TechSpot

Cannot remove malware

Inactive
By h.tony
Jul 9, 2014
  1. Hi there! I recently bought a used PC, great but infected with malware. Task manager and Registry Tool are disabled and I cannot remove it through malwarebytes. Also I cannot seem to download certain .exe files (stuck at 99%, is this a virus causing this problem?).
    [​IMG]
    Thanks!


    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 7/9/2014
    Scan Time: 10:50:43 AM
    Logfile: vrsusususus.txt
    Administrator: Yes

    Version: 2.00.2.1012
    Malware Database: v2014.07.09.05
    Rootkit Database: v2014.07.07.01
    License: Premium
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows XP Service Pack 3
    CPU: x86
    File System: NTFS
    User: New

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 304569
    Time Elapsed: 20 min, 2 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 7
    PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify, 1, Good: (0), Bad: (1),Replaced,[a0d9f5a8245747ef40966e25b1535da3]
    PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FirewallDisableNotify, 1, Good: (0), Bad: (1),Replaced,[0c6d0895106bf5410bcc4b482ed602fe]
    PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify, 1, Good: (0), Bad: (1),Replaced,[95e41e7fa3d82f0702d6f0a3c53fd42c]
    PUM.Hijack.TaskManager, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableTaskMgr, 1, Good: (0), Bad: (1),Replaced,[0c6dbedf0576fc3a467e2c69dd27718f]
    PUM.Hijack.Regedit, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableRegistryTools, 1, Good: (0), Bad: (1),Replaced,[39408b12b6c593a3afb37321ae56da26]
    PUM.Hijack.TaskManager, HKU\S-1-5-21-1614895754-562591055-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableTaskMgr, 1, Good: (0), Bad: (1),Replaced,[ceabefaee794f145bf050e873bc96799]
    PUM.Hijack.Regedit, HKU\S-1-5-21-1614895754-562591055-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableRegistryTools, 1, Good: (0), Bad: (1),Replaced,[ff7afaa31764ca6ccd95eaaa4eb60cf4]

    Folders: 0
    (No malicious items detected)

    Files: 2

    PUP.Optional.Superfish.A, C:\Documents and Settings\New\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Quarantined, [0a6fdebf9cdf77bf2180982c80822cd4],
    PUP.Optional.Superfish.A, C:\Documents and Settings\New\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, Quarantined, [86f3c4d9374437ffccd5576d59a9b24e],

    Physical Sectors: 0
    (No malicious items detected)


    (end)



    DDS
    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702
    Run by New at 11:22:13 on 2014-07-09
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.1477 [GMT -4:00]
    .
    .
    ============== Running Processes ================
    .
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
    C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
    C:\DOCUME~1\New\LOCALS~1\Temp\tralwp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\New\Desktop\ACDSEE32.EXE
    C:\Documents and Settings\New\Application Data\Copy\CopyAgent.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Documents and Settings\New\Application Data\Dropbox\bin\Dropbox.exe
    c:\windows\system32\notepad.exe
    C:\Documents and Settings\New\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    mStart Page = about:blank
    BHO: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - <orphaned>
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - <orphaned>
    BHO: QUICKfind BHO Object: {C08DF07A-3E49-4E25-9AB0-D3882835F153} - c:\program files\idm\quickfind\plugins\IEHelp.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [iFunBox Price Watch] c:\program files\ifunbox 2014\iFunBox2014.exe /tray
    mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
    StartupFolder: c:\docume~1\new\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\new\application data\dropbox\bin\Dropbox.exe
    StartupFolder: c:\docume~1\new\startm~1\programs\startup\start.lnk - c:\documents and settings\new\9p2garka7ur3\69890.vbs
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
    uPolicies-System: enableTaskMgr = dword:0
    uPolicies-System: DisableTaskMgr = dword:1
    uPolicies-System: DisableRegistryTools = dword:1
    mPolicies-System: EnableLUA = dword:0
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "c:\program files\fiddler2\new folder\fiddler2\Fiddler.exe"
    IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1366834660562
    DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{E0DFBF29-2697-4799-A458-5D934AC31B0D} : DHCPNameServer = 192.168.1.1
    Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
    Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - c:\windows\wc98pp.dll
    Handler: tmbp - <Clsid value has no data>
    Handler: tmpx - <Clsid value has no data>
    Notify: igfxcui - igfxdev.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-7-7 1809720]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-7-7 860472]
    R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-25 35088]
    R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\igfll.sys --> c:\windows\system32\drivers\igfll.sys [?]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-7-7 23256]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-7-7 110296]
    S0 cerc6;cerc6; [x]
    S0 erdnrxx;erdnrxx;c:\windows\system32\drivers\mfpiix.sys --> c:\windows\system32\drivers\mfpiix.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 EagleXNt;EagleXNt; [x]
    S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 619496]
    S3 vwwredzk;vwwredzk;vwwredzk.sys --> vwwredzk.sys [?]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-12 14336]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S3 xofhsekc;xofhsekc; [x]
    S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S4 PdiService;Portrait Displays SDK Service; [x]
    .
    =============== File Associations ===============
    .
    FileExt: .scr: scrfile="%1" %*
    FileExt: .txt: Applications\firefox.exe - HKCR\Unknown\Shell=c:\windows\system32\rundll32.exe c:\windows\system32\shell32.dll,OpenAs_RunDLL %1 [UserChoice] [default=openas]
    .
    =============== Created Last 30 ================
    .
    2014-07-09 14:52:00 -------- d-----w- c:\program files\Kap.ACTc
    2014-07-08 18:59:39 -------- d-----w- c:\program files\iFunbox 2014
    2014-07-08 17:57:51 -------- d-----w- c:\documents and settings\new\local settings\application data\UWebKit151
    2014-07-08 17:57:34 -------- d-----w- c:\documents and settings\all users\application data\boost_interprocess
    2014-07-07 17:17:42 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-07-07 17:17:22 53208 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-07-07 17:17:22 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-07-07 17:17:22 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
    2014-07-06 19:48:06 1409 ----a-w- c:\windows\system32\tmp546EC.FOT
    2014-07-06 19:48:06 1409 ----a-w- c:\windows\system32\tmp536EC.FOT
    2014-07-06 19:48:06 1409 ----a-w- c:\windows\system32\tmp476EC.FOT
    2014-07-06 19:48:06 1409 ----a-w- c:\windows\system32\tmp466EC.FOT
    2014-07-01 20:31:38 -------- d-sh--r- c:\documents and settings\new\9p2garka7ur3
    .
    ==================== Find3M ====================
    .
    .
    ============= FINISH: 11:22:52.84 ===============
     
    Last edited: Jul 9, 2014
  2. h.tony

    h.tony TS Rookie Topic Starter Posts: 21

    ATTACH

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 8/3/2012 9:03:29 PM
    System Uptime: 7/8/2014 2:42:17 PM (21 hours ago)
    .
    Motherboard: Dell Inc. | | 0RF703
    Processor: Intel(R) Pentium(R) D CPU 3.40GHz | Microprocessor | 3391/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 149 GiB total, 66.254 GiB free.
    D: is CDROM (CDFS)
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP939: 6/20/2014 4:57:18 PM - System Checkpoint
    RP940: 6/21/2014 4:23:42 PM - Removed Aerochive
    RP941: 6/22/2014 10:55:46 PM - System Checkpoint
    RP942: 6/23/2014 11:31:16 PM - System Checkpoint
    RP943: 6/24/2014 11:59:33 PM - System Checkpoint
    RP944: 6/26/2014 12:00:25 AM - System Checkpoint
    RP945: 6/27/2014 12:21:02 AM - System Checkpoint
    RP946: 6/28/2014 12:47:03 AM - System Checkpoint
    RP947: 6/29/2014 1:44:04 AM - System Checkpoint
    RP948: 6/30/2014 2:05:04 AM - System Checkpoint
    RP949: 7/1/2014 3:13:11 AM - System Checkpoint
    RP950: 7/2/2014 3:18:41 AM - System Checkpoint
    RP951: 7/3/2014 3:36:07 AM - System Checkpoint
    RP952: 7/4/2014 3:57:08 AM - System Checkpoint
    RP953: 7/5/2014 4:22:39 AM - System Checkpoint
    RP954: 7/6/2014 4:58:39 AM - System Checkpoint
    RP955: 7/7/2014 5:10:40 AM - System Checkpoint
    RP956: 7/8/2014 6:22:41 AM - System Checkpoint
    RP957: 7/9/2014 6:58:28 AM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    ???????
    µTorrent
    7-Zip 9.29 alpha
    A+ French
    Acer eDisplay Management
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 12 Plugin
    Adobe Photoshop CS6
    Adobe Reader X (10.1.7)
    Adobe Shockwave Player 11.6
    Akamai NetSession Interface
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Audacity 2.0.2
    avast! Free Antivirus
    Avira
    Bonjour
    Broadcom Gigabit Integrated Controller
    Cambridge Advanced Learner's Dictionary - 3rd Edition
    Charles
    Charles 3.8.3
    Cisco WebEx Meetings
    Copy
    CopyTrans Suite Remove Only
    CyberLink AudioDirector 3
    CyberLink PowerDirector 11
    CyberLink PowerDVD 8
    Defcon v1.6
    Dropbox
    FFmpeg v0.6.2 for Audacity
    Fiddler
    Foxit Reader
    GIMP 2.8.4
    Google Chrome
    Google Earth
    Google Talk Plugin
    Google Update Helper
    Handy Recovery 5.5
    Higher Score on the ACT
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Windows Media Format SDK (KB902344)
    Hotfix for Windows XP (KB2779562)
    Hotfix for Windows XP (KB942288-v3)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB981793)
    HP Deskjet 6500
    HP Software Update
    HxD Hex Editor version 1.7.7.0
    iFunBox 2014 (v3.1.562.425), iFunbox DevTeam
    Intel(R) Graphics Media Accelerator Driver
    iPhoneBrowser
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 33
    LAME v3.99.3 (for Windows)
    Magic Set Editor 2.0.0
    Malwarebytes Anti-Malware version 2.0.2.1012
    MathExam
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Office Excel 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office OneNote 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Edition 2003
    Microsoft Office Project MUI (English) 2007
    Microsoft Office Project Professional 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Visio MUI (English) 2007
    Microsoft Office Visio Professional 2007
    Microsoft Office Word 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
    Microsoft Software Update for Web Folders (English) 12
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft_VC80_CRT_x86
    Microsoft_VC90_CRT_x86
    Mozilla Firefox 21.0 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6 Service Pack 2 (KB973686)
    OpenOffice.org 3.1
    Paint.NET v3.5.10
    Pando Media Booster
    PDF Settings CS6
    Pinnacle Video Driver
    Pivot Pro Plugin
    PPLite 1.0.0.107
    QQ??8.4
    QUICKfind server v1.1
    QuickTime
    SDK
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2761465)
    Security Update for Windows Internet Explorer 8 (KB2792100)
    Security Update for Windows Internet Explorer 8 (KB2797052)
    Security Update for Windows Internet Explorer 8 (KB2799329)
    Security Update for Windows Internet Explorer 8 (KB2809289)
    Security Update for Windows Internet Explorer 8 (KB2817183)
    Security Update for Windows Internet Explorer 8 (KB2829530)
    Security Update for Windows Internet Explorer 8 (KB2838727)
    Security Update for Windows Internet Explorer 8 (KB2846071)
    Security Update for Windows Internet Explorer 8 (KB2847204)
    Security Update for Windows Internet Explorer 8 (KB2862772)
    Security Update for Windows Internet Explorer 8 (KB2870699)
    Security Update for Windows Internet Explorer 8 (KB2879017)
    Security Update for Windows Internet Explorer 8 (KB2888505)
    Security Update for Windows Internet Explorer 8 (KB2898785)
    Security Update for Windows Internet Explorer 8 (KB2909210)
    Security Update for Windows Internet Explorer 8 (KB2925418)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB2834903-v2)
    Security Update for Windows Media Player (KB2834903)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2705219-v2)
    Security Update for Windows XP (KB2712808)
    Security Update for Windows XP (KB2719985)
    Security Update for Windows XP (KB2723135-v2)
    Security Update for Windows XP (KB2724197)
    Security Update for Windows XP (KB2727528)
    Security Update for Windows XP (KB2753842-v2)
    Security Update for Windows XP (KB2757638)
    Security Update for Windows XP (KB2758857)
    Security Update for Windows XP (KB2770660)
    Security Update for Windows XP (KB2778344)
    Security Update for Windows XP (KB2779030)
    Security Update for Windows XP (KB2780091)
    Security Update for Windows XP (KB2799494)
    Security Update for Windows XP (KB2802968)
    Security Update for Windows XP (KB2807986)
    Security Update for Windows XP (KB2808735)
    Security Update for Windows XP (KB2813170)
    Security Update for Windows XP (KB2813345)
    Security Update for Windows XP (KB2820197)
    Security Update for Windows XP (KB2820917)
    Security Update for Windows XP (KB2829361)
    Security Update for Windows XP (KB2834886)
    Security Update for Windows XP (KB2839229)
    Security Update for Windows XP (KB2845187)
    Security Update for Windows XP (KB2847311)
    Security Update for Windows XP (KB2849470)
    Security Update for Windows XP (KB2850851)
    Security Update for Windows XP (KB2850869)
    Security Update for Windows XP (KB2859537)
    Security Update for Windows XP (KB2862152)
    Security Update for Windows XP (KB2862330)
    Security Update for Windows XP (KB2862335)
    Security Update for Windows XP (KB2864063)
    Security Update for Windows XP (KB2868038)
    Security Update for Windows XP (KB2868626)
    Security Update for Windows XP (KB2876217)
    Security Update for Windows XP (KB2876315)
    Security Update for Windows XP (KB2876331)
    Security Update for Windows XP (KB2883150)
    Security Update for Windows XP (KB2892075)
    Security Update for Windows XP (KB2893294)
    Security Update for Windows XP (KB2893984)
    Security Update for Windows XP (KB2898715)
    Security Update for Windows XP (KB2900986)
    Security Update for Windows XP (KB2914368)
    Security Update for Windows XP (KB2916036)
    Security Update for Windows XP (KB2929961)
    Security Update for Windows XP (KB2930275)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982665)
    Sketchpad
    Skype™ 4.0
    Sothink SWF Catcher
    Sothink SWF Decompiler
    Sothink SWF Editor
    SoundMAX
    Steam
    StudioTax 2011
    StudioTax 2012
    swMSM
    System Requirements Lab CYRI
    TeamSpeak 3 Client
    Unity Web Player
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB2598845)
    Update for Windows Internet Explorer 8 (KB2632503)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2492386)
    Update for Windows XP (KB2661254-v2)
    Update for Windows XP (KB2736233)
    Update for Windows XP (KB2749655)
    Update for Windows XP (KB2808679)
    Update for Windows XP (KB2863058)
    Update for Windows XP (KB2904266)
    Update for Windows XP (KB2934207)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VideoLAN VLC media player 0.8.5
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Management Framework Core
    Windows Media Format Runtime
    Windows Media Format SDK Hotfix - KB891122
    Windows XP Service Pack 3
    WinPcap 4.1.2
    WinRAR archiver
    WinZip
    XBMC
    Yogda 1.0
    .
    ==== Event Viewer Messages From Past Week ========
    .
    7/8/2014 2:23:06 PM, error: Service Control Manager [7022] - The Windows Image Acquisition (WIA) service hung on starting.
    .
    ==== End Of File ===========================
     
