Solved Infected Computer. But Not sure what.

[Resolved] Infected Computer. But Not sure what.

This computer was brought to me and I was told it had the FBI worm (the one that wants $300). Anyway it has not shown up. But I am in safe mode on this tower because the internet is not accessible in regular windows. I did a Mal-ware bytes scan Monday night and removed a bunch of threats. Now my scan tonight provided no threats. But here are the logs for Mal-ware bytes and DDS.

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.29.07

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
Administrator :: HOMEPC [administrator]

Protection: Disabled

5/30/2013 11:43:56 PM
mbam-log-2013-05-30 (23-43-56).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 534715
Time elapsed: 1 hour(s), 52 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

DDS notepad log.
DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
Internet Explorer: 8.0.6001.18702
Run by Administrator at 1:49:16 on 2013-05-31
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1384 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={ECC15163-AA9B-11E2-93BD-0015F26BBFA2}
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Supreme Savings: {11111111-1111-1111-1111-110111991162} - c:\program files\supreme savings\Supreme Savings.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\documents and settings\hp_administrator\application data\defaulttab\defaulttab\DefaultTabBHO.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - c:\program files\wajam\ie\priam_bho.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: NetAssistant: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - c:\program files\w3i\netassistant\NetAssistant.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - c:\program files\wiseconvert\prxtbWise.dll
BHO: SweetPacks Browser Helper: {EEE6C35C-6118-11DC-9C72-001320C79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files\yontoo\YontooIEClient.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - c:\program files\wiseconvert\prxtbWise.dll
TB: SweetPacks Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe "
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [CarboniteSetupLite] "c:\program files\carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
mRun: [MSC] "c:\program files\microsoft security client\mssecex.exe" -hide -runkey
mRun: [InstaLAN] "c:\program files\belkin\router setup and monitor\BelkinRouterMonitor.exe" startup
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\creata~1.lnk - c:\program files\creatacard\gold\FMRemind.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpbutt~1.lnk - c:\program files\hp\button manager\BM.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:149
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1290417083515
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{4D8DBF82-E2D7-4B35-B32F-EF55904EF1B9} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DHCPNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs= c:\docume~1\alluse~1\applic~1\browse~1\261249~1.132\{c16c1~1\mngr.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.94\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\qud01wj7.default\
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1168638.dll
.
============= SERVICES / DRIVERS ===============
.
S0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-5-27 49376]
S0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-5-27 174664]
S0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
S1 aiiunvuj;aiiunvuj;\??\c:\windows\system32\drivers\aiiunvuj.sys --> c:\windows\system32\drivers\aiiunvuj.sys [?]
S1 ajniwqtl;ajniwqtl;\??\c:\windows\system32\drivers\ajniwqtl.sys --> c:\windows\system32\drivers\ajniwqtl.sys [?]
S1 alxfmqma;alxfmqma;\??\c:\windows\system32\drivers\alxfmqma.sys --> c:\windows\system32\drivers\alxfmqma.sys [?]
S1 apfrtxze;apfrtxze;\??\c:\windows\system32\drivers\apfrtxze.sys --> c:\windows\system32\drivers\apfrtxze.sys [?]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-5-27 765736]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-5-27 368944]
S1 becvpepd;becvpepd;\??\c:\windows\system32\drivers\becvpepd.sys --> c:\windows\system32\drivers\becvpepd.sys [?]
S1 bipazxix;bipazxix;\??\c:\windows\system32\drivers\bipazxix.sys --> c:\windows\system32\drivers\bipazxix.sys [?]
S1 bzqzkjxe;bzqzkjxe;\??\c:\windows\system32\drivers\bzqzkjxe.sys --> c:\windows\system32\drivers\bzqzkjxe.sys [?]
S1 camqtezp;camqtezp;\??\c:\windows\system32\drivers\camqtezp.sys --> c:\windows\system32\drivers\camqtezp.sys [?]
S1 ceawuwmc;ceawuwmc;\??\c:\windows\system32\drivers\ceawuwmc.sys --> c:\windows\system32\drivers\ceawuwmc.sys [?]
S1 cihzgdzj;cihzgdzj;\??\c:\windows\system32\drivers\cihzgdzj.sys --> c:\windows\system32\drivers\cihzgdzj.sys [?]
S1 cphgrsxk;cphgrsxk;\??\c:\windows\system32\drivers\cphgrsxk.sys --> c:\windows\system32\drivers\cphgrsxk.sys [?]
S1 dmwyelki;dmwyelki;\??\c:\windows\system32\drivers\dmwyelki.sys --> c:\windows\system32\drivers\dmwyelki.sys [?]
S1 dnpnumhx;dnpnumhx;\??\c:\windows\system32\drivers\dnpnumhx.sys --> c:\windows\system32\drivers\dnpnumhx.sys [?]
S1 ejhyrrqq;ejhyrrqq;\??\c:\windows\system32\drivers\ejhyrrqq.sys --> c:\windows\system32\drivers\ejhyrrqq.sys [?]
S1 ekrloqae;ekrloqae;\??\c:\windows\system32\drivers\ekrloqae.sys --> c:\windows\system32\drivers\ekrloqae.sys [?]
S1 eomqlslz;eomqlslz;\??\c:\windows\system32\drivers\eomqlslz.sys --> c:\windows\system32\drivers\eomqlslz.sys [?]
S1 eoqtxeis;eoqtxeis;\??\c:\windows\system32\drivers\eoqtxeis.sys --> c:\windows\system32\drivers\eoqtxeis.sys [?]
S1 ffpugnxm;ffpugnxm;\??\c:\windows\system32\drivers\ffpugnxm.sys --> c:\windows\system32\drivers\ffpugnxm.sys [?]
S1 fgzhojif;fgzhojif;\??\c:\windows\system32\drivers\fgzhojif.sys --> c:\windows\system32\drivers\fgzhojif.sys [?]
S1 fispgvdv;fispgvdv;\??\c:\windows\system32\drivers\fispgvdv.sys --> c:\windows\system32\drivers\fispgvdv.sys [?]
S1 flarvaki;flarvaki;\??\c:\windows\system32\drivers\flarvaki.sys --> c:\windows\system32\drivers\flarvaki.sys [?]
S1 gfklftjf;gfklftjf;\??\c:\windows\system32\drivers\gfklftjf.sys --> c:\windows\system32\drivers\gfklftjf.sys [?]
S1 gxcovpuy;gxcovpuy;\??\c:\windows\system32\drivers\gxcovpuy.sys --> c:\windows\system32\drivers\gxcovpuy.sys [?]
S1 hivjghcg;hivjghcg;\??\c:\windows\system32\drivers\hivjghcg.sys --> c:\windows\system32\drivers\hivjghcg.sys [?]
S1 hmddyueb;hmddyueb;\??\c:\windows\system32\drivers\hmddyueb.sys --> c:\windows\system32\drivers\hmddyueb.sys [?]
S1 hrdcwork;hrdcwork;\??\c:\windows\system32\drivers\hrdcwork.sys --> c:\windows\system32\drivers\hrdcwork.sys [?]
S1 ieurzehf;ieurzehf;\??\c:\windows\system32\drivers\ieurzehf.sys --> c:\windows\system32\drivers\ieurzehf.sys [?]
S1 iidrvfxw;iidrvfxw;\??\c:\windows\system32\drivers\iidrvfxw.sys --> c:\windows\system32\drivers\iidrvfxw.sys [?]
S1 ilibmssc;ilibmssc;\??\c:\windows\system32\drivers\ilibmssc.sys --> c:\windows\system32\drivers\ilibmssc.sys [?]
S1 inngrfso;inngrfso;\??\c:\windows\system32\drivers\inngrfso.sys --> c:\windows\system32\drivers\inngrfso.sys [?]
S1 ionljeli;ionljeli;\??\c:\windows\system32\drivers\ionljeli.sys --> c:\windows\system32\drivers\ionljeli.sys [?]
S1 iournris;iournris;\??\c:\windows\system32\drivers\iournris.sys --> c:\windows\system32\drivers\iournris.sys [?]
S1 jbveyhdf;jbveyhdf;\??\c:\windows\system32\drivers\jbveyhdf.sys --> c:\windows\system32\drivers\jbveyhdf.sys [?]
S1 jbynvqlb;jbynvqlb;\??\c:\windows\system32\drivers\jbynvqlb.sys --> c:\windows\system32\drivers\jbynvqlb.sys [?]
S1 jkjigcjz;jkjigcjz;\??\c:\windows\system32\drivers\jkjigcjz.sys --> c:\windows\system32\drivers\jkjigcjz.sys [?]
S1 jmfkhaho;jmfkhaho;\??\c:\windows\system32\drivers\jmfkhaho.sys --> c:\windows\system32\drivers\jmfkhaho.sys [?]
S1 jurwjaon;jurwjaon;\??\c:\windows\system32\drivers\jurwjaon.sys --> c:\windows\system32\drivers\jurwjaon.sys [?]
S1 klmmfmsn;klmmfmsn;\??\c:\windows\system32\drivers\klmmfmsn.sys --> c:\windows\system32\drivers\klmmfmsn.sys [?]
S1 kqfgdizd;kqfgdizd;\??\c:\windows\system32\drivers\kqfgdizd.sys --> c:\windows\system32\drivers\kqfgdizd.sys [?]
S1 lfuncgbw;lfuncgbw;\??\c:\windows\system32\drivers\lfuncgbw.sys --> c:\windows\system32\drivers\lfuncgbw.sys [?]
S1 lggxcgzd;lggxcgzd;\??\c:\windows\system32\drivers\lggxcgzd.sys --> c:\windows\system32\drivers\lggxcgzd.sys [?]
S1 llspnfzf;llspnfzf;\??\c:\windows\system32\drivers\llspnfzf.sys --> c:\windows\system32\drivers\llspnfzf.sys [?]
S1 lsbmulwr;lsbmulwr;\??\c:\windows\system32\drivers\lsbmulwr.sys --> c:\windows\system32\drivers\lsbmulwr.sys [?]
S1 lscytjhf;lscytjhf;\??\c:\windows\system32\drivers\lscytjhf.sys --> c:\windows\system32\drivers\lscytjhf.sys [?]
S1 lvatqndr;lvatqndr;\??\c:\windows\system32\drivers\lvatqndr.sys --> c:\windows\system32\drivers\lvatqndr.sys [?]
S1 lwugtgju;lwugtgju;\??\c:\windows\system32\drivers\lwugtgju.sys --> c:\windows\system32\drivers\lwugtgju.sys [?]
S1 mktahoyz;mktahoyz;\??\c:\windows\system32\drivers\mktahoyz.sys --> c:\windows\system32\drivers\mktahoyz.sys [?]
S1 njucjlhj;njucjlhj;\??\c:\windows\system32\drivers\njucjlhj.sys --> c:\windows\system32\drivers\njucjlhj.sys [?]
S1 ofdvlanw;ofdvlanw;\??\c:\windows\system32\drivers\ofdvlanw.sys --> c:\windows\system32\drivers\ofdvlanw.sys [?]
S1 onimvpic;onimvpic;\??\c:\windows\system32\drivers\onimvpic.sys --> c:\windows\system32\drivers\onimvpic.sys [?]
S1 pgeuabxo;pgeuabxo;\??\c:\windows\system32\drivers\pgeuabxo.sys --> c:\windows\system32\drivers\pgeuabxo.sys [?]
S1 pkndstgy;pkndstgy;\??\c:\windows\system32\drivers\pkndstgy.sys --> c:\windows\system32\drivers\pkndstgy.sys [?]
S1 pozijwoh;pozijwoh;\??\c:\windows\system32\drivers\pozijwoh.sys --> c:\windows\system32\drivers\pozijwoh.sys [?]
S1 puijckld;puijckld;\??\c:\windows\system32\drivers\puijckld.sys --> c:\windows\system32\drivers\puijckld.sys [?]
S1 pxakdztm;pxakdztm;\??\c:\windows\system32\drivers\pxakdztm.sys --> c:\windows\system32\drivers\pxakdztm.sys [?]
S1 qoapangu;qoapangu;\??\c:\windows\system32\drivers\qoapangu.sys --> c:\windows\system32\drivers\qoapangu.sys [?]
S1 qskkfdkb;qskkfdkb;\??\c:\windows\system32\drivers\qskkfdkb.sys --> c:\windows\system32\drivers\qskkfdkb.sys [?]
S1 qtsqtmue;qtsqtmue;\??\c:\windows\system32\drivers\qtsqtmue.sys --> c:\windows\system32\drivers\qtsqtmue.sys [?]
S1 rhevprua;rhevprua;\??\c:\windows\system32\drivers\rhevprua.sys --> c:\windows\system32\drivers\rhevprua.sys [?]
S1 rohlwepv;rohlwepv;\??\c:\windows\system32\drivers\rohlwepv.sys --> c:\windows\system32\drivers\rohlwepv.sys [?]
S1 rpkkornj;rpkkornj;\??\c:\windows\system32\drivers\rpkkornj.sys --> c:\windows\system32\drivers\rpkkornj.sys [?]
S1 rubyrhba;rubyrhba;\??\c:\windows\system32\drivers\rubyrhba.sys --> c:\windows\system32\drivers\rubyrhba.sys [?]
S1 rxfdayuk;rxfdayuk;\??\c:\windows\system32\drivers\rxfdayuk.sys --> c:\windows\system32\drivers\rxfdayuk.sys [?]
S1 skfjjdnz;skfjjdnz;\??\c:\windows\system32\drivers\skfjjdnz.sys --> c:\windows\system32\drivers\skfjjdnz.sys [?]
S1 sytvzgtq;sytvzgtq;\??\c:\windows\system32\drivers\sytvzgtq.sys --> c:\windows\system32\drivers\sytvzgtq.sys [?]
S1 tgngkdia;tgngkdia;\??\c:\windows\system32\drivers\tgngkdia.sys --> c:\windows\system32\drivers\tgngkdia.sys [?]
S1 tlrfilff;tlrfilff;\??\c:\windows\system32\drivers\tlrfilff.sys --> c:\windows\system32\drivers\tlrfilff.sys [?]
S1 tvnpmdtb;tvnpmdtb;\??\c:\windows\system32\drivers\tvnpmdtb.sys --> c:\windows\system32\drivers\tvnpmdtb.sys [?]
S1 uhlsytdn;uhlsytdn;\??\c:\windows\system32\drivers\uhlsytdn.sys --> c:\windows\system32\drivers\uhlsytdn.sys [?]
S1 ujzhykpc;ujzhykpc;\??\c:\windows\system32\drivers\ujzhykpc.sys --> c:\windows\system32\drivers\ujzhykpc.sys [?]
S1 ukgxihsx;ukgxihsx;\??\c:\windows\system32\drivers\ukgxihsx.sys --> c:\windows\system32\drivers\ukgxihsx.sys [?]
S1 uxvfjnie;uxvfjnie;\??\c:\windows\system32\drivers\uxvfjnie.sys --> c:\windows\system32\drivers\uxvfjnie.sys [?]
S1 vandgyiv;vandgyiv;\??\c:\windows\system32\drivers\vandgyiv.sys --> c:\windows\system32\drivers\vandgyiv.sys [?]
S1 vdfnrcjm;vdfnrcjm;\??\c:\windows\system32\drivers\vdfnrcjm.sys --> c:\windows\system32\drivers\vdfnrcjm.sys [?]
S1 vdqvylse;vdqvylse;\??\c:\windows\system32\drivers\vdqvylse.sys --> c:\windows\system32\drivers\vdqvylse.sys [?]
S1 vgwuyobz;vgwuyobz;\??\c:\windows\system32\drivers\vgwuyobz.sys --> c:\windows\system32\drivers\vgwuyobz.sys [?]
S1 vmxqaodl;vmxqaodl;\??\c:\windows\system32\drivers\vmxqaodl.sys --> c:\windows\system32\drivers\vmxqaodl.sys [?]
S1 vvfhpnni;vvfhpnni;\??\c:\windows\system32\drivers\vvfhpnni.sys --> c:\windows\system32\drivers\vvfhpnni.sys [?]
S1 wticwisf;wticwisf;\??\c:\windows\system32\drivers\wticwisf.sys --> c:\windows\system32\drivers\wticwisf.sys [?]
S1 wtvzupht;wtvzupht;\??\c:\windows\system32\drivers\wtvzupht.sys --> c:\windows\system32\drivers\wtvzupht.sys [?]
S1 wupjffsp;wupjffsp;\??\c:\windows\system32\drivers\wupjffsp.sys --> c:\windows\system32\drivers\wupjffsp.sys [?]
S1 wuqfjhcq;wuqfjhcq;\??\c:\windows\system32\drivers\wuqfjhcq.sys --> c:\windows\system32\drivers\wuqfjhcq.sys [?]
S1 wydlntfk;wydlntfk;\??\c:\windows\system32\drivers\wydlntfk.sys --> c:\windows\system32\drivers\wydlntfk.sys [?]
S1 xqduzmxg;xqduzmxg;\??\c:\windows\system32\drivers\xqduzmxg.sys --> c:\windows\system32\drivers\xqduzmxg.sys [?]
S1 xqyivwmk;xqyivwmk;\??\c:\windows\system32\drivers\xqyivwmk.sys --> c:\windows\system32\drivers\xqyivwmk.sys [?]
S1 xrjpjgqa;xrjpjgqa;c:\windows\system32\drivers\xrjpjgqa.sys [2013-4-21 43600]
S1 xzvgxcru;xzvgxcru;\??\c:\windows\system32\drivers\xzvgxcru.sys --> c:\windows\system32\drivers\xzvgxcru.sys [?]
S1 zasfehnn;zasfehnn;\??\c:\windows\system32\drivers\zasfehnn.sys --> c:\windows\system32\drivers\zasfehnn.sys [?]
S1 zjuhcdgu;zjuhcdgu;\??\c:\windows\system32\drivers\zjuhcdgu.sys --> c:\windows\system32\drivers\zjuhcdgu.sys [?]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-5-27 29816]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-5-27 66336]
S2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-5-27 46808]
S2 Browser Manager;Browser Manager;c:\documents and settings\all users\application data\browser manager\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe [2013-5-18 2787280]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 DefaultTabUpdate;DefaultTabUpdate;c:\documents and settings\hp_administrator\application data\defaulttab\defaulttab\DTUpdate.exe [2012-12-23 107520]
S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-5-27 418376]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-5-27 701512]
S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S2 msav;Moon Secure Antivirus Core;c:\program files\moon secure antivirus\msavcore.exe --> c:\program files\moon secure antivirus\msavcore.exe [?]
S2 WajamUpdater;WajamUpdater;c:\program files\wajam\updater\WajamUpdater.exe [2012-10-5 109064]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-5-27 22856]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 McMPFSvc;McAfee Personal Firewall Service; "c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe" /mccoresvc --> c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [?]
.
=============== Created Last 30 ================
.
2013-05-31 04:43:40 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes
2013-05-30 17:43:43 -------- d-sh--w- c:\documents and settings\administrator\PrivacIE
2013-05-28 03:03:35 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-05-28 03:03:34 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-28 03:03:34 174664 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-05-28 03:03:31 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-28 03:02:55 41664 ----a-w- c:\windows\avastSS.scr
2013-05-28 03:02:29 -------- d-----w- c:\program files\AVAST Software
2013-05-28 03:02:19 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2013-05-28 02:31:46 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Mozilla
2013-05-28 02:30:50 -------- d-sh--w- c:\documents and settings\administrator\IETldCache
2013-05-27 23:18:14 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2013-05-27 23:18:13 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-27 23:18:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-05-27 22:42:19 7016152 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d61cc213-2ff7-4fdf-8dff-662d2cb847ad}\mpengine.dll
2013-05-18 12:07:32 7016152 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
.
==================== Find3M ====================
.
2013-05-30 14:44:14 0 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2013-05-18 12:52:16 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-18 12:52:16 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-21 12:03:54 43600 ----a-w- c:\windows\system32\drivers\xrjpjgqa.sys
2013-04-13 13:48:24 465280 ----a-r- c:\windows\cpnprt2win32.cid
2013-04-13 13:48:21 465280 ------w- c:\windows\system32\cpnprt2win32.cid
.
============= FINISH: 1:49:58.09 ===============

