Inactive Cannot remove malware

h.tony

Posts: 38   +0
Hi there! I recently bought a used PC, great but infected with malware. Task manager and Registry Tool are disabled and I cannot remove it through malwarebytes. Also I cannot seem to download certain .exe files (stuck at 99%, is this a virus causing this problem?).

Thanks!


Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/9/2014
Scan Time: 10:50:43 AM
Logfile: vrsusususus.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.09.05
Rootkit Database: v2014.07.07.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: New

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 304569
Time Elapsed: 20 min, 2 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 7
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify, 1, Good: (0), Bad: (1),Replaced,[a0d9f5a8245747ef40966e25b1535da3]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FirewallDisableNotify, 1, Good: (0), Bad: (1),Replaced,[0c6d0895106bf5410bcc4b482ed602fe]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify, 1, Good: (0), Bad: (1),Replaced,[95e41e7fa3d82f0702d6f0a3c53fd42c]
PUM.Hijack.TaskManager, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableTaskMgr, 1, Good: (0), Bad: (1),Replaced,[0c6dbedf0576fc3a467e2c69dd27718f]
PUM.Hijack.Regedit, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableRegistryTools, 1, Good: (0), Bad: (1),Replaced,[39408b12b6c593a3afb37321ae56da26]
PUM.Hijack.TaskManager, HKU\S-1-5-21-1614895754-562591055-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableTaskMgr, 1, Good: (0), Bad: (1),Replaced,[ceabefaee794f145bf050e873bc96799]
PUM.Hijack.Regedit, HKU\S-1-5-21-1614895754-562591055-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableRegistryTools, 1, Good: (0), Bad: (1),Replaced,[ff7afaa31764ca6ccd95eaaa4eb60cf4]

Folders: 0
(No malicious items detected)

Files: 2

PUP.Optional.Superfish.A, C:\Documents and Settings\New\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Quarantined, [0a6fdebf9cdf77bf2180982c80822cd4],
PUP.Optional.Superfish.A, C:\Documents and Settings\New\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, Quarantined, [86f3c4d9374437ffccd5576d59a9b24e],

Physical Sectors: 0
(No malicious items detected)


(end)



DDS
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by New at 11:22:13 on 2014-07-09
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.1477 [GMT -4:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\DOCUME~1\New\LOCALS~1\Temp\tralwp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\New\Desktop\ACDSEE32.EXE
C:\Documents and Settings\New\Application Data\Copy\CopyAgent.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\New\Application Data\Dropbox\bin\Dropbox.exe
c:\windows\system32\notepad.exe
C:\Documents and Settings\New\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
BHO: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - <orphaned>
BHO: QUICKfind BHO Object: {C08DF07A-3E49-4E25-9AB0-D3882835F153} - c:\program files\idm\quickfind\plugins\IEHelp.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [iFunBox Price Watch] c:\program files\ifunbox 2014\iFunBox2014.exe /tray
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
StartupFolder: c:\docume~1\new\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\new\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\new\startm~1\programs\startup\start.lnk - c:\documents and settings\new\9p2garka7ur3\69890.vbs
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
uPolicies-System: enableTaskMgr = dword:0
uPolicies-System: DisableTaskMgr = dword:1
uPolicies-System: DisableRegistryTools = dword:1
mPolicies-System: EnableLUA = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "c:\program files\fiddler2\new folder\fiddler2\Fiddler.exe"
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1366834660562
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{E0DFBF29-2697-4799-A458-5D934AC31B0D} : DHCPNameServer = 192.168.1.1
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - c:\windows\wc98pp.dll
Handler: tmbp - <Clsid value has no data>
Handler: tmpx - <Clsid value has no data>
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-7-7 1809720]
R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-7-7 860472]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-25 35088]
R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\igfll.sys --> c:\windows\system32\drivers\igfll.sys [?]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-7-7 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-7-7 110296]
S0 cerc6;cerc6; [x]
S0 erdnrxx;erdnrxx;c:\windows\system32\drivers\mfpiix.sys --> c:\windows\system32\drivers\mfpiix.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 EagleXNt;EagleXNt; [x]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 619496]
S3 vwwredzk;vwwredzk;vwwredzk.sys --> vwwredzk.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-12 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 xofhsekc;xofhsekc; [x]
S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S4 PdiService;Portrait Displays SDK Service; [x]
.
=============== File Associations ===============
.
FileExt: .scr: scrfile="%1" %*
FileExt: .txt: Applications\firefox.exe - HKCR\Unknown\Shell=c:\windows\system32\rundll32.exe c:\windows\system32\shell32.dll,OpenAs_RunDLL %1 [UserChoice] [default=openas]
.
=============== Created Last 30 ================
.
2014-07-09 14:52:00 -------- d-----w- c:\program files\Kap.ACTc
2014-07-08 18:59:39 -------- d-----w- c:\program files\iFunbox 2014
2014-07-08 17:57:51 -------- d-----w- c:\documents and settings\new\local settings\application data\UWebKit151
2014-07-08 17:57:34 -------- d-----w- c:\documents and settings\all users\application data\boost_interprocess
2014-07-07 17:17:42 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-07 17:17:22 53208 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-07-07 17:17:22 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-07-07 17:17:22 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-07-06 19:48:06 1409 ----a-w- c:\windows\system32\tmp546EC.FOT
2014-07-06 19:48:06 1409 ----a-w- c:\windows\system32\tmp536EC.FOT
2014-07-06 19:48:06 1409 ----a-w- c:\windows\system32\tmp476EC.FOT
2014-07-06 19:48:06 1409 ----a-w- c:\windows\system32\tmp466EC.FOT
2014-07-01 20:31:38 -------- d-sh--r- c:\documents and settings\new\9p2garka7ur3
.
==================== Find3M ====================
.
.
============= FINISH: 11:22:52.84 ===============
 
Last edited:
ATTACH

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/3/2012 9:03:29 PM
System Uptime: 7/8/2014 2:42:17 PM (21 hours ago)
.
Motherboard: Dell Inc. | | 0RF703
Processor: Intel(R) Pentium(R) D CPU 3.40GHz | Microprocessor | 3391/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 66.254 GiB free.
D: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP939: 6/20/2014 4:57:18 PM - System Checkpoint
RP940: 6/21/2014 4:23:42 PM - Removed Aerochive
RP941: 6/22/2014 10:55:46 PM - System Checkpoint
RP942: 6/23/2014 11:31:16 PM - System Checkpoint
RP943: 6/24/2014 11:59:33 PM - System Checkpoint
RP944: 6/26/2014 12:00:25 AM - System Checkpoint
RP945: 6/27/2014 12:21:02 AM - System Checkpoint
RP946: 6/28/2014 12:47:03 AM - System Checkpoint
RP947: 6/29/2014 1:44:04 AM - System Checkpoint
RP948: 6/30/2014 2:05:04 AM - System Checkpoint
RP949: 7/1/2014 3:13:11 AM - System Checkpoint
RP950: 7/2/2014 3:18:41 AM - System Checkpoint
RP951: 7/3/2014 3:36:07 AM - System Checkpoint
RP952: 7/4/2014 3:57:08 AM - System Checkpoint
RP953: 7/5/2014 4:22:39 AM - System Checkpoint
RP954: 7/6/2014 4:58:39 AM - System Checkpoint
RP955: 7/7/2014 5:10:40 AM - System Checkpoint
RP956: 7/8/2014 6:22:41 AM - System Checkpoint
RP957: 7/9/2014 6:58:28 AM - System Checkpoint
.
==== Installed Programs ======================
.
???????
µTorrent
7-Zip 9.29 alpha
A+ French
Acer eDisplay Management
Adobe Flash Player 11 ActiveX
Adobe Flash Player 12 Plugin
Adobe Photoshop CS6
Adobe Reader X (10.1.7)
Adobe Shockwave Player 11.6
Akamai NetSession Interface
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 2.0.2
avast! Free Antivirus
Avira
Bonjour
Broadcom Gigabit Integrated Controller
Cambridge Advanced Learner's Dictionary - 3rd Edition
Charles
Charles 3.8.3
Cisco WebEx Meetings
Copy
CopyTrans Suite Remove Only
CyberLink AudioDirector 3
CyberLink PowerDirector 11
CyberLink PowerDVD 8
Defcon v1.6
Dropbox
FFmpeg v0.6.2 for Audacity
Fiddler
Foxit Reader
GIMP 2.8.4
Google Chrome
Google Earth
Google Talk Plugin
Google Update Helper
Handy Recovery 5.5
Higher Score on the ACT
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HP Deskjet 6500
HP Software Update
HxD Hex Editor version 1.7.7.0
iFunBox 2014 (v3.1.562.425), iFunbox DevTeam
Intel(R) Graphics Media Accelerator Driver
iPhoneBrowser
iTunes
Java Auto Updater
Java(TM) 6 Update 33
LAME v3.99.3 (for Windows)
Magic Set Editor 2.0.0
Malwarebytes Anti-Malware version 2.0.2.1012
MathExam
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Office Excel 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office OneNote 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Edition 2003
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Word 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
Mozilla Firefox 21.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
OpenOffice.org 3.1
Paint.NET v3.5.10
Pando Media Booster
PDF Settings CS6
Pinnacle Video Driver
Pivot Pro Plugin
PPLite 1.0.0.107
QQ??8.4
QUICKfind server v1.1
QuickTime
SDK
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB2879017)
Security Update for Windows Internet Explorer 8 (KB2888505)
Security Update for Windows Internet Explorer 8 (KB2898785)
Security Update for Windows Internet Explorer 8 (KB2909210)
Security Update for Windows Internet Explorer 8 (KB2925418)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834903-v2)
Security Update for Windows Media Player (KB2834903)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219-v2)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135-v2)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2893984)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB2914368)
Security Update for Windows XP (KB2916036)
Security Update for Windows XP (KB2929961)
Security Update for Windows XP (KB2930275)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Sketchpad
Skype™ 4.0
Sothink SWF Catcher
Sothink SWF Decompiler
Sothink SWF Editor
SoundMAX
Steam
StudioTax 2011
StudioTax 2012
swMSM
System Requirements Lab CYRI
TeamSpeak 3 Client
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2808679)
Update for Windows XP (KB2863058)
Update for Windows XP (KB2904266)
Update for Windows XP (KB2934207)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VideoLAN VLC media player 0.8.5
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format Runtime
Windows Media Format SDK Hotfix - KB891122
Windows XP Service Pack 3
WinPcap 4.1.2
WinRAR archiver
WinZip
XBMC
Yogda 1.0
.
==== Event Viewer Messages From Past Week ========
.
7/8/2014 2:23:06 PM, error: Service Control Manager [7022] - The Windows Image Acquisition (WIA) service hung on starting.
.
==== End Of File ===========================
 
Problems - Super slow start up boot, unable to boot PC in safe mode (error, then restarts in normal mode), Unable to use task manager, registry edit is also disabled, and downloads usually are stuck at 99%.
 