  3. h.tony

    h.tony TS Rookie Topic Starter Posts: 21

    Problems - Super slow start up boot, unable to boot PC in safe mode (error, then restarts in normal mode), Unable to use task manager, registry edit is also disabled, and downloads usually are stuck at 99%.
     
  4. Superdave1941

    Superdave1941 Malware Helper Posts: 152

    Hello and welcome to TechSpot.com My name is Dave. I will be helping you out with your particular problem on your computer.
    1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
    2. The fixes are specific to your problem and should only be used for this issue on this machine.
    3. If you don't know or understand something, please don't hesitate to ask.
    4. Please DO NOT run any other tools or scans while I am helping you.
    5. It is important that you reply to this thread. Do not start a new topic.
    6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    7. Absence of symptoms does not mean that everything is clear.
    If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
    *************************************************************************
    P2P - I see you have P2P software installed on your machine. (µTorrent) We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.
    Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
    I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
    ***************************************
    StartupLite
    Download StartupLite by MalwareBytes to your Desktop.
    Doubleclick StartupLite.exe to launch the program.
    Ensure the Disable box is checked.
    Click Continue.
    A pop up message will tell you the unecessary startup items in your list have been disabled and ask you to restart your computer.
    Re-start your computer.
    **************************************
    Update Your Java (JRE)
    Old versions of Java have vulnerabilities that malware can use to infect your system.

    First Verify your Java Version
    If there are any other version(s) installed then update now.
    Get the new version (if needed)
    If your version is out of date install the newest version of the Sun Java Runtime Environment.
    Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
    Be sure to close ALL open web browsers before starting the installation.
    Remove any old versions
    1. Download JavaRa and unzip the file to your Desktop.
    2. Open JavaRA.exe and choose Remove Older Versions
    3. Once complete exit JavaRA.
    Additional Note:
    The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
    *********************************************
    Please download AdwCleaner by Xplode onto your Desktop.
    Before starting AdwCleaner, close all open programs and internet browsers, then double-click on the AdwCleaner icon.
    [​IMG]
    If Windows prompts you as to whether or not you wish to run AdwCleaner, please allow it to run.
    When the AdwCleaner program will open, click on the Scan button as shown below.
    [​IMG]
    AdwCleaner will now start to search for malicious files that may be installed on your computer.
    To remove the files that were detected in the previous step, please click on the Clean button.
    [​IMG]
    AdwCleaner will now prompt you to save any open files or data as the program will need to reboot the computer. Please do so and then click on the OK button. AdwCleaner will now delete all detected adware from your computer. When it is done it will display an alert that explains what PUPs (Potentially Unwanted Programs) and Adware are. Please read through this information and then press the OK button. You will now be presented with an alert that states AdwCleaner needs to reboot your computer.
    Please click on the OK button to allow AdwCleaner reboot your computer.A log will be produced. Please copy and paste this log in your next reply.
    *********************************************
    [​IMG] Please download Malwarebytes Anti-Malware from here.
    Double Click mbam-setup.exe to install the application.
    • It should update automatically if the computer is connected to the internet.
    • Click on Threat Scan and click on Scan Now.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete make sure all the infections have "quarantine" selected in the Action box.
    • Click on "Quarantine All" You may be asked to Restart your computer to completely remove the infections.
    • When disinfection is completed you can click on "Copy to Clipboard".
    • Paste the log in you next reply (CTRL+ V)
    *********************************************
    Please download Junkware Removal Tool to your desktop.
    Warning! Once the scan is complete JRT will shut down your browser with NO warning.
    Shut down your protection software now to avoid potential conflicts.
    •Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
    •Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
    •The tool will open and start scanning your system.
    •Please be patient as this can take a while to complete depending on your system's specifications.
    •On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    •Copy and Paste the JRT.txt log into your next message.
    **********************************************
    Download Security Check by screen317 from one of the following links and save it to your desktop.
    Link 1
    Link 2
    * Double-click Security Check.bat
    * Follow the on-screen instructions inside of the black box.
    * A Notepad document should open automatically called checkup.txt
    * Post the contents of that document in your next reply.
    Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
     
  5. h.tony

    h.tony TS Rookie Topic Starter Posts: 21

    Hi Dave, thanks for the help.
    I tried to uninstall uTorrent but I was unable to locate it in the add/remove list.
    Also when updating java, I am once again stuck, the download speed goes down to 0 byte/second. I have no clue why but downloading the other programs you have suggested works just fine.

    AdwCleaner
    # AdwCleaner v3.215 - Report created 10/07/2014 at 11:
    25:21
    # Updated 09/07/2014 by Xplode
    # Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
    # Username : New - FAMILYCOMPUTER
    # Running from : C:\Tony1\VIRUS REMOVAL\adwcleaner_3.215.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Program Files\Tencent
    Folder Deleted : C:\Program Files\Common Files\Tencent
    Folder Deleted : C:\Documents and Settings\New\Local Settings\Application Data\iLivid
    Folder Deleted : C:\Documents and Settings\New\Application Data\Tencent
    File Deleted : C:\Documents and Settings\New\Local Settings\Application

    Data\Google\Chrome\User Data\Default\Local

    Storage\hxxp_www.superfish.com_0.localstorage
    File Deleted : C:\Documents and Settings\New\Local Settings\Application

    Data\Google\Chrome\User Data\Default\Local

    Storage\hxxp_www.superfish.com_0.localstorage-journal

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
    Value Deleted :

    HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Standard

    Profile\AuthorizedApplications\List [C:\Program Files\Common

    Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe]
    Value Deleted :

    HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Standard

    Profile\AuthorizedApplications\List [C:\DOCUME~1\New\LOCALS~1

    \Temp\cetrainers\CET556.tmp\extracted\Dungeon Rampage Hack Tool V1.4.EXE]
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKCU\Software\Somoto
    Key Deleted : HKCU\Software\TENCENT
    Key Deleted : HKLM\Software\TENCENT
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App

    Management\ARPCache\FilesFrog Update Checker

    ***** [ Browsers ] *****

    -\\ Internet Explorer v8.0.6001.18702


    -\\ Mozilla Firefox v21.0 (en-US)

    [ File : C:\Documents and Settings\New\Application

    Data\Mozilla\Firefox\Profiles\58s0tfcx.default-1404838983112\prefs.js ]


    -\\ Google Chrome v

    [ File : C:\Documents and Settings\New\Local Settings\Application Data\Google\Chrome\User

    Data\Default\preferences ]

    Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
    Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

    *************************

    AdwCleaner[R0].txt - [2480 octets] - [10/07/2014 11:23:39]
    AdwCleaner[S0].txt - [2435 octets] - [10/07/2014 11:25:21]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2495 octets] ##########

    Malwarebytes Anti-Malware

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 7/10/2014
    Scan Time: 11:41:10 AM
    Logfile:
    Administrator: Yes

    Version: 2.00.2.1012
    Malware Database: v2014.07.09.13
    Rootkit Database: v2014.07.09.01
    License: Premium
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows XP Service Pack 3
    CPU: x86
    File System: NTFS
    User: New

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 304693
    Time Elapsed: 17 min, 57 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 7
    PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify, 1, Good: (0), Bad: (1),,[f1909effbac1191d6a52eea662a26799]
    PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FirewallDisableNotify, 1, Good: (0), Bad: (1),,[d3aee7b6f08b47ef3489e2b2e81cb24e]
    PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify, 1, Good: (0), Bad: (1),,[87fa9a035c1fbf77ba042d67fc08669a]
    PUM.Hijack.TaskManager, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableTaskMgr, 1, Good: (0), Bad: (1),,[96eb2e6f1f5c89adadfdeda9a75dad53]
    PUM.Hijack.Regedit, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableRegistryTools, 1, Good: (0), Bad: (1),,[166bcfce502b96a02721593c45bfa35d]
    PUM.Hijack.TaskManager, HKU\S-1-5-21-1614895754-562591055-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableTaskMgr, 1, Good: (0), Bad: (1),,[0978722baecd6dc9d5d524723bc9c13f]
    PUM.Hijack.Regedit, HKU\S-1-5-21-1614895754-562591055-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableRegistryTools, 1, Good: (0), Bad: (1),,[49385d404b3058de6ddb9500996b6a96]

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)

    Junkware Removal Tool
    When I run it, all it does is open a blank cmd.exe

    Security Check by screen317It said "no instance(s) available"

     
  6. h.tony

    h.tony TS Rookie Topic Starter Posts: 21

    I almost never restart my PC because upon start up only my wallpaper shows, no icons, no start menu, nothing. I am currently using my laptop. I hear you can delete explore.exe then add it again through task manager but I cannot because my task manager is disabled.

    Edit: I fortunately got lucky after restarting my PC 3-4 times my icons reappeared.
     
  7. Superdave1941

    Superdave1941 Malware Helper Posts: 152

    Does it say "press any key to continue?"
    Malwarebytes' Anti-Rootkit
    Please download Malwarebytes' Anti-Rootkit and save it to your desktop.
    • Be sure to print out and follow the instructions provided on that same page for performing a scan.
    • Caution: This is a beta version so also read the disclaimer and back up all your data before using.
    • When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
    • Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
    • Copy and paste the contents of these two log files in your next reply.
     
