TechSpot

Not sure if i have a virus

By jc3palm
Dec 10, 2014
  1. I opened an email with an attachment and by accident downloaded the zip file...my computer is running fine, but I am nervous that I have a virus. I immediately ran my free avg virus scan and it came up with nothing, I did system restore and then ran rkill, then malware bytes. Here is my log from rkill:
    Rkill 2.6.8 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2014 BleepingComputer.com
    More Information about Rkill can be found at this link:
    http://www.bleepingcomputer.com/forums/topic308364.html

    Program started at: 12/09/2014 10:05:28 PM in x86 mode.
    Windows Version: Microsoft Windows XP Service Pack 3

    Checking for Windows services to stop:

    * No malware services found to stop.

    Checking for processes to terminate:

    * No malware processes found to kill.

    Checking Registry for malware related settings:

    * No issues found in the Registry.

    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

    Performing miscellaneous checks:

    * ALERT: ZEROACCESS Reparse Point/Junction found!

    * C:\Program Files\Microsoft Security Client\Backup => c:\windows\system32\config\ [Dir]
    * C:\Program Files\Microsoft Security Client\DbgHelp.dll => c:\windows\system32\config [File]
    * C:\Program Files\Microsoft Security Client\Drivers => c:\windows\system32\config\ [Dir]
    * C:\Program Files\Microsoft Security Client\en-us => c:\windows\system32\config\ [Dir]
    * C:\Program Files\Microsoft Security Client\EppManifest.dll => c:\windows\system32\config [File]
    * C:\Program Files\Microsoft Security Client\LegitLib.dll => c:\windows\system32\config [File]
    * C:\Program Files\Microsoft Security Client\MpAsDesc.dll => c:\windows\system32\config [File]
    * C:\Program Files\Microsoft Security Client\MpClient.dll => c:\windows\system32\config [File]
    * C:\Program Files\Microsoft Security Client\MpCmdRun.exe => c:\windows\system32\config [File]
    * C:\Program Files\Microsoft Security Client\MpCommu.dll => c:\windows\system32\config [File]
    * C:\Program Files\Microsoft Security Client\mpevmsg.dll => c:\windows\system32\config [File]
    * C:\Program Files\Microsoft Security Client\MpOAv.dll => c:\windows\system32\config [File]
    * C:\Program Files\Microsoft Security Client\MpRTP.dll => c:\windows\system32\config [File]
    * C:\Program Files\Microsoft Security Client\MpSvc.dll => c:\windows\system32\config [File]
    * C:\Program Files\Microsoft Security Client\MsMpCom.dll => c:\windows\system32\config [File]
    * C:\Program Files\Microsoft Security Client\MsMpEng.exe => c:\windows\system32\config [File]
    * C:\Program Files\Microsoft Security Client\MsMpLics.dll => c:\windows\system32\config [File]
    * C:\Program Files\Microsoft Security Client\MsMpRes.dll => c:\windows\system32\config [File]
    * C:\Program Files\Microsoft Security Client\msseces.exe => c:\windows\system32\config [File]
    * C:\Program Files\Microsoft Security Client\MsseWat.dll => c:\windows\system32\config [File]
    * C:\Program Files\Microsoft Security Client\Setup.exe => c:\windows\system32\config [File]
    * C:\Program Files\Microsoft Security Client\SetupRes.dll => c:\windows\system32\config [File]
    * C:\Program Files\Microsoft Security Client\shellext.dll => c:\windows\system32\config [File]
    * C:\Program Files\Microsoft Security Client\SqmApi.dll => c:\windows\system32\config [File]
    * C:\Program Files\Microsoft Security Client\SymSrv.dll => c:\windows\system32\config [File]
    * C:\Program Files\Microsoft Security Client\SymSrv.yes => c:\windows\system32\config [File]

    Checking Windows Service Integrity:

    * No issues found.

    Searching for Missing Digital Signatures:

    * No issues found.

    Checking HOSTS File:

    * HOSTS file entries found:

    127.0.0.1 localhost

    Program finished at: 12/09/2014 10:06:42 PM
    Execution time: 0 hours(s), 1 minute(s), and 14 seconds(s)

    here is my malware bytes log:

    arebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 12/9/2014
    Scan Time: 4:39:10 PM
    Logfile: malware log.txt
    Administrator: Yes

    Version: 2.00.4.1028
    Malware Database: v2014.12.09.08
    Rootkit Database: v2014.12.08.03
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Enabled

    OS: Windows XP Service Pack 3
    CPU: x86
    File System: NTFS
    User: Chari

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 353698
    Time Elapsed: 18 min, 45 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Warn
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 1
    PUP.Optional.Conduit.A, HKU\S-1-5-21-1715567821-789336058-1801674531-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://search.conduit.com/?ctid=CT3...M=2&UP=SP7A0B5B35-D09B-4858-9991-E9237DEFC603, Good: (www.google.com), Bad: (http://search.conduit.com/?ctid=CT3...),Replaced,[08c4f26e1b61053130e981dd976e04fc]

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)

    I then quarintined and ran it again and here is my next log:
    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 12/9/2014
    Scan Time: 9:24:33 PM
    Logfile: log3.txt
    Administrator: Yes

    Version: 2.00.4.1028
    Malware Database: v2014.12.10.01
    Rootkit Database: v2014.12.08.03
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Enabled

    OS: Windows XP Service Pack 3
    CPU: x86
    File System: NTFS
    User: Chari

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 353726
    Time Elapsed: 18 min, 13 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Warn
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)

    thanks in advance..hoping someone could help!
     
  2. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===========================

    It looks like we have ZeroAcess rootkit there.
     
  3. jc3palm

    jc3palm TS Rookie Topic Starter Posts: 16

    Malware scan log:
    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 12/10/2014
    Scan Time: 10:20:14 PM
    Logfile: malware.txt
    Administrator: Yes

    Version: 2.00.4.1028
    Malware Database: v2014.12.10.10
    Rootkit Database: v2014.12.08.03
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows XP Service Pack 3
    CPU: x86
    File System: NTFS
    User: Chari

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 354580
    Time Elapsed: 23 min, 36 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Warn
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)

    Log for DDS:
    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702
    Run by Chari at 22:49:20 on 2014-12-10
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.770 [GMT -5:00]
    .
    AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    ============== Running Processes ================
    .
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\AVG SafeGuard toolbar\vprot.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\18.1.9\ScriptHelper.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\TEMP\{E227C920-A0E5-49E7-8B7D-810F6A61CEC0}.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\WINDOWS\system32\SearchFilterHost.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = www.google.com
    dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
    BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg safeguard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll
    BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
    TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
    TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg safeguard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll
    EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
    EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [AVG-Secure-Search-Update_0913a] c:\documents and settings\chari\application data\avg 0913a campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 257423e6206047d3930fd1519832654a-102747cca724559a91ce8a3fb911a1ee46b79849 --CMPID 0913a
    uRun: [AVG-Secure-Search-Update_1214tb] "c:\program files\avg safeguard toolbar\AVG-Secure-Search-Update_1214tb.exe" /PROMPT /CMPID=1214tb
    mRun: [Apoint] c:\program files\apoint\Apoint.exe
    mRun: [SkyTel] SkyTel.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe
    mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
    mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0357.1\mswinext.exe"
    mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [vProt] "c:\program files\avg safeguard toolbar\vprot.exe"
    mRun: [AVG_UI] "c:\program files\avg\avg2014\avgui.exe" /TRAYONLY
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
    DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{8DE18CDA-541D-4DBF-8189-6BC55B4C82D8} : DHCPNameServer = 192.168.1.1
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\18.1.9\ViProtocol.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\39.0.2171.95\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-2-8 147736]
    R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-2-8 241944]
    R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-2-8 98584]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-2-8 27416]
    R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 195296]
    R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2013-8-1 121624]
    R1 AVGIDSDriverl;AVGIDSDriverl;c:\windows\system32\drivers\avgidsdriverlx.sys [2014-6-17 191256]
    R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-3-1 21272]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-2-8 189720]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-3-21 197400]
    R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-9-15 42784]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-5-4 142648]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2014\avgidsagent.exe [2014-11-7 3247120]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2014\avgwdsvc.exe [2014-11-7 289328]
    R2 vToolbarUpdater18.1.9;vToolbarUpdater18.1.9;c:\program files\common files\avg secure search\vtoolbarupdater\18.1.9\ToolbarUpdater.exe [2014-8-11 1820184]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-12-10 114904]
    R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2008-10-20 808448]
    S3 WinPhlash;WinPhlash;\??\e:\phlashnt.sys --> e:\PHLASHNT.SYS [?]
    .
    =============== Created Last 30 ================
    .
    2014-12-11 03:20:38 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-12-11 03:20:21 54360 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-12-11 03:20:21 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-12-11 03:20:21 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
    2014-12-11 02:22:53 -------- d-----w- c:\documents and settings\all users\application data\Avg_Update_1214tb
    2014-12-09 22:17:41 -------- d-----w- C:\SUPERDelete
    2014-12-09 01:25:54 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2014-12-09 01:25:54 -------- d-----w- c:\windows\system32\wbem\Repository
    2014-12-01 14:15:34 -------- d-----w- c:\documents and settings\chari\local settings\application data\Avg
    .
    ==================== Find3M ====================
    .
    2014-12-10 03:22:37 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2014-12-10 03:22:37 701104 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
    2014-10-24 15:20:12 189720 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2014-10-20 20:14:14 197400 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    .
    ============= FINISH: 22:55:29.96 ===============