Hello and welcome to TechSpot.com My name is Dave. I will be helping you out with your particular problem on your computer.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
P2P - I see you have P2P software installed on your machine. (µTorrent) We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.
Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
***************************************
StartupLite
Download StartupLite by MalwareBytes to your Desktop.
Doubleclick StartupLite.exe to launch the program.
Ensure the Disable box is checked.
Click Continue.
A pop up message will tell you the unecessary startup items in your list have been disabled and ask you to restart your computer.
Re-start your computer.
**************************************
Update Your Java (JRE)
Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version
If there are any other version(s) installed then update now.
Get the new version (if needed)
If your version is out of date install the newest version of the Sun Java Runtime Environment.
Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Be sure to close ALL open web browsers before starting the installation.
Remove any old versions
1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.
Additional Note:
The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
*********************************************
Please download AdwCleaner by Xplode onto your Desktop.
Before starting AdwCleaner, close all open programs and internet browsers, then double-click on the AdwCleaner icon.
AdwCleaner-icon.jpg

If Windows prompts you as to whether or not you wish to run AdwCleaner, please allow it to run.
When the AdwCleaner program will open, click on the Scan button as shown below.
untitled.png

AdwCleaner will now start to search for malicious files that may be installed on your computer.
To remove the files that were detected in the previous step, please click on the Clean button.
3.png

AdwCleaner will now prompt you to save any open files or data as the program will need to reboot the computer. Please do so and then click on the OK button. AdwCleaner will now delete all detected adware from your computer. When it is done it will display an alert that explains what PUPs (Potentially Unwanted Programs) and Adware are. Please read through this information and then press the OK button. You will now be presented with an alert that states AdwCleaner needs to reboot your computer.
Please click on the OK button to allow AdwCleaner reboot your computer.A log will be produced. Please copy and paste this log in your next reply.
*********************************************
mbamicontw5.gif
Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.
  • It should update automatically if the computer is connected to the internet.
  • Click on Threat Scan and click on Scan Now.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete make sure all the infections have "quarantine" selected in the Action box.
  • Click on "Quarantine All" You may be asked to Restart your computer to completely remove the infections.
  • When disinfection is completed you can click on "Copy to Clipboard".
  • Paste the log in you next reply (CTRL+ V)
*********************************************
Please download Junkware Removal Tool to your desktop.
Warning! Once the scan is complete JRT will shut down your browser with NO warning.
Shut down your protection software now to avoid potential conflicts.
•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
•The tool will open and start scanning your system.
•Please be patient as this can take a while to complete depending on your system's specifications.
•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
•Copy and Paste the JRT.txt log into your next message.
**********************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.
Link 1
Link 2
* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
 
Hi Dave, thanks for the help.
I tried to uninstall uTorrent but I was unable to locate it in the add/remove list.
Also when updating java, I am once again stuck, the download speed goes down to 0 byte/second. I have no clue why but downloading the other programs you have suggested works just fine.

AdwCleaner
# AdwCleaner v3.215 - Report created 10/07/2014 at 11:
25:21
# Updated 09/07/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : New - FAMILYCOMPUTER
# Running from : C:\Tony1\VIRUS REMOVAL\adwcleaner_3.215.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\Tencent
Folder Deleted : C:\Program Files\Common Files\Tencent
Folder Deleted : C:\Documents and Settings\New\Local Settings\Application Data\iLivid
Folder Deleted : C:\Documents and Settings\New\Application Data\Tencent
File Deleted : C:\Documents and Settings\New\Local Settings\Application

Data\Google\Chrome\User Data\Default\Local

Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Documents and Settings\New\Local Settings\Application

Data\Google\Chrome\User Data\Default\Local

Storage\hxxp_www.superfish.com_0.localstorage-journal

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Value Deleted :

HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Standard

Profile\AuthorizedApplications\List [C:\Program Files\Common

Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe]
Value Deleted :

HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Standard

Profile\AuthorizedApplications\List [C:\DOCUME~1\New\LOCALS~1

\Temp\cetrainers\CET556.tmp\extracted\Dungeon Rampage Hack Tool V1.4.EXE]
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Somoto
Key Deleted : HKCU\Software\TENCENT
Key Deleted : HKLM\Software\TENCENT
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App

Management\ARPCache\FilesFrog Update Checker

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v21.0 (en-US)

[ File : C:\Documents and Settings\New\Application

Data\Mozilla\Firefox\Profiles\58s0tfcx.default-1404838983112\prefs.js ]


-\\ Google Chrome v

[ File : C:\Documents and Settings\New\Local Settings\Application Data\Google\Chrome\User

Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [2480 octets] - [10/07/2014 11:23:39]
AdwCleaner[S0].txt - [2435 octets] - [10/07/2014 11:25:21]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2495 octets] ##########

Malwarebytes Anti-Malware

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/10/2014
Scan Time: 11:41:10 AM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.09.13
Rootkit Database: v2014.07.09.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: New

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 304693
Time Elapsed: 17 min, 57 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 7
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify, 1, Good: (0), Bad: (1),,[f1909effbac1191d6a52eea662a26799]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FirewallDisableNotify, 1, Good: (0), Bad: (1),,[d3aee7b6f08b47ef3489e2b2e81cb24e]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify, 1, Good: (0), Bad: (1),,[87fa9a035c1fbf77ba042d67fc08669a]
PUM.Hijack.TaskManager, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableTaskMgr, 1, Good: (0), Bad: (1),,[96eb2e6f1f5c89adadfdeda9a75dad53]
PUM.Hijack.Regedit, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableRegistryTools, 1, Good: (0), Bad: (1),,[166bcfce502b96a02721593c45bfa35d]
PUM.Hijack.TaskManager, HKU\S-1-5-21-1614895754-562591055-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableTaskMgr, 1, Good: (0), Bad: (1),,[0978722baecd6dc9d5d524723bc9c13f]
PUM.Hijack.Regedit, HKU\S-1-5-21-1614895754-562591055-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableRegistryTools, 1, Good: (0), Bad: (1),,[49385d404b3058de6ddb9500996b6a96]

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Junkware Removal Tool
When I run it, all it does is open a blank cmd.exe

Security Check by screen317It said "no instance(s) available"

 
I almost never restart my PC because upon start up only my wallpaper shows, no icons, no start menu, nothing. I am currently using my laptop. I hear you can delete explore.exe then add it again through task manager but I cannot because my task manager is disabled.

Edit: I fortunately got lucky after restarting my PC 3-4 times my icons reappeared.
 
When I run it, all it does is open a blank cmd.exe
Does it say "press any key to continue?"
Malwarebytes' Anti-Rootkit
Please download Malwarebytes' Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page for performing a scan.
  • Caution: This is a beta version so also read the disclaimer and back up all your data before using.
  • When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
  • Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
  • Copy and paste the contents of these two log files in your next reply.
 
I'd like to scan your machine with ESET OnlineScan
•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the
esetOnline.png
button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on
    esetSmartInstall.png
    to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the
    esetSmartInstallDesktopIcon-1.png
    icon on your desktop.
•Check
esetAcceptTerms.png

•Click the
esetStart.png
button.
•Accept any security warnings from your browser.
  • Leave the check mark next to Remove found threats.
•Check
esetScanArchives.png

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
esetListThreats.png

•Push
esetExport.png
, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the
esetBack.png
button.
•Push
esetFinish.png

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
 
Ok, please try this one.
Please go to Kaspersky website and perform an online antivirus scan.
1. Read through the requirements and privacy statement and click on Accept button.
2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
3. When the downloads have finished, click on Settings.
4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
Spyware, Adware, Dialers, and other potentially dangerous programs
Archives

5. Click on My Computer under Scan.
6. Once the scan is complete, it will display the results. Click on View Scan Report.
7. You will see a list of infected items there. Click on Save Report As....
8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
9. Please post this log in your next reply.
 
This is getting annoying, there seems to be a virus that blocks these files from being downloaded, this is what I get.



I do have a "HijackThis" scan log if that is any way beneficial.
 
Let's try this one to repair the proxy problem.
Please download MiniToolBox to Desktop and run it.
MiniToolBox.png

Checkmark the following boxes:

  • [*]Flush DNS
    [*]Report IE Proxy Settings
    [*]Reset IE Proxy Settings
    [*]List content of Hosts
    [*]List IP Configuration
    [*]Lst Last 10 Event Viewer Errors
    [*]List Users, Partitions and Memory Size
Click Go and copy/paste the log (Result.txt) into your next post.
 
MiniToolBox by Farbar Version: 06-07-2014
Ran by New (administrator) on 14-07-2014 at 16:04:02
Running from "C:\Documents and Settings\New\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Could not flush the DNS Resolver Cache: Function failed during execution.