 

DDS attachment.

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 11/22/2010 2:27:05 AM
System Uptime: 5/30/2013 11:27:56 PM (2 hours ago)
.
Motherboard: ASUSTek Computer INC. | | Amberine M
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ | Socket 939 | 2188/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 224 GiB total, 194.096 GiB free.
D: is FIXED (FAT32) - 9 GiB total, 1.122 GiB free.
E: is CDROM ()
F: is CDROM ()
H: is Removable
I: is Removable
J: is Removable
K: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F13\3&61AAA01&0
Manufacturer: Logitech
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F13\3&61AAA01&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP257: 3/2/2013 8:04:06 AM - System Checkpoint
RP258: 3/3/2013 8:29:35 AM - System Checkpoint
RP259: 3/9/2013 10:02:30 AM - System Checkpoint
RP260: 3/10/2013 11:32:30 AM - System Checkpoint
RP261: 3/12/2013 12:40:22 PM - System Checkpoint
RP262: 3/13/2013 1:03:04 PM - System Checkpoint
RP263: 3/14/2013 5:43:48 PM - System Checkpoint
RP264: 3/15/2013 6:03:03 PM - System Checkpoint
RP265: 3/16/2013 10:17:02 PM - System Checkpoint
RP266: 3/18/2013 9:13:04 AM - System Checkpoint
RP267: 3/20/2013 7:43:08 AM - System Checkpoint
RP268: 3/21/2013 5:26:09 PM - System Checkpoint
RP269: 3/25/2013 7:33:23 PM - System Checkpoint
RP270: 3/27/2013 8:51:59 AM - System Checkpoint
RP271: 3/28/2013 9:11:49 PM - System Checkpoint
RP272: 3/30/2013 6:06:48 AM - System Checkpoint
RP273: 3/31/2013 12:42:59 PM - System Checkpoint
RP274: 4/1/2013 1:21:10 PM - System Checkpoint
RP275: 4/2/2013 1:23:14 PM - System Checkpoint
RP276: 4/3/2013 2:00:25 PM - System Checkpoint
RP277: 4/4/2013 4:07:54 PM - System Checkpoint
RP278: 4/5/2013 7:26:21 PM - System Checkpoint
RP279: 4/7/2013 2:02:49 PM - System Checkpoint
RP280: 4/8/2013 3:42:11 PM - System Checkpoint
RP281: 4/10/2013 8:24:38 AM - System Checkpoint
RP282: 4/11/2013 5:48:58 PM - System Checkpoint
RP283: 4/12/2013 8:19:39 PM - System Checkpoint
RP284: 4/14/2013 9:12:37 AM - System Checkpoint
RP285: 4/15/2013 3:33:06 PM - System Checkpoint
RP286: 4/17/2013 10:20:51 AM - System Checkpoint
RP287: 4/19/2013 5:37:48 PM - System Checkpoint
RP288: 4/21/2013 8:59:01 PM - System Checkpoint
RP289: 4/22/2013 9:08:49 PM - System Checkpoint
RP290: 4/24/2013 12:44:29 PM - System Checkpoint
RP291: 4/25/2013 5:39:43 PM - System Checkpoint
RP292: 4/27/2013 8:56:15 AM - System Checkpoint
RP293: 4/28/2013 9:00:32 AM - System Checkpoint
RP294: 4/29/2013 9:53:00 AM - System Checkpoint
RP295: 5/1/2013 5:47:27 AM - System Checkpoint
RP296: 5/2/2013 6:16:07 PM - System Checkpoint
RP297: 5/4/2013 6:45:27 AM - System Checkpoint
RP298: 5/5/2013 9:11:45 AM - System Checkpoint
RP299: 5/6/2013 11:04:19 AM - System Checkpoint
RP300: 5/9/2013 5:24:42 PM - System Checkpoint
RP301: 5/18/2013 9:15:09 AM - System Checkpoint
RP302: 5/20/2013 11:50:10 AM - System Checkpoint
RP303: 5/21/2013 2:05:15 PM - System Checkpoint
RP304: 5/22/2013 2:17:59 PM - System Checkpoint
RP305: 5/23/2013 6:15:28 PM - System Checkpoint
RP306: 5/24/2013 6:28:29 PM - System Checkpoint
RP307: 5/27/2013 9:01:47 PM - System Checkpoint
RP308: 5/29/2013 9:59:01 AM - System Checkpoint
.
==== Installed Programs ======================
.
3DVIA player 5.0.0.20
4300
4300_Help
4300Trb
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X
Adobe Shockwave Player 11.6
Agere Systems PCI-SV92PP Soft Modem
AiO_Scan_CDA
AiOSoftwareNPI
ATI Control Panel
ATI Display Driver
avast! Free Antivirus
Belkin Setup and Router Monitor
Browser Manager
BufferChm
CameraDrivers
Carbonite Online Backup Setup
CDDRV_Installer
Coupon Printer for Windows
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_LightScribePlugin
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
CreataCard Gold 3
CueTour
CustomerResearchQFolder
DefaultTab
Destinations
DocProc
DocProcQFolder
DocumentViewer
DocumentViewerQFolder
DVD Decrypter (Remove Only)
DVD Shrink 3.2
eSupportQFolder
Farm Frenzy
Fax_CDA
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HP Boot Optimizer
HP Button Manager
HP Customer Participation Program 7.0
HP DigitalMedia Archive
HP Document Viewer 5.3
HP Image Zone 5.3
HP Image Zone for Media Center PC
HP Imaging Device Functions 7.0
HP Multimedia Keyboard Software
HP Photosmart Cameras 5.0
HP Photosmart Essential
HP Photosmart, Officejet and Deskjet 7.0.A
HP Software Update
HP Solution Center 7.0
HP Webcam User's Guide
HPPhotoSmartExpress
HPProductAssistant
HpSdpAppCoreApp
InfoAtoms [Uninstall]
InstantShareDevices
InstantShareDevicesMFC
Internet Explorer Toolbar 4.7 by SweetPacks
InterVideo WinDVD Player
J2SE Runtime Environment 5.0 Update 5
Java Auto Updater
Java(TM) 6 Update 26
KhalSetup
Kobo
LightScribe 1.4.52.1
Logitech Desktop Messenger
Logitech SetPoint
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
Microsoft .NET Framework 1.0 Hotfix (KB2604042)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.0 Security Update (KB2698035)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Away Mode
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Mozilla Firefox 21.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB925673)
muvee Reveal Seagate Edition
NetAssistant
NewCopy_CDA
OCR Software by I.R.I.S 7.0
Otto
PanoStandAlone
PhotoGallery
ProductContextNPI
PS2
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
Ranch Rush
RandMap
Readme
Samantha Swift and the Golden Touch
Scan
ScannerCopy
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360131)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219-v2)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135-v2)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Shared C Run-time for x86
SkinsHP1
SolutionCenter
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
Status
Supreme Savings
swMSM
Toolbox
TrayApp
Tumblebugs
Tumblebugs 2
Ultimate Mahjongg 5
Unload
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB2362765)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
VAFPlayer
Wajam
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Presentation Foundation
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB908250
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WiseConvert Toolbar
XML Paper Specification Shared Components Pack 1.0
Xvid 1.2.1 final uninstall
Yahoo! Software Update
Yontoo 1.10.03
.
==== Event Viewer Messages From Past Week ========
.
5/30/2013 9:52:08 AM, error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:WinNT/Necurs.A&threatid=2147645811 Name: Trojan:WinNT/Necurs.A ID: 2147645811 Severity: Severe Category: Trojan Path: file:_C:\WINDOWS\system32\drivers\60dbf543bb3cb4bb.sys;hiddendriver:_60dbf543bb3cb4bb;hiddenfile:_C:\WINDOWS\System32\Drivers\60dbf543bb3cb4bb.sys Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007054f Error description: An internal error occurred. Signature Version: AV: 1.151.1044.0, AS: 1.151.1044.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.9506.0, NIS: 0.0.0.0
5/30/2013 9:50:54 AM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
5/30/2013 9:50:54 AM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/30/2013 9:50:54 AM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
5/30/2013 9:50:54 AM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
5/30/2013 9:50:54 AM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/30/2013 11:38:29 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.151.1044.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9506.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
5/30/2013 11:29:56 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK8 aswSP aswTdi aswVmm Fips i8042prt
5/29/2013 9:53:58 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.151.1044.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9506.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
5/29/2013 9:44:54 AM, error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:WinNT/Necurs.A&threatid=2147645811 Name: Trojan:WinNT/Necurs.A ID: 2147645811 Severity: Severe Category: Trojan Path: file:_C:\WINDOWS\system32\drivers\60dbf543bb3cb4bb.sys;hiddendriver:_60dbf543bb3cb4bb;hiddenfile:_C:\WINDOWS\System32\Drivers\60dbf543bb3cb4bb.sys Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007054f Error description: An internal error occurred. Signature Version: AV: 1.151.1044.0, AS: 1.151.1044.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.9506.0, NIS: 0.0.0.0
5/29/2013 9:43:40 AM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
5/29/2013 9:43:40 AM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/29/2013 9:43:40 AM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
5/29/2013 9:43:40 AM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
5/29/2013 9:43:40 AM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/28/2013 9:53:24 AM, error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:WinNT/Necurs.A&threatid=2147645811 Name: Trojan:WinNT/Necurs.A ID: 2147645811 Severity: Severe Category: Trojan Path: file:_C:\WINDOWS\system32\drivers\60dbf543bb3cb4bb.sys;hiddendriver:_60dbf543bb3cb4bb;hiddenfile:_C:\WINDOWS\System32\Drivers\60dbf543bb3cb4bb.sys Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007054f Error description: An internal error occurred. Signature Version: AV: 1.151.1044.0, AS: 1.151.1044.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.9506.0, NIS: 0.0.0.0
5/28/2013 9:52:19 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSP aswTdi aswVmm
5/28/2013 9:52:19 AM, error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: A device attached to the system is not functioning.
5/28/2013 9:52:19 AM, error: Service Control Manager [7001] - The avast! Antivirus service depends on the aswMonFlt service which failed to start because of the following error: A device attached to the system is not functioning.
5/28/2013 9:52:19 AM, error: Service Control Manager [7000] - The Moon Secure Antivirus Core service failed to start due to the following error: The system cannot find the file specified.
5/28/2013 9:52:19 AM, error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: A device attached to the system is not functioning.
5/28/2013 9:52:19 AM, error: Service Control Manager [7000] - The aswMonFlt service failed to start due to the following error: A device attached to the system is not functioning.
5/28/2013 9:52:19 AM, error: Service Control Manager [7000] - The aswFsBlk service failed to start due to the following error: A device attached to the system is not functioning.
5/28/2013 9:52:05 AM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
5/28/2013 9:52:05 AM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/28/2013 9:52:05 AM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
5/28/2013 9:52:05 AM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
5/28/2013 9:52:05 AM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/28/2013 12:56:48 PM, error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:WinNT/Necurs.A&threatid=2147645811 Name: Trojan:WinNT/Necurs.A ID: 2147645811 Severity: Severe Category: Trojan Path: file:_C:\WINDOWS\system32\drivers\60dbf543bb3cb4bb.sys;hiddendriver:_60dbf543bb3cb4bb;hiddenfile:_C:\WINDOWS\System32\Drivers\60dbf543bb3cb4bb.sys Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007054f Error description: An internal error occurred. Signature Version: AV: 1.151.1044.0, AS: 1.151.1044.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.9506.0, NIS: 0.0.0.0
5/28/2013 12:55:56 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSP aswTdi aswVmm iaStor IntelIde ViaIde
5/28/2013 12:55:43 PM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
5/28/2013 12:55:43 PM, error: Microsoft Antimalware [3002]