    Attach. txt Log:
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 10/20/2008 8:29:42 AM
    System Uptime: 12/9/2014 11:20:03 PM (23 hours ago)
    .
    Motherboard: Sony Corporation | | VAIO
    Processor: Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz | N/A | 1995/167mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 112 GiB total, 75.207 GiB free.
    D: is CDROM ()
    F: is Removable
    G: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description: Video Controller (VGA Compatible)
    Device ID: PCI\VEN_8086&DEV_27A2&SUBSYS_820F104D&REV_03\3&B1BFB68&0&10
    Manufacturer:
    Name: Video Controller (VGA Compatible)
    PNP Device ID: PCI\VEN_8086&DEV_27A2&SUBSYS_820F104D&REV_03\3&B1BFB68&0&10
    Service:
    .
    Class GUID:
    Description: Video Controller
    Device ID: PCI\VEN_8086&DEV_27A6&SUBSYS_820F104D&REV_03\3&B1BFB68&0&11
    Manufacturer:
    Name: Video Controller
    PNP Device ID: PCI\VEN_8086&DEV_27A6&SUBSYS_820F104D&REV_03\3&B1BFB68&0&11
    Service:
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Marvell Yukon 88E8036 PCI-E Fast Ethernet Controller
    Device ID: PCI\VEN_11AB&DEV_4351&SUBSYS_820F104D&REV_13\4&192AC53F&0&00E0
    Manufacturer: Marvell
    Name: Marvell Yukon 88E8036 PCI-E Fast Ethernet Controller
    PNP Device ID: PCI\VEN_11AB&DEV_4351&SUBSYS_820F104D&REV_13\4&192AC53F&0&00E0
    Service: yukonwxp
    .
    ==== System Restore Points ===================
    .
    RP1550: 9/12/2014 12:52:03 AM - System Checkpoint
    RP1551: 9/12/2014 3:00:17 AM - Software Distribution Service 3.0
    RP1552: 9/13/2014 3:50:37 AM - System Checkpoint
    RP1553: 9/14/2014 3:57:00 AM - System Checkpoint
    RP1554: 9/15/2014 4:41:45 AM - System Checkpoint
    RP1555: 9/16/2014 5:41:41 AM - System Checkpoint
    RP1556: 9/17/2014 6:41:43 AM - System Checkpoint
    RP1557: 9/18/2014 8:06:47 AM - System Checkpoint
    RP1558: 9/19/2014 8:36:52 AM - System Checkpoint
    RP1559: 9/20/2014 9:42:24 AM - System Checkpoint
    RP1560: 9/21/2014 9:59:52 AM - System Checkpoint
    RP1561: 9/22/2014 10:35:54 AM - System Checkpoint
    RP1562: 9/23/2014 11:35:50 AM - System Checkpoint
    RP1563: 9/24/2014 12:08:25 PM - System Checkpoint
    RP1564: 9/25/2014 1:08:03 PM - System Checkpoint
    RP1565: 9/26/2014 1:09:10 PM - System Checkpoint
    RP1566: 9/27/2014 2:08:02 PM - System Checkpoint
    RP1567: 9/28/2014 2:22:24 PM - System Checkpoint
    RP1568: 9/29/2014 3:26:53 PM - System Checkpoint
    RP1569: 9/30/2014 3:53:27 PM - System Checkpoint
    RP1570: 10/1/2014 4:03:43 PM - System Checkpoint
    RP1571: 10/2/2014 5:03:45 PM - System Checkpoint
    RP1572: 10/3/2014 6:03:41 PM - System Checkpoint
    RP1573: 10/4/2014 7:30:48 PM - System Checkpoint
    RP1574: 10/5/2014 7:38:11 PM - System Checkpoint
    RP1575: 10/6/2014 7:57:25 PM - System Checkpoint
    RP1576: 10/7/2014 9:33:06 PM - System Checkpoint
    RP1577: 10/8/2014 11:01:23 PM - System Checkpoint
    RP1578: 10/9/2014 11:56:24 PM - System Checkpoint
    RP1579: 10/11/2014 12:55:25 AM - System Checkpoint
    RP1580: 10/12/2014 1:52:03 AM - System Checkpoint
    RP1581: 10/13/2014 2:52:02 AM - System Checkpoint
    RP1582: 10/14/2014 3:51:24 AM - System Checkpoint
    RP1583: 10/15/2014 3:00:25 AM - Software Distribution Service 3.0
    RP1584: 10/16/2014 3:50:18 AM - System Checkpoint
    RP1585: 10/17/2014 4:50:21 AM - System Checkpoint
    RP1586: 10/18/2014 5:50:15 AM - System Checkpoint
    RP1587: 10/19/2014 6:50:15 AM - System Checkpoint
    RP1588: 10/20/2014 7:50:15 AM - System Checkpoint
    RP1589: 10/21/2014 8:49:20 AM - System Checkpoint
    RP1590: 10/22/2014 9:49:16 AM - System Checkpoint
    RP1591: 10/23/2014 10:49:21 AM - System Checkpoint
    RP1592: 10/24/2014 12:08:11 PM - System Checkpoint
    RP1593: 10/25/2014 12:49:17 PM - System Checkpoint
    RP1594: 10/26/2014 1:50:26 PM - System Checkpoint
    RP1595: 10/27/2014 3:47:24 PM - System Checkpoint
    RP1596: 10/28/2014 4:13:45 PM - System Checkpoint
    RP1597: 10/29/2014 6:22:31 PM - System Checkpoint
    RP1598: 10/30/2014 8:06:53 PM - System Checkpoint
    RP1599: 10/31/2014 9:10:41 PM - System Checkpoint
    RP1600: 11/1/2014 9:22:58 PM - System Checkpoint
    RP1601: 11/2/2014 9:21:15 PM - System Checkpoint
    RP1602: 11/3/2014 10:03:18 PM - System Checkpoint
    RP1603: 11/4/2014 11:01:24 PM - System Checkpoint
    RP1604: 11/6/2014 12:06:17 AM - System Checkpoint
    RP1605: 11/7/2014 12:32:11 AM - System Checkpoint
    RP1606: 11/8/2014 1:16:51 AM - System Checkpoint
    RP1607: 11/9/2014 2:13:21 AM - System Checkpoint
    RP1608: 11/10/2014 3:13:20 AM - System Checkpoint
    RP1609: 11/11/2014 4:09:07 AM - System Checkpoint
    RP1610: 11/12/2014 3:00:26 AM - Software Distribution Service 3.0
    RP1611: 11/13/2014 3:05:18 AM - System Checkpoint
    RP1612: 11/14/2014 3:57:08 AM - System Checkpoint
    RP1613: 11/15/2014 4:48:01 AM - System Checkpoint
    RP1614: 11/16/2014 5:44:35 AM - System Checkpoint
    RP1615: 11/17/2014 6:44:32 AM - System Checkpoint
    RP1616: 11/18/2014 7:44:34 AM - System Checkpoint
    RP1617: 11/19/2014 8:00:58 AM - System Checkpoint
    RP1618: 11/20/2014 8:23:24 AM - System Checkpoint
    RP1619: 11/21/2014 8:37:48 AM - System Checkpoint
    RP1620: 11/22/2014 9:09:48 AM - System Checkpoint
    RP1621: 11/23/2014 9:14:13 AM - System Checkpoint
    RP1622: 11/24/2014 9:15:27 AM - System Checkpoint
    RP1623: 11/25/2014 10:10:07 AM - System Checkpoint
    RP1624: 11/26/2014 10:52:19 AM - System Checkpoint
    RP1625: 11/27/2014 11:27:37 AM - System Checkpoint
    RP1626: 11/28/2014 12:03:39 PM - System Checkpoint
    RP1627: 11/29/2014 12:30:10 PM - System Checkpoint
    RP1628: 11/30/2014 2:02:10 PM - System Checkpoint
    RP1629: 12/1/2014 2:26:34 PM - System Checkpoint
    RP1630: 12/2/2014 3:57:14 PM - System Checkpoint
    RP1631: 12/3/2014 4:06:21 PM - System Checkpoint
    RP1632: 12/4/2014 5:58:14 PM - System Checkpoint
    RP1633: 12/5/2014 6:06:20 PM - System Checkpoint
    RP1634: 12/6/2014 6:07:25 PM - System Checkpoint
    RP1635: 12/7/2014 6:40:08 PM - System Checkpoint
    RP1636: 12/8/2014 7:02:56 PM - System Checkpoint
    RP1637: 12/8/2014 8:02:53 PM - Restore Operation
    RP1638: 12/8/2014 8:07:51 PM - Restore Operation
    RP1639: 12/8/2014 8:13:42 PM - Restore Operation
    RP1640: 12/8/2014 8:23:48 PM - Restore Operation
    RP1641: 12/9/2014 9:29:55 PM - System Checkpoint
    RP1642: 12/10/2014 3:00:21 AM - Software Distribution Service 3.0
    .
    ==== Installed Programs ======================
    .
    32 Bit HP CIO Components Installer
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 15 ActiveX
    Adobe Reader 9
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AVG 2013
    AVG 2014
    AVG SafeGuard toolbar
    Bonjour
    BufferChm
    Compatibility Pack for the 2007 Office system
    Copy
    Coupon Printer for Windows
    CustomerResearchQFolder
    Destination Component
    DeviceDiscovery
    DeviceManagementQFolder
    DJ_AIO_03_F2200_ProductContext
    DJ_AIO_03_F2200_Software
    DJ_AIO_03_F2200_Software_Min
    eSupportQFolder
    F2200
    F2200_Help
    Google Chrome
    Google Update Helper
    GPBaseService
    GradeQuick Web Plugin
    High Definition Audio Driver Package - KB835221
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB2756822)
    Hotfix for Windows XP (KB2779562)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Customer Participation Program 10.0
    HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3
    HP Imaging Device Functions 10.0
    HP Photosmart Essential 2.5
    HP Smart Web Printing
    HP Solution Center 10.0
    HP Update
    HPProductAssistant
    HPSSupply
    Intel(R) PROSet/Wireless Software
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 37
    Malwarebytes Anti-Malware version 2.0.4.1028
    MarketResearch
    mDriver
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2698023)
    Microsoft .NET Framework 1.1 Security Update (KB2833941)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Default Manager
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office File Validation Add-In
    Microsoft Office Professional Edition 2003
    Microsoft Search Enhancement Pack
    Microsoft Security Client
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    MSN Toolbar Platform
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    OpenMG Limited Patch 4.7-07-14-05-01
    OpenMG Secure Module 4.7.00
    PowerDVD
    PSSWCORE
    QuickTime
    Realtek High Definition Audio Driver
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Drag-to-Disc
    Roxio Express Labeler
    Roxio Update Manager
    RuneScape Launcher 1.0.4
    Scan
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 7 (KB2183461)
    Security Update for Windows Internet Explorer 7 (KB2360131)
    Security Update for Windows Internet Explorer 7 (KB2482017)
    Security Update for Windows Internet Explorer 7 (KB2530548)
    Security Update for Windows Internet Explorer 7 (KB2544521)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Internet Explorer 7 (KB982381)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB2647516)
    Security Update for Windows Internet Explorer 8 (KB2675157)
    Security Update for Windows Internet Explorer 8 (KB2699988)
    Security Update for Windows Internet Explorer 8 (KB2722913)
    Security Update for Windows Internet Explorer 8 (KB2744842)
    Security Update for Windows Internet Explorer 8 (KB2761465)
    Security Update for Windows Internet Explorer 8 (KB2792100)
    Security Update for Windows Internet Explorer 8 (KB2797052)
    Security Update for Windows Internet Explorer 8 (KB2799329)
    Security Update for Windows Internet Explorer 8 (KB2809289)
    Security Update for Windows Internet Explorer 8 (KB2817183)
    Security Update for Windows Internet Explorer 8 (KB2829530)
    Security Update for Windows Internet Explorer 8 (KB2838727)
    Security Update for Windows Internet Explorer 8 (KB2846071)
    Security Update for Windows Internet Explorer 8 (KB2847204)
    Security Update for Windows Internet Explorer 8 (KB2862772)
    Security Update for Windows Internet Explorer 8 (KB2870699)
    Security Update for Windows Internet Explorer 8 (KB2879017)
    Security Update for Windows Internet Explorer 8 (KB2888505)
    Security Update for Windows Internet Explorer 8 (KB2898785)
    Security Update for Windows Internet Explorer 8 (KB2909210)
    Security Update for Windows Internet Explorer 8 (KB2909921)
    Security Update for Windows Internet Explorer 8 (KB2925418)
    Security Update for Windows Internet Explorer 8 (KB2936068)
    Security Update for Windows Internet Explorer 8 (KB2964358)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB2834904-v2)
    Security Update for Windows Media Player (KB2834904)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Search 4 - KB963093
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2621440)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB2641653)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2647518)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2660465)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2685939)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2695962)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2705219)
    Security Update for Windows XP (KB2707511)
    Security Update for Windows XP (KB2709162)
    Security Update for Windows XP (KB2712808)
    Security Update for Windows XP (KB2718523)
    Security Update for Windows XP (KB2719985)
    Security Update for Windows XP (KB2723135)
    Security Update for Windows XP (KB2724197)
    Security Update for Windows XP (KB2727528)
    Security Update for Windows XP (KB2731847)
    Security Update for Windows XP (KB2753842-v2)
    Security Update for Windows XP (KB2753842)
    Security Update for Windows XP (KB2757638)
    Security Update for Windows XP (KB2758857)
    Security Update for Windows XP (KB2761226)
    Security Update for Windows XP (KB2770660)
    Security Update for Windows XP (KB2778344)
    Security Update for Windows XP (KB2779030)
    Security Update for Windows XP (KB2780091)
    Security Update for Windows XP (KB2799494)
    Security Update for Windows XP (KB2802968)
    Security Update for Windows XP (KB2807986)
    Security Update for Windows XP (KB2808735)
    Security Update for Windows XP (KB2813170)
    Security Update for Windows XP (KB2813345)
    Security Update for Windows XP (KB2820197)
    Security Update for Windows XP (KB2820917)
    Security Update for Windows XP (KB2829361)
    Security Update for Windows XP (KB2834886)
    Security Update for Windows XP (KB2839229)
    Security Update for Windows XP (KB2845187)
    Security Update for Windows XP (KB2847311)
    Security Update for Windows XP (KB2849470)
    Security Update for Windows XP (KB2850851)
    Security Update for Windows XP (KB2850869)
    Security Update for Windows XP (KB2859537)
    Security Update for Windows XP (KB2862152)
    Security Update for Windows XP (KB2862330)
    Security Update for Windows XP (KB2862335)
    Security Update for Windows XP (KB2864063)
    Security Update for Windows XP (KB2868038)
    Security Update for Windows XP (KB2868626)
    Security Update for Windows XP (KB2876217)
    Security Update for Windows XP (KB2876315)
    Security Update for Windows XP (KB2876331)
    Security Update for Windows XP (KB2883150)
    Security Update for Windows XP (KB2892075)
    Security Update for Windows XP (KB2893294)
    Security Update for Windows XP (KB2893984)
    Security Update for Windows XP (KB2898715)
    Security Update for Windows XP (KB2900986)
    Security Update for Windows XP (KB2914368)
    Security Update for Windows XP (KB2916036)
    Security Update for Windows XP (KB2922229)
    Security Update for Windows XP (KB2929961)
    Security Update for Windows XP (KB2930275)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956390)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Shop for HP Supplies
    SmartWebPrintingOC
    Soft Data Fax Modem with SmartCP
    SolutionCenter
    Sonic Activation Module
    Status
    SUPERAntiSpyware
    Toolbox
    TrayApp
    Tweak UI
    UnloadSupport
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 7 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB2661254-v2)
    Update for Windows XP (KB2718704)
    Update for Windows XP (KB2736233)
    Update for Windows XP (KB2749655)
    Update for Windows XP (KB2863058)
    Update for Windows XP (KB2904266)
    Update for Windows XP (KB2934207)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VideoToolkit01
    Visual Studio 2012 x86 Redistributables
    VLC media player 2.0.2
    WebFldrs XP
    WebReg
    Windows Driver Package - Intel Corporation (ialm) Display (03/23/2006 6.14.10.4543)
    Windows Driver Package - Marvell (yukonwxp) Net (05/23/2006 8.56.1.3)
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live ID Sign-in Assistant
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Search 4.0
    Windows XP Service Pack 3
    WinRAR archiver
    .
    ==== Event Viewer Messages From Past Week ========
    .
    12/8/2014 8:31:37 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.
    12/8/2014 8:31:37 PM, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/8/2014 8:31:37 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    12/8/2014 8:30:14 PM, error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
    12/8/2014 8:22:19 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    12/8/2014 8:21:59 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgdiskx AVGIDSDriverl AVGIDSShim Avgldx86 Avgtdix DMICall Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip Tosrfcom
    12/8/2014 8:21:59 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    12/8/2014 8:21:59 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    12/8/2014 8:21:59 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    12/8/2014 8:21:59 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    12/8/2014 8:21:59 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    12/8/2014 8:21:59 PM, error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriverl service which failed to start because of the following error: A device attached to the system is not functioning.
    12/8/2014 8:21:59 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    12/8/2014 8:21:54 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    12/7/2014 5:09:45 PM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
    12/7/2014 5:08:09 PM, error: Service Control Manager [7000] - The SeaPort service failed to start due to the following error: The system cannot find the path specified.
    12/7/2014 5:08:09 PM, error: Service Control Manager [7000] - The Microsoft Antimalware Service service failed to start due to the following error: The file can not be accessed by the system.
    12/7/2014 5:07:40 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    12/10/2014 10:26:00 PM, error: DCOM [10000] - Unable to start a DCOM Server: {C2BFE331-6739-4270-86C9-493D9A04CD38}. The error: "%2" Happened while starting this command: C:\WINDOWS\system32\igfxsrvc.exe -Embedding
    12/10/2014 10:26:00 PM, error: DCOM [10000] - Unable to start a DCOM Server: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}. The error: "%2" Happened while starting this command: C:\WINDOWS\system32\igfxsrvc.exe -Embedding
    .
    ==== End Of File ===========================
     
  4. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    [​IMG] You're running two AV programs. AVG and MSE.
    You must uninstall one of them.
    If AVG use AVG Remover: http://www.avg.com/us-en/utilities

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download [​IMG] Malwarebytes Anti-Rootkit to your desktop.
    • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
    • Double click on downloaded file. OK self extracting prompt.
    • MBAR will start. Click "Next" to continue.
    • Click in the following screen "Update" to obtain the latest malware definitions.
    • Once the update is complete select "Next" and click "Scan".
    • When the scan is finished and no malware has been found select "Exit".
    • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
    • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
      • "mbar-log-{date} (xx-xx-xx).txt"
      • "system-log.txt"
    NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.
     
  5. jc3palm

    jc3palm TS Rookie Topic Starter Posts: 16

    Before I can proceed I cannot find in add remove programs mse, I tried to locate the directory as well and cannot find it anywhere. How can I remove it, I didn't even know I had it
    thank in advance!
     