========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

Broadcom NetXtreme 57xx Gigabit Controller = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : FAMILYCOMPUTER

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller

Physical Address. . . . . . . . . : 00-19-B9-28-49-E3

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.118

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

Lease Obtained. . . . . . . . . . : Monday, July 14, 2014 11:05:52 AM

Lease Expires . . . . . . . . . . : Tuesday, July 15, 2014 11:05:52 AM

Server: router.asus.com
Address: 192.168.1.1

Name: google.com
Addresses: 173.194.43.64, 173.194.43.65, 173.194.43.66, 173.194.43.67
173.194.43.68, 173.194.43.69, 173.194.43.70, 173.194.43.71, 173.194.43.72
173.194.43.73, 173.194.43.78



Pinging google.com [173.194.43.78] with 32 bytes of data:



Reply from 173.194.43.78: bytes=32 time=24ms TTL=58

Reply from 173.194.43.78: bytes=32 time=22ms TTL=58



Ping statistics for 173.194.43.78:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 22ms, Maximum = 24ms, Average = 23ms

Server: router.asus.com
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.138.253.109, 98.139.183.24, 206.190.36.45



Pinging yahoo.com [206.190.36.45] with 32 bytes of data:



Reply from 206.190.36.45: bytes=32 time=100ms TTL=48

Reply from 206.190.36.45: bytes=32 time=96ms TTL=48



Ping statistics for 206.190.36.45:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 96ms, Maximum = 100ms, Average = 98ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Reply from 127.0.0.1: bytes=32 time<1ms TTL=64



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 19 b9 28 49 e3 ...... Broadcom NetXtreme 57xx Gigabit Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.118 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.118 192.168.1.118 20
192.168.1.118 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.118 192.168.1.118 20
224.0.0.0 240.0.0.0 192.168.1.118 192.168.1.118 20
255.255.255.255 255.255.255.255 192.168.1.118 192.168.1.118 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/11/2014 00:06:28 PM) (Source: Application Error) (User: )
Description: Faulting application kernelmoduleunloader.exe, version 0.0.0.0, faulting module kernelmoduleunloader.exe, version 0.0.0.0, fault address 0x00025bbc.
Processing media-specific event for [kernelmoduleunloader.exe!ws!]

Error: (07/10/2014 10:27:02 PM) (Source: Application Error) (User: )
Description: Faulting application acdsee32.exe, version 2.4.1.0, faulting module acdsee32.exe, version 2.4.1.0, fault address 0x0005bfa3.
Processing media-specific event for [acdsee32.exe!ws!]

Error: (07/10/2014 00:35:02 PM) (Source: Application Error) (User: )
Description: Faulting application kernelmoduleunloader.exe, version 0.0.0.0, faulting module kernelmoduleunloader.exe, version 0.0.0.0, fault address 0x00025bc0.
Processing media-specific event for [kernelmoduleunloader.exe!ws!]

Error: (07/10/2014 00:34:57 PM) (Source: Application Error) (User: )
Description: Faulting application cheat engine.exe, version 6.3.0.0, faulting module cheat engine.exe, version 6.3.0.0, fault address 0x0003c673.
Processing media-specific event for [cheat engine.exe!ws!]


System errors:
=============
Error: (07/14/2014 11:07:26 AM) (Source: Service Control Manager) (User: )
Description: The Windows Image Acquisition (WIA) service hung on starting.

Error: (07/10/2014 00:27:09 PM) (Source: Service Control Manager) (User: )
Description: The Windows Image Acquisition (WIA) service hung on starting.

Error: (07/10/2014 00:16:53 PM) (Source: Service Control Manager) (User: )
Description: The Windows Image Acquisition (WIA) service hung on starting.

Error: (07/10/2014 00:13:56 PM) (Source: Service Control Manager) (User: )
Description: The Windows Image Acquisition (WIA) service hung on starting.

Error: (07/10/2014 11:31:49 AM) (Source: Service Control Manager) (User: )
Description: The Windows Image Acquisition (WIA) service hung on starting.

Error: (07/08/2014 02:44:16 PM) (Source: Service Control Manager) (User: )
Description: The Windows Image Acquisition (WIA) service hung on starting.

Error: (07/08/2014 02:39:21 PM) (Source: Service Control Manager) (User: )
Description: The Windows Image Acquisition (WIA) service hung on starting.

Error: (07/08/2014 02:30:00 PM) (Source: Service Control Manager) (User: )
Description: The Windows Image Acquisition (WIA) service hung on starting.

Error: (07/08/2014 02:23:06 PM) (Source: Service Control Manager) (User: )
Description: The Windows Image Acquisition (WIA) service hung on starting.

Error: (07/01/2014 07:06:07 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.


Microsoft Office Sessions:
=========================
Error: (12/27/2013 03:24:11 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 12224 seconds with 1260 seconds of active time. This session ended with a crash.

Error: (01/07/2013 08:01:57 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1660 seconds with 360 seconds of active time. This session ended with a crash.

Error: (12/20/2012 09:13:48 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 195 seconds with 0 seconds of active time. This session ended with a crash.


========================= Memory info: ===================================

Percentage of memory in use: 48%
Total physical RAM: 3061.54 MB
Available physical RAM: 1561.78 MB
Total Pagefile: 4952.14 MB
Available Pagefile: 3433.83 MB
Total Virtual: 2047.88 MB
Available Virtual: 1959.36 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:149.05 GB) (Free:69.37 GB) NTFS

========================= Users: ========================================

User accounts for \\FAMILYCOMPUTER

Administrator ASPNET Guest
HelpAssistant New SUPPORT_388945a0


**** End of log ****
 
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on
    esetSmartInstall.png
  • Double click on the
    esetSmartInstallDesktopIcon-1.png
•Check
esetAcceptTerms.png
•Click the
esetStart.png
•Accept any security warnings from your browser.
  • Leave the check mark next to Remove found threats.
•Check
esetScanArchives.png
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
esetListThreats.png
•Push
esetExport.png
•Push the
esetBack.png
•Push
esetFinish.png
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

This is what I followed, as you told me.
 
Ok I tried doing an online scan rather then downloading the exe. But now a new problem arises. The web page cannot be loaded, is this a virus that I am unaware of? I tried loading up the web page on another PC and it worked perfectly. The way I downloaded esetsmartinstaller_enu.exe, was downloading it from my laptop then transferring the exe to this PC. It just gets stuck on the loading screen for Mozilla, explorer and chrome.

Chrome

Mozilla

The website is up but I cannot open it
 
Please download Farbar Service Scanner to the desktop and run it on the computer with the issue.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Make sure FRST is run under administrator privileges.
Make sure that the Whitelist section is checked.Otherwise, the log will be very long.
You Security programs may prevent the tool from running. If this happens, disable the security program until the scan is completed.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press "Scan".

  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-07-2014 01
Ran by New (administrator) on FAMILYCOMPUTER on 18-07-2014 10:16:47
Running from C:\Documents and Settings\New\My Documents\Downloads
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link for 64-Bit Version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST:

==================== Processes (Whitelisted) =================

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\WINDOWS\system32\MsPMSPSv.exe
() C:\DOCUME~1\New\LOCALS~1\Temp\wincjll.exe
(Dropbox, Inc.) C:\Documents and Settings\New\Application Data\Dropbox\bin\Dropbox.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Barracuda Networks, Inc.) C:\Documents and Settings\New\Application Data\Copy\CopyAgent.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKU\.DEFAULT\...\Policies\Explorer: [CDRAutoRun] 0
HKU\S-1-5-21-1614895754-562591055-1801674531-1003\...\Run: [iFunBox Price Watch] => C:\Program Files\iFunbox 2014\iFunBox2014.exe /tray
HKU\S-1-5-21-1614895754-562591055-1801674531-1003\...\RunOnce: [FlashPlayerUpdate] - C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_12_0_0_77_Plugin.exe [914824 2014-03-30] (Adobe Systems Incorporated)
HKU\S-1-5-21-1614895754-562591055-1801674531-1003\...\Policies\system: [enableTaskMgr] 0
HKU\S-1-5-21-1614895754-562591055-1801674531-1003\...\Policies\system: [DisableTaskMgr] 1
HKU\S-1-5-21-1614895754-562591055-1801674531-1003\...\Policies\system: [DisableRegistryTools] 1
HKU\S-1-5-21-1614895754-562591055-1801674531-1003\...\MountPoints2: {2aec11e4-dde6-11e1-a656-0019b92849e3} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1614895754-562591055-1801674531-1003\...\MountPoints2: {6a747eb4-66a3-11e3-a824-0019b92849e3} - E:\launcher.exe
HKU\S-1-5-21-1614895754-562591055-1801674531-1003\...\MountPoints2: {cc2fd02a-e4b9-11e1-a668-0019b92849e3} - E:\kxfspf.cmd
Startup: C:\Documents and Settings\New\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\New\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Documents and Settings\New\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Documents and Settings\New\Start Menu\Programs\Startup\start.lnk
ShortcutTarget: start.lnk -> C:\Documents and Settings\New\9p2garka7ur3\69890.vbs (No File)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: 1aCopyShExtError -> {83BEA36E-7680-4598-A4DF-994426F6E78D} => C:\Documents and Settings\New\Application Data\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: 2aCopyShExtSynced -> {845B7388-6F85-4F32-9FD5-F02DC7882B89} => C:\Documents and Settings\New\Application Data\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: 3aCopyShExtSyncing -> {F6378A7A-F753-449B-AE1B-997A96132E61} => C:\Documents and Settings\New\Application Data\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: 4aCopyShExtSyncingProg1 -> {3A511828-777D-46F8-82F4-5B530C1B3D9E} => C:\Documents and Settings\New\Application Data\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: 5aCopyShExtSyncingProg2 -> {C8C88204-5B14-40EC-BA72-8AEBC762047E} => C:\Documents and Settings\New\Application Data\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: 6aCopyShExtSyncingProg3 -> {ACFF45C3-3EEB-4351-86C2-6696BA264239} => C:\Documents and Settings\New\Application Data\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: 7aCopyShExtSyncingProg4 -> {29AF997F-488B-46F0-AE78-7146F1B89CC3} => C:\Documents and Settings\New\Application Data\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: 8aCopyShExtSyncingProg5 -> {03F9AD29-1C78-4B66-8890-B177B5430C53} => C:\Documents and Settings\New\Application Data\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
BootExecute:
AlternateShell:

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO: QUICKfind BHO Object -> {C08DF07A-3E49-4E25-9AB0-D3882835F153} -> C:\Program Files\IDM\QUICKfind\PlugIns\IEHelp.dll (IDM)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - C:\WINDOWS\wc98pp.dll ()
Handler: tmbp - No CLSID Value -
Handler: tmpx - No CLSID Value -
Winsock: Catalog5 01 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\New\Application Data\Mozilla\Firefox\Profiles\58s0tfcx.default-1404838983112
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=1.6.0_33 - C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @pptv.com/plugin - C:\Program Files\Internet Explorer\PPLite\plugin\1.0.0.54\npplugin2.dll (PPLive Corporation)
FF Plugin: @qq.com/QzoneMusic - C:\Program Files\Tencent\QQMusic\npQzoneMusic.dll No File
FF Plugin: @qq.com/TXSSO - C:\Program Files\Common Files\Tencent\TXSSO\1.2.1.42\Bin\npSSOAxCtrlForPTLogin.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Documents and Settings\New\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Documents and Settings\New\Application Data\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\New\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\New\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Documents and Settings\New\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\New\Application Data\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\New\Application Data\mozilla\plugins\npo1d.dll (Google)
FF Extension: Firefox Old Version Update Hotfix - C:\Documents and Settings\New\Application Data\Mozilla\Firefox\Profiles\58s0tfcx.default-1404838983112\Extensions\firefox-hotfix@mozilla.org.xpi [2014-07-16]
FF Extension: Tamper Data - C:\Documents and Settings\New\Application Data\Mozilla\Firefox\Profiles\58s0tfcx.default-1404838983112\Extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi [2014-07-08]
FF Extension: Adblock Plus - C:\Documents and Settings\New\Application Data\Mozilla\Firefox\Profiles\58s0tfcx.default-1404838983112\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-08]
FF HKLM\...\Firefox\Extensions: [fiddlerhook@fiddler2.com] - C:\Program Files\Fiddler2\New Folder\Fiddler2\FiddlerHook
FF Extension: FiddlerHook - C:\Program Files\Fiddler2\New Folder\Fiddler2\FiddlerHook [2013-08-02]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-03-22]
FF HKLM\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1107\7.5.1107\firefoxextension

Chrome:
=======
CHR HomePage: https://www.google.ca/
CHR NewTab: "chrome-extension://mgmiemnjjchgkmgbeljfocdjjnpjnmcg/ntp.html"
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\New\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\New\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\New\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Advanced SystemCare 6) - C:\Documents and Settings\New\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\Plugin/ASCPlugin_Protect.dll No File
CHR Plugin: (Google Talk Plugin) - C:\Documents and Settings\New\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Documents and Settings\New\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll No File
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Documents and Settings\New\Application Data\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (ActiveTouch General Plugin Container) - C:\Program Files\Windows Media Player\npatgpc.dll (Cisco WebEx LLC)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (NPPlayerShell) - C:\Documents and Settings\New\Application Data\TrianglePlayer\NPTrianglePlayer.dll No File
CHR Plugin: (GBoxRuner plugin) - C:\Documents and Settings\New\Application Data\gbox\npgboxruner.dll No File
CHR Plugin: (Google Update) - C:\Documents and Settings\New\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Unity Player) - C:\Documents and Settings\New\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (Tencent SSO Platform) - C:\Program Files\Common Files\Tencent\TXSSO\1.2.1.42\Bin\npSSOAxCtrlForPTLogin.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (PPLive PPTV Plugin) - C:\Program Files\Internet Explorer\PPLite\plugin\1.0.0.54\npplugin2.dll (PPLive Corporation)
CHR Plugin: (Java(TM) Platform SE 6 U33) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Pando Web Plugin) - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (QQMusic) - C:\Program Files\Tencent\QQMusic\npQzoneMusic.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.330.5) - C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\New\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
CHR Extension: (Rumola - bypass CAPTCHA) - C:\Documents and Settings\New\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bjjgbdlbgjeoankjijbmheneoekbghcg [2013-01-25]
CHR Extension: (YouTube) - C:\Documents and Settings\New\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-09-06]
CHR Extension: (SwagBucks Automator) - C:\Documents and Settings\New\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\boaomhhoelpgkkiiabmokphjeikjiomp [2013-01-25]
CHR Extension: (Google Search) - C:\Documents and Settings\New\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-09-06]
CHR Extension: (Awesome Bookmarks Widget [ANTP]) - C:\Documents and Settings\New\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cpomkeboefacdfaoklfekfleengjeodf [2013-03-09]
CHR Extension: (HD Tv) - C:\Documents and Settings\New\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gdphnleahbbooddgjimkaoibgpipekml [2013-03-09]
CHR Extension: (AdBlock) - C:\Documents and Settings\New\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-10-29]
CHR Extension: (Hola Better Internet) - C:\Documents and Settings\New\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-06-30]
CHR Extension: (Awesome Weather Widget [ANTP]) - C:\Documents and Settings\New\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\goeepbfnllchoihkoiecpkkekbpfiboc [2013-03-09]
CHR Extension: (Awesome Calculator Widget [ANTP]) - C:\Documents and Settings\New\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hmmkgfainefimmjkdnbgejialadhhegh [2013-03-09]
CHR Extension: (Meta-Tile Widget [ANTP]) - C:\Documents and Settings\New\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ibhffciboaodhfapmcpckhbdpbjjppan [2013-03-09]
CHR Extension: (Arcane Legends) - C:\Documents and Settings\New\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ibmlkgieigeddcedpbijnpojheoddido [2013-05-22]
CHR Extension: (Digital Clock Widget [ANTP]) - C:\Documents and Settings\New\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ikimcdcgajipgcoehakmgloecbaacmoj [2013-03-09]
CHR Extension: (Metro Style Clock Widget [ANTP]) - C:\Documents and Settings\New\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lnmmppckdogcdbnnebgndgnmkdoedoki [2013-03-09]
CHR Extension: (Google Dictionary (by Google)) - C:\Documents and Settings\New\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2012-09-06]
CHR Extension: (Awesome New Tab Pageâ„¢) - C:\Documents and Settings\New\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mgmiemnjjchgkmgbeljfocdjjnpjnmcg [2013-03-09]
CHR Extension: (Google Wallet) - C:\Documents and Settings\New\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Documents and Settings\New\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-09-06]
CHR Extension: (Abstract-Blue) - C:\Documents and Settings\New\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\plnacehkknmafkjgkikclamogikoiaaa [2012-10-29]
CHR HKLM\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1107\7.5.1107\chrome_tmbep.crx [2012-10-29]

========================== Services (Whitelisted) =================

ATTENTION: => Could not perform signature verification. Cryptographic Service is not running.

R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [930104 2014-05-12] (Malwarebytes Corporation)
S4 npggsvc; C:\WINDOWS\system32\GameMon.des [3953632 2012-03-05] (INCA Internet Co., Ltd.)
R2 WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [53248 2001-05-01] (Microsoft Corporation)
S4 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [X]
S4 DTSRVC; No ImagePath
S4 MozillaMaintenance; No ImagePath
S4 PdiService; No ImagePath
S4 RichVideo; No ImagePath
S3 rpcapd; No ImagePath