  8. h.tony

    h.tony TS Rookie Topic Starter Posts: 21

    Junkware Removal Tool
    Nope, it does not say "press any key to continue?" just a blank cmd.

    Malwarebytes' Anti-Rootkit
    I ran it twice, both of the times it said "Scan finished: No malware found!"
     
  9. Superdave1941

    Superdave1941 Malware Helper Posts: 152

    I'd like to scan your machine with ESET OnlineScan
    •Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
    •Click the [​IMG] button.
    •For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on [​IMG] to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the [​IMG] icon on your desktop.
    •Check [​IMG]
    •Click the [​IMG] button.
    •Accept any security warnings from your browser.
    • Leave the check mark next to Remove found threats.
    •Check [​IMG]
    •Push the Start button.
    •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    •When the scan completes, push [​IMG]
    •Push [​IMG], and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    •Push the [​IMG] button.
    •Push [​IMG]
    A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
     
  10. h.tony

    h.tony TS Rookie Topic Starter Posts: 21

    When I click start it says" cannot update. Is proxy configured?"
     
  11. Superdave1941

    Superdave1941 Malware Helper Posts: 152

    Ok, please try this one.
    Please go to Kaspersky website and perform an online antivirus scan.
    1. Read through the requirements and privacy statement and click on Accept button.
    2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    3. When the downloads have finished, click on Settings.
    4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    Spyware, Adware, Dialers, and other potentially dangerous programs
    Archives

    5. Click on My Computer under Scan.
    6. Once the scan is complete, it will display the results. Click on View Scan Report.
    7. You will see a list of infected items there. Click on Save Report As....
    8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
    9. Please post this log in your next reply.
     
     
  12. h.tony

    h.tony TS Rookie Topic Starter Posts: 21

    This is getting annoying, there seems to be a virus that blocks these files from being downloaded, this is what I get.
    [​IMG]
    [​IMG]

    I do have a "HijackThis" scan log if that is any way beneficial.
     
  13. Superdave1941

    Superdave1941 Malware Helper Posts: 152

    Let's try this one to repair the proxy problem.
    Please download MiniToolBox to Desktop and run it.
    [​IMG]
    Checkmark the following boxes:

    • [*]Flush DNS
      [*]Report IE Proxy Settings
      [*]Reset IE Proxy Settings
      [*]List content of Hosts
      [*]List IP Configuration
      [*]Lst Last 10 Event Viewer Errors
      [*]List Users, Partitions and Memory Size
    Click Go and copy/paste the log (Result.txt) into your next post.
     
  14. h.tony

    h.tony TS Rookie Topic Starter Posts: 21

    MiniToolBox by Farbar Version: 06-07-2014
    Ran by New (administrator) on 14-07-2014 at 16:04:02
    Running from "C:\Documents and Settings\New\My Documents\Downloads"
    Microsoft Windows XP Professional Service Pack 3 (X86)
    Boot Mode: Normal
    ***************************************************************************

    ========================= Flush DNS: ===================================


    Windows IP Configuration



    Could not flush the DNS Resolver Cache: Function failed during execution.




    ========================= IE Proxy Settings: ==============================

    Proxy is not enabled.
    No Proxy Server is set.

    "Reset IE Proxy Settings": IE Proxy Settings were reset.
    ========================= Hosts content: =================================


    127.0.0.1 localhost

    ========================= IP Configuration: ================================

    Broadcom NetXtreme 57xx Gigabit Controller = Local Area Connection (Connected)


    # ----------------------------------
    # Interface IP Configuration
    # ----------------------------------
    pushd interface ip


    # Interface IP Configuration for "Local Area Connection"

    set address name="Local Area Connection" source=dhcp
    set dns name="Local Area Connection" source=dhcp register=PRIMARY
    set wins name="Local Area Connection" source=dhcp


    popd
    # End of interface IP configuration




    Windows IP Configuration



    Host Name . . . . . . . . . . . . : FAMILYCOMPUTER

    Primary Dns Suffix . . . . . . . :

    Node Type . . . . . . . . . . . . : Unknown

    IP Routing Enabled. . . . . . . . : No

    WINS Proxy Enabled. . . . . . . . : No



    Ethernet adapter Local Area Connection:



    Connection-specific DNS Suffix . :

    Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller

    Physical Address. . . . . . . . . : 00-19-B9-28-49-E3

    Dhcp Enabled. . . . . . . . . . . : Yes

    Autoconfiguration Enabled . . . . : Yes

    IP Address. . . . . . . . . . . . : 192.168.1.118

    Subnet Mask . . . . . . . . . . . : 255.255.255.0

    Default Gateway . . . . . . . . . : 192.168.1.1

    DHCP Server . . . . . . . . . . . : 192.168.1.1

    DNS Servers . . . . . . . . . . . : 192.168.1.1

    Lease Obtained. . . . . . . . . . : Monday, July 14, 2014 11:05:52 AM

    Lease Expires . . . . . . . . . . : Tuesday, July 15, 2014 11:05:52 AM

    Server: router.asus.com
    Address: 192.168.1.1

    Name: google.com
    Addresses: 173.194.43.64, 173.194.43.65, 173.194.43.66, 173.194.43.67
    173.194.43.68, 173.194.43.69, 173.194.43.70, 173.194.43.71, 173.194.43.72
    173.194.43.73, 173.194.43.78



    Pinging google.com [173.194.43.78] with 32 bytes of data:



    Reply from 173.194.43.78: bytes=32 time=24ms TTL=58

    Reply from 173.194.43.78: bytes=32 time=22ms TTL=58



    Ping statistics for 173.194.43.78:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

    Approximate round trip times in milli-seconds:

    Minimum = 22ms, Maximum = 24ms, Average = 23ms

    Server: router.asus.com
    Address: 192.168.1.1

    Name: yahoo.com
    Addresses: 98.138.253.109, 98.139.183.24, 206.190.36.45



    Pinging yahoo.com [206.190.36.45] with 32 bytes of data:



    Reply from 206.190.36.45: bytes=32 time=100ms TTL=48

    Reply from 206.190.36.45: bytes=32 time=96ms TTL=48



    Ping statistics for 206.190.36.45:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

    Approximate round trip times in milli-seconds:

    Minimum = 96ms, Maximum = 100ms, Average = 98ms



    Pinging 127.0.0.1 with 32 bytes of data:



    Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

    Reply from 127.0.0.1: bytes=32 time<1ms TTL=64



    Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

    Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

    ===========================================================================
    Interface List
    0x1 ........................... MS TCP Loopback interface
    0x2 ...00 19 b9 28 49 e3 ...... Broadcom NetXtreme 57xx Gigabit Controller - Packet Scheduler Miniport
    ===========================================================================
    ===========================================================================
    Active Routes:
    Network Destination Netmask Gateway Interface Metric
    0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.118 20
    127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
    192.168.1.0 255.255.255.0 192.168.1.118 192.168.1.118 20
    192.168.1.118 255.255.255.255 127.0.0.1 127.0.0.1 20
    192.168.1.255 255.255.255.255 192.168.1.118 192.168.1.118 20
    224.0.0.0 240.0.0.0 192.168.1.118 192.168.1.118 20
    255.255.255.255 255.255.255.255 192.168.1.118 192.168.1.118 1
    Default Gateway: 192.168.1.1
    ===========================================================================
    Persistent Routes:
    None

    ========================= Event log errors: ===============================

    Application errors:
    ==================
    Error: (07/11/2014 00:06:28 PM) (Source: Application Error) (User: )
    Description: Faulting application kernelmoduleunloader.exe, version 0.0.0.0, faulting module kernelmoduleunloader.exe, version 0.0.0.0, fault address 0x00025bbc.
    Processing media-specific event for [kernelmoduleunloader.exe!ws!]

    Error: (07/10/2014 10:27:02 PM) (Source: Application Error) (User: )
    Description: Faulting application acdsee32.exe, version 2.4.1.0, faulting module acdsee32.exe, version 2.4.1.0, fault address 0x0005bfa3.
    Processing media-specific event for [acdsee32.exe!ws!]

    Error: (07/10/2014 00:35:02 PM) (Source: Application Error) (User: )
    Description: Faulting application kernelmoduleunloader.exe, version 0.0.0.0, faulting module kernelmoduleunloader.exe, version 0.0.0.0, fault address 0x00025bc0.
    Processing media-specific event for [kernelmoduleunloader.exe!ws!]

    Error: (07/10/2014 00:34:57 PM) (Source: Application Error) (User: )
    Description: Faulting application cheat engine.exe, version 6.3.0.0, faulting module cheat engine.exe, version 6.3.0.0, fault address 0x0003c673.
    Processing media-specific event for [cheat engine.exe!ws!]


    System errors:
    =============
    Error: (07/14/2014 11:07:26 AM) (Source: Service Control Manager) (User: )
    Description: The Windows Image Acquisition (WIA) service hung on starting.

    Error: (07/10/2014 00:27:09 PM) (Source: Service Control Manager) (User: )
    Description: The Windows Image Acquisition (WIA) service hung on starting.

    Error: (07/10/2014 00:16:53 PM) (Source: Service Control Manager) (User: )
    Description: The Windows Image Acquisition (WIA) service hung on starting.

    Error: (07/10/2014 00:13:56 PM) (Source: Service Control Manager) (User: )
    Description: The Windows Image Acquisition (WIA) service hung on starting.

    Error: (07/10/2014 11:31:49 AM) (Source: Service Control Manager) (User: )
    Description: The Windows Image Acquisition (WIA) service hung on starting.

    Error: (07/08/2014 02:44:16 PM) (Source: Service Control Manager) (User: )
    Description: The Windows Image Acquisition (WIA) service hung on starting.

    Error: (07/08/2014 02:39:21 PM) (Source: Service Control Manager) (User: )
    Description: The Windows Image Acquisition (WIA) service hung on starting.

    Error: (07/08/2014 02:30:00 PM) (Source: Service Control Manager) (User: )
    Description: The Windows Image Acquisition (WIA) service hung on starting.

    Error: (07/08/2014 02:23:06 PM) (Source: Service Control Manager) (User: )
    Description: The Windows Image Acquisition (WIA) service hung on starting.

    Error: (07/01/2014 07:06:07 PM) (Source: Service Control Manager) (User: )
    Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.


    Microsoft Office Sessions:
    =========================
    Error: (12/27/2013 03:24:11 PM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 12224 seconds with 1260 seconds of active time. This session ended with a crash.

    Error: (01/07/2013 08:01:57 PM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1660 seconds with 360 seconds of active time. This session ended with a crash.

    Error: (12/20/2012 09:13:48 PM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 195 seconds with 0 seconds of active time. This session ended with a crash.


    ========================= Memory info: ===================================

    Percentage of memory in use: 48%
    Total physical RAM: 3061.54 MB
    Available physical RAM: 1561.78 MB
    Total Pagefile: 4952.14 MB
    Available Pagefile: 3433.83 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1959.36 MB

    ========================= Partitions: =====================================

    1 Drive c: () (Fixed) (Total:149.05 GB) (Free:69.37 GB) NTFS

    ========================= Users: ========================================

    User accounts for \\FAMILYCOMPUTER

    Administrator ASPNET Guest
    HelpAssistant New SUPPORT_388945a0


    **** End of log ****
     
  15. Superdave1941

    Superdave1941 Malware Helper Posts: 152

    What browser are you using?
     
  16. h.tony

    h.tony TS Rookie Topic Starter Posts: 21

    Currently I am using Mozilla Firefox
     
  17. Superdave1941

    Superdave1941 Malware Helper Posts: 152

    There are different instructions to run ESET from a different browser than IE.
     
  18. h.tony

    h.tony TS Rookie Topic Starter Posts: 21

    For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on [​IMG]
    • Double click on the [​IMG]
    •Check [​IMG] •Click the [​IMG] •Accept any security warnings from your browser.
    • Leave the check mark next to Remove found threats.
    •Check [​IMG] •Push the Start button.
    •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    •When the scan completes, push [​IMG] •Push [​IMG] •Push the [​IMG] •Push [​IMG] A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

    This is what I followed, as you told me.
     