  6. jc3palm

    jc3palm TS Rookie Topic Starter Posts: 16

    I couldn't delete mse, so I deleted avg instead then ran roguekiller, here is my log:

    RogueKiller V10.1.0.0 [Dec 11 2014] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : Chari [Administrator]
    Mode : Delete -- Date : 12/11/2014 15:20:11

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 11 ¤¤¤
    [PUP] HKEY_CLASSES_ROOT\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237} -> Not selected
    [PUP] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} -> Not selected
    [PUP] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -> Not selected
    [PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} -> Not selected
    [PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | vProt : "C:\Program Files\AVG SafeGuard toolbar\vprot.exe" -> Not selected
    [PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\vToolbarUpdater18.1.9 (C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe) -> Not selected
    [PUP] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\vToolbarUpdater18.1.9 (C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe) -> Not selected
    [PUP] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\vToolbarUpdater18.1.9 (C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe) -> Not selected
    [PUM.HomePage] HKEY_USERS\S-1-5-21-1715567821-789336058-1801674531-1006\Software\Microsoft\Internet Explorer\Main | Start Page : http://Vosteran.com/?f=1&a=vst_ggfc...tG0A0B0CyE0D0F0D0F0E0AyEtB2Q&cr=613758646&ir= -> Not selected
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8DE18CDA-541D-4DBF-8189-6BC55B4C82D8} | DhcpNameServer : 188.229.88.7 [(Unknown Country?) (XX)] -> Not selected
    [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 1 ¤¤¤
    [C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 localhost

    ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: FUJITSU MHZ2120BH G2 +++++
    --- User ---
    [MBR] 83305af74ae048be98873779db10a0d7
    [BSP] 87f1387452b7aa44bd0d16fa12642f3a : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 114470 MB
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: MemoryStick0 Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! ([1] Incorrect function. )
    Error reading LL2 MBR! ([1] Incorrect function. )

    +++++ PhysicalDrive2: SD1 Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! ([1] Incorrect function. )
    Error reading LL2 MBR! ([1] Incorrect function. )


    ============================================
    RKreport_DEL_12112014_145741.log - RKreport_SCN_12112014_145637.log - RKreport_SCN_12112014_151947.log

    Log from malware rootkit-mbar log:
    alwarebytes Anti-Rootkit BETA 1.08.2.1001
    www.malwarebytes.org

    Database version: v2014.12.11.06

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Chari :: CHARID [administrator]

    12/11/2014 3:33:06 PM
    mbar-log-2014-12-11 (15-33-06).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 354306
    Time elapsed: 33 minute(s), 26 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 5
    C:\Documents and Settings\All Users\Application Data\412301046 (Rogue.Multiple) -> Delete on reboot. [99f9d0914c30dd5902b7ee1c42c114ec]
    C:\RECYCLER\S-1-5-18\$47b7a9efdccb02aed8335325eb356996\U (Trojan.Siredef.C) -> Delete on reboot. [f9995b061567d85e9a631ee25ca40bf5]
    C:\RECYCLER\S-1-5-18\$47b7a9efdccb02aed8335325eb356996\L (Trojan.Siredef.C) -> Delete on reboot. [8d05342d6319999df50aa25e09f74eb2]
    C:\RECYCLER\S-1-5-18\$47b7a9efdccb02aed8335325eb356996 (Trojan.Siredef.C) -> Delete on reboot. [d8ba540d0e6e1f17b050679adc24a25e]
    C:\RECYCLER\S-1-5-21-1715567821-789336058-1801674531-1006\$47b7a9efdccb02aed8335325eb356996 (Trojan.Siredef.C) -> Delete on reboot. [e9a99fc21c601f171ee2ae5360a0ca36]

    Files Detected: 7
    C:\RECYCLER\S-1-5-18\$47b7a9efdccb02aed8335325eb356996\@ (Trojan.Siredef.C) -> Delete on reboot. [dcb6451c85f73bfb26d41ce4f907ca36]
    C:\RECYCLER\S-1-5-21-1715567821-789336058-1801674531-1006\$47b7a9efdccb02aed8335325eb356996\@ (Trojan.Siredef.C) -> Delete on reboot. [3b57b7aa90ecf83ee911fa06a15fea16]
    C:\RECYCLER\S-1-5-18\$47b7a9efdccb02aed8335325eb356996\L\00000004.@ (Trojan.Siredef.C) -> Delete on reboot. [f59d74ed9fdde74fdc1c26da24dca55b]
    C:\RECYCLER\S-1-5-18\$47b7a9efdccb02aed8335325eb356996\L\201d3dde (Trojan.Siredef.C) -> Delete on reboot. [454db7aa2a523402ce2a000030d054ac]
    C:\RECYCLER\S-1-5-18\$47b7a9efdccb02aed8335325eb356996\L\6715e287 (Trojan.Siredef.C) -> Delete on reboot. [3959d190225abd796e8a60a0827e2ad6]
    C:\RECYCLER\S-1-5-18\$47b7a9efdccb02aed8335325eb356996\L\76603ac3 (Trojan.Siredef.C) -> Delete on reboot. [98fadf82d6a667cf42b60af68b755da3]
    C:\Documents and Settings\All Users\Application Data\412301046\BITD0.tmp (Rogue.Multiple) -> Delete on reboot. [99f9d0914c30dd5902b7ee1c42c114ec]

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)

    Log from system log:
    Malwarebytes Anti-Rootkit BETA 1.08.2.1001

    (c) Malwarebytes Corporation 2011-2012

    OS version: 5.1.2600 Windows XP Service Pack 3 x86

    Account is Administrative

    Internet Explorer version: 8.0.6001.18702

    Java version: 1.6.0_37

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 1.995000 GHz
    Memory total: 2137108480, free: 941928448

    Could not load protection driver
    Downloaded database version: v2014.12.11.06
    Downloaded database version: v2014.12.08.03
    Downloaded database version: v2014.12.06.01
    =======================================
    Initializing...
    ------------ Kernel report ------------
    12/11/2014 15:32:20
    ------------ Loaded modules -----------
    \WINDOWS\system32\ntkrnlpa.exe
    \WINDOWS\system32\hal.dll
    \WINDOWS\system32\KDCOM.DLL
    \WINDOWS\system32\BOOTVID.dll
    ACPI.sys
    \WINDOWS\system32\DRIVERS\WMILIB.SYS
    pci.sys
    isapnp.sys
    ohci1394.sys
    \WINDOWS\system32\DRIVERS\1394BUS.SYS
    compbatt.sys
    \WINDOWS\system32\DRIVERS\BATTC.SYS
    pciide.sys
    \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    pcmcia.sys
    MountMgr.sys
    ftdisk.sys
    ACPIEC.sys
    \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
    PartMgr.sys
    VolSnap.sys
    atapi.sys
    disk.sys
    \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    fltmgr.sys
    sr.sys
    MpFilter.sys
    DRVMCDB.SYS
    PxHelp20.sys
    KSecDD.sys
    Ntfs.sys
    NDIS.sys
    Mup.sys
    \SystemRoot\system32\DRIVERS\nic1394.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\NETw3x32.sys
    \SystemRoot\system32\DRIVERS\usbuhci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\drivers\ti21sony.sys
    \SystemRoot\system32\DRIVERS\SonyNC.sys
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\Apfiltr.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\imapi.sys
    \SystemRoot\System32\Drivers\DLACDBHM.SYS
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\system32\DRIVERS\redbook.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    \SystemRoot\System32\Drivers\tosrfcom.sys
    \SystemRoot\system32\DRIVERS\audstub.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\DRIVERS\psched.sys
    \SystemRoot\system32\DRIVERS\msgpc.sys
    \SystemRoot\system32\DRIVERS\ptilink.sys
    \SystemRoot\system32\DRIVERS\raspti.sys
    \SystemRoot\system32\DRIVERS\rdpdr.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\update.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\system32\DRIVERS\tosporte.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\RtkHDAud.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
    \SystemRoot\system32\DRIVERS\HSF_DPV.sys
    \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
    \SystemRoot\System32\Drivers\Modem.SYS
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\System32\Drivers\Fs_Rec.SYS
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\Drivers\DLARTL_M.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\Drivers\mnmdd.SYS
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\rasacd.sys
    \SystemRoot\system32\DRIVERS\ipsec.sys
    \SystemRoot\system32\DRIVERS\tcpip.sys
    \SystemRoot\system32\DRIVERS\ipnat.sys
    \SystemRoot\system32\DRIVERS\netbt.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\System32\drivers\afd.sys
    \SystemRoot\system32\DRIVERS\arp1394.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\System32\Drivers\Fips.SYS
    \SystemRoot\system32\DRIVERS\DMICall.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\usbscan.sys
    \SystemRoot\system32\DRIVERS\usbprint.sys
    \SystemRoot\system32\DRIVERS\HPZius12.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\HPZid412.sys
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\HPZipr12.sys
    \SystemRoot\System32\Drivers\tosrfusb.sys
    \SystemRoot\System32\Drivers\tosrfbd.sys
    \SystemRoot\system32\DRIVERS\Tosrfhid.sys
    \SystemRoot\System32\Drivers\Cdfs.SYS
    \SystemRoot\System32\Drivers\dump_atapi.sys
    \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\watchdog.sys
    \SystemRoot\System32\drivers\dxg.sys
    \SystemRoot\System32\drivers\dxgthk.sys
    \SystemRoot\System32\framebuf.dll
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\System32\Drivers\DRVNDDM.SYS
    \SystemRoot\System32\DLA\DLADResM.SYS
    \SystemRoot\System32\DLA\DLAIFS_M.SYS
    \SystemRoot\System32\DLA\DLAOPIOM.SYS
    \SystemRoot\System32\DLA\DLAPoolM.SYS
    \SystemRoot\System32\DLA\DLABMFSM.SYS
    \SystemRoot\System32\DLA\DLABOIOM.SYS
    \SystemRoot\System32\DLA\DLAUDFAM.SYS
    \SystemRoot\System32\DLA\DLAUDF_M.SYS
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\drivers\wdmaud.sys
    \SystemRoot\system32\drivers\sysaudio.sys
    \SystemRoot\system32\DRIVERS\mrxdav.sys
    \SystemRoot\system32\DRIVERS\srv.sys
    \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    \SystemRoot\System32\Drivers\TDTCP.SYS
    \SystemRoot\System32\Drivers\RDPWD.SYS
    \SystemRoot\System32\Drivers\HTTP.sys
    \SystemRoot\system32\drivers\kmixer.sys
    \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
    \WINDOWS\system32\ntdll.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk2\DR3
    Upper Device Object: 0xffffffff89cf7540
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\00000086\
    Lower Device Object: 0xffffffff89d00c70
    Lower Device Driver Name: \Driver\ti21sony\
    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR2
    Upper Device Object: 0xffffffff89cf7ab8
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\00000085\
    Lower Device Object: 0xffffffff89d01c70
    Lower Device Driver Name: \Driver\ti21sony\
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xffffffff8a978ab8
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-e\
    Lower Device Object: 0xffffffff8a97dd98
    Lower Device Driver Name: \Driver\atapi\
    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffffff8a978ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff8a928a70, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff8a978ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff8a97b1f8, DeviceName: \Device\0000007e\, DriverName: \Driver\ACPI\
    DevicePointer: 0xffffffff8a97dd98, DeviceName: \Device\Ide\IdeDeviceP1T0L0-e\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    Done!
    Drive 0
    This is a System drive
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 70077007

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63 Numsec = 234436482
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 120034123776 bytes
    Sector size: 512 bytes

    Done!
    Physical Sector Size: 0
    Drive: 1, DevicePointer: 0xffffffff89cf7ab8, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff89cfb020, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff89cf7ab8, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff89d01c70, DeviceName: \Device\00000085\, DriverName: \Driver\ti21sony\
    ------------ End ----------
    Physical Sector Size: 0
    Drive: 2, DevicePointer: 0xffffffff89cf7540, DeviceName: \Device\Harddisk2\DR3\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff8a659a78, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff89cf7540, DeviceName: \Device\Harddisk2\DR3\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff89d00c70, DeviceName: \Device\00000086\, DriverName: \Driver\ti21sony\
    ------------ End ----------
    File "C:\Documents and Settings\Chari\Application Data\Microsoft\Templates\Normal.dot" is compressed (flags = 1)
    Infected: C:\RECYCLER\S-1-5-18\$47b7a9efdccb02aed8335325eb356996\@ --> [Trojan.Siredef.C]
    Infected: C:\RECYCLER\S-1-5-21-1715567821-789336058-1801674531-1006\$47b7a9efdccb02aed8335325eb356996\@ --> [Trojan.Siredef.C]
    File "C:\Documents and Settings\Chari\Cookies\index.dat" is compressed (flags = 1)
    File "C:\Documents and Settings\LocalService\Cookies\index.dat" is compressed (flags = 1)
    File "C:\Documents and Settings\Chari\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
    File "C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
    Infected: C:\RECYCLER\S-1-5-18\$47b7a9efdccb02aed8335325eb356996\L\00000004.@ --> [Trojan.Siredef.C]
    Infected: C:\RECYCLER\S-1-5-18\$47b7a9efdccb02aed8335325eb356996\L\201d3dde --> [Trojan.Siredef.C]
    Infected: C:\RECYCLER\S-1-5-18\$47b7a9efdccb02aed8335325eb356996\L\6715e287 --> [Trojan.Siredef.C]
    Infected: C:\RECYCLER\S-1-5-18\$47b7a9efdccb02aed8335325eb356996\L\76603ac3 --> [Trojan.Siredef.C]
    File "C:\WINDOWS\$NtUninstallKB973354$\msoe.dll" is compressed (flags = 1)
    Infected: C:\Documents and Settings\All Users\Application Data\412301046 --> [Rogue.Multiple]
    Infected: C:\Documents and Settings\All Users\Application Data\412301046\BITD0.tmp --> [Rogue.Multiple]
    Infected: C:\RECYCLER\S-1-5-18\$47b7a9efdccb02aed8335325eb356996\U --> [Trojan.Siredef.C]
    Infected: C:\RECYCLER\S-1-5-18\$47b7a9efdccb02aed8335325eb356996\L --> [Trojan.Siredef.C]
    Infected: C:\RECYCLER\S-1-5-18\$47b7a9efdccb02aed8335325eb356996 --> [Trojan.Siredef.C]
    Infected: C:\RECYCLER\S-1-5-21-1715567821-789336058-1801674531-1006\$47b7a9efdccb02aed8335325eb356996 --> [Trojan.Siredef.C]
    Scan finished
    Creating System Restore point...
    Cleaning up...
    Executing an action fixdamage.exe...
    Success!
    Queuing an action fixdamage.exe
    Removal scheduling successful. System shutdown needed.
    System shutdown occurred
    =======================================


    Removal queue found; removal started
    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-0-0-63-I.mbam...
    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removal finished
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.08.2.1001

    (c) Malwarebytes Corporation 2011-2012

    OS version: 5.1.2600 Windows XP Service Pack 3 x86

    Account is Administrative

    Internet Explorer version: 8.0.6001.18702

    Java version: 1.6.0_37

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 1.995000 GHz
    Memory total: 2137108480, free: 1302515712

    Could not load protection driver
    =======================================

    Hope I did this all correctly, thanks again for your help!
     