==================== Drivers (Whitelisted) ====================

S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 DCamUSBEMPIA; C:\WINDOWS\System32\DRIVERS\emDevice.sys [100957 2005-12-21] (eMPIA Technology, Inc.)
S3 emAudio; C:\WINDOWS\System32\drivers\emAudio.sys [22528 2006-12-12] (Pinnacle Systems GmbH)
S3 FiltUSBEMPIA; C:\WINDOWS\System32\DRIVERS\emFilter.sys [5245 2005-12-21] (eMPIA Technology, Inc.)
R1 FsVga; C:\WINDOWS\System32\DRIVERS\fsvga.sys [12160 2004-08-12] (Microsoft Corporation)
R3 MarvinBus; C:\WINDOWS\System32\DRIVERS\MarvinBus.sys [171520 2005-09-24] (Pinnacle Systems GmbH)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-07-16] (Malwarebytes Corporation)
S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-14] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.)
R3 PdiPorts; C:\WINDOWS\System32\Drivers\PdiPorts.sys [17328 2012-04-13] (Portrait Displays, Inc.)
S1 Pivot; C:\WINDOWS\System32\drivers\pivot.sys [17465 2010-05-13] (Portrait Displays, Inc.)
S3 pivotmou; C:\WINDOWS\System32\drivers\pivotmou.sys [11323 2010-05-13] (Portrait Displays, Inc.)
S3 ScanUSBEMPIA; C:\WINDOWS\System32\DRIVERS\emScan.sys [4493 2005-12-21] (eMPIA Technology, Inc.)
R3 abp470n5; \??\C:\WINDOWS\system32\drivers\igfll.sys [X]
S0 cerc6; No ImagePath
S3 EagleXNt; No ImagePath
S0 erdnrxx; System32\drivers\mfpiix.sys [X]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U3 tmeevw;
S3 vwwredzk; vwwredzk.sys [X]
U1 WS2IFSL;
S3 xofhsekc; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-18 10:15 - 2014-07-18 10:16 - 00000000 ____D () C:\FRST
2014-07-18 10:11 - 2014-07-18 10:11 - 00415744 _____ (Farbar) C:\Documents and Settings\New\Desktop\FSS.exe
2014-07-17 22:02 - 2014-07-17 22:02 - 00001528 _____ () C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
2014-07-17 22:02 - 2014-07-17 22:02 - 00000000 ____D () C:\Program Files\ImgBurn
2014-07-17 22:02 - 2014-07-17 22:02 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ImgBurn
2014-07-14 10:40 - 2014-07-14 10:45 - 00000000 ____D () C:\Program Files\HijackThis
2014-07-14 10:24 - 2014-07-14 10:22 - 00482112 _____ (Kaspersky Lab) C:\Documents and Settings\New\Desktop\setup.exe
2014-07-13 10:57 - 2014-07-13 10:57 - 00000000 ____D () C:\Program Files\ESET
2014-07-13 10:57 - 2014-07-13 10:56 - 02425208 _____ (ESET) C:\Documents and Settings\New\Desktop\esetsmartinstaller_enu.exe
2014-07-12 21:19 - 2014-07-12 21:19 - 00000000 ____D () C:\Documents and Settings\New\Local Settings\Application Data\Evernote
2014-07-12 21:19 - 2014-07-12 21:19 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Evernote
2014-07-12 21:18 - 2014-07-12 21:18 - 00000625 _____ () C:\Documents and Settings\New\Desktop\Evernote.lnk
2014-07-12 21:18 - 2014-07-12 21:18 - 00000000 ____D () C:\Program Files\Evernote
2014-07-11 15:21 - 2014-07-03 20:46 - 02085772 _____ () C:\Documents and Settings\New\Desktop\rotmg.swf
2014-07-11 12:07 - 2014-07-11 12:07 - 00000760 _____ () C:\Documents and Settings\New\Desktop\Cheat Engine.lnk
2014-07-11 12:07 - 2014-07-11 12:07 - 00000000 ____D () C:\Program Files\Cheat Engine 6.4
2014-07-11 12:07 - 2014-07-11 12:07 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Cheat Engine 6.4
2014-07-11 10:36 - 2014-07-11 13:19 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-07-10 23:04 - 2014-07-10 23:05 - 00000000 ____D () C:\Documents and Settings\New\Application Data\360Login
2014-07-10 23:04 - 2014-07-10 23:05 - 00000000 ____D () C:\Documents and Settings\New\Application Data\360CloudUI
2014-07-10 23:04 - 2014-07-10 23:04 - 00000774 _____ () C:\Documents and Settings\New\Desktop\360云盘.lnk
2014-07-10 23:04 - 2014-07-10 23:04 - 00000000 ____D () C:\Program Files\360
2014-07-10 23:04 - 2014-07-10 23:04 - 00000000 ____D () C:\Documents and Settings\New\Start Menu\Programs\360安全中心
2014-07-10 22:13 - 2014-07-10 22:13 - 00000789 _____ () C:\Documents and Settings\New\Desktop\Higher Score on the ACT.lnk
2014-07-10 22:13 - 2014-07-10 22:13 - 00000000 ____D () C:\Program Files\Kap.ACTc
2014-07-10 22:13 - 2014-07-10 22:13 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Kaplan
2014-07-10 22:11 - 2014-07-11 13:19 - 00000000 ____D () C:\Documents and Settings\New\Desktop\mbar
2014-07-10 12:36 - 2014-07-10 12:36 - 00001409 _____ () C:\WINDOWS\system32\tmpF6D6A.FOT
2014-07-10 12:36 - 2014-07-10 12:36 - 00001409 _____ () C:\WINDOWS\system32\tmpF4D6A.FOT
2014-07-10 12:36 - 2014-07-10 12:36 - 00001409 _____ () C:\WINDOWS\system32\tmp04D6A.FOT
2014-07-10 12:36 - 2014-07-10 12:36 - 00001409 _____ () C:\WINDOWS\system32\tmp02D6A.FOT
2014-07-10 11:24 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-07-10 11:23 - 2014-07-10 11:32 - 00000000 ____D () C:\AdwCleaner
2014-07-09 19:37 - 2014-07-09 19:37 - 00006904 _____ () C:\WINDOWS\FaxSetup.log
2014-07-09 19:37 - 2014-07-09 19:37 - 00006638 _____ () C:\WINDOWS\iis6.log
2014-07-09 19:37 - 2014-07-09 19:37 - 00005816 _____ () C:\WINDOWS\ocgen.log
2014-07-09 19:37 - 2014-07-09 19:37 - 00004591 _____ () C:\WINDOWS\tsoc.log
2014-07-09 19:37 - 2014-07-09 19:37 - 00002502 _____ () C:\WINDOWS\comsetup.log
2014-07-09 19:37 - 2014-07-09 19:37 - 00001891 _____ () C:\WINDOWS\imsins.log
2014-07-09 19:37 - 2014-07-09 19:37 - 00001864 _____ () C:\WINDOWS\msmqinst.log
2014-07-09 19:37 - 2014-07-09 19:37 - 00001810 _____ () C:\WINDOWS\ntdtcsetup.log
2014-07-09 19:37 - 2014-07-09 19:37 - 00001592 _____ () C:\WINDOWS\netfxocm.log
2014-07-09 19:37 - 2014-07-09 19:37 - 00000719 _____ () C:\WINDOWS\MedCtrOC.log
2014-07-09 19:37 - 2014-07-09 19:37 - 00000473 _____ () C:\WINDOWS\msgsocm.log
2014-07-09 19:37 - 2014-07-09 19:37 - 00000469 _____ () C:\WINDOWS\ocmsn.log
2014-07-09 19:37 - 2014-07-09 19:37 - 00000311 _____ () C:\WINDOWS\tabletoc.log
2014-07-09 14:08 - 2014-07-09 14:04 - 11199152 _____ (Adobe Systems, Inc.) C:\Documents and Settings\New\Desktop\flashplayer_14_sa.exe
2014-07-09 11:48 - 2014-07-09 11:48 - 00001409 _____ () C:\WINDOWS\system32\tmp8EB47.FOT
2014-07-09 11:48 - 2014-07-09 11:48 - 00001409 _____ () C:\WINDOWS\system32\tmp71C47.FOT
2014-07-09 11:48 - 2014-07-09 11:48 - 00001409 _____ () C:\WINDOWS\system32\tmp70C47.FOT
2014-07-09 11:48 - 2014-07-09 11:48 - 00001409 _____ () C:\WINDOWS\system32\tmp62C47.FOT
2014-07-08 14:21 - 2014-07-08 14:21 - 00065536 _____ () C:\WINDOWS\Minidump\Mini070814-01.dmp
2014-07-08 13:57 - 2014-07-08 13:57 - 00000000 ____D () C:\Documents and Settings\New\Local Settings\Application Data\UWebKit151
2014-07-08 13:57 - 2014-07-08 13:57 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\boost_interprocess
2014-07-08 13:02 - 2014-07-08 13:02 - 00066073 _____ () C:\Documents and Settings\New\Desktop\bookmarks-2014-07-08.json
2014-07-07 13:17 - 2014-07-16 09:12 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-07 13:17 - 2014-07-10 22:11 - 00054232 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-07-07 13:17 - 2014-07-07 13:17 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-07 13:17 - 2014-07-07 13:17 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-07 13:17 - 2014-07-07 13:17 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-07 13:17 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-07-06 15:48 - 2014-07-06 15:48 - 00001409 _____ () C:\WINDOWS\system32\tmp546EC.FOT
2014-07-06 15:48 - 2014-07-06 15:48 - 00001409 _____ () C:\WINDOWS\system32\tmp536EC.FOT
2014-07-06 15:48 - 2014-07-06 15:48 - 00001409 _____ () C:\WINDOWS\system32\tmp476EC.FOT
2014-07-06 15:48 - 2014-07-06 15:48 - 00001409 _____ () C:\WINDOWS\system32\tmp466EC.FOT
2014-07-05 21:13 - 2014-07-05 21:13 - 00005632 ___SH () C:\Documents and Settings\Thumbs.db
2014-07-03 16:31 - 2014-07-03 16:31 - 00006058 _____ () C:\Documents and Settings\New\Desktop\PCCLEANER.bat
2014-07-01 16:31 - 2014-07-01 18:58 - 00000000 _RSHD () C:\Documents and Settings\New\9p2garka7ur3
2014-06-26 16:43 - 2014-06-26 16:43 - 00000014 _____ () C:\tristansa.txt
2014-06-19 18:26 - 2014-06-27 13:47 - 00000457 _____ () C:\WINDOWS\setupact.log
2014-06-19 18:26 - 2014-06-19 18:26 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-06-19 17:58 - 2014-06-27 13:47 - 00048444 _____ () C:\WINDOWS\setupapi.log
2014-06-18 17:04 - 2014-07-14 11:07 - 00000235 _____ () C:\WINDOWS\wiadebug.log