 

d a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:WinNT/Necurs.A&threatid=2147645811 Name: Trojan:WinNT/Necurs.A ID: 2147645811 Severity: Severe Category: Trojan Path: file:_C:\WINDOWS\system32\drivers\60dbf543bb3cb4bb.sys;hiddendriver:_60dbf543bb3cb4bb;hiddenfile:_C:\WINDOWS\System32\Drivers\60dbf543bb3cb4bb.sys Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007054f Error description: An internal error occurred. Signature Version: AV: 1.151.1044.0, AS: 1.151.1044.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.9506.0, NIS: 0.0.0.0
5/28/2013 9:52:19 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSP aswTdi aswVmm
5/28/2013 9:52:19 AM, error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: A device attached to the system is not functioning.
5/28/2013 9:52:19 AM, error: Service Control Manager [7001] - The avast! Antivirus service depends on the aswMonFlt service which failed to start because of the following error: A device attached to the system is not functioning.
5/28/2013 9:52:19 AM, error: Service Control Manager [7000] - The Moon Secure Antivirus Core service failed to start due to the following error: The system cannot find the file specified.
5/28/2013 9:52:19 AM, error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: A device attached to the system is not functioning.
5/28/2013 9:52:19 AM, error: Service Control Manager [7000] - The aswMonFlt service failed to start due to the following error: A device attached to the system is not functioning.
5/28/2013 9:52:19 AM, error: Service Control Manager [7000] - The aswFsBlk service failed to start due to the following error: A device attached to the system is not functioning.
5/28/2013 9:52:05 AM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
5/28/2013 9:52:05 AM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/28/2013 9:52:05 AM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
5/28/2013 9:52:05 AM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
5/28/2013 9:52:05 AM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/28/2013 12:56:48 PM, error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:WinNT/Necurs.A&threatid=2147645811 Name: Trojan:WinNT/Necurs.A ID: 2147645811 Severity: Severe Category: Trojan Path: file:_C:\WINDOWS\system32\drivers\60dbf543bb3cb4bb.sys;hiddendriver:_60dbf543bb3cb4bb;hiddenfile:_C:\WINDOWS\System32\Drivers\60dbf543bb3cb4bb.sys Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007054f Error description: An internal error occurred. Signature Version: AV: 1.151.1044.0, AS: 1.151.1044.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.9506.0, NIS: 0.0.0.0
5/28/2013 12:55:56 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSP aswTdi aswVmm iaStor IntelIde ViaIde
5/28/2013 12:55:43 PM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
5/28/2013 12:55:43 PM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/28/2013 12:55:43 PM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
5/28/2013 12:55:43 PM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
5/28/2013 12:55:43 PM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/28/2013 10:45:29 AM, error: Service Control Manager [7000] - The MBAMSwissArmy service failed to start due to the following error: A device attached to the system is not functioning.
5/27/2013 9:35:25 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
5/27/2013 9:31:51 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK8 Fips i8042prt
5/27/2013 9:18:56 PM, error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:WinNT/Necurs.A&threatid=2147645811 Name: Trojan:WinNT/Necurs.A ID: 2147645811 Severity: Severe Category: Trojan Path: file:_C:\WINDOWS\system32\drivers\60dbf543bb3cb4bb.sys;hiddendriver:_60dbf543bb3cb4bb;hiddenfile:_C:\WINDOWS\System32\Drivers\60dbf543bb3cb4bb.sys Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007054f Error description: An internal error occurred. Signature Version: AV: 1.151.1044.0, AS: 1.151.1044.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.9506.0, NIS: 0.0.0.0
5/27/2013 9:18:05 PM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
5/27/2013 9:18:05 PM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/27/2013 9:18:05 PM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
5/27/2013 9:18:05 PM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
5/27/2013 9:18:05 PM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/27/2013 8:29:20 PM, error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:WinNT/Necurs.A&threatid=2147645811 Name: Trojan:WinNT/Necurs.A ID: 2147645811 Severity: Severe Category: Trojan Path: file:_C:\WINDOWS\system32\drivers\60dbf543bb3cb4bb.sys;hiddendriver:_60dbf543bb3cb4bb;hiddenfile:_C:\WINDOWS\System32\Drivers\60dbf543bb3cb4bb.sys Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007054f Error description: An internal error occurred. Signature Version: AV: 1.151.1044.0, AS: 1.151.1044.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.9506.0, NIS: 0.0.0.0
5/27/2013 8:28:41 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: iaStor IntelIde ViaIde
5/27/2013 8:28:26 PM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
5/27/2013 8:28:26 PM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/27/2013 8:28:26 PM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
5/27/2013 8:28:26 PM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
5/27/2013 8:28:26 PM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/27/2013 5:52:11 PM, error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:WinNT/Necurs.A&threatid=2147645811 Name: Trojan:WinNT/Necurs.A ID: 2147645811 Severity: Severe Category: Trojan Path: file:_C:\WINDOWS\system32\drivers\60dbf543bb3cb4bb.sys;hiddendriver:_60dbf543bb3cb4bb;hiddenfile:_C:\WINDOWS\System32\Drivers\60dbf543bb3cb4bb.sys Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007054f Error description: An internal error occurred. Signature Version: AV: 1.151.1044.0, AS: 1.151.1044.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.9506.0, NIS: 0.0.0.0
5/27/2013 5:51:18 PM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
5/27/2013 5:51:18 PM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/27/2013 5:51:18 PM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
5/27/2013 5:51:18 PM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
5/27/2013 5:51:18 PM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/27/2013 5:43:28 PM, error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:WinNT/Necurs.A&threatid=2147645811 Name: Trojan:WinNT/Necurs.A ID: 2147645811 Severity: Severe Category: Trojan Path: file:_C:\WINDOWS\system32\drivers\60dbf543bb3cb4bb.sys;hiddendriver:_60dbf543bb3cb4bb;hiddenfile:_C:\WINDOWS\System32\Drivers\60dbf543bb3cb4bb.sys Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007054f Error description: An internal error occurred. Signature Version: AV: 1.151.1044.0, AS: 1.151.1044.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.9506.0, NIS: 0.0.0.0
5/27/2013 5:43:12 PM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
5/27/2013 5:43:12 PM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
5/27/2013 5:43:11 PM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
5/27/2013 5:43:11 PM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: Real-time protection has stopped functioning for an unknown reason. Restart the service in order to recover.
5/27/2013 5:43:11 PM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
5/27/2013 5:43:11 PM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: Real-time protection has stopped functioning for an unknown reason. Restart the service in order to recover.
5/27/2013 5:43:11 PM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
5/27/2013 5:43:11 PM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80070002 Error description: The system cannot find the file specified. Reason: Real-time protection has stopped functioning for an unknown reason. Restart the service in order to recover.
5/27/2013 5:42:26 PM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
5/27/2013 5:42:08 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.151.393.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9506.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
5/27/2013 5:42:07 PM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
5/27/2013 5:42:07 PM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/27/2013 5:42:07 PM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
5/27/2013 5:42:07 PM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
5/27/2013 5:42:07 PM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/27/2013 5:40:37 PM, error: Dhcp [1002] - The IP address lease 192.168.2.2 for the Network Card with network address 0015F26BBFA2 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
5/27/2013 5:39:56 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.151.393.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9506.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
5/27/2013 5:39:56 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.151.393.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9506.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
5/27/2013 5:39:56 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.151.393.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9506.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
5/27/2013 5:31:08 PM, error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:WinNT/Necurs.A&threatid=2147645811 Name: Trojan:WinNT/Necurs.A ID: 2147645811 Severity: Severe Category: Trojan Path: file:_C:\WINDOWS\system32\drivers\60dbf543bb3cb4bb.sys;hiddendriver:_60dbf543bb3cb4bb;hiddenfile:_C:\WINDOWS\System32\Drivers\60dbf543bb3cb4bb.sys Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007054f Error description: An internal error occurred. Signature Version: AV: 1.151.393.0, AS: 1.151.393.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.9506.0, NIS: 0.0.0.0
5/27/2013 5:29:51 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.151.393.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9506.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
5/27/2013 5:29:51 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.151.393.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9506.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
5/27/2013 5:29:51 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.151.393.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9506.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
5/27/2013 5:29:47 PM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
5/27/2013 5:29:47 PM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/27/2013 5:29:47 PM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
5/27/2013 5:29:47 PM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
5/27/2013 5:29:47 PM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/27/2013 11:18:31 PM, error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:WinNT/Necurs.A&threatid=2147645811 Name: Trojan:WinNT/Necurs.A ID: 2147645811 Severity: Severe Category: Trojan Path: file:_C:\WINDOWS\system32\drivers\60dbf543bb3cb4bb.sys;hiddendriver:_60dbf543bb3cb4bb;hiddenfile:_C:\WINDOWS\System32\Drivers\60dbf543bb3cb4bb.sys Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007054f Error description: An internal error occurred. Signature Version: AV: 1.151.1044.0, AS: 1.151.1044.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.9506.0, NIS: 0.0.0.0
5/27/2013 11:17:15 PM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
5/27/2013 11:17:15 PM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/27/2013 11:17:15 PM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
5/27/2013 11:17:15 PM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
5/27/2013 11:17:15 PM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/27/2013 11:16:20 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/27/2013 10:05:43 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments " " in order to run the server: {000C101C-0000-0000-C000-000000000046}
5/27/2013 10:05:34 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
5/25/2013 5:42:31 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.151.393.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9506.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
5/25/2013 5:42:31 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.151.393.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9506.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
5/25/2013 5:42:30 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.151.393.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9506.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
5/25/2013 5:22:34 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.151.393.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9506.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
5/25/2013 5:22:34 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.151.393.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9506.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
5/25/2013 5:22:34 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.151.393.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9506.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
5/25/2013 5:13:44 AM, error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:WinNT/Necurs.A&threatid=2147645811 Name: Trojan:WinNT/Necurs.A ID: 2147645811 Severity: Severe Category: Trojan Path: file:_C:\WINDOWS\system32\drivers\60dbf543bb3cb4bb.sys;hiddendriver:_60dbf543bb3cb4bb;hiddenfile:_C:\WINDOWS\System32\Drivers\60dbf543bb3cb4bb.sys Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007054f Error description: An internal error occurred. Signature Version: AV: 1.151.393.0, AS: 1.151.393.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.9506.0, NIS: 0.0.0.0
5/25/2013 5:12:32 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.151.393.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9506.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
5/25/2013 5:12:32 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.151.393.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9506.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
5/25/2013 5:12:32 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.151.393.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9506.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
5/25/2013 5:12:30 AM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
5/25/2013 5:12:30 AM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/25/2013 5:12:30 AM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
5/25/2013 5:12:30 AM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
5/25/2013 5:12:30 AM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/24/2013 6:14:39 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.151.393.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9506.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
5/24/2013 6:14:39 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.151.393.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9506.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
5/24/2013 6:14:39 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.151.393.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...3.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9506.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
5/24/2013 6:05:47 PM, error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:WinNT/Necurs.A&threatid=2147645811 Name: Trojan:WinNT/Necurs.A ID: 2147645811 Severity: Severe Category: Trojan Path: file:_C:\WINDOWS\system32\drivers\60dbf543bb3cb4bb.sys;hiddendriver:_60dbf543bb3cb4bb;hiddenfile:_C:\WINDOWS\System32\Drivers\60dbf543bb3cb4bb.sys Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007054f Error description: An internal error occurred. Signature Version: AV: 1.151.393.0, AS: 1.151.393.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.9506.0, NIS: 0.0.0.0
5/24/2013 6:04:35 PM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
5/24/2013 6:04:35 PM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/24/2013 6:04:35 PM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
5/24/2013 6:04:35 PM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
5/24/2013 6:04:35 PM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
.
==== End Of File ===========================

 