  7. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Good :)

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  8. jc3palm

    jc3palm TS Rookie Topic Starter Posts: 16

    When I started to run combofix it said that I had microsoft essentials running I have no icon anywhere to disable the program from running, please advise..I may not be able to do this till tomorrow thanks again for all your help:)
     
  9. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Disregard that warning.
     
  10. jc3palm

    jc3palm TS Rookie Topic Starter Posts: 16

    Ok thanks will disregard that...I have something I have to do tonight although I wish I could sit here until this is finished, I may have to do it tomorrow :'(
     
  11. Broni

    Broni Malware Annihilator Posts: 52,884   +344

  12. jc3palm

    jc3palm TS Rookie Topic Starter Posts: 16

    Hi..here is the Combofix log:

    ComboFix 14-12-10.03 - Chari 12/12/2014 14:52:43.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1227 [GMT -5:00]
    Running from: c:\documents and settings\Chari\My Documents\Downloads\ComboFix.exe
    AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\DragToDiscUserNameD.txt
    c:\documents and settings\Chari\My Documents\~WRL0087.tmp
    c:\documents and settings\Chari\My Documents\~WRL1407.tmp
    c:\documents and settings\Chari\My Documents\~WRL1996.tmp
    c:\documents and settings\Chari\My Documents\~WRL3252.tmp
    c:\documents and settings\Chari\My Documents\~WRL3399.tmp
    c:\documents and settings\Chari\My Documents\~WRL3577.tmp
    c:\documents and settings\Chari\My Documents\~WRL3613.tmp
    c:\windows\system32\Cache
    c:\windows\system32\Cache\075884af680ff6dc.fb
    c:\windows\system32\Cache\09f7a093811e9c6f.fb
    c:\windows\system32\Cache\13bafb37e81e18ed.fb
    c:\windows\system32\Cache\227113dfa1ca894d.fb
    c:\windows\system32\Cache\25fb75fbe330c89f.fb
    c:\windows\system32\Cache\34351c9da9b82bca.fb
    c:\windows\system32\Cache\36cffae8110b153b.fb
    c:\windows\system32\Cache\3a49029a61677590.fb
    c:\windows\system32\Cache\49fbbc5a8678d502.fb
    c:\windows\system32\Cache\5c54eb1a1655b076.fb
    c:\windows\system32\Cache\613e8ce7ab7106af.fb
    c:\windows\system32\Cache\633a76311867bd11.fb
    c:\windows\system32\Cache\691f14230153a9e1.fb
    c:\windows\system32\Cache\6cb409d7ac73d9f1.fb
    c:\windows\system32\Cache\7614bd6cfa99e546.fb
    c:\windows\system32\Cache\77664b6ccc36be9f.fb
    c:\windows\system32\Cache\799d98d20b395d24.fb
    c:\windows\system32\Cache\7b501ec35531bbf8.fb
    c:\windows\system32\Cache\7bccf226b8e51198.fb
    c:\windows\system32\Cache\881b3593316772f0.fb
    c:\windows\system32\Cache\98657d0579ae1930.fb
    c:\windows\system32\Cache\9c727328195d2f78.fb
    c:\windows\system32\Cache\a58e55135028105c.fb
    c:\windows\system32\Cache\a8fbcd66d29a51c5.fb
    c:\windows\system32\Cache\c4e10d1be905349b.fb
    c:\windows\system32\Cache\d5c0f4e7bbe35bf3.fb
    c:\windows\system32\Cache\d6a8262d9f289965.fb
    c:\windows\system32\Cache\d9ca663388d21ec0.fb
    c:\windows\system32\Cache\f2cda51fd108941f.fb
    c:\windows\system32\Cache\f34d8db84131d925.fb
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-11-12 to 2014-12-12 )))))))))))))))))))))))))))))))
    .
     
  13. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    The log is incomplete.
    Post complete log: "C:\ComboFix.txt"
     
  14. jc3palm

    jc3palm TS Rookie Topic Starter Posts: 16

    Sorry I don't know how I messed that up, here is hopefully completed log:

    ComboFix 14-12-10.03 - Chari 12/12/2014 14:52:43.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1227 [GMT -5:00]
    Running from: c:\documents and settings\Chari\My Documents\Downloads\ComboFix.exe
    AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\DragToDiscUserNameD.txt
    c:\documents and settings\Chari\My Documents\~WRL0087.tmp
    c:\documents and settings\Chari\My Documents\~WRL1407.tmp
    c:\documents and settings\Chari\My Documents\~WRL1996.tmp
    c:\documents and settings\Chari\My Documents\~WRL3252.tmp
    c:\documents and settings\Chari\My Documents\~WRL3399.tmp
    c:\documents and settings\Chari\My Documents\~WRL3577.tmp
    c:\documents and settings\Chari\My Documents\~WRL3613.tmp
    c:\windows\system32\Cache
    c:\windows\system32\Cache\075884af680ff6dc.fb
    c:\windows\system32\Cache\09f7a093811e9c6f.fb
    c:\windows\system32\Cache\13bafb37e81e18ed.fb
    c:\windows\system32\Cache\227113dfa1ca894d.fb
    c:\windows\system32\Cache\25fb75fbe330c89f.fb
    c:\windows\system32\Cache\34351c9da9b82bca.fb
    c:\windows\system32\Cache\36cffae8110b153b.fb
    c:\windows\system32\Cache\3a49029a61677590.fb
    c:\windows\system32\Cache\49fbbc5a8678d502.fb
    c:\windows\system32\Cache\5c54eb1a1655b076.fb
    c:\windows\system32\Cache\613e8ce7ab7106af.fb
    c:\windows\system32\Cache\633a76311867bd11.fb
    c:\windows\system32\Cache\691f14230153a9e1.fb
    c:\windows\system32\Cache\6cb409d7ac73d9f1.fb
    c:\windows\system32\Cache\7614bd6cfa99e546.fb
    c:\windows\system32\Cache\77664b6ccc36be9f.fb
    c:\windows\system32\Cache\799d98d20b395d24.fb
    c:\windows\system32\Cache\7b501ec35531bbf8.fb
    c:\windows\system32\Cache\7bccf226b8e51198.fb
    c:\windows\system32\Cache\881b3593316772f0.fb
    c:\windows\system32\Cache\98657d0579ae1930.fb
    c:\windows\system32\Cache\9c727328195d2f78.fb
    c:\windows\system32\Cache\a58e55135028105c.fb
    c:\windows\system32\Cache\a8fbcd66d29a51c5.fb
    c:\windows\system32\Cache\c4e10d1be905349b.fb
    c:\windows\system32\Cache\d5c0f4e7bbe35bf3.fb
    c:\windows\system32\Cache\d6a8262d9f289965.fb
    c:\windows\system32\Cache\d9ca663388d21ec0.fb
    c:\windows\system32\Cache\f2cda51fd108941f.fb
    c:\windows\system32\Cache\f34d8db84131d925.fb
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-11-12 to 2014-12-12 )))))))))))))))))))))))))))))))
    .
    .
    2014-12-12 00:19 . 2014-12-12 00:19 39464 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FA6011C6-358F-4FB3-8901-CCD2E03702A9}\MpKsld8ffed31.sys
    2014-12-11 20:32 . 2014-12-11 21:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
    2014-12-11 20:31 . 2014-11-02 01:17 8941456 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FA6011C6-358F-4FB3-8901-CCD2E03702A9}\mpengine.dll
    2014-12-11 19:59 . 2013-06-12 04:18 7068072 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2014-12-11 19:50 . 2014-12-11 20:14 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2014-12-11 19:50 . 2014-12-11 19:50 -------- d-----w- c:\documents and settings\All Users\Application Data\RogueKiller
    2014-12-11 19:46 . 2014-12-11 19:46 -------- d-----w- c:\documents and settings\Chari\Application Data\DigitalSites
    2014-12-11 19:46 . 2014-12-11 19:46 -------- d-----w- c:\documents and settings\Chari\Application Data\WSE_Vosteran
    2014-12-11 13:09 . 2014-12-11 13:09 -------- d-----w- c:\windows\system32\wbem\Repository
    2014-12-11 03:20 . 2014-12-12 19:32 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-12-11 03:20 . 2014-12-11 03:20 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
    2014-12-11 03:20 . 2014-11-21 11:14 54360 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-12-11 03:20 . 2014-11-21 11:14 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-12-11 02:22 . 2014-12-11 02:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Avg_Update_1214tb
    2014-12-09 22:17 . 2014-12-09 22:17 -------- d-----w- C:\SUPERDelete
    2014-12-01 14:15 . 2014-12-01 14:15 -------- d-----w- c:\documents and settings\Chari\Local Settings\Application Data\Avg
    2014-12-01 14:15 . 2014-12-01 14:15 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Avg
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-12-10 03:22 . 2012-05-23 10:52 701104 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
    2014-12-10 03:22 . 2011-12-05 22:13 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2014-10-30 11:24 . 2012-12-29 17:02 229000 ------w- c:\windows\system32\MpSigStub.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-17 118784]
    "AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-08-25 53248]
    "RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
    "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-06 43848]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-02-06 152392]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2012-12-28 113024]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Chari^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
    path=c:\documents and settings\Chari\Start Menu\Programs\Startup\LimeWire On Startup.lnk
    backup=c:\windows\pss\LimeWire On Startup.lnkStartup
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
    .
    R1 MpKsld8ffed31;MpKsld8ffed31;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FA6011C6-358F-4FB3-8901-CCD2E03702A9}\MpKsld8ffed31.sys [12/11/2014 7:19 PM 39464]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 1:25 PM 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [5/4/2011 12:54 PM 142648]
    R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [10/20/2008 8:17 AM 808448]
    S2 vToolbarUpdater18.1.9;vToolbarUpdater18.1.9;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe --> c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [?]
    S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [12/10/2014 10:20 PM 54360]
    S3 WinPhlash;WinPhlash;\??\e:\phlashnt.sys --> e:\PHLASHNT.SYS [?]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - MPKSLD8FFED31
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2014-12-09 20:07 1087816 ----a-w- c:\program files\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-12-12 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-23 03:22]
    .
    2014-12-06 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:34]
    .
    2014-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-08-05 16:56]
    .
    2014-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-08-05 16:56]
    .
    2014-12-11 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
    - c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 16:11]
    .
    2014-12-11 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
    - c:\windows\system32\xp_eos.exe [2014-03-18 01:59]
    .
    2014-12-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
    - c:\windows\system32\xp_eos.exe [2014-03-18 01:59]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://Vosteran.com/?f=1&a=vst_ggfc_14_50_ch&cd=2XzuyEtN2Y1L1QzutDtDtCzz0D0E0DyCzz0C0BzytAyEzzyCtN0D0Tzu0StCtDyByDtN1L2XzutAtFyCtFtCtDtFtCtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyB0BzytAyE0B0DzztGtD0FzytCtGyEzztBtDtGyB0CtC0BtGtCtCtDyEzytByE0FyB0EtDyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0D0C0DtC0D0DyEtGyDtB0BtBtGyE0EtDtAtGzyyBzyzztG0A0B0CyE0D0F0D0F0E0AyEtB2Q&cr=613758646&ir=
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
    Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
    HKCU-Run-AVG-Secure-Search-Update_0913a - c:\documents and settings\Chari\Application Data\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe
    HKLM-Run-MSN Toolbar - c:\program files\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe
    HKLM-Run-Microsoft Default Manager - c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
    HKLM-Run-vProt - c:\program files\AVG SafeGuard toolbar\vprot.exe
    MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2014-12-12 14:59
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(796)
    c:\windows\system32\igfxdev.dll
    .
    Completion time: 2014-12-12 15:01:55
    ComboFix-quarantined-files.txt 2014-12-12 20:01
    .
    Pre-Run: 81,523,769,344 bytes free
    Post-Run: 82,636,865,536 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    .
    - - End Of File - - A0289E572863AB20ABE4B4139E7782B3

    .
     
  15. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Looks good.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
     
  16. jc3palm

    jc3palm TS Rookie Topic Starter Posts: 16

    For junkware it says shut down protection software how do I shut mse?
     
  17. jc3palm

    jc3palm TS Rookie Topic Starter Posts: 16

    Never mind I figured how to disable the mse, here is adware cleaner Log:
    # AdwCleaner v4.105 - Report created 13/12/2014 at 00:24:16
    # Updated 08/12/2014 by Xplode
    # Database : 2014-12-12.1 [Live]
    # Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
    # Username : Chari - CHARID
    # Running from : C:\Documents and Settings\Chari\My Documents\Downloads\adwcleaner_4.105.exe
    # Option : Clean

    ***** [ Services ] *****

    [#] Service Deleted : vToolbarUpdater18.1.9

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask
    Folder Deleted : C:\Program Files\Ask.com
    Folder Deleted : C:\Program Files\AVG Security Toolbar
    Folder Deleted : C:\Program Files\BearShare Applications
    Folder Deleted : C:\Program Files\otshot
    Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
    Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\AVG SafeGuard toolbar
    Folder Deleted : C:\Documents and Settings\Administrator\Application Data\24x7 help
    Folder Deleted : C:\Documents and Settings\Administrator\Application Data\AVG SafeGuard toolbar
    Folder Deleted : C:\Documents and Settings\Chari\Local Settings\Application Data\AVG SafeGuard toolbar
    Folder Deleted : C:\Documents and Settings\Chari\Local Settings\Application Data\Conduit
    Folder Deleted : C:\Documents and Settings\Chari\Local Settings\Application Data\PackageAware
    Folder Deleted : C:\Documents and Settings\Chari\Application Data\AVG SafeGuard toolbar
    Folder Deleted : C:\Documents and Settings\Chari\Application Data\DigitalSites
    Folder Deleted : C:\Documents and Settings\Chari\Application Data\WSE_Vosteran
    Folder Deleted : C:\Documents and Settings\Chari\My Documents\Optimizer Pro
    File Deleted : C:\END

    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKCU\Software\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
    Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
    Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
    Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8DCB7100-DF86-4384-8842-8FA844297B3F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8DCB7100-DF86-4384-8842-8FA844297B3F}]
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}
    Key Deleted : HKCU\Software\AVG SafeGuard toolbar
    Key Deleted : HKCU\Software\bearsharemediabartb
    Key Deleted : HKCU\Software\InstallCore
    Key Deleted : HKCU\Software\Optimizer Pro
    Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKLM\SOFTWARE\AVG SafeGuard toolbar
    Key Deleted : HKLM\SOFTWARE\bearsharemediabartb
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Optimizer Pro_is1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WSE_Vosteran
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Coupon Printer for Windows5.0.0.1