==================== One Month Modified Files and Folders =======

2014-07-18 10:17 - 2013-05-20 18:33 - 00000880 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-18 10:17 - 2012-01-19 13:29 - 00000000 ____D () C:\Documents and Settings\New\Local Settings\Temp
2014-07-18 10:16 - 2014-07-18 10:15 - 00000000 ____D () C:\FRST
2014-07-18 10:11 - 2014-07-18 10:11 - 00415744 _____ (Farbar) C:\Documents and Settings\New\Desktop\FSS.exe
2014-07-18 10:10 - 2013-05-09 18:28 - 00000970 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-562591055-1801674531-1003UA.job
2014-07-18 09:23 - 2012-08-16 12:13 - 00000536 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-07-18 08:19 - 2013-09-12 20:55 - 00000000 ____D () C:\Documents and Settings\New\Application Data\Copy
2014-07-18 08:17 - 2013-05-20 18:33 - 00000876 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-18 07:57 - 2014-04-06 17:53 - 00000310 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-07-18 03:10 - 2013-05-09 18:28 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-562591055-1801674531-1003Core.job
2014-07-18 00:10 - 2014-04-06 19:07 - 00032434 _____ () C:\WINDOWS\SchedLgU.Txt
2014-07-17 22:03 - 2012-08-03 21:58 - 00000000 ____D () C:\Tony
2014-07-17 22:02 - 2014-07-17 22:02 - 00001528 _____ () C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
2014-07-17 22:02 - 2014-07-17 22:02 - 00000000 ____D () C:\Program Files\ImgBurn
2014-07-17 22:02 - 2014-07-17 22:02 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ImgBurn
2014-07-17 17:19 - 2012-08-03 15:23 - 00000000 ____D () C:\Documents and Settings\New\Application Data\Dropbox
2014-07-17 14:31 - 2013-07-03 11:41 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-16 14:09 - 2012-08-03 21:58 - 00000000 ____D () C:\Chong
2014-07-16 09:12 - 2014-07-07 13:17 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-14 14:08 - 2014-04-19 18:10 - 00000000 ____D () C:\Documents and Settings\New\Application Data\DropboxMaster
2014-07-14 11:07 - 2014-06-18 17:04 - 00000235 _____ () C:\WINDOWS\wiadebug.log
2014-07-14 11:07 - 2008-04-14 03:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-07-14 11:06 - 2014-05-29 13:15 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-07-14 11:06 - 2012-01-19 13:28 - 00000178 ___SH () C:\Documents and Settings\LocalService\ntuser.ini
2014-07-14 11:06 - 2012-01-19 13:23 - 01835777 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-14 11:05 - 2013-11-13 04:33 - 00000278 ___SH () C:\Documents and Settings\New\ntuser.ini
2014-07-14 11:05 - 2013-01-19 00:12 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB951376-v2$
2014-07-14 11:05 - 2012-01-19 13:28 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-14 10:45 - 2014-07-14 10:40 - 00000000 ____D () C:\Program Files\HijackThis
2014-07-14 10:22 - 2014-07-14 10:24 - 00482112 _____ (Kaspersky Lab) C:\Documents and Settings\New\Desktop\setup.exe
2014-07-13 18:32 - 2012-08-18 22:51 - 00000000 ____D () C:\Softwares
2014-07-13 10:57 - 2014-07-13 10:57 - 00000000 ____D () C:\Program Files\ESET
2014-07-13 10:56 - 2014-07-13 10:57 - 02425208 _____ (ESET) C:\Documents and Settings\New\Desktop\esetsmartinstaller_enu.exe
2014-07-12 21:19 - 2014-07-12 21:19 - 00000000 ____D () C:\Documents and Settings\New\Local Settings\Application Data\Evernote
2014-07-12 21:19 - 2014-07-12 21:19 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Evernote
2014-07-12 21:18 - 2014-07-12 21:18 - 00000625 _____ () C:\Documents and Settings\New\Desktop\Evernote.lnk
2014-07-12 21:18 - 2014-07-12 21:18 - 00000000 ____D () C:\Program Files\Evernote
2014-07-11 22:20 - 2012-08-03 21:19 - 00000000 ____D () C:\AAA
2014-07-11 13:19 - 2014-07-11 10:36 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-07-11 13:19 - 2014-07-10 22:11 - 00000000 ____D () C:\Documents and Settings\New\Desktop\mbar
2014-07-11 12:07 - 2014-07-11 12:07 - 00000760 _____ () C:\Documents and Settings\New\Desktop\Cheat Engine.lnk
2014-07-11 12:07 - 2014-07-11 12:07 - 00000000 ____D () C:\Program Files\Cheat Engine 6.4
2014-07-11 12:07 - 2014-07-11 12:07 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Cheat Engine 6.4
2014-07-11 10:37 - 2013-02-13 08:55 - 00000000 ____D () C:\WINDOWS\system32\NtmsData
2014-07-10 23:20 - 2014-03-14 21:17 - 00000000 ____D () C:\Documents and Settings\New\Desktop\Florida
2014-07-10 23:15 - 2013-01-19 10:55 - 00000000 ____D () C:\BBB
2014-07-10 23:13 - 2012-12-24 12:31 - 00000000 ____D () C:\Documents and Settings\New\My Documents\Pinnacle Studio
2014-07-10 23:05 - 2014-07-10 23:04 - 00000000 ____D () C:\Documents and Settings\New\Application Data\360Login
2014-07-10 23:05 - 2014-07-10 23:04 - 00000000 ____D () C:\Documents and Settings\New\Application Data\360CloudUI
2014-07-10 23:04 - 2014-07-10 23:04 - 00000774 _____ () C:\Documents and Settings\New\Desktop\360云盘.lnk
2014-07-10 23:04 - 2014-07-10 23:04 - 00000000 ____D () C:\Program Files\360
2014-07-10 23:04 - 2014-07-10 23:04 - 00000000 ____D () C:\Documents and Settings\New\Start Menu\Programs\360安全中心
2014-07-10 22:37 - 2013-11-23 19:42 - 00000000 ____D () C:\Documents and Settings\New\Desktop\muledump-master
2014-07-10 22:36 - 2013-11-03 10:47 - 00000000 ____D () C:\Documents and Settings\New\Desktop\School
2014-07-10 22:13 - 2014-07-10 22:13 - 00000789 _____ () C:\Documents and Settings\New\Desktop\Higher Score on the ACT.lnk
2014-07-10 22:13 - 2014-07-10 22:13 - 00000000 ____D () C:\Program Files\Kap.ACTc
2014-07-10 22:13 - 2014-07-10 22:13 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Kaplan
2014-07-10 22:11 - 2014-07-07 13:17 - 00054232 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-07-10 20:16 - 2012-08-03 21:58 - 00000000 ____D () C:\Dave
2014-07-10 12:36 - 2014-07-10 12:36 - 00001409 _____ () C:\WINDOWS\system32\tmpF6D6A.FOT
2014-07-10 12:36 - 2014-07-10 12:36 - 00001409 _____ () C:\WINDOWS\system32\tmpF4D6A.FOT
2014-07-10 12:36 - 2014-07-10 12:36 - 00001409 _____ () C:\WINDOWS\system32\tmp04D6A.FOT
2014-07-10 12:36 - 2014-07-10 12:36 - 00001409 _____ () C:\WINDOWS\system32\tmp02D6A.FOT
2014-07-10 11:32 - 2014-07-10 11:23 - 00000000 ____D () C:\AdwCleaner
2014-07-09 19:41 - 2012-11-15 21:38 - 00000000 ____D () C:\Documents and Settings\New\Application Data\uTorrent
2014-07-09 19:37 - 2014-07-09 19:37 - 00006904 _____ () C:\WINDOWS\FaxSetup.log
2014-07-09 19:37 - 2014-07-09 19:37 - 00006638 _____ () C:\WINDOWS\iis6.log
2014-07-09 19:37 - 2014-07-09 19:37 - 00005816 _____ () C:\WINDOWS\ocgen.log
2014-07-09 19:37 - 2014-07-09 19:37 - 00004591 _____ () C:\WINDOWS\tsoc.log
2014-07-09 19:37 - 2014-07-09 19:37 - 00002502 _____ () C:\WINDOWS\comsetup.log
2014-07-09 19:37 - 2014-07-09 19:37 - 00001891 _____ () C:\WINDOWS\imsins.log
2014-07-09 19:37 - 2014-07-09 19:37 - 00001864 _____ () C:\WINDOWS\msmqinst.log
2014-07-09 19:37 - 2014-07-09 19:37 - 00001810 _____ () C:\WINDOWS\ntdtcsetup.log
2014-07-09 19:37 - 2014-07-09 19:37 - 00001592 _____ () C:\WINDOWS\netfxocm.log
2014-07-09 19:37 - 2014-07-09 19:37 - 00000719 _____ () C:\WINDOWS\MedCtrOC.log
2014-07-09 19:37 - 2014-07-09 19:37 - 00000473 _____ () C:\WINDOWS\msgsocm.log
2014-07-09 19:37 - 2014-07-09 19:37 - 00000469 _____ () C:\WINDOWS\ocmsn.log
2014-07-09 19:37 - 2014-07-09 19:37 - 00000311 _____ () C:\WINDOWS\tabletoc.log
2014-07-09 15:26 - 2012-12-18 17:43 - 00000000 ____D () C:\Documents and Settings\New\Desktop\Tony
2014-07-09 15:15 - 2008-04-14 03:00 - 00001506 _____ () C:\WINDOWS\win.ini
2014-07-09 14:04 - 2014-07-09 14:08 - 11199152 _____ (Adobe Systems, Inc.) C:\Documents and Settings\New\Desktop\flashplayer_14_sa.exe
2014-07-09 11:48 - 2014-07-09 11:48 - 00001409 _____ () C:\WINDOWS\system32\tmp8EB47.FOT
2014-07-09 11:48 - 2014-07-09 11:48 - 00001409 _____ () C:\WINDOWS\system32\tmp71C47.FOT
2014-07-09 11:48 - 2014-07-09 11:48 - 00001409 _____ () C:\WINDOWS\system32\tmp70C47.FOT
2014-07-09 11:48 - 2014-07-09 11:48 - 00001409 _____ () C:\WINDOWS\system32\tmp62C47.FOT
2014-07-08 14:21 - 2014-07-08 14:21 - 00065536 _____ () C:\WINDOWS\Minidump\Mini070814-01.dmp
2014-07-08 14:21 - 2014-04-08 22:14 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Package Cache
2014-07-08 14:21 - 2013-01-19 00:09 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB923561$
2014-07-08 14:21 - 2012-11-04 11:53 - 00000000 ____D () C:\WINDOWS\TDDOWNLOAD
2014-07-08 14:21 - 2012-10-08 11:35 - 00000000 ____D () C:\WINDOWS\Minidump
2014-07-08 14:21 - 2012-08-04 11:57 - 2145386496 _____ () C:\WINDOWS\MEMORY.DMP
2014-07-08 13:57 - 2014-07-08 13:57 - 00000000 ____D () C:\Documents and Settings\New\Local Settings\Application Data\UWebKit151
2014-07-08 13:57 - 2014-07-08 13:57 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\boost_interprocess
2014-07-08 13:02 - 2014-07-08 13:02 - 00066073 _____ () C:\Documents and Settings\New\Desktop\bookmarks-2014-07-08.json
2014-07-07 13:17 - 2014-07-07 13:17 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-07 13:17 - 2014-07-07 13:17 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-07 13:17 - 2014-07-07 13:17 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-07 13:04 - 2012-08-03 09:38 - 00032256 ____C () C:\Documents and Settings\New\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-06 15:48 - 2014-07-06 15:48 - 00001409 _____ () C:\WINDOWS\system32\tmp546EC.FOT
2014-07-06 15:48 - 2014-07-06 15:48 - 00001409 _____ () C:\WINDOWS\system32\tmp536EC.FOT
2014-07-06 15:48 - 2014-07-06 15:48 - 00001409 _____ () C:\WINDOWS\system32\tmp476EC.FOT
2014-07-06 15:48 - 2014-07-06 15:48 - 00001409 _____ () C:\WINDOWS\system32\tmp466EC.FOT
2014-07-05 21:13 - 2014-07-05 21:13 - 00005632 ___SH () C:\Documents and Settings\Thumbs.db
2014-07-05 21:13 - 2013-05-27 22:10 - 00055296 ___SH () C:\Documents and Settings\New\Desktop\Thumbs.db
2014-07-05 21:13 - 2012-08-07 15:18 - 00007168 __SHC () C:\WINDOWS\Thumbs.db
2014-07-03 20:46 - 2014-07-11 15:21 - 02085772 _____ () C:\Documents and Settings\New\Desktop\rotmg.swf
2014-07-03 16:31 - 2014-07-03 16:31 - 00006058 _____ () C:\Documents and Settings\New\Desktop\PCCLEANER.bat
2014-07-01 18:58 - 2014-07-01 16:31 - 00000000 _RSHD () C:\Documents and Settings\New\9p2garka7ur3
2014-07-01 18:58 - 2013-01-06 19:34 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB956803_0$
2014-07-01 18:47 - 2013-12-24 19:12 - 00000000 __SHD () C:\Documents and Settings\All Users\Application Data\EKA
2014-07-01 18:47 - 2013-12-24 18:16 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\UCA
2014-07-01 18:24 - 2013-01-06 16:27 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-07-01 16:57 - 2012-01-19 13:24 - 00002577 ____C () C:\WINDOWS\system32\CONFIG.NT
2014-07-01 16:31 - 2012-01-19 13:29 - 00000000 ____D () C:\Documents and Settings\New
2014-06-27 13:47 - 2014-06-19 18:26 - 00000457 _____ () C:\WINDOWS\setupact.log
2014-06-27 13:47 - 2014-06-19 17:58 - 00048444 _____ () C:\WINDOWS\setupapi.log
2014-06-26 16:43 - 2014-06-26 16:43 - 00000014 _____ () C:\tristansa.txt
2014-06-21 15:13 - 2012-09-03 19:30 - 02462454 _____ () C:\WINDOWS\ACD Wallpaper.bmp
2014-06-21 15:07 - 2012-08-03 21:59 - 00000000 ____D () C:\Family
2014-06-19 20:17 - 2012-01-19 13:24 - 00000000 ____D () C:\DELL
2014-06-19 18:26 - 2014-06-19 18:26 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-06-18 17:02 - 2014-05-29 13:15 - 00000000 _____ () C:\WINDOWS\Sti_Trace.log