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Safe mode with network support
User : Administrator [Admin rights]
Mode : Remove -- Date : 05/31/2013 12:51:50
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[DLL] explorer.exe -- C:\WINDOWS\explorer.exe : c:\docume~1\alluse~1\applic~1\browse~1\261249~1.132\{c16c1~1\mngr.dll [x] -> UNLOADED

¤¤¤ Registry Entries : 8 ¤¤¤
[Services][Root.Necurs] HKLM\[...]\ControlSet001\Services\60dbf543bb3cb4bb (60dbf543bb3cb4bb.sys) -> DELETED
[Services][SUSP PATH] HKLM\[...]\ControlSet001\Services\ARSVC\ARSVC (C:\WINDOWS\arservice.exe) [7] -> DELETED
[Services][SUSP PATH] HKLM\[...]\ControlSet001\Services\Browser Manager\Browser Manager (C:\Documents and Settings\All Users\Application Data\Browser Manager\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe) [7] -> DELETED
[Services][Root.Necurs] HKLM\[...]\ControlSet002\Services\60dbf543bb3cb4bb (60dbf543bb3cb4bb.sys) -> DELETED
[Services][SUSP PATH] HKLM\[...]\ControlSet002\Services\ARSVC\ARSVC (C:\WINDOWS\arservice.exe) [7] -> DELETED
[Services][SUSP PATH] HKLM\[...]\ControlSet002\Services\Browser Manager\Browser Manager (C:\Documents and Settings\All Users\Application Data\Browser Manager\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe) [7] -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[APPINIT][SUSP PATH] HKLM\[...]\Windows : AppInit_DLLs (c:\Documents and Settings\All Users\Application Data\Browser Manager\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.dll) [7] -> REPLACED ()

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] n : C:\RECYCLER\S-1-5-18\$8871bf4862c3c72b31a786a584ead5af\n [-] --> REMOVED
[ZeroAccess][FILE] n : C:\RECYCLER\S-1-5-21-2396159424-1787624068-2025113056-1008\$8871bf4862c3c72b31a786a584ead5af\n [-] --> REMOVED
[ZeroAccess][FILE] @ : C:\RECYCLER\S-1-5-18\$8871bf4862c3c72b31a786a584ead5af\@ [-] --> REMOVED
[ZeroAccess][FILE] @ : C:\RECYCLER\S-1-5-21-2396159424-1787624068-2025113056-1008\$8871bf4862c3c72b31a786a584ead5af\@ [-] --> REMOVED
[Del.Parent][FILE] 00000001.@ : C:\RECYCLER\S-1-5-18\$8871bf4862c3c72b31a786a584ead5af\U\00000001.@ [-] --> REMOVED
[Del.Parent][FILE] 80000000.@ : C:\RECYCLER\S-1-5-18\$8871bf4862c3c72b31a786a584ead5af\U\80000000.@ [-] --> REMOVED
[Del.Parent][FILE] 800000cb.@ : C:\RECYCLER\S-1-5-18\$8871bf4862c3c72b31a786a584ead5af\U\800000cb.@ [-] --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\RECYCLER\S-1-5-18\$8871bf4862c3c72b31a786a584ead5af\U --> REMOVED
[Del.Parent][FILE] 00000001.@ : C:\RECYCLER\S-1-5-21-2396159424-1787624068-2025113056-1008\$8871bf4862c3c72b31a786a584ead5af\U\00000001.@ [-] --> REMOVED
[Del.Parent][FILE] 80000000.@ : C:\RECYCLER\S-1-5-21-2396159424-1787624068-2025113056-1008\$8871bf4862c3c72b31a786a584ead5af\U\80000000.@ [-] --> REMOVED
[Del.Parent][FILE] 800000cb.@ : C:\RECYCLER\S-1-5-21-2396159424-1787624068-2025113056-1008\$8871bf4862c3c72b31a786a584ead5af\U\800000cb.@ [-] --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\RECYCLER\S-1-5-21-2396159424-1787624068-2025113056-1008\$8871bf4862c3c72b31a786a584ead5af\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\RECYCLER\S-1-5-18\$8871bf4862c3c72b31a786a584ead5af\L --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\RECYCLER\S-1-5-21-2396159424-1787624068-2025113056-1008\$8871bf4862c3c72b31a786a584ead5af\L --> REMOVED

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess|Root.Necurs ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: HDT722525DLA380 +++++
--- User ---
[MBR] 60492e51f4c05786a2d5cab79c5d8002
[BSP] 8a7884da59e414827f91c43dcf324e78 : Toshiba MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 8714 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 17848215 | Size: 229749 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_05312013_02d1251.txt >>
RKreport[1]_S_05312013_02d1248.txt ; RKreport[2]_D_05312013_02d1251.txt

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1003

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_26

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.188000 GHz
Memory total: 2078777344, free: 1623760896

Could not load protection driver
Host not found
Host not found
Initializing...
DDA Driver installation error.
Driver installed on boot. Reboot required.

System shutdown occurred
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1003

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_26

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.188000 GHz
Memory total: 2078777344, free: 1782640640

Downloaded database version: v2013.05.31.06
Downloaded database version: v2013.05.22.01
Initializing...
Done!
Can't access volume using primary device, the volume might be encrypted.
The system volume seems inaccessible or encrypted. Scan can't continue.
=======================================

 

The system-log.txt from where? All I have from MBRootkit is the log I am including here.
Malwarebytes Anti-Rootkit BETA 1.06.0.1003
www.malwarebytes.org

Database version: v2013.06.01.03

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
:: HOMEPC [administrator]

6/1/2013 12:36:30 PM
mbar-log-2013-06-01 (12-36-30).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: Deep Anti-Rootkit Scan | PUP
Objects scanned: 239585
Time elapsed: 29 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
c:\RECYCLER\S-1-5-18\$8871bf4862c3c72b31a786a584ead5af (Trojan.Siredef.C) -> Delete on reboot.
c:\RECYCLER\S-1-5-21-2396159424-1787624068-2025113056-1008\$8871bf4862c3c72b31a786a584ead5af (Trojan.Siredef.C) -> Delete on reboot.

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

Malwarebytes Anti-Rootkit BETA 1.06.0.1003
www.malwarebytes.org

Database version: v2013.06.02.04

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
:: HOMEPC [administrator]

6/2/2013 12:15:12 PM
mbar-log-2013-06-02 (12-15-12).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: Deep Anti-Rootkit Scan | PUP
Objects scanned: 0
Time elapsed: 25 second(s) [aborted]

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

Malwarebytes Anti-Rootkit BETA 1.06.0.1003
www.malwarebytes.org

Database version: v2013.06.02.04

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
Administrator :: HOMEPC [administrator]

6/2/2013 12:16:45 PM
mbar-log-2013-06-02 (12-16-45).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: Deep Anti-Rootkit Scan | PUP
Objects scanned: 0
Time elapsed: 3 second(s) [aborted]

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1003

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_26

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.188000 GHz
Memory total: 2078777344, free: 1623760896

Could not load protection driver
Host not found
Host not found
Initializing...
DDA Driver installation error.
Driver installed on boot. Reboot required.

System shutdown occurred
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1003

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_26

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.188000 GHz
Memory total: 2078777344, free: 1782640640

Downloaded database version: v2013.05.31.06
Downloaded database version: v2013.05.22.01
Initializing...
Done!
Can't access volume using primary device, the volume might be encrypted.
The system volume seems inaccessible or encrypted. Scan can't continue.
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1003

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_26

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.188000 GHz
Memory total: 2078777344, free: 1595015168

Downloaded database version: v2013.05.31.07
Downloaded database version: v2013.05.31.08
Downloaded database version: v2013.06.01.01
Downloaded database version: v2013.06.01.02
Downloaded database version: v2013.06.01.03
Initializing...
------------ Kernel report ------------
06/01/2013 12:36:20
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
mbamchameleon.sys
\WINDOWS\system32\drivers\FLTMGR.SYS
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
ftsata2.sys
\WINDOWS\system32\DRIVERS\SCSIPORT.SYS
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
sr.sys
bb-run.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\Rtlnicxp.sys
\SystemRoot\system32\DRIVERS\L8042mou.Sys
\SystemRoot\system32\DRIVERS\LMouKE.Sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\Drivers\AswRdr.SYS
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\arhidfltr.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\arkbcfltr.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\armoucfltr.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\framebuf.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\srv.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR6
Upper Device Object: 0xffffffff8a1beab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000074\
Lower Device Object: 0xffffffff8a209030
Lower Device Driver Name: \Driver\usbstor\
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR5
Upper Device Object: 0xffffffff8a1dfab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000073\
Lower Device Object: 0xffffffff8a1d2a38
Lower Device Driver Name: \Driver\usbstor\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR4
Upper Device Object: 0xffffffff8a215ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000072\
Lower Device Object: 0xffffffff8a5d8770
Lower Device Driver Name: \Driver\usbstor\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR3
Upper Device Object: 0xffffffff8a1e3ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000071\
Lower Device Object: 0xffffffff8a1dc5c8
Lower Device Driver Name: \Driver\usbstor\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8a5c09c0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff8a5c4d98
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8a5c09c0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a5d3e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a5c09c0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a5679e8, DeviceName: \Device\00000067\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8a5c4d98, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1549F232

Partition information:

Partition 0 type is Other (0xc)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 17848152

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 17848215 Numsec = 470527785
Partition file system is NTFS
Partition is bootable

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 250059350016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-488377168-488397168)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff8a1e3ab8, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a1dab00, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a1e3ab8, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a1dc5c8, DeviceName: \Device\00000071\, DriverName: \Driver\usbstor\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff8a215ab8, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a1e1e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a215ab8, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a5d8770, DeviceName: \Device\00000072\, DriverName: \Driver\usbstor\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xffffffff8a1dfab8, DeviceName: \Device\Harddisk3\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a1d7a98, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a1dfab8, DeviceName: \Device\Harddisk3\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a1d2a38, DeviceName: \Device\00000073\, DriverName: \Driver\usbstor\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xffffffff8a1beab8, DeviceName: \Device\Harddisk4\DR6\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a1be890, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a1beab8, DeviceName: \Device\Harddisk4\DR6\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a209030, DeviceName: \Device\00000074\, DriverName: \Driver\usbstor\
------------ End ----------
Infected: c:\RECYCLER\S-1-5-18\$8871bf4862c3c72b31a786a584ead5af --> [Trojan.Siredef.C]
Infected: c:\RECYCLER\S-1-5-21-2396159424-1787624068-2025113056-1008\$8871bf4862c3c72b31a786a584ead5af --> [Trojan.Siredef.C]
Scan finished
Creating System Restore point...
Could not create restore point...
Cleaning up...
Executing an action fixdamage.exe...
Success!
Queuing an action fixdamage.exe
Removal successful. No system shutdown is required.
=======================================


Removal queue found; removal started
Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\bootstrap_0_1_17848215_i.mbam...
Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1003

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_26

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.188000 GHz
Memory total: 2078777344, free: 1703792640

=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1003

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_26

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.188000 GHz
Memory total: 2078777344, free: 1783611392

Downloaded database version: v2013.06.01.04
Downloaded database version: v2013.06.01.05
Downloaded database version: v2013.06.02.01
Downloaded database version: v2013.06.02.02
Downloaded database version: v2013.06.02.03
Downloaded database version: v2013.06.02.04
Initializing...
Done!
Can't access volume using primary device, the volume might be encrypted.
The system volume seems inaccessible or encrypted. Scan can't continue.
Can't access volume using primary device, the volume might be encrypted.
The system volume seems inaccessible or encrypted. Scan can't continue.
=======================================

 