    ***** [ Browsers ] *****

    -\\ Internet Explorer v8.0.6001.18702

    Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

    -\\ Google Chrome v39.0.2171.95


    *************************

    AdwCleaner[R0].txt - [7884 octets] - [13/12/2014 00:16:50]
    AdwCleaner[R1].txt - [6000 octets] - [13/12/2014 00:21:58]
    AdwCleaner[S0].txt - [5591 octets] - [13/12/2014 00:24:16]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5651 octets] ##########

    junkware log:

    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.0 (11.29.2014:1)
    OS: Microsoft Windows XP x86
    Ran by Chari on Sat 12/13/2014 at 0:32:13.50
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}



    ~~~ Files

    Successfully deleted: [File] "C:\WINDOWS\wininit.ini"



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Documents and Settings\Chari\Local Settings\Application Data\cre"
    Successfully deleted: [Folder] "C:\Program Files\coupons"



    ~~~ Chrome

    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\cdjbnddbclciabnckgeahmneohjlahdm





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sat 12/13/2014 at 0:34:50.87
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Here is FRST Log:
    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-12-2014
    Ran by Chari (administrator) on CHARID on 13-12-2014 00:38:36
    Running from C:\Documents and Settings\Chari\My Documents\Downloads
    Loaded Profile: Chari (Available profiles: Chari & Administrator)
    Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
    Internet Explorer Version 8
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
    (Roxio) C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
    (InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    (Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
    (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    (Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
    (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [118784 2004-11-17] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [AzMixerSel] => C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [53248 2005-08-25] (Realtek Semiconductor Corp.)
    HKLM\...\Run: [RoxioDragToDisc] => C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe [1116920 2006-08-17] (Roxio)
    HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-07-27] (InstallShield Software Corporation)
    HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-07-27] (InstallShield Software Corporation)
    HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
    HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-10-14] (Hewlett-Packard)
    HKLM\...\Run: [hpqSRMon] => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [80896 2007-08-22] (Hewlett-Packard)
    HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
    HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2012-04-18] (Apple Inc.)
    HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.)
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [947152 2013-01-27] (Microsoft Corporation)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
    HKLM\...\Policies\Explorer: [NoCDBurning] 0
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-1715567821-789336058-1801674531-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-1715567821-789336058-1801674531-1006\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
    BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll No File
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
    BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    Toolbar: HKU\S-1-5-21-1715567821-789336058-1801674531-1006 -> No Name - {A057A204-BACC-4D26-9990-79A187E2698E} - No File
    Toolbar: HKU\S-1-5-21-1715567821-789336058-1801674531-1006 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
    DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
    ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
    ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2012-12-28] (SuperAdBlocker.com)
    Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin: @java.com/DTPlugin,version=1.6.0_37 -> C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @Microsoft.com/NpWinExt,version=4.0 -> C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll No File
    FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-12-06]
    FF HKLM\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\Firefox
    FF HKLM\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
    FF HKLM\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\virtualKeyboard@kaspersky.ru
    FF HKLM\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\linkfilter@kaspersky.ru
    FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
    FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2012-07-09]

    Chrome:
    =======
    CHR HomePage: Default -> https://www.google.com/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8
    CHR StartupUrls: Default -> "https://www.google.com/"
    CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
    CHR Profile: C:\Documents and Settings\Chari\Local Settings\Application Data\Google\Chrome\User Data\Default
    CHR Extension: (Google Drive) - C:\Documents and Settings\Chari\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-01]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Chari\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-12-08] (SUPERAntiSpyware.com)
    R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.) [File not signed]
    R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]
    S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
    R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153584 2012-09-24] (Sun Microsystems, Inc.)
    S3 MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [45056 2006-12-14] (Sony Corporation) [File not signed]
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)
    R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2010-01-18] (Hewlett-Packard) [File not signed]
    S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [57344 2006-12-14] () [File not signed]
    R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2010-01-18] (Hewlett-Packard) [File not signed]
    S3 SPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [69632 2006-12-14] (Sony Corporation) [File not signed]
    S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-09-14] (MicroVision Development, Inc.) [File not signed]
    S2 SeaPort; "C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe" [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2009-08-05] (HP)
    S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2009-08-05] (HP)
    S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2009-08-05] (HP)
    R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [208256 2006-07-24] (Conexant Systems, Inc.)
    R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [990592 2006-07-24] (Conexant Systems, Inc.)
    S3 ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [1166972 2006-04-05] (Intel Corporation) [File not signed]
    S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [54360 2014-11-21] (Malwarebytes Corporation)
    R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
    R3 NETw3x32; C:\WINDOWS\System32\DRIVERS\NETw3x32.sys [1706752 2006-07-02] (Intel® Corporation)
    R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [36624 2006-10-18] (Sonic Solutions) [File not signed]
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2012-12-28] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2012-12-28] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
    R3 ti21sony; C:\WINDOWS\System32\drivers\ti21sony.sys [808448 2007-01-24] (Texas Instruments)
    S3 toshidpt; C:\WINDOWS\System32\drivers\Toshidpt.sys [3712 2005-07-11] (TOSHIBA Corporation.) [File not signed]
    R3 tosporte; C:\WINDOWS\System32\DRIVERS\tosporte.sys [47488 2006-02-10] (TOSHIBA Corporation) [File not signed]
    R3 Tosrfbd; C:\WINDOWS\System32\Drivers\tosrfbd.sys [108928 2006-04-13] (TOSHIBA CORPORATION) [File not signed]
    S3 Tosrfbnp; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [37632 2006-03-16] (TOSHIBA Corporation) [File not signed]
    R1 Tosrfcom; C:\WINDOWS\System32\Drivers\tosrfcom.sys [64896 2005-08-01] (TOSHIBA Corporation) [File not signed]
    R3 Tosrfhid; C:\WINDOWS\System32\DRIVERS\Tosrfhid.sys [62848 2006-02-08] (TOSHIBA Corporation.) [File not signed]
    S3 tosrfnds; C:\WINDOWS\System32\DRIVERS\tosrfnds.sys [18612 2005-01-06] (TOSHIBA Corporation.) [File not signed]
    S3 TosRfSnd; C:\WINDOWS\System32\drivers\TosRfSnd.sys [52864 2006-03-15] (TOSHIBA Corporation) [File not signed]
    R3 Tosrfusb; C:\WINDOWS\System32\Drivers\tosrfusb.sys [40192 2006-02-24] (TOSHIBA CORPORATION) [File not signed]
    S3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [245248 2006-05-23] (Marvell)
    S3 catchme; \??\C:\DOCUME~1\Chari\LOCALS~1\Temp\catchme.sys [X]
    S4 IntelIde; No ImagePath
    U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
    S3 WinPhlash; \??\E:\PHLASHNT.SYS [X]

    ==================== NetSvcs (Whitelisted) ===================


    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-12-13 00:38 - 2014-12-13 00:38 - 00000000 ____D () C:\FRST
    2014-12-13 00:34 - 2014-12-13 00:34 - 00001100 _____ () C:\Documents and Settings\Chari\Desktop\JRT.txt
    2014-12-13 00:32 - 2014-12-13 00:32 - 00000000 ____D () C:\WINDOWS\ERUNT
    2014-12-13 00:16 - 2014-12-13 00:24 - 00000000 ____D () C:\AdwCleaner
    2014-12-12 15:01 - 2014-12-13 00:35 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
    2014-12-12 15:01 - 2014-12-12 15:01 - 00014293 _____ () C:\ComboFix.txt
    2014-12-12 15:01 - 2014-12-12 15:01 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
    2014-12-12 15:01 - 2014-12-12 15:01 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\temp
    2014-12-12 15:01 - 2014-12-12 15:01 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp
    2014-12-12 14:49 - 2014-12-12 14:49 - 00000000 _RSHD () C:\cmdcons
    2014-12-12 14:49 - 2011-10-14 10:34 - 00000211 _____ () C:\Boot.bak
    2014-12-12 14:49 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr
    2014-12-12 14:35 - 2011-06-26 01:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
    2014-12-12 14:35 - 2010-11-07 12:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
    2014-12-12 14:35 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
    2014-12-12 14:35 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
    2014-12-12 14:35 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
    2014-12-12 14:35 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
    2014-12-12 14:35 - 2000-08-30 19:00 - 00098816 _____ () C:\WINDOWS\sed.exe
    2014-12-12 14:35 - 2000-08-30 19:00 - 00080412 _____ () C:\WINDOWS\grep.exe
    2014-12-12 14:35 - 2000-08-30 19:00 - 00068096 _____ () C:\WINDOWS\zip.exe
    2014-12-11 19:19 - 2014-12-12 15:01 - 00000000 ____D () C:\Qoobox
    2014-12-11 19:18 - 2014-12-12 15:00 - 00000000 ____D () C:\WINDOWS\erdnt
    2014-12-11 15:32 - 2014-12-13 00:25 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
    2014-12-11 15:29 - 2014-12-11 16:30 - 00000000 ____D () C:\Documents and Settings\Chari\Desktop\mbar
    2014-12-11 14:50 - 2014-12-11 15:14 - 00035064 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
    2014-12-11 14:50 - 2014-12-11 14:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
    2014-12-10 22:55 - 2014-12-10 22:55 - 00028672 _____ () C:\Documents and Settings\Chari\Desktop\attach.txt
    2014-12-10 22:55 - 2014-12-10 22:55 - 00012370 _____ () C:\Documents and Settings\Chari\Desktop\dds.txt
    2014-12-10 22:45 - 2014-12-10 22:45 - 00001060 _____ () C:\Documents and Settings\Chari\Desktop\malware.txt
    2014-12-10 22:24 - 2014-12-08 23:18 - 00028221 _____ () C:\Documents and Settings\Chari\My Documents\attach1.txt
    2014-12-10 22:24 - 2014-12-08 23:18 - 00011958 _____ () C:\Documents and Settings\Chari\My Documents\dds1.txt
    2014-12-10 22:20 - 2014-12-12 15:06 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2014-12-10 22:20 - 2014-12-10 22:20 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    2014-12-10 22:20 - 2014-12-10 22:20 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2014-12-10 22:20 - 2014-12-10 22:20 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-12-10 22:20 - 2014-11-21 06:14 - 00054360 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2014-12-10 22:20 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
    2014-12-10 21:22 - 2014-12-10 21:22 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Avg_Update_1214tb
    2014-12-09 18:50 - 2014-12-09 18:50 - 00001562 _____ () C:\malware2.txt
    2014-12-09 17:17 - 2014-12-09 17:17 - 00000000 ____D () C:\SUPERDelete
    2014-12-01 09:15 - 2014-12-01 09:15 - 00000000 ____D () C:\Documents and Settings\Chari\Local Settings\Application Data\Avg
    2014-12-01 09:15 - 2014-12-01 09:15 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Avg

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-12-13 00:39 - 2008-10-21 06:34 - 00000000 ____D () C:\Documents and Settings\Chari\Local Settings\Temp
    2014-12-13 00:35 - 2013-02-27 03:10 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
    2014-12-13 00:31 - 2008-10-20 07:30 - 00000000 __SHD () C:\Documents and Settings\NetworkService
    2014-12-13 00:29 - 2008-10-20 07:25 - 01261907 _____ () C:\WINDOWS\WindowsUpdate.log
    2014-12-13 00:26 - 2014-04-01 06:24 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
    2014-12-13 00:26 - 2012-08-05 18:35 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2014-12-13 00:26 - 2008-10-20 03:16 - 00000159 _____ () C:\WINDOWS\wiadebug.log
    2014-12-13 00:26 - 2008-10-20 03:16 - 00000050 _____ () C:\WINDOWS\wiaservc.log
    2014-12-13 00:26 - 2004-08-04 07:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
    2014-12-13 00:25 - 2008-10-21 06:34 - 00000278 ___SH () C:\Documents and Settings\Chari\ntuser.ini
    2014-12-13 00:25 - 2008-10-21 06:34 - 00000000 ____D () C:\Documents and Settings\Chari
    2014-12-13 00:25 - 2008-10-20 07:31 - 00032494 _____ () C:\WINDOWS\SchedLgU.Txt
    2014-12-13 00:25 - 2008-10-20 07:31 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2014-12-13 00:22 - 2012-05-23 05:52 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2014-12-13 00:07 - 2012-08-05 18:35 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2014-12-12 14:59 - 2004-08-04 07:00 - 00000227 _____ () C:\WINDOWS\system.ini
    2014-12-12 14:49 - 2008-10-20 03:12 - 00000327 __RSH () C:\boot.ini
    2014-12-11 16:19 - 2011-06-21 10:56 - 00000000 __HDC () C:\WINDOWS\ie8
    2014-12-11 14:46 - 2013-01-01 17:19 - 00001813 _____ () C:\Documents and Settings\Chari\Desktop\Google Chrome.lnk
    2014-12-11 09:31 - 2011-10-03 17:36 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
    2014-12-11 08:26 - 2008-10-20 09:56 - 00000000 ____D () C:\Program Files\AVG
    2014-12-11 08:09 - 2008-10-21 06:30 - 00000000 ____D () C:\Documents and Settings\Administrator
    2014-12-11 08:09 - 2008-10-20 07:31 - 00000000 __SHD () C:\Documents and Settings\LocalService
    2014-12-11 08:09 - 2008-10-20 07:22 - 00000000 ____D () C:\WINDOWS\Registration
    2014-12-11 07:43 - 2013-07-31 07:12 - 00098639 _____ () C:\WINDOWS\setupapi.log
    2014-12-11 07:38 - 2011-10-03 08:16 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HP
    2014-12-10 22:14 - 2013-08-15 02:06 - 00256890 _____ () C:\WINDOWS\iis6.log
    2014-12-10 22:14 - 2013-08-15 02:06 - 00241724 _____ () C:\WINDOWS\FaxSetup.log
    2014-12-10 22:14 - 2013-08-15 02:06 - 00118100 _____ () C:\WINDOWS\ocgen.log
    2014-12-10 22:14 - 2013-08-15 02:06 - 00111750 _____ () C:\WINDOWS\tsoc.log
    2014-12-10 22:14 - 2013-08-15 02:06 - 00079532 _____ () C:\WINDOWS\comsetup.log
    2014-12-10 22:14 - 2013-08-15 02:06 - 00072418 _____ () C:\WINDOWS\msmqinst.log
    2014-12-10 22:14 - 2013-08-15 02:06 - 00048553 _____ () C:\WINDOWS\ntdtcsetup.log
    2014-12-10 22:14 - 2013-08-15 02:06 - 00042746 _____ () C:\WINDOWS\netfxocm.log
    2014-12-10 22:14 - 2013-08-15 02:06 - 00016869 _____ () C:\WINDOWS\MedCtrOC.log
    2014-12-10 22:14 - 2013-08-15 02:06 - 00013421 _____ () C:\WINDOWS\ocmsn.log
    2014-12-10 22:14 - 2013-08-15 02:06 - 00012221 _____ () C:\WINDOWS\msgsocm.log
    2014-12-10 22:14 - 2013-08-15 02:06 - 00012129 _____ () C:\WINDOWS\tabletoc.log
    2014-12-10 22:14 - 2013-08-15 02:06 - 00001943 _____ () C:\WINDOWS\imsins.log
    2014-12-10 03:11 - 2013-08-15 02:08 - 00000000 ____D () C:\WINDOWS\system32\MRT
    2014-12-10 03:00 - 2008-10-20 09:22 - 109818608 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2014-12-09 22:22 - 2012-05-23 05:52 - 00701104 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
    2014-12-09 22:22 - 2011-12-05 17:13 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
    2014-12-09 17:17 - 2011-02-21 23:17 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Coupons
    2014-12-09 17:15 - 2011-06-24 16:50 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2014-12-08 22:39 - 2009-12-10 16:00 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB971486$
    2014-12-08 21:30 - 2011-12-21 19:11 - 00147968 __SHC () C:\Documents and Settings\Chari\My Documents\Thumbs.db
    2014-12-08 15:45 - 2014-04-01 06:24 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
    2014-12-06 18:41 - 2012-06-02 13:28 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    2014-11-13 00:11 - 2008-10-20 03:14 - 00775120 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