Files to move or delete:
====================
C:\Documents and Settings\New\TempWmicBatchFile.bat


Some content of TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\swt-win32-3349.dll
C:\Documents and Settings\New\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfnmkjl.dll
C:\Documents and Settings\New\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpftekon.dll
C:\Documents and Settings\New\Local Settings\Temp\wincjll.exe


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version:15-07-2014 01
Ran by New at 2014-07-18 10:19:08
Running from C:\Documents and Settings\New\My Documents\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================


==================== Installed Programs ======================

µTorrent (HKLM\...\uTorrent) (Version: 3.2.3.28705 - BitTorrent Inc.)
360云盘 (HKLM\...\360云盘(网盘版)) (Version: 3.7.4.2291 - 360安全中心)
7-Zip 9.29 alpha (HKLM\...\7-Zip) (Version: - )
A+ French (HKLM\...\{9E406967-E1E8-467C-B3F9-D7FE5A33AD00}) (Version: - )
Acer eDisplay Management (HKLM\...\{A586DC50-B18D-48FB-B7CC-A598200457C2}) (Version: 1.37.007 - Portrait Displays, Inc.)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.5.502.135 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.7) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.7 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc)
Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E14ADE0E-75F3-4A46-87E5-26692DD626EC}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.2 (HKLM\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2016 - Avast Software)
Avira (HKLM\...\{a9aa166b-f5d7-419f-92fc-c0c86c93ca53}) (Version: 1.0.5204.23256 - Avira Operations GmbH & Co. KG)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Gigabit Integrated Controller (HKLM\...\{FC57FC53-104C-415C-98D7-B05E659461A9}) (Version: 10.50.03 - Broadcom Corporation)
Cambridge Advanced Learner's Dictionary - 3rd Edition (HKLM\...\NSIS_cald3) (Version: - )
Charles (HKLM\...\Charles_XK72) (Version: - )
Charles 3.8.3 (HKLM\...\{75A0E0FA-1DAA-43C8-B6B8-C326B069B5BB}) (Version: 3.8.3.3 - XK72 Ltd)
Cheat Engine 6.4 (HKLM\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine)
Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Copy (HKLM\...\{57FE162C-100E-4E7E-B0F7-3D46B5659DC2}) (Version: 1.43.290.0 - Barracuda Networks, Inc.)
CopyTrans Suite Remove Only (HKCU\...\CopyTrans Suite) (Version: 2.37 - WindSolutions)
CyberLink AudioDirector 3 (HKLM\...\InstallShield_{6E44E036-5A82-44ff-994E-122A0A8D2EDF}) (Version: 3.0.2030 - CyberLink Corp.)
CyberLink AudioDirector 3 (Version: 3.0.2030 - CyberLink Corp.) Hidden
CyberLink PowerDirector 11 (HKLM\...\InstallShield_{551F492A-01B0-4DC4-866F-875EC4EDC0A8}) (Version: 11.0.0.2110 - CyberLink Corp.)
CyberLink PowerDirector 11 (Version: 11.0.0.2110 - CyberLink Corp.) Hidden
CyberLink PowerDVD 8 (HKLM\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.1730 - CyberLink Corp.)
CyberLink PowerDVD 8 (Version: 8.0.1730 - CyberLink Corp.) Hidden
Defcon v1.6 (HKLM\...\Defcon_is1) (Version: - Introversion Software Ltd)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
Evernote v. 5.4.1 (HKLM\...\{A5F7DF42-F67D-11E3-B7EB-00163E98E7D6}) (Version: 5.4.1.3962 - Evernote Corp.)
FFmpeg v0.6.2 for Audacity (HKLM\...\FFmpeg for Audacity_is1) (Version: - )
Fiddler (HKLM\...\Fiddler2) (Version: 4.4.4.8 - Telerik)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 5.3.1.606 - Foxit Corporation)
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Handy Recovery 5.5 (HKLM\...\{4196D960-68B0-4BEB-B312-3C1B4654068D}) (Version: 5.5 - SoftLogica)
Higher Score on the ACT (HKLM\...\Higher Score on the ACT_is1) (Version: - Kaplan)
HijackThis 1.99.1 (HKLM\...\HijackThis) (Version: 1.99.1 - Soeperman Enterprises Ltd.)
HP Deskjet 6500 (HKLM\...\{3D50E33F-0DB8-4E3B-B75C-2B872A33D87B}) (Version: 1.00.0000 - Hewlett-Packard)
HP Software Update (HKLM\...\{B81023A5-71ED-46EB-BE3B-9F974D1155F1}) (Version: 3.0.1.25 - HEWLET~1|Hewlett-Packard)
HxD Hex Editor version 1.7.7.0 (HKLM\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
iPhoneBrowser (HKLM\...\{C1FCDCA1-2759-4E5E-84EE-3A665BB2F513}) (Version: 1.9.3 - Cranium Consulting and Custom Software)
iTunes (HKLM\...\{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C}) (Version: 11.0.4.4 - Apple Inc.)
Java Auto Updater (Version: 2.0.7.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 33 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.330 - Oracle)
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version: - )
Magic Set Editor 2.0.0 (HKLM\...\Magic Set Editor 2_is1) (Version: - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MathExam (HKLM\...\MathExam) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation)
Microsoft Office Excel 2007 (HKLM\...\EXCEL) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Excel 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote 2007 (HKLM\...\ONENOTE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office OneNote 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint 2007 (HKLM\...\POWERPOINT) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office PowerPoint 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Office Project MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Project Professional 2007 (HKLM\...\PRJPRO) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Project Professional 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher 2007 (HKLM\...\PUBLISHER) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Publisher 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Visio MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Visio Professional 2007 (HKLM\...\VISPRO) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Visio Professional 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word 2007 (HKLM\...\WORD) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Word 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 21.0 (x86 en-US) (HKLM\...\Mozilla Firefox 21.0 (x86 en-US)) (Version: 21.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 22.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB973686) (HKLM\...\{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}) (Version: 6.20.2003.0 - Microsoft Corporation)
OpenOffice.org 3.1 (HKLM\...\{E6B87DC4-2B3D-4483-ADFF-E483BF718991}) (Version: 3.1.9420 - OpenOffice.org)
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}) (Version: 3.60.0 - dotPDN LLC)
Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
PDF Settings CS6 (Version: 11.0 - Adobe Systems Incorporated) Hidden
Pinnacle Video Driver (HKLM\...\{5EB90C06-964F-4195-B83E-BD7E55C88415}) (Version: 12.00.0017 - Pinnacle Systems)
Pivot Pro Plugin (Version: 9.50.110 - Portrait Displays, Inc.) Hidden
PPLite 1.0.0.107 (HKLM\...\PPLite) (Version: - )
QQ音乐8.4 (HKLM\...\QQMusic) (Version: 8.4 - 腾讯科技(深圳)有限公司)
QUICKfind server v1.1 (HKLM\...\QUICKfind) (Version: - IDM)
QuickTime (HKLM\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
SDK (Version: 2.32.010 - Portrait Displays, Inc.) Hidden
Sketchpad (HKLM\...\Sketchpad) (Version: - )
Skype™ 4.0 (HKLM\...\{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}) (Version: 4.0.215 - Skype Technologies S.A.)
Sothink SWF Catcher (HKLM\...\{49273419-5179-4866-9F71-5CF346F302CF}_is1) (Version: 2.6 - SourceTec Software Co., LTD)
Sothink SWF Decompiler (HKLM\...\{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1) (Version: 7.3 - SourceTec Software Co., LTD)
Sothink SWF Editor (HKLM\...\{0BF1DE3D-31B9-417F-A915-4BCC5AAEE3CD}_is1) (Version: 1.3 - SourceTec Software Co., LTD)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.10.01.7265 - Analog Devices)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
StudioTax 2011 (HKLM\...\{872E469B-81D3-4A19-BE19-85B7B59EED30}) (Version: 7.0.6.4 - BHOK IT Consulting)
StudioTax 2012 (HKLM\...\{FD31CD68-1D2F-4F9C-8ACB-9A7806D53D3B}) (Version: 8.0.5.1 - BHOK IT Consulting)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab CYRI (HKLM\...\{E5F05232-96B6-4552-A480-785A60A94B21}) (Version: 5.0.6.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2632503) (HKLM\...\KB2632503-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2492386) (HKLM\...\KB2492386) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2808679) (HKLM\...\KB2808679) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
VideoLAN VLC media player 0.8.5 (HKLM\...\VLC media player) (Version: 0.8.5 - VideoLAN Team)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation)
Windows Media Format Runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Format SDK Hotfix - KB891122 (Version: - Microsoft Corporation) Hidden
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
WinZip (HKLM\...\WinZip) (Version: - )
XBMC (HKCU\...\XBMC) (Version: - Team XBMC)
Yogda 1.0 (HKLM\...\Yogda) (Version: 1.0 - Yogurt Technologies)
Аrdаmаx Keylogger 4.0.6 (HKLM\...\Аrdаmаx Keylogger 4.0.6) (Version: - )
射手影音播放器 (HKLM\...\SPlayer) (Version: - )