ComboFix 13-06-03.06 - Administrator 06/04/2013 12:16:53.1.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1543 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\HP_Administrator\WINDOWS
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbar.dll
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\drivers\etc\lmhosts
c:\windows\system32\ps2.bat
c:\windows\system32\roboot.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\tmp
c:\windows\tmp\dd_vcredistMSI1141.txt
c:\windows\tmp\dd_vcredistMSI6027.txt
c:\windows\tmp\dd_vcredistMSI76CC.txt
c:\windows\tmp\dd_vcredistUI1141.txt
c:\windows\tmp\dd_vcredistUI602B.txt
c:\windows\tmp\dd_vcredistUI76CC.txt
c:\windows\tmp\qtsingleapp-koboex-f4a6-0-lockfile
c:\windows\wininit.ini
D:\Autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SYSHOST32
.
.
((((((((((((((((((((((((( Files Created from 2013-05-04 to 2013-06-04 )))))))))))))))))))))))))))))))
.
.
2013-06-04 18:01 . 2013-06-04 18:01 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9AEFB399-3EFC-49EC-8A5C-54289D827A22}\MpKsldc0f1da6.sys
2013-06-04 16:29 . 2013-06-04 16:38 -------- d-----w- C:\0890a526f37a552925
2013-06-04 16:19 . 2013-06-04 17:59 60872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9AEFB399-3EFC-49EC-8A5C-54289D827A22}\offreg.dll
2013-06-04 15:58 . 2013-06-04 16:38 -------- d-----w- c:\windows\LastGood.Tmp
2013-06-02 17:15 . 2013-06-02 17:15 146648 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-06-02 15:35 . 2013-05-13 06:19 7016152 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9AEFB399-3EFC-49EC-8A5C-54289D827A22}\mpengine.dll
2013-06-02 14:24 . 2013-02-12 00:32 12928 ------w- c:\windows\system32\dllcache\usb8023x.sys
2013-06-02 14:24 . 2013-02-12 00:32 12928 ------w- c:\windows\system32\dllcache\usb8023.sys
2013-06-01 17:32 . 2013-06-01 17:32 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AVG SafeGuard toolbar
2013-06-01 17:32 . 2013-06-01 17:32 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG SafeGuard toolbar
2013-06-01 17:31 . 2013-06-01 17:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG SafeGuard toolbar
2013-06-01 17:31 . 2013-06-01 17:31 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-06-01 17:31 . 2013-06-01 17:31 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2013-06-01 17:31 . 2013-06-01 17:31 -------- d-----w- c:\program files\AVG SafeGuard toolbar
2013-05-31 18:32 . 2013-06-01 18:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-05-31 18:07 . 2013-05-31 18:07 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-05-31 04:43 . 2013-05-31 04:43 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2013-05-30 17:43 . 2013-05-30 17:43 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2013-05-28 03:03 . 2013-05-09 08:59 368944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-05-28 03:03 . 2013-05-09 08:59 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-28 03:03 . 2013-05-09 08:59 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-05-28 03:03 . 2013-05-09 08:59 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-05-28 03:03 . 2013-05-09 08:59 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-05-28 03:03 . 2013-05-09 08:59 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-28 03:03 . 2013-05-09 08:59 174664 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-05-28 03:03 . 2013-05-09 08:59 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-28 03:03 . 2013-05-09 08:58 229648 ----a-w- c:\windows\system32\aswBoot.exe
2013-05-28 03:02 . 2013-05-09 08:58 41664 ----a-w- c:\windows\avastSS.scr
2013-05-28 03:02 . 2013-05-28 03:02 -------- d-----w- c:\program files\AVAST Software
2013-05-28 03:02 . 2013-05-28 03:02 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2013-05-28 02:31 . 2013-05-28 02:31 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2013-05-28 02:30 . 2013-05-28 02:30 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2013-05-27 23:18 . 2013-05-27 23:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-05-27 23:18 . 2013-05-27 23:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-05-27 23:18 . 2013-04-04 19:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-27 22:42 . 2013-05-13 06:19 7016152 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-04 15:57 . 2013-01-31 18:36 0 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2013-05-18 12:52 . 2012-12-01 10:02 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-18 12:52 . 2011-06-03 01:02 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-02 15:28 . 2011-06-16 13:38 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-21 12:03 . 2013-04-21 12:03 43600 ----a-w- c:\windows\system32\drivers\xrjpjgqa.sys
2013-04-13 13:48 . 2013-04-13 13:48 465280 ----a-r- c:\windows\cpnprt2win32.cid
2013-04-13 13:48 . 2013-04-13 13:48 465280 ------w- c:\windows\system32\cpnprt2win32.cid
2013-04-10 01:31 . 2004-08-10 12:00 1876352 ----a-w- c:\windows\system32\win32k.sys
2013-03-08 08:36 . 2004-08-10 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 01:32 . 2004-08-10 19:00 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50 . 2004-08-10 19:00 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} "= "c:\program files\WiseConvert\prxtbWise.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}]
2011-05-09 09:49 176936 ----a-w- c:\program files\WiseConvert\prxtbWise.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} "= "c:\program files\WiseConvert\prxtbWise.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} "= "c:\program files\WiseConvert\prxtbWise.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@= "{472083B0-C522-11CF-8763-00608CC02F24} "
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Updater19962.exe "= "c:\documents and settings\HP_Administrator\Local Settings\Application Data\Updater19962\Updater19962.exe" [2013-04-21 210312]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray "= "c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"AlwaysReady Power Message APP "= "ARPWRMSG.EXE" [2005-08-03 77312]
"HPBootOp "= "c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740]
"HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Kernel and Hardware Abstraction Layer "= "KHALMNPR.EXE" [2007-01-23 101136]
"Logitech Hardware Abstraction Layer "= "KHALMNPR.EXE" [2007-01-23 101136]
"CarboniteSetupLite "= "c:\program files\Carbonite\CarbonitePreinstaller.exe" [2009-08-04 318096]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"MSC "= "c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"InstaLAN "= "c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-05-27 2015136]
"avast "= "c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"vProt "= "c:\program files\AVG SafeGuard toolbar\vprot.exe" [2013-06-01 1226928]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting "= "c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
CreataCard Gold 3 Forget Me Not Reminders Tray Icon.lnk - c:\program files\CreataCard\Gold\FMRemind.exe [2012-11-14 189952]
HP Button Manager.lnk - c:\program files\HP\Button Manager\BM.exe [2010-12-30 356864]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2011-1-11 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-1-11 688128]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-12-23 27136]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=" "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@= "Service "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=" "
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe "=
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [5/27/2013 10:03 PM 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [5/27/2013 10:03 PM 174664]
R0 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [5/31/2013 1:07 PM 35144]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/27/2013 10:03 PM 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/27/2013 10:03 PM 368944]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [6/1/2013 12:31 PM 37664]
R1 MpKsldc0f1da6;MpKsldc0f1da6;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9AEFB399-3EFC-49EC-8A5C-54289D827A22}\MpKsldc0f1da6.sys [6/4/2013 1:01 PM 29904]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/27/2013 10:03 PM 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [5/27/2013 10:03 PM 66336]
R2 DefaultTabUpdate;DefaultTabUpdate;c:\documents and settings\HP_Administrator\Application Data\DefaultTab\DefaultTab\DTUpdate.exe [12/23/2012 2:06 PM 107520]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [5/27/2013 6:18 PM 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/27/2013 6:18 PM 701512]
R2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [6/1/2013 12:31 PM 1015984]
R2 WajamUpdater;WajamUpdater;c:\program files\Wajam\Updater\WajamUpdater.exe [10/5/2012 10:08 AM 109064]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/27/2013 6:18 PM 22856]
S1 aiiunvuj;aiiunvuj;\??\c:\windows\system32\drivers\aiiunvuj.sys --> c:\windows\system32\drivers\aiiunvuj.sys [?]
S1 ajniwqtl;ajniwqtl;\??\c:\windows\system32\drivers\ajniwqtl.sys --> c:\windows\system32\drivers\ajniwqtl.sys [?]
S1 alxfmqma;alxfmqma;\??\c:\windows\system32\drivers\alxfmqma.sys --> c:\windows\system32\drivers\alxfmqma.sys [?]
S1 apfrtxze;apfrtxze;\??\c:\windows\system32\drivers\apfrtxze.sys --> c:\windows\system32\drivers\apfrtxze.sys [?]
S1 becvpepd;becvpepd;\??\c:\windows\system32\drivers\becvpepd.sys --> c:\windows\system32\drivers\becvpepd.sys [?]
S1 bipazxix;bipazxix;\??\c:\windows\system32\drivers\bipazxix.sys --> c:\windows\system32\drivers\bipazxix.sys [?]
S1 bzqzkjxe;bzqzkjxe;\??\c:\windows\system32\drivers\bzqzkjxe.sys --> c:\windows\system32\drivers\bzqzkjxe.sys [?]
S1 camqtezp;camqtezp;\??\c:\windows\system32\drivers\camqtezp.sys --> c:\windows\system32\drivers\camqtezp.sys [?]
S1 ceawuwmc;ceawuwmc;\??\c:\windows\system32\drivers\ceawuwmc.sys --> c:\windows\system32\drivers\ceawuwmc.sys [?]
S1 cihzgdzj;cihzgdzj;\??\c:\windows\system32\drivers\cihzgdzj.sys --> c:\windows\system32\drivers\cihzgdzj.sys [?]
S1 cphgrsxk;cphgrsxk;\??\c:\windows\system32\drivers\cphgrsxk.sys --> c:\windows\system32\drivers\cphgrsxk.sys [?]
S1 dmwyelki;dmwyelki;\??\c:\windows\system32\drivers\dmwyelki.sys --> c:\windows\system32\drivers\dmwyelki.sys [?]
S1 dnpnumhx;dnpnumhx;\??\c:\windows\system32\drivers\dnpnumhx.sys --> c:\windows\system32\drivers\dnpnumhx.sys [?]
S1 ejhyrrqq;ejhyrrqq;\??\c:\windows\system32\drivers\ejhyrrqq.sys --> c:\windows\system32\drivers\ejhyrrqq.sys [?]
S1 ekrloqae;ekrloqae;\??\c:\windows\system32\drivers\ekrloqae.sys --> c:\windows\system32\drivers\ekrloqae.sys [?]
S1 eomqlslz;eomqlslz;\??\c:\windows\system32\drivers\eomqlslz.sys --> c:\windows\system32\drivers\eomqlslz.sys [?]
S1 eoqtxeis;eoqtxeis;\??\c:\windows\system32\drivers\eoqtxeis.sys --> c:\windows\system32\drivers\eoqtxeis.sys [?]
S1 ffpugnxm;ffpugnxm;\??\c:\windows\system32\drivers\ffpugnxm.sys --> c:\windows\system32\drivers\ffpugnxm.sys [?]
S1 fgzhojif;fgzhojif;\??\c:\windows\system32\drivers\fgzhojif.sys --> c:\windows\system32\drivers\fgzhojif.sys [?]
S1 fispgvdv;fispgvdv;\??\c:\windows\system32\drivers\fispgvdv.sys --> c:\windows\system32\drivers\fispgvdv.sys [?]
S1 flarvaki;flarvaki;\??\c:\windows\system32\drivers\flarvaki.sys --> c:\windows\system32\drivers\flarvaki.sys [?]
S1 gfklftjf;gfklftjf;\??\c:\windows\system32\drivers\gfklftjf.sys --> c:\windows\system32\drivers\gfklftjf.sys [?]
S1 gxcovpuy;gxcovpuy;\??\c:\windows\system32\drivers\gxcovpuy.sys --> c:\windows\system32\drivers\gxcovpuy.sys [?]
S1 hivjghcg;hivjghcg;\??\c:\windows\system32\drivers\hivjghcg.sys --> c:\windows\system32\drivers\hivjghcg.sys [?]
S1 hmddyueb;hmddyueb;\??\c:\windows\system32\drivers\hmddyueb.sys --> c:\windows\system32\drivers\hmddyueb.sys [?]
S1 hrdcwork;hrdcwork;\??\c:\windows\system32\drivers\hrdcwork.sys --> c:\windows\system32\drivers\hrdcwork.sys [?]
S1 ieurzehf;ieurzehf;\??\c:\windows\system32\drivers\ieurzehf.sys --> c:\windows\system32\drivers\ieurzehf.sys [?]
S1 iidrvfxw;iidrvfxw;\??\c:\windows\system32\drivers\iidrvfxw.sys --> c:\windows\system32\drivers\iidrvfxw.sys [?]
S1 ilibmssc;ilibmssc;\??\c:\windows\system32\drivers\ilibmssc.sys --> c:\windows\system32\drivers\ilibmssc.sys [?]
S1 inngrfso;inngrfso;\??\c:\windows\system32\drivers\inngrfso.sys --> c:\windows\system32\drivers\inngrfso.sys [?]
S1 ionljeli;ionljeli;\??\c:\windows\system32\drivers\ionljeli.sys --> c:\windows\system32\drivers\ionljeli.sys [?]
S1 iournris;iournris;\??\c:\windows\system32\drivers\iournris.sys --> c:\windows\system32\drivers\iournris.sys [?]
S1 jbveyhdf;jbveyhdf;\??\c:\windows\system32\drivers\jbveyhdf.sys --> c:\windows\system32\drivers\jbveyhdf.sys [?]
S1 jbynvqlb;jbynvqlb;\??\c:\windows\system32\drivers\jbynvqlb.sys --> c:\windows\system32\drivers\jbynvqlb.sys [?]
S1 jkjigcjz;jkjigcjz;\??\c:\windows\system32\drivers\jkjigcjz.sys --> c:\windows\system32\drivers\jkjigcjz.sys [?]
S1 jmfkhaho;jmfkhaho;\??\c:\windows\system32\drivers\jmfkhaho.sys --> c:\windows\system32\drivers\jmfkhaho.sys [?]
S1 jurwjaon;jurwjaon;\??\c:\windows\system32\drivers\jurwjaon.sys --> c:\windows\system32\drivers\jurwjaon.sys [?]
S1 klmmfmsn;klmmfmsn;\??\c:\windows\system32\drivers\klmmfmsn.sys --> c:\windows\system32\drivers\klmmfmsn.sys [?]
S1 kqfgdizd;kqfgdizd;\??\c:\windows\system32\drivers\kqfgdizd.sys --> c:\windows\system32\drivers\kqfgdizd.sys [?]
S1 lfuncgbw;lfuncgbw;\??\c:\windows\system32\drivers\lfuncgbw.sys --> c:\windows\system32\drivers\lfuncgbw.sys [?]
S1 lggxcgzd;lggxcgzd;\??\c:\windows\system32\drivers\lggxcgzd.sys --> c:\windows\system32\drivers\lggxcgzd.sys [?]
S1 llspnfzf;llspnfzf;\??\c:\windows\system32\drivers\llspnfzf.sys --> c:\windows\system32\drivers\llspnfzf.sys [?]
S1 lsbmulwr;lsbmulwr;\??\c:\windows\system32\drivers\lsbmulwr.sys --> c:\windows\system32\drivers\lsbmulwr.sys [?]
S1 lscytjhf;lscytjhf;\??\c:\windows\system32\drivers\lscytjhf.sys --> c:\windows\system32\drivers\lscytjhf.sys [?]
S1 lvatqndr;lvatqndr;\??\c:\windows\system32\drivers\lvatqndr.sys --> c:\windows\system32\drivers\lvatqndr.sys [?]
S1 lwugtgju;lwugtgju;\??\c:\windows\system32\drivers\lwugtgju.sys --> c:\windows\system32\drivers\lwugtgju.sys [?]
S1 mktahoyz;mktahoyz;\??\c:\windows\system32\drivers\mktahoyz.sys --> c:\windows\system32\drivers\mktahoyz.sys [?]
S1 njucjlhj;njucjlhj;\??\c:\windows\system32\drivers\njucjlhj.sys --> c:\windows\system32\drivers\njucjlhj.sys [?]
S1 ofdvlanw;ofdvlanw;\??\c:\windows\system32\drivers\ofdvlanw.sys --> c:\windows\system32\drivers\ofdvlanw.sys [?]
S1 onimvpic;onimvpic;\??\c:\windows\system32\drivers\onimvpic.sys --> c:\windows\system32\drivers\onimvpic.sys [?]
S1 pgeuabxo;pgeuabxo;\??\c:\windows\system32\drivers\pgeuabxo.sys --> c:\windows\system32\drivers\pgeuabxo.sys [?]
S1 pkndstgy;pkndstgy;\??\c:\windows\system32\drivers\pkndstgy.sys --> c:\windows\system32\drivers\pkndstgy.sys [?]
S1 pozijwoh;pozijwoh;\??\c:\windows\system32\drivers\pozijwoh.sys --> c:\windows\system32\drivers\pozijwoh.sys [?]
S1 puijckld;puijckld;\??\c:\windows\system32\drivers\puijckld.sys --> c:\windows\system32\drivers\puijckld.sys [?]
S1 pxakdztm;pxakdztm;\??\c:\windows\system32\drivers\pxakdztm.sys --> c:\windows\system32\drivers\pxakdztm.sys [?]
S1 qoapangu;qoapangu;\??\c:\windows\system32\drivers\qoapangu.sys --> c:\windows\system32\drivers\qoapangu.sys [?]
S1 qskkfdkb;qskkfdkb;\??\c:\windows\system32\drivers\qskkfdkb.sys --> c:\windows\system32\drivers\qskkfdkb.sys [?]
S1 qtsqtmue;qtsqtmue;\??\c:\windows\system32\drivers\qtsqtmue.sys --> c:\windows\system32\drivers\qtsqtmue.sys [?]
S1 rhevprua;rhevprua;\??\c:\windows\system32\drivers\rhevprua.sys --> c:\windows\system32\drivers\rhevprua.sys [?]
S1 rohlwepv;rohlwepv;\??\c:\windows\system32\drivers\rohlwepv.sys --> c:\windows\system32\drivers\rohlwepv.sys [?]
S1 rpkkornj;rpkkornj;\??\c:\windows\system32\drivers\rpkkornj.sys --> c:\windows\system32\drivers\rpkkornj.sys [?]
S1 rubyrhba;rubyrhba;\??\c:\windows\system32\drivers\rubyrhba.sys --> c:\windows\system32\drivers\rubyrhba.sys [?]
S1 rxfdayuk;rxfdayuk;\??\c:\windows\system32\drivers\rxfdayuk.sys --> c:\windows\system32\drivers\rxfdayuk.sys [?]
S1 skfjjdnz;skfjjdnz;\??\c:\windows\system32\drivers\skfjjdnz.sys --> c:\windows\system32\drivers\skfjjdnz.sys [?]
S1 sytvzgtq;sytvzgtq;\??\c:\windows\system32\drivers\sytvzgtq.sys --> c:\windows\system32\drivers\sytvzgtq.sys [?]
S1 tgngkdia;tgngkdia;\??\c:\windows\system32\drivers\tgngkdia.sys --> c:\windows\system32\drivers\tgngkdia.sys [?]
S1 tlrfilff;tlrfilff;\??\c:\windows\system32\drivers\tlrfilff.sys --> c:\windows\system32\drivers\tlrfilff.sys [?]
S1 tvnpmdtb;tvnpmdtb;\??\c:\windows\system32\drivers\tvnpmdtb.sys --> c:\windows\system32\drivers\tvnpmdtb.sys [?]
S1 uhlsytdn;uhlsytdn;\??\c:\windows\system32\drivers\uhlsytdn.sys --> c:\windows\system32\drivers\uhlsytdn.sys [?]
S1 ujzhykpc;ujzhykpc;\??\c:\windows\system32\drivers\ujzhykpc.sys --> c:\windows\system32\drivers\ujzhykpc.sys [?]
S1 ukgxihsx;ukgxihsx;\??\c:\windows\system32\drivers\ukgxihsx.sys --> c:\windows\system32\drivers\ukgxihsx.sys [?]
S1 uxvfjnie;uxvfjnie;\??\c:\windows\system32\drivers\uxvfjnie.sys --> c:\windows\system32\drivers\uxvfjnie.sys [?]
S1 vandgyiv;vandgyiv;\??\c:\windows\system32\drivers\vandgyiv.sys --> c:\windows\system32\drivers\vandgyiv.sys [?]
S1 vdfnrcjm;vdfnrcjm;\??\c:\windows\system32\drivers\vdfnrcjm.sys --> c:\windows\system32\drivers\vdfnrcjm.sys [?]
S1 vdqvylse;vdqvylse;\??\c:\windows\system32\drivers\vdqvylse.sys --> c:\windows\system32\drivers\vdqvylse.sys [?]
S1 vgwuyobz;vgwuyobz;\??\c:\windows\system32\drivers\vgwuyobz.sys --> c:\windows\system32\drivers\vgwuyobz.sys [?]
S1 vmxqaodl;vmxqaodl;\??\c:\windows\system32\drivers\vmxqaodl.sys --> c:\windows\system32\drivers\vmxqaodl.sys [?]
S1 vvfhpnni;vvfhpnni;\??\c:\windows\system32\drivers\vvfhpnni.sys --> c:\windows\system32\drivers\vvfhpnni.sys [?]
S1 wticwisf;wticwisf;\??\c:\windows\system32\drivers\wticwisf.sys --> c:\windows\system32\drivers\wticwisf.sys [?]
S1 wtvzupht;wtvzupht;\??\c:\windows\system32\drivers\wtvzupht.sys --> c:\windows\system32\drivers\wtvzupht.sys [?]
S1 wupjffsp;wupjffsp;\??\c:\windows\system32\drivers\wupjffsp.sys --> c:\windows\system32\drivers\wupjffsp.sys [?]
S1 wuqfjhcq;wuqfjhcq;\??\c:\windows\system32\drivers\wuqfjhcq.sys --> c:\windows\system32\drivers\wuqfjhcq.sys [?]
S1 wydlntfk;wydlntfk;\??\c:\windows\system32\drivers\wydlntfk.sys --> c:\windows\system32\drivers\wydlntfk.sys [?]
S1 xqduzmxg;xqduzmxg;\??\c:\windows\system32\drivers\xqduzmxg.sys --> c:\windows\system32\drivers\xqduzmxg.sys [?]
S1 xqyivwmk;xqyivwmk;\??\c:\windows\system32\drivers\xqyivwmk.sys --> c:\windows\system32\drivers\xqyivwmk.sys [?]
S1 xzvgxcru;xzvgxcru;\??\c:\windows\system32\drivers\xzvgxcru.sys --> c:\windows\system32\drivers\xzvgxcru.sys [?]
S1 zasfehnn;zasfehnn;\??\c:\windows\system32\drivers\zasfehnn.sys --> c:\windows\system32\drivers\zasfehnn.sys [?]
S1 zjuhcdgu;zjuhcdgu;\??\c:\windows\system32\drivers\zjuhcdgu.sys --> c:\windows\system32\drivers\zjuhcdgu.sys [?]
S2 msav;Moon Secure Antivirus Core;c:\program files\Moon Secure Antivirus\msavcore.exe --> c:\program files\Moon Secure Antivirus\msavcore.exe [?]
S4 McMPFSvc;McAfee Personal Firewall Service; "c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc --> c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLDC0F1DA6
*NewlyCreated* - WS2IFSL
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{72a4c95e-1d99-11e0-91dd-0015f26bbfa2}]
\Shell\AutoRun\command - L:\LaunchU3.exe -a
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-05-28 03:05 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-01 12:52]
.
2013-06-04 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-28 08:58]
.
2013-06-04 c:\windows\Tasks\Browser Manager.job
- c:\windows\system32\sc.exe [2004-08-10 10:39]
.
2013-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-28 03:03]
.
2013-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-28 03:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={ECC15163-AA9B-11E2-93BD-0015F26BBFA2}
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1yoh94um.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - google.com
FF - ExtSQL: 2013-05-27 22:03; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - (no file)
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
WebBrowser-{9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
SafeBoot-mbamchameleon
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-04 13:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\BIT127.tmp 904104 bytes executable
c:\windows\TEMP\_asw_aisI.tm~a01448\onefile.dld 0 bytes
.
scan completed successfully
hidden files: 2
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101 "
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe "
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker5 "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(624)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(656)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Microsoft Office\Office12\ONENOTEM.EXE
c:\program files\Belkin\Router Setup and Monitor\BelkinSetup.exe
c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
c:\hp\KBD\KBD.EXE
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
.
**************************************************************************
.
Completion time: 2013-06-04 13:15:42 - machine was rebooted
ComboFix-quarantined-files.txt 2013-06-04 18:15
.
Pre-Run: 206,155,071,488 bytes free
Post-Run: 209,850,388,480 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug= "do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS= "Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - ABF0309C1102DC6A6256419F968017CA