    Files to move or delete:
    ====================
    C:\Documents and Settings\Chari\jagex_runescape_preferences.dat
    C:\Documents and Settings\Chari\jagex_runescape_preferences2.dat
    C:\Documents and Settings\Chari\jagex__preferences3.dat


    Some content of TEMP:
    ====================
    C:\Documents and Settings\Chari\Local Settings\Temp\Quarantine.exe
    C:\Documents and Settings\Chari\Local Settings\Temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
    Here is Addition Log:
    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-12-2014
    Ran by Chari at 2014-12-13 00:39:43
    Running from C:\Documents and Settings\Chari\My Documents\Downloads
    Boot Mode: Normal
    ==========================================================
     
  18. jc3palm

    jc3palm TS Rookie Topic Starter Posts: 16

    Couldnt fit last log-Addition Log:

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-12-2014
    Ran by Chari at 2014-12-13 00:39:43
    Running from C:\Documents and Settings\Chari\My Documents\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    32 Bit HP CIO Components Installer (Version: 7.1.4 - Hewlett-Packard) Hidden
    Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
    Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
    Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
    Adobe Flash Player 10 Plugin (HKLM\...\{AF36CE1D-FD2C-4BA0-93FA-1196785DD610}) (Version: 10.0.45.2 - Adobe Systems, Inc.)
    Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
    Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
    Apple Application Support (HKLM\...\{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}) (Version: 3.0 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{10E3A6DD-84D8-4D8A-BB11-5E5314BCA7FD}) (Version: 7.1.0.32 - Apple Inc.)
    Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
    BufferChm (Version: 100.0.170.000 - Hewlett-Packard) Hidden
    Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Copy (Version: 100.0.170.000 - Hewlett-Packard) Hidden
    CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
    Destination Component (Version: 100.0.0.0 - Hewlett-Packard) Hidden
    DeviceDiscovery (Version: 100.0.190.000 - Hewlett-Packard) Hidden
    DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
    DJ_AIO_03_F2200_ProductContext (Version: 100.0.215.000 - Hewlett-Packard) Hidden
    DJ_AIO_03_F2200_Software (Version: 100.0.206.000 - Hewlett-Packard) Hidden
    DJ_AIO_03_F2200_Software_Min (Version: 100.0.239.000 - Hewlett-Packard) Hidden
    eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
    F2200 (Version: 100.0.206.000 - Hewlett-Packard) Hidden
    F2200_Help (Version: 100.0.206.000 - Hewlett-Packard) Hidden
    Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    GPBaseService (Version: 100.0.187.000 - Hewlett-Packard) Hidden
    GradeQuick Web Plugin (HKLM\...\{0EB768CD-EF48-4C66-8BCB-2DA8166B2654}) (Version: 1.00.0000 - Edline)
    High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
    HP Customer Participation Program 10.0 (HKLM\...\HPExtendedCapabilities) (Version: 10.0 - HP)
    HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3 (HKLM\...\{D77D43B5-ED55-426b-B67B-E21F804F6102}) (Version: 10.0 - HP)
    HP Imaging Device Functions 10.0 (HKLM\...\HP Imaging Device Functions) (Version: 10.0 - HP)
    HP Photosmart Essential 2.5 (HKLM\...\HP Photosmart Essential) (Version: 2.5 - HP)
    HP Smart Web Printing (HKLM\...\HP Smart Web Printing) (Version: 3.5 - HP)
    HP Solution Center 10.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 10.0 - HP)
    HP Update (HKLM\...\{11B83AD3-7A46-4C2E-A568-9505981D4C6F}) (Version: 4.000.007.003 - Hewlett-Packard)
    HPProductAssistant (Version: 100.0.170.000 - Hewlett-Packard) Hidden
    HPSSupply (Version: 100.0.170.000 - Hewlett-Packard) Hidden
    Intel(R) PROSet/Wireless Software (HKLM\...\ProInst) (Version: - Intel Corporation)
    iTunes (HKLM\...\{C4780F70-8F21-4F0C-95FE-32FF3E2F9247}) (Version: 11.1.4.62 - Apple Inc.)
    Java(TM) 6 Update 37 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.370 - Oracle)
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    MarketResearch (Version: 100.0.170.000 - Hewlett-Packard) Hidden
    mDriver (Version: 7.00.0000 - Intel) Hidden
    Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
    Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    MSN Toolbar Platform (Version: 4.0.0357.1 - Microsoft Corporation) Hidden
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    OpenMG Limited Patch 4.7-07-14-05-01 (HKLM\...\OpenMG HotFix4.7-07-13-22-01) (Version: - )
    OpenMG Secure Module 4.7.00 (HKLM\...\InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}) (Version: 4.7.00.12140 - Sony Corporation)
    OpenMG Secure Module 4.7.00 (Version: 4.7.00.12140 - Sony Corporation) Hidden
    PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: - )
    PSSWCORE (Version: 2.02.0000 - Hewlett-Packard) Hidden
    QuickTime (HKLM\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
    Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5268 - Realtek Semiconductor Corp.)
    Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio)
    Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio)
    Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio)
    Roxio Creator DE (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio)
    Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio)
    Roxio Drag-to-Disc (HKLM\...\{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}) (Version: 9.0 - Roxio)
    Roxio Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio)
    Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Roxio)
    RuneScape Launcher 1.0.4 (HKLM\...\{5D87C09F-512F-474A-A306-0FE3B89C396F}) (Version: 1.0.4 - Jagex Ltd)
    Scan (Version: 10.1.0.0 - Hewlett-Packard) Hidden
    Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 10.0 - HP)
    SmartWebPrintingOC (Version: 100.0.189.000 - Hewlett-Packard) Hidden
    Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2C06&SUBSYS_104D1700) (Version: - )
    SolutionCenter (Version: 100.0.175.000 - Hewlett-Packard) Hidden
    Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
    Status (Version: 100.0.175.000 - Hewlett-Packard) Hidden
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 4.54.1000 - SUPERAntiSpyware.com)
    Toolbox (Version: 100.0.170.000 - Hewlett-Packard) Hidden
    TrayApp (Version: 100.0.170.000 - Hewlett-Packard) Hidden
    Tweak UI (HKLM\...\Tweak UI 2.10) (Version: - )
    UnloadSupport (Version: 10.0.0 - Hewlett-Packard) Hidden
    VideoToolkit01 (Version: 100.0.128.000 - Hewlett-Packard) Hidden
    Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    VLC media player 2.0.2 (HKLM\...\VLC media player) (Version: 2.0.2 - VideoLAN)
    WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
    WebReg (Version: 100.0.170.000 - Hewlett-Packard) Hidden
    Windows Driver Package - Intel Corporation (ialm) Display (03/23/2006 6.14.10.4543) (HKLM\...\8098B27A42D62758176B34DA12C58EA558120A43) (Version: 03/23/2006 6.14.10.4543 - Intel Corporation)
    Windows Driver Package - Marvell (yukonwxp) Net (05/23/2006 8.56.1.3) (HKLM\...\A43CFA4B36AFAC445B311D32C227FD46BAB30299) (Version: 05/23/2006 8.56.1.3 - Marvell)
    Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.8.0031.9 - Microsoft Corporation)
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
    Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
    Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
    Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
    Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
    Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)
    Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
    WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-1715567821-789336058-1801674531-1006_Classes\CLSID\{1D9CC9E1-2C9B-4A9C-9289-59299052B65F}\InprocServer32 -> C:\DOCUME~1\Chari\LOCALS~1\APPLIC~1\ASKTOO~1\DOWNLO~1\LIMEWI~1.DLL No File

    ==================== Restore Points =========================

    14-09-2014 07:57:00 System Checkpoint
    15-09-2014 08:41:45 System Checkpoint
    16-09-2014 09:41:41 System Checkpoint
    17-09-2014 10:41:43 System Checkpoint
    18-09-2014 12:06:47 System Checkpoint
    19-09-2014 12:36:52 System Checkpoint
    20-09-2014 13:42:24 System Checkpoint
    21-09-2014 13:59:52 System Checkpoint
    22-09-2014 14:35:54 System Checkpoint
    23-09-2014 15:35:50 System Checkpoint
    24-09-2014 16:08:25 System Checkpoint
    25-09-2014 17:08:03 System Checkpoint
    26-09-2014 17:09:10 System Checkpoint
    27-09-2014 18:08:02 System Checkpoint
    28-09-2014 18:22:24 System Checkpoint
    29-09-2014 19:26:53 System Checkpoint
    30-09-2014 19:53:27 System Checkpoint
    01-10-2014 20:03:43 System Checkpoint
    02-10-2014 21:03:45 System Checkpoint
    03-10-2014 22:03:41 System Checkpoint
    04-10-2014 23:30:48 System Checkpoint
    05-10-2014 23:38:11 System Checkpoint
    06-10-2014 23:57:25 System Checkpoint
    08-10-2014 01:33:06 System Checkpoint
    09-10-2014 03:01:23 System Checkpoint
    10-10-2014 03:56:24 System Checkpoint
    11-10-2014 04:55:25 System Checkpoint
    12-10-2014 05:52:03 System Checkpoint
    13-10-2014 06:52:02 System Checkpoint
    14-10-2014 07:51:24 System Checkpoint
    15-10-2014 07:00:25 Software Distribution Service 3.0
    16-10-2014 07:50:18 System Checkpoint
    17-10-2014 08:50:21 System Checkpoint
    18-10-2014 09:50:15 System Checkpoint
    19-10-2014 10:50:15 System Checkpoint
    20-10-2014 11:50:15 System Checkpoint
    21-10-2014 12:49:20 System Checkpoint
    22-10-2014 13:49:16 System Checkpoint
    23-10-2014 14:49:21 System Checkpoint
    24-10-2014 16:08:11 System Checkpoint
    25-10-2014 16:49:17 System Checkpoint
    26-10-2014 17:50:26 System Checkpoint
    27-10-2014 19:47:24 System Checkpoint
    28-10-2014 20:13:45 System Checkpoint
    29-10-2014 22:22:31 System Checkpoint
    31-10-2014 00:06:53 System Checkpoint
    01-11-2014 01:10:41 System Checkpoint
    02-11-2014 01:22:58 System Checkpoint
    03-11-2014 02:21:15 System Checkpoint
    04-11-2014 03:03:18 System Checkpoint
    05-11-2014 04:01:24 System Checkpoint
    06-11-2014 05:06:17 System Checkpoint
    07-11-2014 05:32:11 System Checkpoint
    08-11-2014 06:16:51 System Checkpoint
    09-11-2014 07:13:21 System Checkpoint
    10-11-2014 08:13:20 System Checkpoint
    11-11-2014 09:09:07 System Checkpoint
    12-11-2014 08:00:26 Software Distribution Service 3.0
    13-11-2014 08:05:18 System Checkpoint
    14-11-2014 08:57:08 System Checkpoint
    15-11-2014 09:48:01 System Checkpoint
    16-11-2014 10:44:35 System Checkpoint
    17-11-2014 11:44:32 System Checkpoint
    18-11-2014 12:44:34 System Checkpoint
    19-11-2014 13:00:58 System Checkpoint
    20-11-2014 13:23:24 System Checkpoint
    21-11-2014 13:37:48 System Checkpoint
    22-11-2014 14:09:48 System Checkpoint
    23-11-2014 14:14:13 System Checkpoint
    24-11-2014 14:15:27 System Checkpoint
    25-11-2014 15:10:07 System Checkpoint
    26-11-2014 15:52:19 System Checkpoint
    27-11-2014 16:27:37 System Checkpoint
    28-11-2014 17:03:39 System Checkpoint
    29-11-2014 17:30:10 System Checkpoint
    30-11-2014 19:02:10 System Checkpoint
    01-12-2014 19:26:34 System Checkpoint
    02-12-2014 20:57:14 System Checkpoint
    03-12-2014 21:06:21 System Checkpoint
    04-12-2014 22:58:14 System Checkpoint
    05-12-2014 23:06:20 System Checkpoint
    06-12-2014 23:07:25 System Checkpoint
    07-12-2014 23:40:08 System Checkpoint
    09-12-2014 00:02:56 System Checkpoint
    09-12-2014 01:02:53 Restore Operation
    09-12-2014 01:07:51 Restore Operation
    09-12-2014 01:13:42 Restore Operation
    09-12-2014 01:23:48 Restore Operation
    10-12-2014 02:29:55 System Checkpoint
    10-12-2014 08:00:21 Software Distribution Service 3.0
    11-12-2014 08:23:58 System Checkpoint
    11-12-2014 12:28:03 Installed Microsoft Fix it 50535
    11-12-2014 12:42:23 Removed AVG 2014
    11-12-2014 12:44:05 Removed AVG 2014
    11-12-2014 13:08:36 Restore Operation
    11-12-2014 20:14:10 Software Distribution Service 3.0
    11-12-2014 20:28:31 tech help
    11-12-2014 20:31:33 Software Distribution Service 3.0
    11-12-2014 21:18:54 Malwarebytes Anti-Rootkit Restore Point
    12-12-2014 08:00:27 Software Distribution Service 3.0
    12-12-2014 21:25:37 Software Distribution Service 3.0

