (x32 Version: 2.0.0926 - Hewlett-Packard) Hidden
HP MULTIPLE MODEM INSTALLER for VISTA (HKLM-x32\...\{45A136EC-88BF-4B95-99F5-C45D3930E1CC}) (Version: 1.0.0.30 - Hewlett Packard)
HP Quick Launch Buttons 6.40 H2 (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.40 H2 - Hewlett-Packard)
HP Smart Web Printing (HKLM-x32\...\HP Smart Web Printing) (Version: 110.0.19061 - Hewlett-Packard)
HP Smart Web Printing (x32 Version: 110.0.19061 - Hewlett-Packard) Hidden
HP Total Care Advisor (HKLM-x32\...\{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}) (Version: 2.4.4941.2798 - Hewlett-Packard)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HP User Guides 0128 (HKLM-x32\...\{07A5026D-5F9F-43D1-9073-C2F882D417E7}) (Version: 1.00.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM-x32\...\{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}) (Version: 3.00 K2 - Hewlett-Packard)
HPTCSSetup (HKLM-x32\...\{30D3B7BC-5798-45D9-822D-05CA18F39E99}) (Version: 1.1.1955.2793 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6087.0 - IDT)
InstallConverter (HKLM-x32\...\InstallConverter) (Version: 1.0 - InstallConverter)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Juno Preloader (HKLM-x32\...\{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}) (Version: 1.0.0 - Juno, Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.0919 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.0919 - CyberLink Corp.) Hidden
LightScribe System Software  1.14.17.1 (HKLM-x32\...\{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}) (Version: 1.14.17.1 - LightScribe)
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Live Search Toolbar (HKLM-x32\...\{6A370610-3778-44AF-9AAC-69B2FD1A3356}) (Version: 3.0.541.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
muvee Reveal (HKLM-x32\...\{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}) (Version: 7.0.35.6951 - muvee Technologies Pte Ltd)
My HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.62 - WildTangent)
NetZero Preloader (HKLM-x32\...\{352310C3-E46B-42D3-8F32-54721FDD72D9}) (Version: 1.0.0 - NetZero, Inc.)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2119 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.2119 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2119 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.2119 - CyberLink Corp.) Hidden
ProtectSmart Hard Drive Protection (HKLM\...\{2F97CE84-9C33-4631-821B-85EA371EA254}) (Version: 3.10.1.7 - Hewlett-Packard)
QuickTime (HKLM-x32\...\QuickTime) (Version:  - )
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 3.0.1.3 - Realtek Semiconductor Corp.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.7.1 - Tweaking.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Verizon Mobile Broadband Drivers (HKLM-x32\...\{F19553C5-F843-4C27-BF9F-9DE4D901B895}) (Version: 3.02.002.002 - Novatel Wireless)
Verizon Wireless USB760 Firmware Updates (HKLM-x32\...\{CAC2CF93-B532-4A88-81FE-110750C3E4BA}) (Version: 1.0.5 - Smith Micro Software, Inc.)
VZAccess Manager (HKLM-x32\...\{7641FD7D-E94E-424E-A95C-0593C84DC0C0}) (Version: 7.0.1.8 - Smith Micro Software Inc.)
Windows Driver Package - ENE (enecir) HIDClass  (09/04/2008 2.6.0.0) (HKLM\...\07B260955637F1FF7587ED2AA87459040DD09BF7) (Version: 09/04/2008 2.6.0.0 - ENE)
 
==================== Restore Points  =========================
 
20-05-2014 18:06:37 Windows Vista™ Service Pack 2
22-05-2014 21:28:03 Windows Update
22-05-2014 21:33:29 Windows Update
23-05-2014 15:59:27 Windows Update
23-05-2014 16:04:38 Windows Update
23-05-2014 16:13:09 Windows Update
 