  19. h.tony

    h.tony TS Rookie Topic Starter Posts: 21

    Ok I tried doing an online scan rather then downloading the exe. But now a new problem arises. The web page cannot be loaded, is this a virus that I am unaware of? I tried loading up the web page on another PC and it worked perfectly. The way I downloaded esetsmartinstaller_enu.exe, was downloading it from my laptop then transferring the exe to this PC. It just gets stuck on the loading screen for Mozilla, explorer and chrome.
    [​IMG]
    Chrome
    [​IMG]
    Mozilla
    [​IMG]
    The website is up but I cannot open it
     
  20. Superdave1941

    Superdave1941 Malware Helper Posts: 152

    Oh well, how's your computer running now? Any other issues?
     
  21. h.tony

    h.tony TS Rookie Topic Starter Posts: 21

    Same as before, task manager still disabled safe mode blocked etc.. My PC is a wreckage I guess?
     
  22. Superdave1941

    Superdave1941 Malware Helper Posts: 152

    Please download Farbar Service Scanner to the desktop and run it on the computer with the issue.
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    Make sure FRST is run under administrator privileges.
    Make sure that the Whitelist section is checked.Otherwise, the log will be very long.
    You Security programs may prevent the tool from running. If this happens, disable the security program until the scan is completed.
    • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
    • Press "Scan".
      [​IMG]
      [​IMG]
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.
    • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
     
  23. h.tony

    h.tony TS Rookie Topic Starter Posts: 21

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-07-2014 01
    Ran by New (administrator) on FAMILYCOMPUTER on 18-07-2014 10:16:47
    Running from C:\Documents and Settings\New\My Documents\Downloads
    Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
    Internet Explorer Version 8
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
    (Microsoft Corporation) C:\WINDOWS\system32\MsPMSPSv.exe
    () C:\DOCUME~1\New\LOCALS~1\Temp\wincjll.exe
    (Dropbox, Inc.) C:\Documents and Settings\New\Application Data\Dropbox\bin\Dropbox.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Barracuda Networks, Inc.) C:\Documents and Settings\New\Application Data\Copy\CopyAgent.exe
    (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe


    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
    HKU\.DEFAULT\...\Policies\Explorer: [CDRAutoRun] 0
    HKU\S-1-5-21-1614895754-562591055-1801674531-1003\...\Run: [iFunBox Price Watch] => C:\Program Files\iFunbox 2014\iFunBox2014.exe /tray
    HKU\S-1-5-21-1614895754-562591055-1801674531-1003\...\RunOnce: [FlashPlayerUpdate] - C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_12_0_0_77_Plugin.exe [914824 2014-03-30] (Adobe Systems Incorporated)
    HKU\S-1-5-21-1614895754-562591055-1801674531-1003\...\Policies\system: [enableTaskMgr] 0
    HKU\S-1-5-21-1614895754-562591055-1801674531-1003\...\Policies\system: [DisableTaskMgr] 1
    HKU\S-1-5-21-1614895754-562591055-1801674531-1003\...\Policies\system: [DisableRegistryTools] 1
    HKU\S-1-5-21-1614895754-562591055-1801674531-1003\...\MountPoints2: {2aec11e4-dde6-11e1-a656-0019b92849e3} - E:\LaunchU3.exe -a
    HKU\S-1-5-21-1614895754-562591055-1801674531-1003\...\MountPoints2: {6a747eb4-66a3-11e3-a824-0019b92849e3} - E:\launcher.exe
    HKU\S-1-5-21-1614895754-562591055-1801674531-1003\...\MountPoints2: {cc2fd02a-e4b9-11e1-a668-0019b92849e3} - E:\kxfspf.cmd
    Startup: C:\Documents and Settings\New\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\New\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    Startup: C:\Documents and Settings\New\Start Menu\Programs\Startup\EvernoteClipper.lnk
    ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
    Startup: C:\Documents and Settings\New\Start Menu\Programs\Startup\start.lnk
    ShortcutTarget: start.lnk -> C:\Documents and Settings\New\9p2garka7ur3\69890.vbs (No File)
    ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
    ShellIconOverlayIdentifiers: 1aCopyShExtError -> {83BEA36E-7680-4598-A4DF-994426F6E78D} => C:\Documents and Settings\New\Application Data\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
    ShellIconOverlayIdentifiers: 2aCopyShExtSynced -> {845B7388-6F85-4F32-9FD5-F02DC7882B89} => C:\Documents and Settings\New\Application Data\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
    ShellIconOverlayIdentifiers: 3aCopyShExtSyncing -> {F6378A7A-F753-449B-AE1B-997A96132E61} => C:\Documents and Settings\New\Application Data\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
    ShellIconOverlayIdentifiers: 4aCopyShExtSyncingProg1 -> {3A511828-777D-46F8-82F4-5B530C1B3D9E} => C:\Documents and Settings\New\Application Data\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
    ShellIconOverlayIdentifiers: 5aCopyShExtSyncingProg2 -> {C8C88204-5B14-40EC-BA72-8AEBC762047E} => C:\Documents and Settings\New\Application Data\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
    ShellIconOverlayIdentifiers: 6aCopyShExtSyncingProg3 -> {ACFF45C3-3EEB-4351-86C2-6696BA264239} => C:\Documents and Settings\New\Application Data\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
    ShellIconOverlayIdentifiers: 7aCopyShExtSyncingProg4 -> {29AF997F-488B-46F0-AE78-7146F1B89CC3} => C:\Documents and Settings\New\Application Data\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
    ShellIconOverlayIdentifiers: 8aCopyShExtSyncingProg5 -> {03F9AD29-1C78-4B66-8890-B177B5430C53} => C:\Documents and Settings\New\Application Data\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
    ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
    BootExecute:
    AlternateShell:

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    SearchScopes: HKLM - DefaultScope value is missing.
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    BHO: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
    BHO: QUICKfind BHO Object -> {C08DF07A-3E49-4E25-9AB0-D3882835F153} -> C:\Program Files\IDM\QUICKfind\PlugIns\IEHelp.dll (IDM)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
    Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
    DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
    Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - C:\WINDOWS\wc98pp.dll ()
    Handler: tmbp - No CLSID Value -
    Handler: tmpx - No CLSID Value -
    Winsock: Catalog5 01 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Documents and Settings\New\Application Data\Mozilla\Firefox\Profiles\58s0tfcx.default-1404838983112
    FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
    FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
    FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin: @java.com/DTPlugin,version=1.6.0_33 - C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF Plugin: @pptv.com/plugin - C:\Program Files\Internet Explorer\PPLite\plugin\1.0.0.54\npplugin2.dll (PPLive Corporation)
    FF Plugin: @qq.com/QzoneMusic - C:\Program Files\Tencent\QQMusic\npQzoneMusic.dll No File
    FF Plugin: @qq.com/TXSSO - C:\Program Files\Common Files\Tencent\TXSSO\1.2.1.42\Bin\npSSOAxCtrlForPTLogin.dll No File
    FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
    FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Documents and Settings\New\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Documents and Settings\New\Application Data\Mozilla\plugins\npo1d.dll (Google)
    FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\New\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\New\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Documents and Settings\New\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\New\Application Data\mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\New\Application Data\mozilla\plugins\npo1d.dll (Google)
    FF Extension: Firefox Old Version Update Hotfix - C:\Documents and Settings\New\Application Data\Mozilla\Firefox\Profiles\58s0tfcx.default-1404838983112\Extensions\firefox-hotfix@mozilla.org.xpi [2014-07-16]
    FF Extension: Tamper Data - C:\Documents and Settings\New\Application Data\Mozilla\Firefox\Profiles\58s0tfcx.default-1404838983112\Extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi [2014-07-08]
    FF Extension: Adblock Plus - C:\Documents and Settings\New\Application Data\Mozilla\Firefox\Profiles\58s0tfcx.default-1404838983112\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-08]
    FF HKLM\...\Firefox\Extensions: [fiddlerhook@fiddler2.com] - C:\Program Files\Fiddler2\New Folder\Fiddler2\FiddlerHook
    FF Extension: FiddlerHook - C:\Program Files\Fiddler2\New Folder\Fiddler2\FiddlerHook [2013-08-02]
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-03-22]
    FF HKLM\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1107\7.5.1107\firefoxextension

    Chrome:
    =======
    CHR HomePage: https://www.google.ca/
    CHR NewTab: "chrome-extension://mgmiemnjjchgkmgbeljfocdjjnpjnmcg/ntp.html"
    CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\New\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Documents and Settings\New\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
    CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\New\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
    CHR Plugin: (Advanced SystemCare 6) - C:\Documents and Settings\New\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\Plugin/ASCPlugin_Protect.dll No File
    CHR Plugin: (Google Talk Plugin) - C:\Documents and Settings\New\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
    CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Documents and Settings\New\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll No File
    CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Documents and Settings\New\Application Data\Mozilla\plugins\npo1d.dll (Google)
    CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
    CHR Plugin: (ActiveTouch General Plugin Container) - C:\Program Files\Windows Media Player\npatgpc.dll (Cisco WebEx LLC)
    CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
    CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
    CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
    CHR Plugin: (NPPlayerShell) - C:\Documents and Settings\New\Application Data\TrianglePlayer\NPTrianglePlayer.dll No File
    CHR Plugin: (GBoxRuner plugin) - C:\Documents and Settings\New\Application Data\gbox\npgboxruner.dll No File
    CHR Plugin: (Google Update) - C:\Documents and Settings\New\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
    CHR Plugin: (Unity Player) - C:\Documents and Settings\New\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    CHR Plugin: (AdobeAAMDetect) - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
    CHR Plugin: (Tencent SSO Platform) - C:\Program Files\Common Files\Tencent\TXSSO\1.2.1.42\Bin\npSSOAxCtrlForPTLogin.dll No File
    CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    CHR Plugin: (PPLive PPTV Plugin) - C:\Program Files\Internet Explorer\PPLite\plugin\1.0.0.54\npplugin2.dll (PPLive Corporation)
    CHR Plugin: (Java(TM) Platform SE 6 U33) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    CHR Plugin: (Pando Web Plugin) - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    CHR Plugin: (QQMusic) - C:\Program Files\Tencent\QQMusic\npQzoneMusic.dll No File
    CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
    CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll No File
    CHR Plugin: (Java Deployment Toolkit 6.0.330.5) - C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
    CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\New\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
    CHR Extension: (Rumola - bypass CAPTCHA) - C:\Documents and Settings\New\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bjjgbdlbgjeoankjijbmheneoekbghcg [2013-01-25]
    CHR Extension: (YouTube) - C:\Documents and Settings\New\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-09-06]
    CHR Extension: (SwagBucks Automator) - C:\Documents and Settings\New\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\boaomhhoelpgkkiiabmokphjeikjiomp [2013-01-25]
    CHR Extension: (Google Search) - C:\Documents and Settings\New\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-09-06]
    CHR Extension: (Awesome Bookmarks Widget [ANTP]) - C:\Documents and Settings\New\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cpomkeboefacdfaoklfekfleengjeodf [2013-03-09]
    CHR Extension: (HD Tv) - C:\Documents and Settings\New\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gdphnleahbbooddgjimkaoibgpipekml [2013-03-09]
    CHR Extension: (AdBlock) - C:\Documents and Settings\New\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-10-29]
    CHR Extension: (Hola Better Internet) - C:\Documents and Settings\New\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-06-30]
    CHR Extension: (Awesome Weather Widget [ANTP]) - C:\Documents and Settings\New\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\goeepbfnllchoihkoiecpkkekbpfiboc [2013-03-09]
    CHR Extension: (Awesome Calculator Widget [ANTP]) - C:\Documents and Settings\New\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hmmkgfainefimmjkdnbgejialadhhegh [2013-03-09]
    CHR Extension: (Meta-Tile Widget [ANTP]) - C:\Documents and Settings\New\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ibhffciboaodhfapmcpckhbdpbjjppan [2013-03-09]
    CHR Extension: (Arcane Legends) - C:\Documents and Settings\New\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ibmlkgieigeddcedpbijnpojheoddido [2013-05-22]
    CHR Extension: (Digital Clock Widget [ANTP]) - C:\Documents and Settings\New\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ikimcdcgajipgcoehakmgloecbaacmoj [2013-03-09]
    CHR Extension: (Metro Style Clock Widget [ANTP]) - C:\Documents and Settings\New\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lnmmppckdogcdbnnebgndgnmkdoedoki [2013-03-09]
    CHR Extension: (Google Dictionary (by Google)) - C:\Documents and Settings\New\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2012-09-06]
    CHR Extension: (Awesome New Tab Pageâ„¢) - C:\Documents and Settings\New\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mgmiemnjjchgkmgbeljfocdjjnpjnmcg [2013-03-09]
    CHR Extension: (Google Wallet) - C:\Documents and Settings\New\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
    CHR Extension: (Gmail) - C:\Documents and Settings\New\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-09-06]
    CHR Extension: (Abstract-Blue) - C:\Documents and Settings\New\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\plnacehkknmafkjgkikclamogikoiaaa [2012-10-29]
    CHR HKLM\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1107\7.5.1107\chrome_tmbep.crx [2012-10-29]

    ========================== Services (Whitelisted) =================

    ATTENTION: => Could not perform signature verification. Cryptographic Service is not running.