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2004-08-04 07:00 - 2014-12-12 14:59 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (whitelisted) =============


    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

    ==================== Loaded Modules (whitelisted) =============

    2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-02-06 00:52 - 2014-02-06 00:52 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2008-10-20 09:27 - 2006-08-18 12:17 - 00056056 _____ () C:\WINDOWS\system32\DLAAPI_W.DLL
    2004-08-04 07:00 - 2008-04-13 19:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
    2004-08-04 07:00 - 2008-04-13 19:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
    2014-12-09 15:08 - 2014-12-05 20:50 - 09009480 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll
    2014-12-09 15:08 - 2014-12-05 20:50 - 01677128 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
    2014-12-09 15:08 - 2014-12-05 20:50 - 14913352 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupfolder: C:^Documents and Settings^Chari^Start Menu^Programs^Startup^LimeWire On Startup.lnk => C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

    ========================= Accounts: ==========================

    Administrator (S-1-5-21-1715567821-789336058-1801674531-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
    ASPNET (S-1-5-21-1715567821-789336058-1801674531-1004 - Limited - Enabled)
    Chari (S-1-5-21-1715567821-789336058-1801674531-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Chari
    Guest (S-1-5-21-1715567821-789336058-1801674531-501 - Limited - Disabled)
    HelpAssistant (S-1-5-21-1715567821-789336058-1801674531-1000 - Limited - Disabled)
    SUPPORT_388945a0 (S-1-5-21-1715567821-789336058-1801674531-1002 - Limited - Disabled)

    ==================== Faulty Device Manager Devices =============

    Name: Video Controller (VGA Compatible)
    Description: Video Controller (VGA Compatible)
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: Video Controller
    Description: Video Controller
    Class Guid:
    Manufacturer:
    Service:
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: Marvell Yukon 88E8036 PCI-E Fast Ethernet Controller
    Description: Marvell Yukon 88E8036 PCI-E Fast Ethernet Controller
    Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Manufacturer: Marvell
    Service: yukonwxp
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (12/13/2014 00:31:40 AM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
    Description: EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp, P4 4.2.223.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

    Error: (12/12/2014 02:31:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application mbam.exe, version 1.0.1.711, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Error: (12/11/2014 03:14:53 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
    Description: EventType mptelemetry, P1 0x80070666, P2 mpupdateengine, P3 am delta, P4 11.1.4884.0, P5 mpsigstub.exe, P6 4.2.223.0, P7 microsoft security essentials, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

    Error: (12/11/2014 08:11:10 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
    Description: The application cannot be initialized.

    Context: Windows Application


    Details:
    The content index cannot be read. (0xc0041800)

    Error: (12/11/2014 08:11:10 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
    Description: The gatherer object cannot be initialized.

    Context: Windows Application, SystemIndex Catalog


    Details:
    The content index cannot be read. (0xc0041800)

    Error: (12/11/2014 08:11:10 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
    Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

    Context: Windows Application, SystemIndex Catalog


    Details:
    The content index cannot be read. (0xc0041800)

    Error: (12/11/2014 08:11:10 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
    Description: The search service has detected corrupted data files in the index. The service will attempt to automatically correct this problem by rebuilding the index.

    Context: Windows Application, SystemIndex Catalog


    Details:
    0xc0041801 (0xc0041801)

    Error: (12/11/2014 07:45:21 AM) (Source: MsiInstaller) (EventID: 11719) (User: CHARID)
    Description: Product: TrayApp -- Error 1719. The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.

    Error: (12/11/2014 07:45:20 AM) (Source: MsiInstaller) (EventID: 11719) (User: CHARID)
    Description: Product: Status -- Error 1719. The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.

    Error: (12/11/2014 07:45:17 AM) (Source: MsiInstaller) (EventID: 11719) (User: CHARID)
    Description: Product: Status -- Error 1719. The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.


    System errors:
    =============
    Error: (12/13/2014 00:27:43 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The HP CUE DeviceDiscovery Service service hung on starting.

    Error: (12/13/2014 00:26:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The SeaPort service failed to start due to the following error:
    %%3

    Error: (12/13/2014 00:24:31 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

    Error: (12/13/2014 00:24:31 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (12/13/2014 00:24:31 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (12/13/2014 00:24:31 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The iPod Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (12/13/2014 00:24:31 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).

    Error: (12/13/2014 00:24:31 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).

    Error: (12/13/2014 00:24:31 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    Error: (12/13/2014 00:24:31 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.


    Microsoft Office Sessions:
    =========================
    Error: (12/13/2014 00:31:40 AM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
    Description: mptelemetryunspecifiedhardeningtelemetryhardeningtelemetrydisablertp4.2.223.0unspecifiedunspecifiedunspecifiedNILNILNIL

    Error: (12/12/2014 02:31:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: mbam.exe1.0.1.711hungapp0.0.0.000000000

    Error: (12/11/2014 03:14:53 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
    Description: mptelemetry0x80070666mpupdateengineam delta11.1.4884.0mpsigstub.exe4.2.223.0microsoft security essentialsNILNILNIL

    Error: (12/11/2014 08:11:10 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
    Description: Context: Windows Application


    Details:
    The content index cannot be read. (0xc0041800)

    Error: (12/11/2014 08:11:10 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
    Description: Context: Windows Application, SystemIndex Catalog


    Details:
    The content index cannot be read. (0xc0041800)

    Error: (12/11/2014 08:11:10 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
    Description: Context: Windows Application, SystemIndex Catalog


    Details:
    The content index cannot be read. (0xc0041800)
    Search.TripoliIndexer

    Error: (12/11/2014 08:11:10 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
    Description: Context: Windows Application, SystemIndex Catalog


    Details:
    0xc0041801 (0xc0041801)

    Error: (12/11/2014 07:45:21 AM) (Source: MsiInstaller) (EventID: 11719) (User: CHARID)
    Description: Product: TrayApp -- Error 1719. The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.(NULL)(NULL)(NULL)

    Error: (12/11/2014 07:45:20 AM) (Source: MsiInstaller) (EventID: 11719) (User: CHARID)
    Description: Product: Status -- Error 1719. The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.(NULL)(NULL)(NULL)

    Error: (12/11/2014 07:45:17 AM) (Source: MsiInstaller) (EventID: 11719) (User: CHARID)
    Description: Product: Status -- Error 1719. The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.(NULL)(NULL)(NULL)


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz
    Percentage of memory in use: 37%
    Total physical RAM: 2038.11 MB
    Available physical RAM: 1275.84 MB
    Total Pagefile: 3930.84 MB
    Available Pagefile: 3258.16 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1928.75 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:111.79 GB) (Free:76.81 GB) NTFS ==>[Drive with boot components (Windows XP)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows XP) (Size: 111.8 GB) (Disk ID: 70077007)
    Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)

    ==================== End Of Log ==========================
     
  19. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  20. jc3palm

    jc3palm TS Rookie Topic Starter Posts: 16

    HKU\S-1-5-21-1715567821-789336058-1801674531-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll No File
    Toolbar: HKU\S-1-5-21-1715567821-789336058-1801674531-1006 -> No Name - {A057A204-BACC-4D26-9990-79A187E2698E} - No File
    Toolbar: HKU\S-1-5-21-1715567821-789336058-1801674531-1006 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    FF Plugin: @Microsoft.com/NpWinExt,version=4.0 -> C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll No File
    S2 SeaPort; "C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe" [X]
    S3 catchme; \??\C:\DOCUME~1\Chari\LOCALS~1\Temp\catchme.sys [X]
    S4 IntelIde; No ImagePath
    S3 WinPhlash; \??\E:\PHLASHNT.SYS [X]
    C:\Documents and Settings\Chari\jagex_runescape_preferences.dat
    C:\Documents and Settings\Chari\jagex_runescape_preferences2.dat
    C:\Documents and Settings\Chari\jagex__preferences3.dat
    C:\Documents and Settings\Chari\Local Settings\Temp\Quarantine.exe
    C:\Documents and Settings\Chari\Local Settings\Temp\sqlite3.dll
    CustomCLSID: HKU\S-1-5-21-1715567821-789336058-1801674531-1006_Classes\CLSID\{1D9CC9E1-2C9B-4A9C-9289-59299052B65F}\InprocServer32 -> C:\DOCUME~1\Chari\LOCALS~1\APPLIC~1\ASKTOO~1\DOWNLO~1\LIMEWI~1.DLL No File
     
  21. jc3palm

    jc3palm TS Rookie Topic Starter Posts: 16

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-12-2014
    Ran by Chari at 2014-12-13 18:38:57 Run:1
    Running from C:\Documents and Settings\Chari\My Documents\Downloads
    Loaded Profile: Chari (Available profiles: Chari & Administrator)
    Boot Mode: Normal

    ==============================================

    Content of fixlist:
    *****************
    HKU\S-1-5-21-1715567821-789336058-1801674531-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll No File
    Toolbar: HKU\S-1-5-21-1715567821-789336058-1801674531-1006 -> No Name - {A057A204-BACC-4D26-9990-79A187E2698E} - No File
    Toolbar: HKU\S-1-5-21-1715567821-789336058-1801674531-1006 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    FF Plugin: @Microsoft.com/NpWinExt,version=4.0 -> C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll No File
    S2 SeaPort; "C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe" [X]
    S3 catchme; \??\C:\DOCUME~1\Chari\LOCALS~1\Temp\catchme.sys [X]
    S4 IntelIde; No ImagePath
    S3 WinPhlash; \??\E:\PHLASHNT.SYS [X]
    C:\Documents and Settings\Chari\jagex_runescape_preferences.dat
    C:\Documents and Settings\Chari\jagex_runescape_preferences2.dat
    C:\Documents and Settings\Chari\jagex__preferences3.dat
    C:\Documents and Settings\Chari\Local Settings\Temp\Quarantine.exe
    C:\Documents and Settings\Chari\Local Settings\Temp\sqlite3.dll
    CustomCLSID: HKU\S-1-5-21-1715567821-789336058-1801674531-1006_Classes\CLSID\{1D9CC9E1-2C9B-4A9C-9289-59299052B65F}\InprocServer32 -> C:\DOCUME~1\Chari\LOCALS~1\APPLIC~1\ASKTOO~1\DOWNLO~1\LIMEWI~1.DLL No File

    *****************

    "HKU\S-1-5-21-1715567821-789336058-1801674531-1006\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}" => Key deleted successfully.
    "HKCR\CLSID\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}" => Key deleted successfully.
    HKU\S-1-5-21-1715567821-789336058-1801674531-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} => value deleted successfully.
    "HKCR\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}" => Key not found.
    HKU\S-1-5-21-1715567821-789336058-1801674531-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
    "HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => Key not found.
    "HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=4.0" => Key deleted successfully.
    SeaPort => Service deleted successfully.
    catchme => Service deleted successfully.
    IntelIde => Service deleted successfully.
    WinPhlash => Service deleted successfully.
    C:\Documents and Settings\Chari\jagex_runescape_preferences.dat => Moved successfully.
    C:\Documents and Settings\Chari\jagex_runescape_preferences2.dat => Moved successfully.
    C:\Documents and Settings\Chari\jagex__preferences3.dat => Moved successfully.
    C:\Documents and Settings\Chari\Local Settings\Temp\Quarantine.exe => Moved successfully.
    C:\Documents and Settings\Chari\Local Settings\Temp\sqlite3.dll => Moved successfully.
    "HKU\S-1-5-21-1715567821-789336058-1801674531-1006_Classes\CLSID\{1D9CC9E1-2C9B-4A9C-9289-59299052B65F}" => Key deleted successfully.

    ==== End of Fixlog ====
     
  22. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Download Sophos Free Virus Removal Tool and save it to your desktop.
    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
     
  23. jc3palm

    jc3palm TS Rookie Topic Starter Posts: 16

    Security check:
    Results of screen317's Security Check version 0.99.93
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Microsoft Security Essentials
    Antivirus up to date! (On Access scanning disabled!)
    `````````Anti-malware/Other Utilities Check:`````````
    SUPERAntiSpyware
    Java(TM) 6 Update 37
    Java version 32-bit out of Date!
    Adobe Flash Player 10 Flash Player out of Date!
    Adobe Reader 9 Adobe Reader out of Date!
    Google Chrome (39.0.2171.71)
    Google Chrome (39.0.2171.95)
    ````````Process Check: objlist.exe by Laurent````````
    Microsoft Security Essentials MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C:: 14% Defragment your hard drive soon! (Do NOT defrag if SSD!)
    ````````````````````End of Log``````````````````````

    next log
    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-12-2014
    Ran by Chari (administrator) on CHARID on 13-12-2014 18:48:05
    Running from C:\Documents and Settings\Chari\My Documents\Downloads
    Loaded Profile: Chari (Available profiles: Chari & Administrator)
    Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
    Internet Explorer Version 8
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
    (Roxio) C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
    (InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    (Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
    (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    (Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    () C:\Documents and Settings\Chari\My Documents\Downloads\SecurityCheck.exe
    (Microsoft Corporation) C:\WINDOWS\system32\cmd.exe
    (Farbar) C:\Documents and Settings\Chari\My Documents\Downloads\FRST (1).exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [118784 2004-11-17] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [AzMixerSel] => C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [53248 2005-08-25] (Realtek Semiconductor Corp.)
    HKLM\...\Run: [RoxioDragToDisc] => C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe [1116920 2006-08-17] (Roxio)
    HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-07-27] (InstallShield Software Corporation)
    HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-07-27] (InstallShield Software Corporation)
    HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
    HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-10-14] (Hewlett-Packard)
    HKLM\...\Run: [hpqSRMon] => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [80896 2007-08-22] (Hewlett-Packard)
    HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
    HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2012-04-18] (Apple Inc.)
    HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.)
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [947152 2013-01-27] (Microsoft Corporation)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
    HKLM\...\Policies\Explorer: [NoCDBurning] 0
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-1715567821-789336058-1801674531-1006\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
    BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
    BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
    DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
    ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
    ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2012-12-28] (SuperAdBlocker.com)
    Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin: @java.com/DTPlugin,version=1.6.0_37 -> C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-12-06]
    FF HKLM\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\Firefox
    FF HKLM\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
    FF HKLM\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\virtualKeyboard@kaspersky.ru
    FF HKLM\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\linkfilter@kaspersky.ru
    FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
    FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2012-07-09]