==================== Hosts content: ==========================
 
2006-11-02 06:34 - 2014-05-22 16:53 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {142308B2-A040-4209-AA17-E69DD14FCEFA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {32EDCA70-CA72-4CE7-AE4A-B285323C6EBB} - System32\Tasks\HP Health Check => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-16] (Hewlett-Packard)
Task: {40E3ADE3-BA49-45AE-BCB2-25ED635376BC} - System32\Tasks\HPCeeScheduleForjanet => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2008-05-19] (Hewlett-Packard)
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {97EF303C-56DA-4044-A458-AB9A11BCA23C} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe
Task: {9D060033-42E5-490A-BE3F-69EE52533ED0} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-20] (Microsoft Corporation)
Task: {BBA15E32-A238-4F3E-85A0-2706884F2F6B} - System32\Tasks\HPCustParticipation HP Deskjet 1000 J110 series => C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {CC4D0BD9-4656-4A6F-A9C2-F490C15A4978} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe
Task: {D1FD78A1-A5D0-4E2C-89DF-111E1E55F303} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: C:\Windows\Tasks\HPCeeScheduleForjanet.job => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{7180427A-A6DD-4B79-8338-987C32BFF64B}.job => C:\Windows\system32\msfeedssync.exe
 
==================== Loaded Modules (whitelisted) =============
 
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
 
==================== Disabled items from MSCONFIG ==============
 
MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: AESTFilters => 2
MSCONFIG\Services: AgereModemAudio => 2
MSCONFIG\Services: Com4QLBEx => 3
MSCONFIG\Services: HP Health Check Service => 2
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: hpsrv => 2
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: LightScribeService => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: Recovery Service for Windows => 2
MSCONFIG\Services: RichVideo => 2
MSCONFIG\Services: STacSV => 2
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: CLMLServer for HP TouchSmart => "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
MSCONFIG\startupreg: ControlCenter3 => "C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe" /autorun
MSCONFIG\startupreg: DVDAgent => "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: HP Health Check Scheduler => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
MSCONFIG\startupreg: hpWirelessAssistant => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: SmartMenu => %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
MSCONFIG\startupreg: SysTrayApp => %ProgramFiles%\IDT\WDM\sttray64.exe
MSCONFIG\startupreg: TSMAgent => "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/23/2014 10:35:27 AM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
 
System errors:
=============
Error: (05/23/2014 10:47:48 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Beep
 
Error: (05/23/2014 10:47:34 AM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos
 
Error: (05/23/2014 10:38:59 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Beep
 
Error: (05/23/2014 10:38:59 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068
 
Error: (05/23/2014 10:38:59 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Function Discovery Resource Publication%%2147500036
 
Error: (05/23/2014 10:38:58 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Network Location AwarenessNetwork Store Interface Service%%1068
 
Error: (05/23/2014 10:38:58 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: IP HelperNetwork Store Interface Service%%1068
 
Error: (05/23/2014 10:38:58 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Computer BrowserWorkstation%%1068
 
Error: (05/23/2014 10:38:58 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: WorkstationNetwork Store Interface Service%%1068
 
Error: (05/23/2014 10:38:58 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: DHCP ClientNetwork Store Interface Service%%1068
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2014-05-23 10:54:04.716
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-23 10:54:04.591
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-23 10:54:04.466
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-23 10:54:04.357
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-23 10:54:02.734
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-23 10:54:02.485
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-23 10:54:02.220
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-23 10:54:02.064
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-23 10:50:44.458
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-23 10:50:44.240
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 39%
Total physical RAM: 3998.27 MB
Available physical RAM: 2405.76 MB
Total Pagefile: 8173.81 MB
Available Pagefile: 6483.27 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:285.62 GB) (Free:234.66 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:12.47 GB) (Free:1.94 GB) NTFS ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 7784295B)
Partition 1: (Active) - (Size=286 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=12 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

 

Link to post
Share on other sites

Hello! Welcome to Malwarebytes Forums! welcome.gif
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

Registry Editor / Cleaner Warning !!


The following is referring to Auslogics Registry Cleaner and CCleaner
Please be aware that bleepingcomputer staff do not recommend the usage of registry cleaners / tools due to the following facts:

  • Registry tools can cause irreparable damage to your Operating System
  • Registry tools can, as a result of the above, render your pc to be inoperable.
This is done, assuming that the major audience here at this board might be inexperienced users and thus a suggested safeguard from our side.
If you feel you have the need for a registry cleaner, then you are just as welcome to keep it. This is what we refer to an "optional fix" and is up to the user, so just take this as a recommendation from my side.


For more information about why you should avoid using a such programs please take a look here => Registry Cleaners and System Tweaking Tools
 
 
  • Please re-run FRST again and type the following in the edit box after Search: rpcss.dll
  • Click the Search button
  • It will make a log (Search.txt)- please post the log into your reply to me.

 

 

Regards,
Georgi

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.