    R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [930104 2014-05-12] (Malwarebytes Corporation)
    S4 npggsvc; C:\WINDOWS\system32\GameMon.des [3953632 2012-03-05] (INCA Internet Co., Ltd.)
    R2 WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [53248 2001-05-01] (Microsoft Corporation)
    S4 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [X]
    S4 DTSRVC; No ImagePath
    S4 MozillaMaintenance; No ImagePath
    S4 PdiService; No ImagePath
    S4 RichVideo; No ImagePath
    S3 rpcapd; No ImagePath

    ==================== Drivers (Whitelisted) ====================

    S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
    S3 DCamUSBEMPIA; C:\WINDOWS\System32\DRIVERS\emDevice.sys [100957 2005-12-21] (eMPIA Technology, Inc.)
    S3 emAudio; C:\WINDOWS\System32\drivers\emAudio.sys [22528 2006-12-12] (Pinnacle Systems GmbH)
    S3 FiltUSBEMPIA; C:\WINDOWS\System32\DRIVERS\emFilter.sys [5245 2005-12-21] (eMPIA Technology, Inc.)
    R1 FsVga; C:\WINDOWS\System32\DRIVERS\fsvga.sys [12160 2004-08-12] (Microsoft Corporation)
    R3 MarvinBus; C:\WINDOWS\System32\DRIVERS\MarvinBus.sys [171520 2005-09-24] (Pinnacle Systems GmbH)
    R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-07-16] (Malwarebytes Corporation)
    S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-14] (Microsoft Corporation)
    S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
    R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.)
    R3 PdiPorts; C:\WINDOWS\System32\Drivers\PdiPorts.sys [17328 2012-04-13] (Portrait Displays, Inc.)
    S1 Pivot; C:\WINDOWS\System32\drivers\pivot.sys [17465 2010-05-13] (Portrait Displays, Inc.)
    S3 pivotmou; C:\WINDOWS\System32\drivers\pivotmou.sys [11323 2010-05-13] (Portrait Displays, Inc.)
    S3 ScanUSBEMPIA; C:\WINDOWS\System32\DRIVERS\emScan.sys [4493 2005-12-21] (eMPIA Technology, Inc.)
    R3 abp470n5; \??\C:\WINDOWS\system32\drivers\igfll.sys [X]
    S0 cerc6; No ImagePath
    S3 EagleXNt; No ImagePath
    S0 erdnrxx; System32\drivers\mfpiix.sys [X]
    S4 IntelIde; No ImagePath
    U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
    U3 tmeevw;
    S3 vwwredzk; vwwredzk.sys [X]
    U1 WS2IFSL;
    S3 xofhsekc; No ImagePath

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2014-07-18 10:15 - 2014-07-18 10:16 - 00000000 ____D () C:\FRST
    2014-07-18 10:11 - 2014-07-18 10:11 - 00415744 _____ (Farbar) C:\Documents and Settings\New\Desktop\FSS.exe
    2014-07-17 22:02 - 2014-07-17 22:02 - 00001528 _____ () C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
    2014-07-17 22:02 - 2014-07-17 22:02 - 00000000 ____D () C:\Program Files\ImgBurn
    2014-07-17 22:02 - 2014-07-17 22:02 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ImgBurn
    2014-07-14 10:40 - 2014-07-14 10:45 - 00000000 ____D () C:\Program Files\HijackThis
    2014-07-14 10:24 - 2014-07-14 10:22 - 00482112 _____ (Kaspersky Lab) C:\Documents and Settings\New\Desktop\setup.exe
    2014-07-13 10:57 - 2014-07-13 10:57 - 00000000 ____D () C:\Program Files\ESET
    2014-07-13 10:57 - 2014-07-13 10:56 - 02425208 _____ (ESET) C:\Documents and Settings\New\Desktop\esetsmartinstaller_enu.exe
    2014-07-12 21:19 - 2014-07-12 21:19 - 00000000 ____D () C:\Documents and Settings\New\Local Settings\Application Data\Evernote
    2014-07-12 21:19 - 2014-07-12 21:19 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Evernote
    2014-07-12 21:18 - 2014-07-12 21:18 - 00000625 _____ () C:\Documents and Settings\New\Desktop\Evernote.lnk
    2014-07-12 21:18 - 2014-07-12 21:18 - 00000000 ____D () C:\Program Files\Evernote
    2014-07-11 15:21 - 2014-07-03 20:46 - 02085772 _____ () C:\Documents and Settings\New\Desktop\rotmg.swf
    2014-07-11 12:07 - 2014-07-11 12:07 - 00000760 _____ () C:\Documents and Settings\New\Desktop\Cheat Engine.lnk
    2014-07-11 12:07 - 2014-07-11 12:07 - 00000000 ____D () C:\Program Files\Cheat Engine 6.4
    2014-07-11 12:07 - 2014-07-11 12:07 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Cheat Engine 6.4
    2014-07-11 10:36 - 2014-07-11 13:19 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
    2014-07-10 23:04 - 2014-07-10 23:05 - 00000000 ____D () C:\Documents and Settings\New\Application Data\360Login
    2014-07-10 23:04 - 2014-07-10 23:05 - 00000000 ____D () C:\Documents and Settings\New\Application Data\360CloudUI
    2014-07-10 23:04 - 2014-07-10 23:04 - 00000774 _____ () C:\Documents and Settings\New\Desktop\360云盘.lnk
    2014-07-10 23:04 - 2014-07-10 23:04 - 00000000 ____D () C:\Program Files\360
    2014-07-10 23:04 - 2014-07-10 23:04 - 00000000 ____D () C:\Documents and Settings\New\Start Menu\Programs\360安全中心
    2014-07-10 22:13 - 2014-07-10 22:13 - 00000789 _____ () C:\Documents and Settings\New\Desktop\Higher Score on the ACT.lnk
    2014-07-10 22:13 - 2014-07-10 22:13 - 00000000 ____D () C:\Program Files\Kap.ACTc
    2014-07-10 22:13 - 2014-07-10 22:13 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Kaplan
    2014-07-10 22:11 - 2014-07-11 13:19 - 00000000 ____D () C:\Documents and Settings\New\Desktop\mbar
    2014-07-10 12:36 - 2014-07-10 12:36 - 00001409 _____ () C:\WINDOWS\system32\tmpF6D6A.FOT
    2014-07-10 12:36 - 2014-07-10 12:36 - 00001409 _____ () C:\WINDOWS\system32\tmpF4D6A.FOT
    2014-07-10 12:36 - 2014-07-10 12:36 - 00001409 _____ () C:\WINDOWS\system32\tmp04D6A.FOT
    2014-07-10 12:36 - 2014-07-10 12:36 - 00001409 _____ () C:\WINDOWS\system32\tmp02D6A.FOT
    2014-07-10 11:24 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
    2014-07-10 11:23 - 2014-07-10 11:32 - 00000000 ____D () C:\AdwCleaner
    2014-07-09 19:37 - 2014-07-09 19:37 - 00006904 _____ () C:\WINDOWS\FaxSetup.log
    2014-07-09 19:37 - 2014-07-09 19:37 - 00006638 _____ () C:\WINDOWS\iis6.log
    2014-07-09 19:37 - 2014-07-09 19:37 - 00005816 _____ () C:\WINDOWS\ocgen.log
    2014-07-09 19:37 - 2014-07-09 19:37 - 00004591 _____ () C:\WINDOWS\tsoc.log
    2014-07-09 19:37 - 2014-07-09 19:37 - 00002502 _____ () C:\WINDOWS\comsetup.log
    2014-07-09 19:37 - 2014-07-09 19:37 - 00001891 _____ () C:\WINDOWS\imsins.log
    2014-07-09 19:37 - 2014-07-09 19:37 - 00001864 _____ () C:\WINDOWS\msmqinst.log
    2014-07-09 19:37 - 2014-07-09 19:37 - 00001810 _____ () C:\WINDOWS\ntdtcsetup.log
    2014-07-09 19:37 - 2014-07-09 19:37 - 00001592 _____ () C:\WINDOWS\netfxocm.log
    2014-07-09 19:37 - 2014-07-09 19:37 - 00000719 _____ () C:\WINDOWS\MedCtrOC.log
    2014-07-09 19:37 - 2014-07-09 19:37 - 00000473 _____ () C:\WINDOWS\msgsocm.log
    2014-07-09 19:37 - 2014-07-09 19:37 - 00000469 _____ () C:\WINDOWS\ocmsn.log
    2014-07-09 19:37 - 2014-07-09 19:37 - 00000311 _____ () C:\WINDOWS\tabletoc.log
    2014-07-09 14:08 - 2014-07-09 14:04 - 11199152 _____ (Adobe Systems, Inc.) C:\Documents and Settings\New\Desktop\flashplayer_14_sa.exe
    2014-07-09 11:48 - 2014-07-09 11:48 - 00001409 _____ () C:\WINDOWS\system32\tmp8EB47.FOT
    2014-07-09 11:48 - 2014-07-09 11:48 - 00001409 _____ () C:\WINDOWS\system32\tmp71C47.FOT
    2014-07-09 11:48 - 2014-07-09 11:48 - 00001409 _____ () C:\WINDOWS\system32\tmp70C47.FOT
    2014-07-09 11:48 - 2014-07-09 11:48 - 00001409 _____ () C:\WINDOWS\system32\tmp62C47.FOT
    2014-07-08 14:21 - 2014-07-08 14:21 - 00065536 _____ () C:\WINDOWS\Minidump\Mini070814-01.dmp
    2014-07-08 13:57 - 2014-07-08 13:57 - 00000000 ____D () C:\Documents and Settings\New\Local Settings\Application Data\UWebKit151
    2014-07-08 13:57 - 2014-07-08 13:57 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\boost_interprocess
    2014-07-08 13:02 - 2014-07-08 13:02 - 00066073 _____ () C:\Documents and Settings\New\Desktop\bookmarks-2014-07-08.json
    2014-07-07 13:17 - 2014-07-16 09:12 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2014-07-07 13:17 - 2014-07-10 22:11 - 00054232 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2014-07-07 13:17 - 2014-07-07 13:17 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    2014-07-07 13:17 - 2014-07-07 13:17 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2014-07-07 13:17 - 2014-07-07 13:17 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-07-07 13:17 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
    2014-07-06 15:48 - 2014-07-06 15:48 - 00001409 _____ () C:\WINDOWS\system32\tmp546EC.FOT
    2014-07-06 15:48 - 2014-07-06 15:48 - 00001409 _____ () C:\WINDOWS\system32\tmp536EC.FOT
    2014-07-06 15:48 - 2014-07-06 15:48 - 00001409 _____ () C:\WINDOWS\system32\tmp476EC.FOT
    2014-07-06 15:48 - 2014-07-06 15:48 - 00001409 _____ () C:\WINDOWS\system32\tmp466EC.FOT
    2014-07-05 21:13 - 2014-07-05 21:13 - 00005632 ___SH () C:\Documents and Settings\Thumbs.db
    2014-07-03 16:31 - 2014-07-03 16:31 - 00006058 _____ () C:\Documents and Settings\New\Desktop\PCCLEANER.bat
    2014-07-01 16:31 - 2014-07-01 18:58 - 00000000 _RSHD () C:\Documents and Settings\New\9p2garka7ur3
    2014-06-26 16:43 - 2014-06-26 16:43 - 00000014 _____ () C:\tristansa.txt
    2014-06-19 18:26 - 2014-06-27 13:47 - 00000457 _____ () C:\WINDOWS\setupact.log
    2014-06-19 18:26 - 2014-06-19 18:26 - 00000000 _____ () C:\WINDOWS\setuperr.log
    2014-06-19 17:58 - 2014-06-27 13:47 - 00048444 _____ () C:\WINDOWS\setupapi.log
    2014-06-18 17:04 - 2014-07-14 11:07 - 00000235 _____ () C:\WINDOWS\wiadebug.log