    Chrome:
    =======
    CHR HomePage: Default -> https://www.google.com/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8
    CHR StartupUrls: Default -> "https://www.google.com/"
    CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
    CHR Profile: C:\Documents and Settings\Chari\Local Settings\Application Data\Google\Chrome\User Data\Default
    CHR Extension: (Google Drive) - C:\Documents and Settings\Chari\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-01]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Chari\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-12-08] (SUPERAntiSpyware.com)
    R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.) [File not signed]
    R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]
    S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
    R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153584 2012-09-24] (Sun Microsystems, Inc.)
    S3 MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [45056 2006-12-14] (Sony Corporation) [File not signed]
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)
    R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2010-01-18] (Hewlett-Packard) [File not signed]
    S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [57344 2006-12-14] () [File not signed]
    R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2010-01-18] (Hewlett-Packard) [File not signed]
    S3 SPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [69632 2006-12-14] (Sony Corporation) [File not signed]
    S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-09-14] (MicroVision Development, Inc.) [File not signed]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2009-08-05] (HP)
    S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2009-08-05] (HP)
    S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2009-08-05] (HP)
    R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [208256 2006-07-24] (Conexant Systems, Inc.)
    R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [990592 2006-07-24] (Conexant Systems, Inc.)
    S3 ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [1166972 2006-04-05] (Intel Corporation) [File not signed]
    S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [54360 2014-11-21] (Malwarebytes Corporation)
    R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
    R3 NETw3x32; C:\WINDOWS\System32\DRIVERS\NETw3x32.sys [1706752 2006-07-02] (Intel® Corporation)
    R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [36624 2006-10-18] (Sonic Solutions) [File not signed]
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2012-12-28] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2012-12-28] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
    R3 ti21sony; C:\WINDOWS\System32\drivers\ti21sony.sys [808448 2007-01-24] (Texas Instruments)
    S3 toshidpt; C:\WINDOWS\System32\drivers\Toshidpt.sys [3712 2005-07-11] (TOSHIBA Corporation.) [File not signed]
    R3 tosporte; C:\WINDOWS\System32\DRIVERS\tosporte.sys [47488 2006-02-10] (TOSHIBA Corporation) [File not signed]
    R3 Tosrfbd; C:\WINDOWS\System32\Drivers\tosrfbd.sys [108928 2006-04-13] (TOSHIBA CORPORATION) [File not signed]
    S3 Tosrfbnp; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [37632 2006-03-16] (TOSHIBA Corporation) [File not signed]
    R1 Tosrfcom; C:\WINDOWS\System32\Drivers\tosrfcom.sys [64896 2005-08-01] (TOSHIBA Corporation) [File not signed]
    R3 Tosrfhid; C:\WINDOWS\System32\DRIVERS\Tosrfhid.sys [62848 2006-02-08] (TOSHIBA Corporation.) [File not signed]
    S3 tosrfnds; C:\WINDOWS\System32\DRIVERS\tosrfnds.sys [18612 2005-01-06] (TOSHIBA Corporation.) [File not signed]
    S3 TosRfSnd; C:\WINDOWS\System32\drivers\TosRfSnd.sys [52864 2006-03-15] (TOSHIBA Corporation) [File not signed]
    R3 Tosrfusb; C:\WINDOWS\System32\Drivers\tosrfusb.sys [40192 2006-02-24] (TOSHIBA CORPORATION) [File not signed]
    S3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [245248 2006-05-23] (Marvell)
    U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================


    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-12-13 00:38 - 2014-12-13 18:48 - 00000000 ____D () C:\FRST
    2014-12-13 00:34 - 2014-12-13 00:34 - 00001100 _____ () C:\Documents and Settings\Chari\Desktop\JRT.txt
    2014-12-13 00:32 - 2014-12-13 00:32 - 00000000 ____D () C:\WINDOWS\ERUNT
    2014-12-13 00:16 - 2014-12-13 00:24 - 00000000 ____D () C:\AdwCleaner
    2014-12-12 15:01 - 2014-12-13 18:45 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
    2014-12-12 15:01 - 2014-12-12 15:01 - 00014293 _____ () C:\ComboFix.txt
    2014-12-12 15:01 - 2014-12-12 15:01 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
    2014-12-12 15:01 - 2014-12-12 15:01 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\temp
    2014-12-12 15:01 - 2014-12-12 15:01 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp
    2014-12-12 14:49 - 2014-12-12 14:49 - 00000000 _RSHD () C:\cmdcons
    2014-12-12 14:49 - 2011-10-14 10:34 - 00000211 _____ () C:\Boot.bak
    2014-12-12 14:49 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr
    2014-12-12 14:35 - 2011-06-26 01:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
    2014-12-12 14:35 - 2010-11-07 12:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
    2014-12-12 14:35 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
    2014-12-12 14:35 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
    2014-12-12 14:35 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
    2014-12-12 14:35 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
    2014-12-12 14:35 - 2000-08-30 19:00 - 00098816 _____ () C:\WINDOWS\sed.exe
    2014-12-12 14:35 - 2000-08-30 19:00 - 00080412 _____ () C:\WINDOWS\grep.exe
    2014-12-12 14:35 - 2000-08-30 19:00 - 00068096 _____ () C:\WINDOWS\zip.exe
    2014-12-11 19:19 - 2014-12-12 15:02 - 00000000 ____D () C:\Qoobox
    2014-12-11 19:18 - 2014-12-12 15:00 - 00000000 ____D () C:\WINDOWS\erdnt
    2014-12-11 15:32 - 2014-12-13 00:25 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
    2014-12-11 15:29 - 2014-12-11 16:30 - 00000000 ____D () C:\Documents and Settings\Chari\Desktop\mbar
    2014-12-11 14:50 - 2014-12-11 15:14 - 00035064 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
    2014-12-11 14:50 - 2014-12-11 14:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
    2014-12-10 22:55 - 2014-12-10 22:55 - 00028672 _____ () C:\Documents and Settings\Chari\Desktop\attach.txt
    2014-12-10 22:55 - 2014-12-10 22:55 - 00012370 _____ () C:\Documents and Settings\Chari\Desktop\dds.txt
    2014-12-10 22:45 - 2014-12-10 22:45 - 00001060 _____ () C:\Documents and Settings\Chari\Desktop\malware.txt
    2014-12-10 22:24 - 2014-12-08 23:18 - 00028221 _____ () C:\Documents and Settings\Chari\My Documents\attach1.txt
    2014-12-10 22:24 - 2014-12-08 23:18 - 00011958 _____ () C:\Documents and Settings\Chari\My Documents\dds1.txt
    2014-12-10 22:20 - 2014-12-12 15:06 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2014-12-10 22:20 - 2014-12-10 22:20 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    2014-12-10 22:20 - 2014-12-10 22:20 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2014-12-10 22:20 - 2014-12-10 22:20 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-12-10 22:20 - 2014-11-21 06:14 - 00054360 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2014-12-10 22:20 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
    2014-12-10 21:22 - 2014-12-10 21:22 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Avg_Update_1214tb
    2014-12-09 18:50 - 2014-12-09 18:50 - 00001562 _____ () C:\malware2.txt
    2014-12-09 17:17 - 2014-12-09 17:17 - 00000000 ____D () C:\SUPERDelete
    2014-12-01 09:15 - 2014-12-01 09:15 - 00000000 ____D () C:\Documents and Settings\Chari\Local Settings\Application Data\Avg
    2014-12-01 09:15 - 2014-12-01 09:15 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Avg

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-12-13 18:48 - 2008-10-21 06:34 - 00000000 ____D () C:\Documents and Settings\Chari\Local Settings\Temp
    2014-12-13 18:45 - 2004-08-04 07:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
    2014-12-13 18:44 - 2008-10-20 07:25 - 01278170 _____ () C:\WINDOWS\WindowsUpdate.log
    2014-12-13 18:44 - 2008-10-20 03:16 - 00000159 _____ () C:\WINDOWS\wiadebug.log
    2014-12-13 18:44 - 2008-10-20 03:16 - 00000050 _____ () C:\WINDOWS\wiaservc.log
    2014-12-13 18:43 - 2014-04-01 06:24 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
    2014-12-13 18:43 - 2012-08-05 18:35 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2014-12-13 18:43 - 2008-10-21 06:34 - 00000278 ___SH () C:\Documents and Settings\Chari\ntuser.ini
    2014-12-13 18:43 - 2008-10-20 07:31 - 00032634 _____ () C:\WINDOWS\SchedLgU.Txt
    2014-12-13 18:43 - 2008-10-20 07:31 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2014-12-13 18:41 - 2012-06-02 13:28 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    2014-12-13 18:39 - 2008-10-21 06:34 - 00000000 ____D () C:\Documents and Settings\Chari
    2014-12-13 18:22 - 2012-05-23 05:52 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2014-12-13 18:07 - 2012-08-05 18:35 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2014-12-13 00:35 - 2013-02-27 03:10 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
    2014-12-13 00:31 - 2008-10-20 07:30 - 00000000 __SHD () C:\Documents and Settings\NetworkService
    2014-12-12 14:59 - 2004-08-04 07:00 - 00000227 _____ () C:\WINDOWS\system.ini
    2014-12-12 14:49 - 2008-10-20 03:12 - 00000327 __RSH () C:\boot.ini
    2014-12-11 16:19 - 2011-06-21 10:56 - 00000000 __HDC () C:\WINDOWS\ie8
    2014-12-11 14:46 - 2013-01-01 17:19 - 00001813 _____ () C:\Documents and Settings\Chari\Desktop\Google Chrome.lnk
    2014-12-11 09:31 - 2011-10-03 17:36 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
    2014-12-11 08:26 - 2008-10-20 09:56 - 00000000 ____D () C:\Program Files\AVG
    2014-12-11 08:09 - 2008-10-21 06:30 - 00000000 ____D () C:\Documents and Settings\Administrator
    2014-12-11 08:09 - 2008-10-20 07:31 - 00000000 __SHD () C:\Documents and Settings\LocalService
    2014-12-11 08:09 - 2008-10-20 07:22 - 00000000 ____D () C:\WINDOWS\Registration
    2014-12-11 07:43 - 2013-07-31 07:12 - 00098639 _____ () C:\WINDOWS\setupapi.log
    2014-12-11 07:38 - 2011-10-03 08:16 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HP
    2014-12-10 22:14 - 2013-08-15 02:06 - 00256890 _____ () C:\WINDOWS\iis6.log
    2014-12-10 22:14 - 2013-08-15 02:06 - 00241724 _____ () C:\WINDOWS\FaxSetup.log
    2014-12-10 22:14 - 2013-08-15 02:06 - 00118100 _____ () C:\WINDOWS\ocgen.log
    2014-12-10 22:14 - 2013-08-15 02:06 - 00111750 _____ () C:\WINDOWS\tsoc.log
    2014-12-10 22:14 - 2013-08-15 02:06 - 00079532 _____ () C:\WINDOWS\comsetup.log
    2014-12-10 22:14 - 2013-08-15 02:06 - 00072418 _____ () C:\WINDOWS\msmqinst.log
    2014-12-10 22:14 - 2013-08-15 02:06 - 00048553 _____ () C:\WINDOWS\ntdtcsetup.log
    2014-12-10 22:14 - 2013-08-15 02:06 - 00042746 _____ () C:\WINDOWS\netfxocm.log
    2014-12-10 22:14 - 2013-08-15 02:06 - 00016869 _____ () C:\WINDOWS\MedCtrOC.log
    2014-12-10 22:14 - 2013-08-15 02:06 - 00013421 _____ () C:\WINDOWS\ocmsn.log
    2014-12-10 22:14 - 2013-08-15 02:06 - 00012221 _____ () C:\WINDOWS\msgsocm.log
    2014-12-10 22:14 - 2013-08-15 02:06 - 00012129 _____ () C:\WINDOWS\tabletoc.log
    2014-12-10 22:14 - 2013-08-15 02:06 - 00001943 _____ () C:\WINDOWS\imsins.log
    2014-12-10 03:11 - 2013-08-15 02:08 - 00000000 ____D () C:\WINDOWS\system32\MRT
    2014-12-10 03:00 - 2008-10-20 09:22 - 109818608 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2014-12-09 22:22 - 2012-05-23 05:52 - 00701104 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
    2014-12-09 22:22 - 2011-12-05 17:13 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
    2014-12-09 17:17 - 2011-02-21 23:17 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Coupons
    2014-12-09 17:15 - 2011-06-24 16:50 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2014-12-08 22:39 - 2009-12-10 16:00 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB971486$
    2014-12-08 21:30 - 2011-12-21 19:11 - 00147968 __SHC () C:\Documents and Settings\Chari\My Documents\Thumbs.db
    2014-12-08 15:45 - 2014-04-01 06:24 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
    2014-11-13 00:11 - 2008-10-20 03:14 - 00775120 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

    ==================== Bamital & volsnap Check =================

    no threats found on sophos scan!
     
  24. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    You posted FRST log instead of FSS log.
     
  25. jc3palm

    jc3palm TS Rookie Topic Starter Posts: 16

    Sorry, I hope this is the right one!

    Farbar Service Scanner Version: 21-07-2014
    Ran by Chari (administrator) on 14-12-2014 at 00:32:00
    Running from "C:\Documents and Settings\Chari\My Documents\Downloads"
    Microsoft Windows XP Professional Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Other Services:
    ==============


    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\afd.sys => File is digitally signed
    C:\WINDOWS\system32\Drivers\netbt.sys => File is digitally signed
    C:\WINDOWS\system32\Drivers\tcpip.sys => File is digitally signed
    C:\WINDOWS\system32\Drivers\ipsec.sys => File is digitally signed
    C:\WINDOWS\system32\dnsrslvr.dll => File is digitally signed
    C:\WINDOWS\system32\ipnathlp.dll => File is digitally signed
    C:\WINDOWS\system32\netman.dll => File is digitally signed
    C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
    C:\WINDOWS\system32\srsvc.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\sr.sys => File is digitally signed
    C:\WINDOWS\system32\wscsvc.dll => File is digitally signed
    C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
    C:\WINDOWS\system32\wuauserv.dll => File is digitally signed
    C:\WINDOWS\system32\qmgr.dll => File is digitally signed
    C:\WINDOWS\system32\es.dll => File is digitally signed
    C:\WINDOWS\system32\cryptsvc.dll => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed

    Extra List:
    =======
    Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
    0x080000000500000001000000020000000300000004000000080000000600000007000000
    IpSec Tag value is correct.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...