 

combofix.txt.

ComboFix 13-06-03.06 - Administrator 06/05/2013 1:09.2.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1690 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\My Documents\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
FILE ::
"c:\windows\system32\drivers\aiiunvuj.sys "
"c:\windows\system32\drivers\ajniwqtl.sys "
"c:\windows\system32\drivers\alxfmqma.sys "
"c:\windows\system32\drivers\apfrtxze.sys "
"c:\windows\system32\drivers\avgtpx86.sys "
"c:\windows\system32\drivers\becvpepd.sys "
"c:\windows\system32\drivers\bipazxix.sys "
"c:\windows\system32\drivers\bzqzkjxe.sys "
"c:\windows\system32\drivers\camqtezp.sys "
"c:\windows\system32\drivers\ceawuwmc.sys "
"c:\windows\system32\drivers\cihzgdzj.sys "
"c:\windows\system32\drivers\cphgrsxk.sys "
"c:\windows\system32\drivers\dmwyelki.sys "
"c:\windows\system32\drivers\dnpnumhx.sys "
"c:\windows\system32\drivers\ejhyrrqq.sys "
"c:\windows\system32\drivers\ekrloqae.sys "
"c:\windows\system32\drivers\eomqlslz.sys "
"c:\windows\system32\drivers\eoqtxeis.sys "
"c:\windows\system32\drivers\ffpugnxm.sys "
"c:\windows\system32\drivers\fgzhojif.sys "
"c:\windows\system32\drivers\fispgvdv.sys "
"c:\windows\system32\drivers\flarvaki.sys "
"c:\windows\system32\drivers\gfklftjf.sys "
"c:\windows\system32\drivers\gxcovpuy.sys "
"c:\windows\system32\drivers\hivjghcg.sys "
"c:\windows\system32\drivers\hmddyueb.sys "
"c:\windows\system32\drivers\hrdcwork.sys "
"c:\windows\system32\drivers\ieurzehf.sys "
"c:\windows\system32\drivers\iidrvfxw.sys "
"c:\windows\system32\drivers\ilibmssc.sys "
"c:\windows\system32\drivers\inngrfso.sys "
"c:\windows\system32\drivers\ionljeli.sys "
"c:\windows\system32\drivers\iournris.sys "
"c:\windows\system32\drivers\jbveyhdf.sys "
"c:\windows\system32\drivers\jbynvqlb.sys "
"c:\windows\system32\drivers\jkjigcjz.sys "
"c:\windows\system32\drivers\jmfkhaho.sys "
"c:\windows\system32\drivers\jurwjaon.sys "
"c:\windows\system32\drivers\klmmfmsn.sys "
"c:\windows\system32\drivers\kqfgdizd.sys "
"c:\windows\system32\drivers\lfuncgbw.sys "
"c:\windows\system32\drivers\lggxcgzd.sys "
"c:\windows\system32\drivers\llspnfzf.sys "
"c:\windows\system32\drivers\lsbmulwr.sys "
"c:\windows\system32\drivers\lscytjhf.sys "
"c:\windows\system32\drivers\lvatqndr.sys "
"c:\windows\system32\drivers\lwugtgju.sys "
"c:\windows\system32\drivers\mktahoyz.sys "
"c:\windows\system32\drivers\njucjlhj.sys "
"c:\windows\system32\drivers\ofdvlanw.sys "
"c:\windows\system32\drivers\onimvpic.sys "
"c:\windows\system32\drivers\pgeuabxo.sys "
"c:\windows\system32\drivers\pkndstgy.sys "
"c:\windows\system32\drivers\pozijwoh.sys "
"c:\windows\system32\drivers\puijckld.sys "
"c:\windows\system32\drivers\pxakdztm.sys "
"c:\windows\system32\drivers\qoapangu.sys "
"c:\windows\system32\drivers\qskkfdkb.sys "
"c:\windows\system32\drivers\qtsqtmue.sys "
"c:\windows\system32\drivers\rhevprua.sys "
"c:\windows\system32\drivers\rohlwepv.sys "
"c:\windows\system32\drivers\rpkkornj.sys "
"c:\windows\system32\drivers\rubyrhba.sys "
"c:\windows\system32\drivers\rxfdayuk.sys "
"c:\windows\system32\drivers\skfjjdnz.sys "
"c:\windows\system32\drivers\sytvzgtq.sys "
"c:\windows\system32\drivers\tgngkdia.sys "
"c:\windows\system32\drivers\tlrfilff.sys "
"c:\windows\system32\drivers\tvnpmdtb.sys "
"c:\windows\system32\drivers\uhlsytdn.sys "
"c:\windows\system32\drivers\ujzhykpc.sys "
"c:\windows\system32\drivers\ukgxihsx.sys "
"c:\windows\system32\drivers\uxvfjnie.sys "
"c:\windows\system32\drivers\vandgyiv.sys "
"c:\windows\system32\drivers\vdfnrcjm.sys "
"c:\windows\system32\drivers\vdqvylse.sys "
"c:\windows\system32\drivers\vgwuyobz.sys "
"c:\windows\system32\drivers\vmxqaodl.sys "
"c:\windows\system32\drivers\vvfhpnni.sys "
"c:\windows\system32\drivers\wticwisf.sys "
"c:\windows\system32\drivers\wtvzupht.sys "
"c:\windows\system32\drivers\wupjffsp.sys "
"c:\windows\system32\drivers\wuqfjhcq.sys "
"c:\windows\system32\drivers\wydlntfk.sys "
"c:\windows\system32\drivers\xqduzmxg.sys "
"c:\windows\system32\drivers\xqyivwmk.sys "
"c:\windows\system32\drivers\xzvgxcru.sys "
"c:\windows\system32\drivers\zasfehnn.sys "
"c:\windows\system32\drivers\zjuhcdgu.sys "
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Application Data\AVG SafeGuard toolbar
c:\documents and settings\Administrator\Application Data\AVG SafeGuard toolbar\cache\075884af680ff6dc.fb
c:\documents and settings\Administrator\Application Data\AVG SafeGuard toolbar\cache\075884af680ff6dc__exp__1370194331
c:\documents and settings\Administrator\Application Data\AVG SafeGuard toolbar\cache\227113dfa1ca894d.fb
c:\documents and settings\Administrator\Application Data\AVG SafeGuard toolbar\cache\3628ed0b439455e5.fb
c:\documents and settings\Administrator\Application Data\AVG SafeGuard toolbar\cache\3628ed0b439455e5__exp__1370194330
c:\documents and settings\Administrator\Application Data\AVG SafeGuard toolbar\cache\49fbbc5a8678d502.fb
c:\documents and settings\Administrator\Application Data\AVG SafeGuard toolbar\cache\49fbbc5a8678d502__exp__1370194332
c:\documents and settings\Administrator\Application Data\AVG SafeGuard toolbar\cache\5c54eb1a1655b076.fb
c:\documents and settings\Administrator\Application Data\AVG SafeGuard toolbar\cache\5c54eb1a1655b076__exp__1370194332
c:\documents and settings\Administrator\Application Data\AVG SafeGuard toolbar\cache\613e8ce7ab7106af.fb
c:\documents and settings\Administrator\Application Data\AVG SafeGuard toolbar\cache\613e8ce7ab7106af__exp__1370194332
c:\documents and settings\Administrator\Application Data\AVG SafeGuard toolbar\cache\633a76311867bd11.fb
c:\documents and settings\Administrator\Application Data\AVG SafeGuard toolbar\cache\691f14230153a9e1.fb
c:\documents and settings\Administrator\Application Data\AVG SafeGuard toolbar\cache\691f14230153a9e1__exp__1370194332
c:\documents and settings\Administrator\Application Data\AVG SafeGuard toolbar\cache\6cb409d7ac73d9f1.fb
c:\documents and settings\Administrator\Application Data\AVG SafeGuard toolbar\cache\7614bd6cfa99e546.fb
c:\documents and settings\Administrator\Application Data\AVG SafeGuard toolbar\cache\7614bd6cfa99e546__exp__1370194332
c:\documents and settings\Administrator\Application Data\AVG SafeGuard toolbar\cache\77664b6ccc36be9f.fb
c:\documents and settings\Administrator\Application Data\AVG SafeGuard toolbar\cache\881b3593316772f0.fb
c:\documents and settings\Administrator\Application Data\AVG SafeGuard toolbar\cache\881b3593316772f0__exp__1370194331
c:\documents and settings\Administrator\Application Data\AVG SafeGuard toolbar\cache\98657d0579ae1930.fb
c:\documents and settings\Administrator\Application Data\AVG SafeGuard toolbar\cache\c4e10d1be905349b.fb
c:\documents and settings\Administrator\Application Data\AVG SafeGuard toolbar\cache\c4e10d1be905349b__exp__1370194331
c:\documents and settings\Administrator\Application Data\AVG SafeGuard toolbar\cache\c8a51ba84752784f.fb
c:\documents and settings\Administrator\Application Data\AVG SafeGuard toolbar\cache\c8a51ba84752784f__exp__1370194331
c:\documents and settings\Administrator\Application Data\AVG SafeGuard toolbar\cache\d5c0f4e7bbe35bf3.fb
c:\documents and settings\Administrator\Application Data\AVG SafeGuard toolbar\cache\d9ca663388d21ec0.fb
c:\documents and settings\Administrator\Application Data\AVG SafeGuard toolbar\cache\f2cda51fd108941f.fb
c:\documents and settings\Administrator\Application Data\AVG SafeGuard toolbar\cache\f2cda51fd108941f__exp__1370194331
c:\documents and settings\Administrator\Application Data\AVG SafeGuard toolbar\cache\f34d8db84131d925.fb
c:\documents and settings\Administrator\Local Settings\Application Data\AVG SafeGuard toolbar
c:\documents and settings\Administrator\Local Settings\Application Data\AVG SafeGuard toolbar\DNT\dt.dat
c:\documents and settings\Administrator\Local Settings\Application Data\AVG SafeGuard toolbar\SiteSafety\l_2013_06_01_10_32_22.db
c:\documents and settings\All Users\Application Data\AVG SafeGuard toolbar
c:\documents and settings\All Users\Application Data\AVG SafeGuard toolbar\ChromeExt\15.2.0.5\avg.crx
c:\documents and settings\HP_Administrator\Local Settings\Temp\_ir_sf_temp_0\npCouponPrinter.dll
c:\documents and settings\HP_Administrator\Local Settings\Temp\_ir_sf_temp_0\npMozCouponPrinter.dll
c:\documents and settings\HP_Administrator\Local Settings\Temp\_isE7.exe
c:\documents and settings\HP_Administrator\Local Settings\Temp\{985F72A2-AB24-4F76-AC9C-27CBE193EBA3}\_Setup.dll
c:\documents and settings\HP_Administrator\Local Settings\Temp\{985F72A2-AB24-4F76-AC9C-27CBE193EBA3}\ISSetup.dll
c:\documents and settings\HP_Administrator\Local Settings\Temp\1.tmp\F_IN_BOX.dll
c:\documents and settings\HP_Administrator\Local Settings\Temp\1SKKKKKKK.exe
c:\documents and settings\HP_Administrator\Local Settings\Temp\3.tmp
c:\documents and settings\HP_Administrator\Local Settings\Temp\4.tmp
c:\documents and settings\HP_Administrator\Local Settings\Temp\BIT122.tmp
c:\documents and settings\HP_Administrator\Local Settings\Temp\DIQ\FlashPlayer_151\DomaIQ.exe
c:\documents and settings\HP_Administrator\Local Settings\Temp\DIQ\FlashPlayer_151\DomaIQ10.exe
c:\documents and settings\HP_Administrator\Local Settings\Temp\DIQ\FlashPlayer_151\setup__120.exe
c:\documents and settings\HP_Administrator\Local Settings\Temp\DIQ\FlashPlayer_151\software\FlashPlayer.exe
c:\documents and settings\HP_Administrator\Local Settings\Temp\DIQ\FlashPlayer_151\software\OptimizerPro.exe
c:\documents and settings\HP_Administrator\Local Settings\Temp\DIQ\FlashPlayer_151\software\SweetIPacks.exe
c:\documents and settings\HP_Administrator\Local Settings\Temp\dyq9vwst418qg7qvx40811.exe
c:\documents and settings\HP_Administrator\Local Settings\Temp\hsbing_717_active.exe
c:\documents and settings\HP_Administrator\Local Settings\Temp\ins1.tmp\LDMClient.exe
c:\documents and settings\HP_Administrator\Local Settings\Temp\jre-7u21-windows-i586-iftw.exe
c:\documents and settings\HP_Administrator\Local Settings\Temp\mgsqlite3.dll
c:\documents and settings\HP_Administrator\Local Settings\Temp\ose00000.exe
c:\documents and settings\HP_Administrator\Local Settings\Temp\Set70.tmp
c:\documents and settings\HP_Administrator\Local Settings\Temp\Set77.tmp
c:\documents and settings\HP_Administrator\Local Settings\Temp\Set7C.tmp
c:\documents and settings\HP_Administrator\Local Settings\Temp\Shortcut_SweetIPacks.exe
c:\documents and settings\HP_Administrator\Local Settings\Temp\tbWise.dll
c:\program files\AVG SafeGuard toolbar
c:\program files\AVG SafeGuard toolbar\15.2.0.5\AVG SafeGuard toolbar_toolbar.dll
c:\program files\AVG SafeGuard toolbar\about.gif
c:\program files\AVG SafeGuard toolbar\active-threats18.gif
c:\program files\AVG SafeGuard toolbar\AVG SafeGuard toolbar
c:\program files\AVG SafeGuard toolbar\Chrome\content\icons\bg_close.gif
c:\program files\AVG SafeGuard toolbar\Chrome\content\icons\bg_expand.gif
c:\program files\AVG SafeGuard toolbar\Chrome\content\icons\bg_tooltip.gif
c:\program files\AVG SafeGuard toolbar\Chrome\content\icons\bg_tracking.gif
c:\program files\AVG SafeGuard toolbar\Chrome\content\icons\bull4x4.gif
c:\program files\AVG SafeGuard toolbar\Chrome\content\icons\divider.gif
c:\program files\AVG SafeGuard toolbar\Chrome\content\icons\innerBG_gradient.gif
c:\program files\AVG SafeGuard toolbar\ChromeRes\nt.html
c:\program files\AVG SafeGuard toolbar\CleanHistory.gif
c:\program files\AVG SafeGuard toolbar\configuration.xml
c:\program files\AVG SafeGuard toolbar\current.gif
c:\program files\AVG SafeGuard toolbar\currently-safe18.gif
c:\program files\AVG SafeGuard toolbar\DSPDlg_IE\all.css
c:\program files\AVG SafeGuard toolbar\DSPDlg_IE\btn-ok2.gif
c:\program files\AVG SafeGuard toolbar\DSPDlg_IE\downBtn.png
c:\program files\AVG SafeGuard toolbar\DSPDlg_IE\DSPDlg_IE.html
c:\program files\AVG SafeGuard toolbar\DSPDlg_IE\logo2.png
c:\program files\AVG SafeGuard toolbar\DSPDlg_IE\upBtn.png
c:\program files\AVG SafeGuard toolbar\EnableHelperRes\EEImageHandler.html
c:\program files\AVG SafeGuard toolbar\EnableHelperRes\Images\box_ie.png
c:\program files\AVG SafeGuard toolbar\EULA.gif
c:\program files\AVG SafeGuard toolbar\Eula.txt
c:\program files\AVG SafeGuard toolbar\Facebook.gif
c:\program files\AVG SafeGuard toolbar\favicon.ico
c:\program files\AVG SafeGuard toolbar\feedback.gif
c:\program files\AVG SafeGuard toolbar\FireFoxSearchXml.tmp
c:\program files\AVG SafeGuard toolbar\help.gif
c:\program files\AVG SafeGuard toolbar\icon18.gif
c:\program files\AVG SafeGuard toolbar\labs.gif
c:\program files\AVG SafeGuard toolbar\Licenses\CPOL license.txt
c:\program files\AVG SafeGuard toolbar\Licenses\Encoding_decoding_base64.txt
c:\program files\AVG SafeGuard toolbar\Licenses\hmac.txt
c:\program files\AVG SafeGuard toolbar\Licenses\LICENSE-bsdiff.txt
c:\program files\AVG SafeGuard toolbar\Licenses\LICENSE-bzip.txt
c:\program files\AVG SafeGuard toolbar\Licenses\LICENSE-JasonCpp.txt
c:\program files\AVG SafeGuard toolbar\Licenses\LICENSE-MPL-NPAPI.txt
c:\program files\AVG SafeGuard toolbar\Licenses\LICENSE-sparsehash.txt
c:\program files\AVG SafeGuard toolbar\Licenses\Log4CPlus.txt
c:\program files\AVG SafeGuard toolbar\Licenses\PassthruApp.txt
c:\program files\AVG SafeGuard toolbar\lip.exe
c:\program files\AVG SafeGuard toolbar\performanceIcon.gif
c:\program files\AVG SafeGuard toolbar\PostInstall.exe
c:\program files\AVG SafeGuard toolbar\PostInstaller.ini
c:\program files\AVG SafeGuard toolbar\privacy.gif
c:\program files\AVG SafeGuard toolbar\remote_configuration.xml
c:\program files\AVG SafeGuard toolbar\search.gif
c:\program files\AVG SafeGuard toolbar\setup.bmp
c:\program files\AVG SafeGuard toolbar\surf-with-caution18.gif
c:\program files\AVG SafeGuard toolbar\Uninstall.exe
c:\program files\AVG SafeGuard toolbar\uninstall.gif
c:\program files\AVG SafeGuard toolbar\UninstallRes\ClientPackage\Images\uninstall\cp-bg.png
c:\program files\AVG SafeGuard toolbar\UninstallRes\ClientPackage\Images\uninstall\cp_logo.png
c:\program files\AVG SafeGuard toolbar\UninstallRes\ClientPackage\Images\uninstall\downBtn.png
c:\program files\AVG SafeGuard toolbar\UninstallRes\ClientPackage\Images\uninstall\loader.gif
c:\program files\AVG SafeGuard toolbar\UninstallRes\ClientPackage\Images\uninstall\uninstall-bg.png
c:\program files\AVG SafeGuard toolbar\UninstallRes\ClientPackage\Images\uninstall\upBtn.png
c:\program files\AVG SafeGuard toolbar\UninstallRes\ClientPackage\jquery-1.5.1.min.js
c:\program files\AVG SafeGuard toolbar\UninstallRes\ClientPackage\jquery-1.8.1.min.js
c:\program files\AVG SafeGuard toolbar\UninstallRes\ClientPackage\uninstall_cp.css
c:\program files\AVG SafeGuard toolbar\UninstallRes\ClientPackage\Uninstall_cp.html
c:\program files\AVG SafeGuard toolbar\UninstallRes\ClientPackage\Uninstall_cp_step2.html
c:\program files\AVG SafeGuard toolbar\updating18.gif
c:\program files\AVG SafeGuard toolbar\vprot.exe
c:\program files\Common Files\AVG Secure Search
c:\program files\Common Files\AVG Secure Search\DNTInstaller\15.2.0\avgdttbx.dll
c:\program files\Common Files\AVG Secure Search\DriverInstaller\15.2.0\DriverInstaller.exe
c:\program files\Common Files\AVG Secure Search\InstalledProducts.ini