    ==================== One Month Modified Files and Folders =======

    2014-07-18 10:17 - 2013-05-20 18:33 - 00000880 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2014-07-18 10:17 - 2012-01-19 13:29 - 00000000 ____D () C:\Documents and Settings\New\Local Settings\Temp
    2014-07-18 10:16 - 2014-07-18 10:15 - 00000000 ____D () C:\FRST
    2014-07-18 10:11 - 2014-07-18 10:11 - 00415744 _____ (Farbar) C:\Documents and Settings\New\Desktop\FSS.exe
    2014-07-18 10:10 - 2013-05-09 18:28 - 00000970 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-562591055-1801674531-1003UA.job
    2014-07-18 09:23 - 2012-08-16 12:13 - 00000536 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2014-07-18 08:19 - 2013-09-12 20:55 - 00000000 ____D () C:\Documents and Settings\New\Application Data\Copy
    2014-07-18 08:17 - 2013-05-20 18:33 - 00000876 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2014-07-18 07:57 - 2014-04-06 17:53 - 00000310 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
    2014-07-18 03:10 - 2013-05-09 18:28 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-562591055-1801674531-1003Core.job
    2014-07-18 00:10 - 2014-04-06 19:07 - 00032434 _____ () C:\WINDOWS\SchedLgU.Txt
    2014-07-17 22:03 - 2012-08-03 21:58 - 00000000 ____D () C:\Tony
    2014-07-17 22:02 - 2014-07-17 22:02 - 00001528 _____ () C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
    2014-07-17 22:02 - 2014-07-17 22:02 - 00000000 ____D () C:\Program Files\ImgBurn
    2014-07-17 22:02 - 2014-07-17 22:02 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ImgBurn
    2014-07-17 17:19 - 2012-08-03 15:23 - 00000000 ____D () C:\Documents and Settings\New\Application Data\Dropbox
    2014-07-17 14:31 - 2013-07-03 11:41 - 00000000 ____D () C:\Program Files\Mozilla Firefox
    2014-07-16 14:09 - 2012-08-03 21:58 - 00000000 ____D () C:\Chong
    2014-07-16 09:12 - 2014-07-07 13:17 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2014-07-14 14:08 - 2014-04-19 18:10 - 00000000 ____D () C:\Documents and Settings\New\Application Data\DropboxMaster
    2014-07-14 11:07 - 2014-06-18 17:04 - 00000235 _____ () C:\WINDOWS\wiadebug.log
    2014-07-14 11:07 - 2008-04-14 03:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
    2014-07-14 11:06 - 2014-05-29 13:15 - 00000049 _____ () C:\WINDOWS\wiaservc.log
    2014-07-14 11:06 - 2012-01-19 13:28 - 00000178 ___SH () C:\Documents and Settings\LocalService\ntuser.ini
    2014-07-14 11:06 - 2012-01-19 13:23 - 01835777 _____ () C:\WINDOWS\WindowsUpdate.log
    2014-07-14 11:05 - 2013-11-13 04:33 - 00000278 ___SH () C:\Documents and Settings\New\ntuser.ini
    2014-07-14 11:05 - 2013-01-19 00:12 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB951376-v2$
    2014-07-14 11:05 - 2012-01-19 13:28 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2014-07-14 10:45 - 2014-07-14 10:40 - 00000000 ____D () C:\Program Files\HijackThis
    2014-07-14 10:22 - 2014-07-14 10:24 - 00482112 _____ (Kaspersky Lab) C:\Documents and Settings\New\Desktop\setup.exe
    2014-07-13 18:32 - 2012-08-18 22:51 - 00000000 ____D () C:\Softwares
    2014-07-13 10:57 - 2014-07-13 10:57 - 00000000 ____D () C:\Program Files\ESET
    2014-07-13 10:56 - 2014-07-13 10:57 - 02425208 _____ (ESET) C:\Documents and Settings\New\Desktop\esetsmartinstaller_enu.exe
    2014-07-12 21:19 - 2014-07-12 21:19 - 00000000 ____D () C:\Documents and Settings\New\Local Settings\Application Data\Evernote
    2014-07-12 21:19 - 2014-07-12 21:19 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Evernote
    2014-07-12 21:18 - 2014-07-12 21:18 - 00000625 _____ () C:\Documents and Settings\New\Desktop\Evernote.lnk
    2014-07-12 21:18 - 2014-07-12 21:18 - 00000000 ____D () C:\Program Files\Evernote
    2014-07-11 22:20 - 2012-08-03 21:19 - 00000000 ____D () C:\AAA
    2014-07-11 13:19 - 2014-07-11 10:36 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
    2014-07-11 13:19 - 2014-07-10 22:11 - 00000000 ____D () C:\Documents and Settings\New\Desktop\mbar
    2014-07-11 12:07 - 2014-07-11 12:07 - 00000760 _____ () C:\Documents and Settings\New\Desktop\Cheat Engine.lnk
    2014-07-11 12:07 - 2014-07-11 12:07 - 00000000 ____D () C:\Program Files\Cheat Engine 6.4
    2014-07-11 12:07 - 2014-07-11 12:07 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Cheat Engine 6.4
    2014-07-11 10:37 - 2013-02-13 08:55 - 00000000 ____D () C:\WINDOWS\system32\NtmsData
    2014-07-10 23:20 - 2014-03-14 21:17 - 00000000 ____D () C:\Documents and Settings\New\Desktop\Florida
    2014-07-10 23:15 - 2013-01-19 10:55 - 00000000 ____D () C:\BBB
    2014-07-10 23:13 - 2012-12-24 12:31 - 00000000 ____D () C:\Documents and Settings\New\My Documents\Pinnacle Studio
    2014-07-10 23:05 - 2014-07-10 23:04 - 00000000 ____D () C:\Documents and Settings\New\Application Data\360Login
    2014-07-10 23:05 - 2014-07-10 23:04 - 00000000 ____D () C:\Documents and Settings\New\Application Data\360CloudUI
    2014-07-10 23:04 - 2014-07-10 23:04 - 00000774 _____ () C:\Documents and Settings\New\Desktop\360云盘.lnk
    2014-07-10 23:04 - 2014-07-10 23:04 - 00000000 ____D () C:\Program Files\360
    2014-07-10 23:04 - 2014-07-10 23:04 - 00000000 ____D () C:\Documents and Settings\New\Start Menu\Programs\360安全中心
    2014-07-10 22:37 - 2013-11-23 19:42 - 00000000 ____D () C:\Documents and Settings\New\Desktop\muledump-master
    2014-07-10 22:36 - 2013-11-03 10:47 - 00000000 ____D () C:\Documents and Settings\New\Desktop\School
    2014-07-10 22:13 - 2014-07-10 22:13 - 00000789 _____ () C:\Documents and Settings\New\Desktop\Higher Score on the ACT.lnk
    2014-07-10 22:13 - 2014-07-10 22:13 - 00000000 ____D () C:\Program Files\Kap.ACTc
    2014-07-10 22:13 - 2014-07-10 22:13 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Kaplan
    2014-07-10 22:11 - 2014-07-07 13:17 - 00054232 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2014-07-10 20:16 - 2012-08-03 21:58 - 00000000 ____D () C:\Dave
    2014-07-10 12:36 - 2014-07-10 12:36 - 00001409 _____ () C:\WINDOWS\system32\tmpF6D6A.FOT
    2014-07-10 12:36 - 2014-07-10 12:36 - 00001409 _____ () C:\WINDOWS\system32\tmpF4D6A.FOT
    2014-07-10 12:36 - 2014-07-10 12:36 - 00001409 _____ () C:\WINDOWS\system32\tmp04D6A.FOT
    2014-07-10 12:36 - 2014-07-10 12:36 - 00001409 _____ () C:\WINDOWS\system32\tmp02D6A.FOT
    2014-07-10 11:32 - 2014-07-10 11:23 - 00000000 ____D () C:\AdwCleaner
    2014-07-09 19:41 - 2012-11-15 21:38 - 00000000 ____D () C:\Documents and Settings\New\Application Data\uTorrent
    2014-07-09 19:37 - 2014-07-09 19:37 - 00006904 _____ () C:\WINDOWS\FaxSetup.log
    2014-07-09 19:37 - 2014-07-09 19:37 - 00006638 _____ () C:\WINDOWS\iis6.log
    2014-07-09 19:37 - 2014-07-09 19:37 - 00005816 _____ () C:\WINDOWS\ocgen.log
    2014-07-09 19:37 - 2014-07-09 19:37 - 00004591 _____ () C:\WINDOWS\tsoc.log
    2014-07-09 19:37 - 2014-07-09 19:37 - 00002502 _____ () C:\WINDOWS\comsetup.log
    2014-07-09 19:37 - 2014-07-09 19:37 - 00001891 _____ () C:\WINDOWS\imsins.log
    2014-07-09 19:37 - 2014-07-09 19:37 - 00001864 _____ () C:\WINDOWS\msmqinst.log
    2014-07-09 19:37 - 2014-07-09 19:37 - 00001810 _____ () C:\WINDOWS\ntdtcsetup.log
    2014-07-09 19:37 - 2014-07-09 19:37 - 00001592 _____ () C:\WINDOWS\netfxocm.log
    2014-07-09 19:37 - 2014-07-09 19:37 - 00000719 _____ () C:\WINDOWS\MedCtrOC.log
    2014-07-09 19:37 - 2014-07-09 19:37 - 00000473 _____ () C:\WINDOWS\msgsocm.log
    2014-07-09 19:37 - 2014-07-09 19:37 - 00000469 _____ () C:\WINDOWS\ocmsn.log
    2014-07-09 19:37 - 2014-07-09 19:37 - 00000311 _____ () C:\WINDOWS\tabletoc.log
    2014-07-09 15:26 - 2012-12-18 17:43 - 00000000 ____D () C:\Documents and Settings\New\Desktop\Tony
    2014-07-09 15:15 - 2008-04-14 03:00 - 00001506 _____ () C:\WINDOWS\win.ini
    2014-07-09 14:04 - 2014-07-09 14:08 - 11199152 _____ (Adobe Systems, Inc.) C:\Documents and Settings\New\Desktop\flashplayer_14_sa.exe
    2014-07-09 11:48 - 2014-07-09 11:48 - 00001409 _____ () C:\WINDOWS\system32\tmp8EB47.FOT
    2014-07-09 11:48 - 2014-07-09 11:48 - 00001409 _____ () C:\WINDOWS\system32\tmp71C47.FOT
    2014-07-09 11:48 - 2014-07-09 11:48 - 00001409 _____ () C:\WINDOWS\system32\tmp70C47.FOT
    2014-07-09 11:48 - 2014-07-09 11:48 - 00001409 _____ () C:\WINDOWS\system32\tmp62C47.FOT
    2014-07-08 14:21 - 2014-07-08 14:21 - 00065536 _____ () C:\WINDOWS\Minidump\Mini070814-01.dmp
    2014-07-08 14:21 - 2014-04-08 22:14 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Package Cache
    2014-07-08 14:21 - 2013-01-19 00:09 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB923561$
    2014-07-08 14:21 - 2012-11-04 11:53 - 00000000 ____D () C:\WINDOWS\TDDOWNLOAD
    2014-07-08 14:21 - 2012-10-08 11:35 - 00000000 ____D () C:\WINDOWS\Minidump
    2014-07-08 14:21 - 2012-08-04 11:57 - 2145386496 _____ () C:\WINDOWS\MEMORY.DMP
    2014-07-08 13:57 - 2014-07-08 13:57 - 00000000 ____D () C:\Documents and Settings\New\Local Settings\Application Data\UWebKit151
    2014-07-08 13:57 - 2014-07-08 13:57 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\boost_interprocess
    2014-07-08 13:02 - 2014-07-08 13:02 - 00066073 _____ () C:\Documents and Settings\New\Desktop\bookmarks-2014-07-08.json
    2014-07-07 13:17 - 2014-07-07 13:17 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    2014-07-07 13:17 - 2014-07-07 13:17 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2014-07-07 13:17 - 2014-07-07 13:17 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-07-07 13:04 - 2012-08-03 09:38 - 00032256 ____C () C:\Documents and Settings\New\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2014-07-06 15:48 - 2014-07-06 15:48 - 00001409 _____ () C:\WINDOWS\system32\tmp546EC.FOT
    2014-07-06 15:48 - 2014-07-06 15:48 - 00001409 _____ () C:\WINDOWS\system32\tmp536EC.FOT
    2014-07-06 15:48 - 2014-07-06 15:48 - 00001409 _____ () C:\WINDOWS\system32\tmp476EC.FOT
    2014-07-06 15:48 - 2014-07-06 15:48 - 00001409 _____ () C:\WINDOWS\system32\tmp466EC.FOT
    2014-07-05 21:13 - 2014-07-05 21:13 - 00005632 ___SH () C:\Documents and Settings\Thumbs.db
    2014-07-05 21:13 - 2013-05-27 22:10 - 00055296 ___SH () C:\Documents and Settings\New\Desktop\Thumbs.db
    2014-07-05 21:13 - 2012-08-07 15:18 - 00007168 __SHC () C:\WINDOWS\Thumbs.db
    2014-07-03 20:46 - 2014-07-11 15:21 - 02085772 _____ () C:\Documents and Settings\New\Desktop\rotmg.swf
    2014-07-03 16:31 - 2014-07-03 16:31 - 00006058 _____ () C:\Documents and Settings\New\Desktop\PCCLEANER.bat
    2014-07-01 18:58 - 2014-07-01 16:31 - 00000000 _RSHD () C:\Documents and Settings\New\9p2garka7ur3
    2014-07-01 18:58 - 2013-01-06 19:34 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB956803_0$
    2014-07-01 18:47 - 2013-12-24 19:12 - 00000000 __SHD () C:\Documents and Settings\All Users\Application Data\EKA
    2014-07-01 18:47 - 2013-12-24 18:16 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\UCA
    2014-07-01 18:24 - 2013-01-06 16:27 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2014-07-01 16:57 - 2012-01-19 13:24 - 00002577 ____C () C:\WINDOWS\system32\CONFIG.NT
    2014-07-01 16:31 - 2012-01-19 13:29 - 00000000 ____D () C:\Documents and Settings\New
    2014-06-27 13:47 - 2014-06-19 18:26 - 00000457 _____ () C:\WINDOWS\setupact.log
    2014-06-27 13:47 - 2014-06-19 17:58 - 00048444 _____ () C:\WINDOWS\setupapi.log
    2014-06-26 16:43 - 2014-06-26 16:43 - 00000014 _____ () C:\tristansa.txt
    2014-06-21 15:13 - 2012-09-03 19:30 - 02462454 _____ () C:\WINDOWS\ACD Wallpaper.bmp
    2014-06-21 15:07 - 2012-08-03 21:59 - 00000000 ____D () C:\Family
    2014-06-19 20:17 - 2012-01-19 13:24 - 00000000 ____D () C:\DELL
    2014-06-19 18:26 - 2014-06-19 18:26 - 00000000 _____ () C:\WINDOWS\setuperr.log
    2014-06-18 17:02 - 2014-05-29 13:15 - 00000000 _____ () C:\WINDOWS\Sti_Trace.log