==================== Restore Points =========================

26-06-2014 04:00:25 System Checkpoint
27-06-2014 04:21:02 System Checkpoint
28-06-2014 04:47:03 System Checkpoint
29-06-2014 05:44:04 System Checkpoint
30-06-2014 06:05:04 System Checkpoint
01-07-2014 07:13:11 System Checkpoint
02-07-2014 07:18:41 System Checkpoint
03-07-2014 07:36:07 System Checkpoint
04-07-2014 07:57:08 System Checkpoint
05-07-2014 08:22:39 System Checkpoint
06-07-2014 08:58:39 System Checkpoint
07-07-2014 09:10:40 System Checkpoint
08-07-2014 10:22:41 System Checkpoint
09-07-2014 10:58:28 System Checkpoint
10-07-2014 11:50:33 System Checkpoint
11-07-2014 11:53:26 System Checkpoint
12-07-2014 12:07:53 System Checkpoint
13-07-2014 01:18:38 Installed Evernote v. 5.4.1
14-07-2014 01:55:49 System Checkpoint
15-07-2014 03:47:46 System Checkpoint
16-07-2014 04:50:10 System Checkpoint
17-07-2014 05:42:41 System Checkpoint
18-07-2014 05:54:07 System Checkpoint

==================== Hosts content: ==========================

2008-04-14 03:00 - 2013-08-23 12:01 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-562591055-1801674531-1003Core.job => C:\Documents and Settings\New\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-562591055-1801674531-1003UA.job => C:\Documents and Settings\New\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-05-30 21:06 - 2012-05-30 21:06 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-05-30 21:06 - 2012-05-30 21:06 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-12 13:00 - 2014-06-11 22:15 - 05579776 _____ () C:\Documents and Settings\New\Application Data\Copy\overlay\Brt.dll
2012-08-03 20:06 - 2003-05-15 15:43 - 00119808 _____ () C:\Program Files\WinRAR\rarext.dll
1998-10-17 08:00 - 1998-10-17 08:00 - 00033792 _____ () C:\Program Files\WinZip\WZSHLEXT.DLL
2014-07-14 11:10 - 2014-07-14 11:10 - 00013994 _____ () C:\Documents and Settings\New\Local Settings\Temp\wincjll.exe
2014-07-14 14:08 - 2014-07-14 14:08 - 00043008 _____ () c:\Documents and Settings\New\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfnmkjl.dll
2013-08-23 15:01 - 2013-08-23 15:01 - 25100288 _____ () C:\Documents and Settings\New\Application Data\Dropbox\bin\libcef.dll
2014-03-20 14:10 - 2014-06-19 09:54 - 01466880 _____ () C:\Documents and Settings\New\Application Data\Copy\Gui.dll
2014-03-20 14:09 - 2014-06-19 09:54 - 05579776 _____ () C:\Documents and Settings\New\Application Data\Copy\Brt.dll
2014-03-20 14:12 - 2014-06-19 09:54 - 06574080 _____ () C:\Documents and Settings\New\Application Data\Copy\AgentSync.dll
2014-03-20 14:10 - 2014-06-19 09:54 - 04025856 _____ () C:\Documents and Settings\New\Application Data\Copy\CloudSync.dll
2013-07-03 11:41 - 2013-07-03 11:42 - 03285912 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-03-30 10:22 - 2014-03-30 10:22 - 16276872 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot => "AlternateShell"=""

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupfolder: C:^Documents and Settings^New^Start Menu^Programs^Startup^Dropbox.lnk => C:\WINDOWS\pss\Dropbox.lnkStartup
MSCONFIG\startupreg: 4482ED119AA9951FC5D5053474B8E8995690963D._service_run => "C:\Documents and Settings\New\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --type=service
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: Advanced SystemCare 6 => "C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
MSCONFIG\startupreg: Akamai NetSession Interface => c:\documents and settings\new\local settings\application data\akamai\netsession_win.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Copy => "C:\Documents and Settings\New\Application Data\Copy\CopyAgent.exe"
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: DT ACR =>
MSCONFIG\startupreg: Google Update => "C:\Documents and Settings\New\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HotKeysCmds =>
MSCONFIG\startupreg: HP Component Manager => c:\program files\hp\hpcoretech\hpcmpmgr.exe
MSCONFIG\startupreg: HP Software Update =>
MSCONFIG\startupreg: HPDJ Taskbar Utility =>
MSCONFIG\startupreg: iFunBox Price Watch => C:\Program Files\iFunbox 2014\iFunBox2014.exe /tray
MSCONFIG\startupreg: IgfxTray =>
MSCONFIG\startupreg: IMJPMIG8.1 => "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KernelFaultCheck => %systemroot%\system32\dumprep 0 -k
MSCONFIG\startupreg: MSPY2002 => C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
MSCONFIG\startupreg: PDVD8LanguageShortcut =>
MSCONFIG\startupreg: Persistence =>
MSCONFIG\startupreg: PHIME2002A => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
MSCONFIG\startupreg: PHIME2002ASync => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
MSCONFIG\startupreg: PivotSoftware =>
MSCONFIG\startupreg: PPAP =>
MSCONFIG\startupreg: QuickTime Task =>
MSCONFIG\startupreg: RemoteControl8 =>
MSCONFIG\startupreg: RoxioDragToDisc =>
MSCONFIG\startupreg: RoxioEngineUtility =>
MSCONFIG\startupreg: Skype => "c:\program files\skype\phone\skype.exe" /nosplash /minimized
MSCONFIG\startupreg: SoundMAXPnP =>
MSCONFIG\startupreg: Steam => "C:\Program Files\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched =>
MSCONFIG\startupreg: USB2Check => RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/11/2014 00:06:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application kernelmoduleunloader.exe, version 0.0.0.0, faulting module kernelmoduleunloader.exe, version 0.0.0.0, fault address 0x00025bbc.
Processing media-specific event for [kernelmoduleunloader.exe!ws!]

Error: (07/10/2014 10:27:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application acdsee32.exe, version 2.4.1.0, faulting module acdsee32.exe, version 2.4.1.0, fault address 0x0005bfa3.
Processing media-specific event for [acdsee32.exe!ws!]

Error: (07/10/2014 00:35:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application kernelmoduleunloader.exe, version 0.0.0.0, faulting module kernelmoduleunloader.exe, version 0.0.0.0, fault address 0x00025bc0.
Processing media-specific event for [kernelmoduleunloader.exe!ws!]

Error: (07/10/2014 00:34:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application cheat engine.exe, version 6.3.0.0, faulting module cheat engine.exe, version 6.3.0.0, fault address 0x0003c673.
Processing media-specific event for [cheat engine.exe!ws!]


System errors:
=============
Error: (07/14/2014 11:07:26 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Image Acquisition (WIA) service hung on starting.

Error: (07/10/2014 00:27:09 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Image Acquisition (WIA) service hung on starting.

Error: (07/10/2014 00:16:53 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Image Acquisition (WIA) service hung on starting.

Error: (07/10/2014 00:13:56 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Image Acquisition (WIA) service hung on starting.

Error: (07/10/2014 11:31:49 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Image Acquisition (WIA) service hung on starting.

Error: (07/08/2014 02:44:16 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Image Acquisition (WIA) service hung on starting.

Error: (07/08/2014 02:39:21 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Image Acquisition (WIA) service hung on starting.

Error: (07/08/2014 02:30:00 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Image Acquisition (WIA) service hung on starting.

Error: (07/08/2014 02:23:06 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Image Acquisition (WIA) service hung on starting.

Error: (07/01/2014 07:06:07 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.


Microsoft Office Sessions:
=========================
Error: (12/27/2013 03:24:11 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 12224 seconds with 1260 seconds of active time. This session ended with a crash.

Error: (01/07/2013 08:01:57 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1660 seconds with 360 seconds of active time. This session ended with a crash.

Error: (12/20/2012 09:13:48 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 195 seconds with 0 seconds of active time. This session ended with a crash.


==================== Memory info ===========================

Percentage of memory in use: 46%
Total physical RAM: 3061.54 MB
Available physical RAM: 1624 MB
Total Pagefile: 4952.14 MB
Available Pagefile: 3689.21 MB
Total Virtual: 2047.88 MB
Available Virtual: 1934.92 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:149.05 GB) (Free:71.54 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: FAFEFC47)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End Of Log ============================
 
Download Combofix from any of the links below, and save it to your DESKTOP.
If your version of Windows defaults to you download folder you will need to copy it to your desktop.
Link 1
Link 2
Link 3
To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.
  • Close any open windows and double click ComboFix.exe to run it.
    You will see the following image:
NSIS_disclaimer_ENG.png

Click I Agree to start the program.
ComboFix will then extract the necessary files and you will see this:
NSIS_extraction.png

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7
It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
If you did not have it installed, you will see the prompt below. Choose YES.
RcAuto1.gif

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
whatnext.png

Click on Yes, to continue scanning for malware.
When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.
Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.
 
Back