c:\program files\Common Files\AVG Secure Search\RewardsInstaller\15.2.0\AVGRewardsWorker.cfg
c:\program files\Common Files\AVG Secure Search\RewardsInstaller\15.2.0\AVGRewardsWorker.dll
c:\program files\Common Files\AVG Secure Search\ScriptHelperInstaller\15.2.0\ScriptHelper.exe
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\npsitesafety.dll
c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\SiteSafety.dll
c:\program files\Common Files\AVG Secure Search\ToolBandTlb\15.2.0\toolband
c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\UpdaterConfig.ini
c:\program files\Moon Secure Antivirus
c:\program files\Moon Secure Antivirus\clean\037b1e7798960e0420003d05bb577ee6
c:\program files\Moon Secure Antivirus\clean\03a905fba1d62317087db5c21c0f8f62
c:\program files\Moon Secure Antivirus\clean\0450ec2579cf6cfd962d49878e0a9378
c:\program files\Moon Secure Antivirus\clean\12896823fb95bfb3dc9b46bcaedc9923
c:\program files\Moon Secure Antivirus\clean\13e7cfe8e269ed15e7fc9c3ebbcb7e2b
c:\program files\Moon Secure Antivirus\clean\1d6174de4ded26e5d91b9b66e0fe4dac
c:\program files\Moon Secure Antivirus\clean\21274da5d2ec561485a3d7039a883ef0
c:\program files\Moon Secure Antivirus\clean\32c26797ab646074a2bb562f9d10adb5
c:\program files\Moon Secure Antivirus\clean\3e875e5e14eb20230d11fa755bb8061f
c:\program files\Moon Secure Antivirus\clean\4543367e50bd35e7d1269d42841b156e
c:\program files\Moon Secure Antivirus\clean\4946e40b07f36e91805fe685576d81f0
c:\program files\Moon Secure Antivirus\clean\5879d691e842574a20fe63817cb76df9
c:\program files\Moon Secure Antivirus\clean\5b214d3416736722c9489048b7a165e1
c:\program files\Moon Secure Antivirus\clean\5f1d5f88303d4a4dbc8e5f97ba967cc3
c:\program files\Moon Secure Antivirus\clean\5fd30d60185e8cdd5f7cfe7067f76b57
c:\program files\Moon Secure Antivirus\clean\605fd37358aedc490d8a503f9dd9a82d
c:\program files\Moon Secure Antivirus\clean\6738faa3c38e71cb975076a0c12d5b99
c:\program files\Moon Secure Antivirus\clean\6b1aea5360b51dd30b958a0670171e72
c:\program files\Moon Secure Antivirus\clean\6ecf7df7d31ce2509feb0411a3ace8d8
c:\program files\Moon Secure Antivirus\clean\70dae74259c9181f7254a5a1e1c98c66
c:\program files\Moon Secure Antivirus\clean\793ac4789b57f7c68ad613b2a9dd611a
c:\program files\Moon Secure Antivirus\clean\7a21e06385e748e9cb0252f1bbc493f1
c:\program files\Moon Secure Antivirus\clean\7bfcdb133cb2915019074e5bf687a63e
c:\program files\Moon Secure Antivirus\clean\7d66a60e290a7cf7d14a14d5b7deb7db
c:\program files\Moon Secure Antivirus\clean\86d19f4888cd4fce9b9c179486311e21
c:\program files\Moon Secure Antivirus\clean\88029974b1c9995cfa3bd9560bba2eef
c:\program files\Moon Secure Antivirus\clean\8fd32d871dfd28c4519cd9c96a120026
c:\program files\Moon Secure Antivirus\clean\92417e7949a2131b3540eda47ab2a21f
c:\program files\Moon Secure Antivirus\clean\926a397334fe426a6c7657096fe681db
c:\program files\Moon Secure Antivirus\clean\9ed52b99fffdf84cba0b47137ae4158b
c:\program files\Moon Secure Antivirus\clean\a0485454803d19b11267b0ad75ad5dfe
c:\program files\Moon Secure Antivirus\clean\b596347a26dc054ebb44eb3bc8e95b0a
c:\program files\Moon Secure Antivirus\clean\b60dddd2d63ce41cb8c487fcfbb6419e
c:\program files\Moon Secure Antivirus\clean\b8e421c0890356cd4a793d8a346d9096
c:\program files\Moon Secure Antivirus\clean\ba502fe020f2b4880d7130480ecddcaf
c:\program files\Moon Secure Antivirus\clean\c81be1b951c36e97d3da90da745da5f7
c:\program files\Moon Secure Antivirus\clean\c879fbb3bae8e79bc0c15c06b356dfe1
c:\program files\Moon Secure Antivirus\clean\cd746e8c320a2a163589bba7f4fc570a
c:\program files\Moon Secure Antivirus\clean\d21352bcaab174948eb9672bc203bb0f
c:\program files\Moon Secure Antivirus\clean\e180cfc8dcc58440dfb1a8422b872b5a
c:\program files\Moon Secure Antivirus\clean\ebba16a88f517bfb1b7681abf006c8b0
c:\program files\Moon Secure Antivirus\libclamav9.dml.dll
c:\program files\Moon Secure Antivirus\modules.txt
c:\program files\Moon Secure Antivirus\w32clamav.dml.dll
c:\windows\system32\drivers\avgtpx86.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AVGTP
-------\Legacy_MCMPFSVC
-------\Legacy_MSAV
-------\Service_aiiunvuj
-------\Service_ajniwqtl
-------\Service_alxfmqma
-------\Service_apfrtxze
-------\Service_avgtp
-------\Service_becvpepd
-------\Service_bipazxix
-------\Service_bzqzkjxe
-------\Service_camqtezp
-------\Service_ceawuwmc
-------\Service_cihzgdzj
-------\Service_cphgrsxk
-------\Service_dmwyelki
-------\Service_dnpnumhx
-------\Service_ejhyrrqq
-------\Service_ekrloqae
-------\Service_eomqlslz
-------\Service_eoqtxeis
-------\Service_ffpugnxm
-------\Service_fgzhojif
-------\Service_fispgvdv
-------\Service_flarvaki
-------\Service_gfklftjf
-------\Service_gxcovpuy
-------\Service_hivjghcg
-------\Service_hmddyueb
-------\Service_hrdcwork
-------\Service_ieurzehf
-------\Service_iidrvfxw
-------\Service_ilibmssc
-------\Service_inngrfso
-------\Service_ionljeli
-------\Service_iournris
-------\Service_jbveyhdf
-------\Service_jbynvqlb
-------\Service_jkjigcjz
-------\Service_jmfkhaho
-------\Service_jurwjaon
-------\Service_klmmfmsn
-------\Service_kqfgdizd
-------\Service_lfuncgbw
-------\Service_lggxcgzd
-------\Service_llspnfzf
-------\Service_lsbmulwr
-------\Service_lscytjhf
-------\Service_lvatqndr
-------\Service_lwugtgju
-------\Service_McMPFSvc
-------\Service_mktahoyz
-------\Service_msav
-------\Service_njucjlhj
-------\Service_ofdvlanw
-------\Service_onimvpic
-------\Service_pgeuabxo
-------\Service_pkndstgy
-------\Service_pozijwoh
-------\Service_puijckld
-------\Service_pxakdztm
-------\Service_qoapangu
-------\Service_qskkfdkb
-------\Service_qtsqtmue
-------\Service_rhevprua
-------\Service_rohlwepv
-------\Service_rpkkornj
-------\Service_rubyrhba
-------\Service_rxfdayuk
-------\Service_skfjjdnz
-------\Service_sytvzgtq
-------\Service_tgngkdia
-------\Service_tlrfilff
-------\Service_tvnpmdtb
-------\Service_uhlsytdn
-------\Service_ujzhykpc
-------\Service_ukgxihsx
-------\Service_uxvfjnie
-------\Service_vandgyiv
-------\Service_vdfnrcjm
-------\Service_vdqvylse
-------\Service_vgwuyobz
-------\Service_vmxqaodl
-------\Service_vvfhpnni
-------\Service_wticwisf
-------\Service_wtvzupht
-------\Service_wupjffsp
-------\Service_wuqfjhcq
-------\Service_wydlntfk
-------\Service_xqduzmxg
-------\Service_xqyivwmk
-------\Service_xzvgxcru
-------\Service_zasfehnn
-------\Service_zjuhcdgu
-------\Legacy_vToolbarUpdater15.2.0
-------\Legacy_vToolbarUpdater15.2.0
-------\Service_vToolbarUpdater15.2.0
-------\Service_vToolbarUpdater15.2.0
.
.
((((((((((((((((((((((((( Files Created from 2013-05-05 to 2013-06-05 )))))))))))))))))))))))))))))))
.
.
2013-06-05 06:18 . 2013-06-05 06:18 60872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1CB181E4-552F-4340-A333-709198AC6A54}\offreg.dll
2013-06-05 04:55 . 2013-05-13 06:19 7016152 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1CB181E4-552F-4340-A333-709198AC6A54}\mpengine.dll
2013-06-04 16:29 . 2013-06-04 16:38 -------- d-----w- C:\0890a526f37a552925
2013-06-02 17:15 . 2013-06-02 17:15 146648 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-06-02 15:35 . 2013-05-13 06:19 7016152 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-02 14:24 . 2013-02-12 00:32 12928 ------w- c:\windows\system32\dllcache\usb8023x.sys
2013-06-02 14:24 . 2013-02-12 00:32 12928 ------w- c:\windows\system32\dllcache\usb8023.sys
2013-05-31 18:32 . 2013-06-01 18:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-05-31 18:07 . 2013-05-31 18:07 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-05-31 04:43 . 2013-05-31 04:43 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2013-05-30 17:43 . 2013-05-30 17:43 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2013-05-28 03:03 . 2013-05-09 08:59 368944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-05-28 03:03 . 2013-05-09 08:59 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-28 03:03 . 2013-05-09 08:59 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-05-28 03:03 . 2013-05-09 08:59 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-05-28 03:03 . 2013-05-09 08:59 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-05-28 03:03 . 2013-05-09 08:59 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-28 03:03 . 2013-05-09 08:59 174664 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-05-28 03:03 . 2013-05-09 08:59 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-28 03:03 . 2013-05-09 08:58 229648 ----a-w- c:\windows\system32\aswBoot.exe
2013-05-28 03:02 . 2013-05-09 08:58 41664 ----a-w- c:\windows\avastSS.scr
2013-05-28 03:02 . 2013-05-28 03:02 -------- d-----w- c:\program files\AVAST Software
2013-05-28 03:02 . 2013-05-28 03:02 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2013-05-28 02:31 . 2013-05-28 02:31 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2013-05-28 02:30 . 2013-05-28 02:30 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2013-05-27 23:18 . 2013-05-27 23:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-05-27 23:18 . 2013-05-27 23:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-05-27 23:18 . 2013-04-04 19:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-04 15:57 . 2013-01-31 18:36 0 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2013-05-18 12:52 . 2012-12-01 10:02 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-18 12:52 . 2011-06-03 01:02 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-02 15:28 . 2011-06-16 13:38 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-21 12:03 . 2013-04-21 12:03 43600 ----a-w- c:\windows\system32\drivers\xrjpjgqa.sys
2013-04-16 22:17 . 2004-08-10 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-04-16 22:17 . 2004-08-10 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-04-16 22:17 . 2004-08-10 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-04-13 13:48 . 2013-04-13 13:48 465280 ----a-r- c:\windows\cpnprt2win32.cid
2013-04-13 13:48 . 2013-04-13 13:48 465280 ------w- c:\windows\system32\cpnprt2win32.cid
2013-04-12 23:28 . 2004-08-10 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-04-10 01:31 . 2004-08-10 12:00 1876352 ----a-w- c:\windows\system32\win32k.sys
2013-03-08 08:36 . 2004-08-10 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@= "{472083B0-C522-11CF-8763-00608CC02F24} "
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Updater19962.exe "= "c:\documents and settings\HP_Administrator\Local Settings\Application Data\Updater19962\Updater19962.exe" [2013-04-21 210312]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray "= "c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"AlwaysReady Power Message APP "= "ARPWRMSG.EXE" [2005-08-03 77312]
"HPBootOp "= "c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740]
"HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Kernel and Hardware Abstraction Layer "= "KHALMNPR.EXE" [2007-01-23 101136]
"Logitech Hardware Abstraction Layer "= "KHALMNPR.EXE" [2007-01-23 101136]
"CarboniteSetupLite "= "c:\program files\Carbonite\CarbonitePreinstaller.exe" [2009-08-04 318096]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"MSC "= "c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"InstaLAN "= "c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-05-27 2015136]
"avast "= "c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting "= "c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
CreataCard Gold 3 Forget Me Not Reminders Tray Icon.lnk - c:\program files\CreataCard\Gold\FMRemind.exe [2012-11-14 189952]
HP Button Manager.lnk - c:\program files\HP\Button Manager\BM.exe [2010-12-30 356864]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2011-1-11 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-1-11 688128]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-12-23 27136]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=" "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@= "Service "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=" "
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe "=
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [5/27/2013 10:03 PM 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [5/27/2013 10:03 PM 174664]
R0 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [5/31/2013 1:07 PM 35144]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/27/2013 10:03 PM 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/27/2013 10:03 PM 368944]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/27/2013 10:03 PM 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [5/27/2013 10:03 PM 66336]
R2 DefaultTabUpdate;DefaultTabUpdate;c:\documents and settings\HP_Administrator\Application Data\DefaultTab\DefaultTab\DTUpdate.exe [12/23/2012 2:06 PM 107520]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [5/27/2013 6:18 PM 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/27/2013 6:18 PM 701512]
R2 WajamUpdater;WajamUpdater;c:\program files\Wajam\Updater\WajamUpdater.exe [10/5/2012 10:08 AM 109064]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/27/2013 6:18 PM 22856]
S1 MpKsldc0f1da6;MpKsldc0f1da6;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9AEFB399-3EFC-49EC-8A5C-54289D827A22}\MpKsldc0f1da6.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9AEFB399-3EFC-49EC-8A5C-54289D827A22}\MpKsldc0f1da6.sys [?]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{72a4c95e-1d99-11e0-91dd-0015f26bbfa2}]
\Shell\AutoRun\command - L:\LaunchU3.exe -a
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-05-28 03:05 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-01 12:52]
.
2013-06-05 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-28 08:58]
.
2013-06-05 c:\windows\Tasks\Browser Manager.job
- c:\windows\system32\sc.exe [2004-08-10 10:39]
.
2013-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-28 03:03]
.
2013-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-28 03:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={ECC15163-AA9B-11E2-93BD-0015F26BBFA2}
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} -
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1yoh94um.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - google.com
FF - ExtSQL: 2013-05-27 22:03; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-AVG SafeGuard toolbar - c:\program files\AVG SafeGuard toolbar\UNINSTALL.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-05 01:18
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101 "
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe "
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker5 "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(624)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(4056)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
c:\program files\Microsoft Office\Office12\ONENOTEM.EXE
c:\program files\Belkin\Router Setup and Monitor\BelkinSetup.exe
c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2013-06-05 01:25:28 - machine was rebooted
ComboFix-quarantined-files.txt 2013-06-05 06:25
ComboFix2.txt 2013-06-04 18:15
.
Pre-Run: 208,627,662,848 bytes free
Post-Run: 208,771,051,520 bytes free
.
- - End Of File - - 817D1AC71E76C0E32806CB7F26ACAE6D