    Files to move or delete:
    ====================
    C:\Documents and Settings\New\TempWmicBatchFile.bat


    Some content of TEMP:
    ====================
    C:\Documents and Settings\Administrator\Local Settings\Temp\swt-win32-3349.dll
    C:\Documents and Settings\New\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfnmkjl.dll
    C:\Documents and Settings\New\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpftekon.dll
    C:\Documents and Settings\New\Local Settings\Temp\wincjll.exe


    ==================== Bamital & volsnap Check =================

    C:\WINDOWS\explorer.exe => MD5 is legit
    C:\WINDOWS\system32\winlogon.exe => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit
    C:\WINDOWS\system32\User32.dll => MD5 is legit
    C:\WINDOWS\system32\userinit.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

    ==================== End Of Log ============================
     
  24. h.tony

    h.tony TS Rookie Topic Starter Posts: 21

    Additional scan result of Farbar Recovery Scan Tool (x86) Version:15-07-2014 01
    Ran by New at 2014-07-18 10:19:08
    Running from C:\Documents and Settings\New\My Documents\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================


    ==================== Installed Programs ======================

    µTorrent (HKLM\...\uTorrent) (Version: 3.2.3.28705 - BitTorrent Inc.)
    360云盘 (HKLM\...\360云盘(网盘版)) (Version: 3.7.4.2291 - 360安全中心)
    7-Zip 9.29 alpha (HKLM\...\7-Zip) (Version: - )
    A+ French (HKLM\...\{9E406967-E1E8-467C-B3F9-D7FE5A33AD00}) (Version: - )
    Acer eDisplay Management (HKLM\...\{A586DC50-B18D-48FB-B7CC-A598200457C2}) (Version: 1.37.007 - Portrait Displays, Inc.)
    Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.5.502.135 - Adobe Systems Incorporated)
    Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
    Adobe Photoshop CS6 (HKLM\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.7) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.7 - Adobe Systems Incorporated)
    Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
    Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc)
    Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{E14ADE0E-75F3-4A46-87E5-26692DD626EC}) (Version: 6.1.0.13 - Apple Inc.)
    Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Audacity 2.0.2 (HKLM\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
    avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2016 - Avast Software)
    Avira (HKLM\...\{a9aa166b-f5d7-419f-92fc-c0c86c93ca53}) (Version: 1.0.5204.23256 - Avira Operations GmbH & Co. KG)
    Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
    Broadcom Gigabit Integrated Controller (HKLM\...\{FC57FC53-104C-415C-98D7-B05E659461A9}) (Version: 10.50.03 - Broadcom Corporation)
    Cambridge Advanced Learner's Dictionary - 3rd Edition (HKLM\...\NSIS_cald3) (Version: - )
    Charles (HKLM\...\Charles_XK72) (Version: - )
    Charles 3.8.3 (HKLM\...\{75A0E0FA-1DAA-43C8-B6B8-C326B069B5BB}) (Version: 3.8.3.3 - XK72 Ltd)
    Cheat Engine 6.4 (HKLM\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine)
    Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
    Copy (HKLM\...\{57FE162C-100E-4E7E-B0F7-3D46B5659DC2}) (Version: 1.43.290.0 - Barracuda Networks, Inc.)
    CopyTrans Suite Remove Only (HKCU\...\CopyTrans Suite) (Version: 2.37 - WindSolutions)
    CyberLink AudioDirector 3 (HKLM\...\InstallShield_{6E44E036-5A82-44ff-994E-122A0A8D2EDF}) (Version: 3.0.2030 - CyberLink Corp.)
    CyberLink AudioDirector 3 (Version: 3.0.2030 - CyberLink Corp.) Hidden
    CyberLink PowerDirector 11 (HKLM\...\InstallShield_{551F492A-01B0-4DC4-866F-875EC4EDC0A8}) (Version: 11.0.0.2110 - CyberLink Corp.)
    CyberLink PowerDirector 11 (Version: 11.0.0.2110 - CyberLink Corp.) Hidden
    CyberLink PowerDVD 8 (HKLM\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.1730 - CyberLink Corp.)
    CyberLink PowerDVD 8 (Version: 8.0.1730 - CyberLink Corp.) Hidden
    Defcon v1.6 (HKLM\...\Defcon_is1) (Version: - Introversion Software Ltd)
    Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
    Evernote v. 5.4.1 (HKLM\...\{A5F7DF42-F67D-11E3-B7EB-00163E98E7D6}) (Version: 5.4.1.3962 - Evernote Corp.)
    FFmpeg v0.6.2 for Audacity (HKLM\...\FFmpeg for Audacity_is1) (Version: - )
    Fiddler (HKLM\...\Fiddler2) (Version: 4.4.4.8 - Telerik)
    Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 5.3.1.606 - Foxit Corporation)
    GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
    Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
    Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Talk Plugin (HKLM\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
    Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
    Handy Recovery 5.5 (HKLM\...\{4196D960-68B0-4BEB-B312-3C1B4654068D}) (Version: 5.5 - SoftLogica)
    Higher Score on the ACT (HKLM\...\Higher Score on the ACT_is1) (Version: - Kaplan)
    HijackThis 1.99.1 (HKLM\...\HijackThis) (Version: 1.99.1 - Soeperman Enterprises Ltd.)
    HP Deskjet 6500 (HKLM\...\{3D50E33F-0DB8-4E3B-B75C-2B872A33D87B}) (Version: 1.00.0000 - Hewlett-Packard)
    HP Software Update (HKLM\...\{B81023A5-71ED-46EB-BE3B-9F974D1155F1}) (Version: 3.0.1.25 - HEWLET~1|Hewlett-Packard)
    HxD Hex Editor version 1.7.7.0 (HKLM\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
    ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
    Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
    iPhoneBrowser (HKLM\...\{C1FCDCA1-2759-4E5E-84EE-3A665BB2F513}) (Version: 1.9.3 - Cranium Consulting and Custom Software)
    iTunes (HKLM\...\{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C}) (Version: 11.0.4.4 - Apple Inc.)
    Java Auto Updater (Version: 2.0.7.1 - Sun Microsystems, Inc.) Hidden
    Java(TM) 6 Update 33 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.330 - Oracle)
    LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version: - )
    Magic Set Editor 2.0.0 (HKLM\...\Magic Set Editor 2_is1) (Version: - )
    Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
    MathExam (HKLM\...\MathExam) (Version: - )
    Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
    Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation)
    Microsoft Office Excel 2007 (HKLM\...\EXCEL) (Version: 12.0.4518.1014 - Microsoft Corporation)
    Microsoft Office Excel 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office OneNote 2007 (HKLM\...\ONENOTE) (Version: 12.0.4518.1014 - Microsoft Corporation)
    Microsoft Office OneNote 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office PowerPoint 2007 (HKLM\...\POWERPOINT) (Version: 12.0.4518.1014 - Microsoft Corporation)
    Microsoft Office PowerPoint 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
    Microsoft Office Project MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Project Professional 2007 (HKLM\...\PRJPRO) (Version: 12.0.4518.1014 - Microsoft Corporation)
    Microsoft Office Project Professional 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Publisher 2007 (HKLM\...\PUBLISHER) (Version: 12.0.4518.1014 - Microsoft Corporation)
    Microsoft Office Publisher 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Visio MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Visio Professional 2007 (HKLM\...\VISPRO) (Version: 12.0.4518.1014 - Microsoft Corporation)
    Microsoft Office Visio Professional 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Word 2007 (HKLM\...\WORD) (Version: 12.0.4518.1014 - Microsoft Corporation)
    Microsoft Office Word 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
    Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
    Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
    Mozilla Firefox 21.0 (x86 en-US) (HKLM\...\Mozilla Firefox 21.0 (x86 en-US)) (Version: 21.0 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 22.0 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 6 Service Pack 2 (KB973686) (HKLM\...\{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}) (Version: 6.20.2003.0 - Microsoft Corporation)
    OpenOffice.org 3.1 (HKLM\...\{E6B87DC4-2B3D-4483-ADFF-E483BF718991}) (Version: 3.1.9420 - OpenOffice.org)
    Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}) (Version: 3.60.0 - dotPDN LLC)
    Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
    PDF Settings CS6 (Version: 11.0 - Adobe Systems Incorporated) Hidden
    Pinnacle Video Driver (HKLM\...\{5EB90C06-964F-4195-B83E-BD7E55C88415}) (Version: 12.00.0017 - Pinnacle Systems)
    Pivot Pro Plugin (Version: 9.50.110 - Portrait Displays, Inc.) Hidden
    PPLite 1.0.0.107 (HKLM\...\PPLite) (Version: - )
    QQ音乐8.4 (HKLM\...\QQMusic) (Version: 8.4 - 腾讯科技(深圳)有限公司)
    QUICKfind server v1.1 (HKLM\...\QUICKfind) (Version: - IDM)
    QuickTime (HKLM\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
    SDK (Version: 2.32.010 - Portrait Displays, Inc.) Hidden
    Sketchpad (HKLM\...\Sketchpad) (Version: - )
    Skype™ 4.0 (HKLM\...\{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}) (Version: 4.0.215 - Skype Technologies S.A.)
    Sothink SWF Catcher (HKLM\...\{49273419-5179-4866-9F71-5CF346F302CF}_is1) (Version: 2.6 - SourceTec Software Co., LTD)
    Sothink SWF Decompiler (HKLM\...\{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1) (Version: 7.3 - SourceTec Software Co., LTD)
    Sothink SWF Editor (HKLM\...\{0BF1DE3D-31B9-417F-A915-4BCC5AAEE3CD}_is1) (Version: 1.3 - SourceTec Software Co., LTD)
    SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.10.01.7265 - Analog Devices)
    Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
    StudioTax 2011 (HKLM\...\{872E469B-81D3-4A19-BE19-85B7B59EED30}) (Version: 7.0.6.4 - BHOK IT Consulting)
    StudioTax 2012 (HKLM\...\{FD31CD68-1D2F-4F9C-8ACB-9A7806D53D3B}) (Version: 8.0.5.1 - BHOK IT Consulting)
    swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    System Requirements Lab CYRI (HKLM\...\{E5F05232-96B6-4552-A480-785A60A94B21}) (Version: 5.0.6.0 - Husdawg, LLC)
    TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
    Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
    Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
    Update for Windows Internet Explorer 8 (KB2632503) (HKLM\...\KB2632503-IE8) (Version: 1 - Microsoft Corporation)
    Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2492386) (HKLM\...\KB2492386) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
    Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2808679) (HKLM\...\KB2808679) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
    VideoLAN VLC media player 0.8.5 (HKLM\...\VLC media player) (Version: 0.8.5 - VideoLAN Team)
    WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
    Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
    Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
    Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation)
    Windows Media Format Runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
    Windows Media Format SDK Hotfix - KB891122 (Version: - Microsoft Corporation) Hidden
    Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
    WinPcap 4.1.2 (HKLM\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
    WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
    WinZip (HKLM\...\WinZip) (Version: - )
    XBMC (HKCU\...\XBMC) (Version: - Team XBMC)
    Yogda 1.0 (HKLM\...\Yogda) (Version: 1.0 - Yogurt Technologies)
    Аrdаmаx Keylogger 4.0.6 (HKLM\...\Аrdаmаx Keylogger 4.0.6) (Version: - )
    射手影音播放器 (HKLM\...\SPlayer) (Version: - )

    ==================== Restore Points =========================

    26-06-2014 04:00:25 System Checkpoint
    27-06-2014 04:21:02 System Checkpoint
    28-06-2014 04:47:03 System Checkpoint
    29-06-2014 05:44:04 System Checkpoint
    30-06-2014 06:05:04 System Checkpoint
    01-07-2014 07:13:11 System Checkpoint
    02-07-2014 07:18:41 System Checkpoint
    03-07-2014 07:36:07 System Checkpoint
    04-07-2014 07:57:08 System Checkpoint
    05-07-2014 08:22:39 System Checkpoint
    06-07-2014 08:58:39 System Checkpoint
    07-07-2014 09:10:40 System Checkpoint
    08-07-2014 10:22:41 System Checkpoint
    09-07-2014 10:58:28 System Checkpoint
    10-07-2014 11:50:33 System Checkpoint
    11-07-2014 11:53:26 System Checkpoint
    12-07-2014 12:07:53 System Checkpoint
    13-07-2014 01:18:38 Installed Evernote v. 5.4.1
    14-07-2014 01:55:49 System Checkpoint
    15-07-2014 03:47:46 System Checkpoint
    16-07-2014 04:50:10 System Checkpoint
    17-07-2014 05:42:41 System Checkpoint
    18-07-2014 05:54:07 System Checkpoint

    ==================== Hosts content: ==========================

    2008-04-14 03:00 - 2013-08-23 12:01 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (whitelisted) =============

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-562591055-1801674531-1003Core.job => C:\Documents and Settings\New\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-562591055-1801674531-1003UA.job => C:\Documents and Settings\New\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2012-05-30 21:06 - 2012-05-30 21:06 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2012-05-30 21:06 - 2012-05-30 21:06 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-04-12 13:00 - 2014-06-11 22:15 - 05579776 _____ () C:\Documents and Settings\New\Application Data\Copy\overlay\Brt.dll
    2012-08-03 20:06 - 2003-05-15 15:43 - 00119808 _____ () C:\Program Files\WinRAR\rarext.dll
    1998-10-17 08:00 - 1998-10-17 08:00 - 00033792 _____ () C:\Program Files\WinZip\WZSHLEXT.DLL
    2014-07-14 11:10 - 2014-07-14 11:10 - 00013994 _____ () C:\Documents and Settings\New\Local Settings\Temp\wincjll.exe
    2014-07-14 14:08 - 2014-07-14 14:08 - 00043008 _____ () c:\Documents and Settings\New\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfnmkjl.dll
    2013-08-23 15:01 - 2013-08-23 15:01 - 25100288 _____ () C:\Documents and Settings\New\Application Data\Dropbox\bin\libcef.dll
    2014-03-20 14:10 - 2014-06-19 09:54 - 01466880 _____ () C:\Documents and Settings\New\Application Data\Copy\Gui.dll
    2014-03-20 14:09 - 2014-06-19 09:54 - 05579776 _____ () C:\Documents and Settings\New\Application Data\Copy\Brt.dll
    2014-03-20 14:12 - 2014-06-19 09:54 - 06574080 _____ () C:\Documents and Settings\New\Application Data\Copy\AgentSync.dll
    2014-03-20 14:10 - 2014-06-19 09:54 - 04025856 _____ () C:\Documents and Settings\New\Application Data\Copy\CloudSync.dll
    2013-07-03 11:41 - 2013-07-03 11:42 - 03285912 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
    2014-03-30 10:22 - 2014-03-30 10:22 - 16276872 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll

    ==================== Alternate Data Streams (whitelisted) =========


    ==================== Safe Mode (whitelisted) ===================

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot => "AlternateShell"=""

    ==================== EXE Association (whitelisted) =============


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    MSCONFIG\startupfolder: C:^Documents and Settings^New^Start Menu^Programs^Startup^Dropbox.lnk => C:\WINDOWS\pss\Dropbox.lnkStartup
    MSCONFIG\startupreg: 4482ED119AA9951FC5D5053474B8E8995690963D._service_run => "C:\Documents and Settings\New\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --type=service
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    MSCONFIG\startupreg: Advanced SystemCare 6 => "C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
    MSCONFIG\startupreg: Akamai NetSession Interface => c:\documents and settings\new\local settings\application data\akamai\netsession_win.exe
    MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    MSCONFIG\startupreg: Copy => "C:\Documents and Settings\New\Application Data\Copy\CopyAgent.exe"
    MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
    MSCONFIG\startupreg: DT ACR =>
    MSCONFIG\startupreg: Google Update => "C:\Documents and Settings\New\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    MSCONFIG\startupreg: HotKeysCmds =>
    MSCONFIG\startupreg: HP Component Manager => c:\program files\hp\hpcoretech\hpcmpmgr.exe
    MSCONFIG\startupreg: HP Software Update =>
    MSCONFIG\startupreg: HPDJ Taskbar Utility =>
    MSCONFIG\startupreg: iFunBox Price Watch => C:\Program Files\iFunbox 2014\iFunBox2014.exe /tray
    MSCONFIG\startupreg: IgfxTray =>
    MSCONFIG\startupreg: IMJPMIG8.1 => "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: KernelFaultCheck => %systemroot%\system32\dumprep 0 -k
    MSCONFIG\startupreg: MSPY2002 => C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    MSCONFIG\startupreg: PDVD8LanguageShortcut =>
    MSCONFIG\startupreg: Persistence =>
    MSCONFIG\startupreg: PHIME2002A => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    MSCONFIG\startupreg: PHIME2002ASync => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    MSCONFIG\startupreg: PivotSoftware =>
    MSCONFIG\startupreg: PPAP =>
    MSCONFIG\startupreg: QuickTime Task =>
    MSCONFIG\startupreg: RemoteControl8 =>
    MSCONFIG\startupreg: RoxioDragToDisc =>
    MSCONFIG\startupreg: RoxioEngineUtility =>
    MSCONFIG\startupreg: Skype => "c:\program files\skype\phone\skype.exe" /nosplash /minimized
    MSCONFIG\startupreg: SoundMAXPnP =>
    MSCONFIG\startupreg: Steam => "C:\Program Files\Steam\Steam.exe" -silent
    MSCONFIG\startupreg: SunJavaUpdateSched =>
    MSCONFIG\startupreg: USB2Check => RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (07/11/2014 00:06:28 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application kernelmoduleunloader.exe, version 0.0.0.0, faulting module kernelmoduleunloader.exe, version 0.0.0.0, fault address 0x00025bbc.
    Processing media-specific event for [kernelmoduleunloader.exe!ws!]

    Error: (07/10/2014 10:27:02 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application acdsee32.exe, version 2.4.1.0, faulting module acdsee32.exe, version 2.4.1.0, fault address 0x0005bfa3.
    Processing media-specific event for [acdsee32.exe!ws!]

    Error: (07/10/2014 00:35:02 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application kernelmoduleunloader.exe, version 0.0.0.0, faulting module kernelmoduleunloader.exe, version 0.0.0.0, fault address 0x00025bc0.
    Processing media-specific event for [kernelmoduleunloader.exe!ws!]

    Error: (07/10/2014 00:34:57 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application cheat engine.exe, version 6.3.0.0, faulting module cheat engine.exe, version 6.3.0.0, fault address 0x0003c673.
    Processing media-specific event for [cheat engine.exe!ws!]


    System errors:
    =============
    Error: (07/14/2014 11:07:26 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The Windows Image Acquisition (WIA) service hung on starting.

    Error: (07/10/2014 00:27:09 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The Windows Image Acquisition (WIA) service hung on starting.

    Error: (07/10/2014 00:16:53 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The Windows Image Acquisition (WIA) service hung on starting.

    Error: (07/10/2014 00:13:56 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The Windows Image Acquisition (WIA) service hung on starting.

    Error: (07/10/2014 11:31:49 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The Windows Image Acquisition (WIA) service hung on starting.

    Error: (07/08/2014 02:44:16 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The Windows Image Acquisition (WIA) service hung on starting.

    Error: (07/08/2014 02:39:21 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The Windows Image Acquisition (WIA) service hung on starting.

    Error: (07/08/2014 02:30:00 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The Windows Image Acquisition (WIA) service hung on starting.

    Error: (07/08/2014 02:23:06 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The Windows Image Acquisition (WIA) service hung on starting.

    Error: (07/01/2014 07:06:07 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.


    Microsoft Office Sessions:
    =========================
    Error: (12/27/2013 03:24:11 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 12224 seconds with 1260 seconds of active time. This session ended with a crash.

    Error: (01/07/2013 08:01:57 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1660 seconds with 360 seconds of active time. This session ended with a crash.

    Error: (12/20/2012 09:13:48 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 195 seconds with 0 seconds of active time. This session ended with a crash.


    ==================== Memory info ===========================

    Percentage of memory in use: 46%
    Total physical RAM: 3061.54 MB
    Available physical RAM: 1624 MB
    Total Pagefile: 4952.14 MB
    Available Pagefile: 3689.21 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1934.92 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:149.05 GB) (Free:71.54 GB) NTFS ==>[Drive with boot components (Windows XP)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: FAFEFC47)
    Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
     
  25. Superdave1941

    Superdave1941 Malware Helper Posts: 152

    Download Combofix from any of the links below, and save it to your DESKTOP.
    If your version of Windows defaults to you download folder you will need to copy it to your desktop.
    Link 1
    Link 2
    Link 3
    To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.
    • Close any open windows and double click ComboFix.exe to run it.
      You will see the following image:
    [​IMG]
    Click I Agree to start the program.
    ComboFix will then extract the necessary files and you will see this:
    [​IMG]
    As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7
    It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    If you did not have it installed, you will see the prompt below. Choose YES.
    [​IMG]
    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    [​IMG]
    Click on Yes, to continue scanning for malware.
    When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
    Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.
    Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.