 

It is running much better. Being that I don't have to run in Safe Mode, that makes it easier.

# AdwCleaner v2.301 - Logfile created 06/06/2013 at 10:27:41
# Updated 16/05/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : HP_Administrator - HOMEPC
# Boot Mode : Normal
# Running from : C:\Documents and Settings\HP_Administrator\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : DefaultTabUpdate
Stopped & Deleted : WajamUpdater

***** [Files / Folders] *****

Deleted on reboot : C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hhbgpoakplhahbklhkcfbpicgjcaoglk
Deleted on reboot : C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
File Deleted : C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1yoh94um.default\bprotector_extensions.sqlite
File Deleted : C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1yoh94um.default\bprotector_prefs.js
File Deleted : C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\bProtector Web Data
File Deleted : C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\bprotectorpreferences
File Deleted : C:\END
File Deleted : C:\WINDOWS\Tasks\Browser Manager.job
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Browser Manager
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Deleted : C:\Documents and Settings\HP_Administrator\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\HP_Administrator\Application Data\DefaultTab
Folder Deleted : C:\Documents and Settings\HP_Administrator\Application Data\PerformerSoft
Folder Deleted : C:\Documents and Settings\HP_Administrator\Application Data\PriceGong
Folder Deleted : C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Updater19962
Folder Deleted : C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Wajam
Folder Deleted : C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Zoom_Downloader
Folder Deleted : C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Wajam
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\DomaIQ Uninstaller
Folder Deleted : C:\Program Files\file scout
Folder Deleted : C:\Program Files\InfoAtoms
Folder Deleted : C:\Program Files\Supreme Savings
Folder Deleted : C:\Program Files\SweetIM
Folder Deleted : C:\Program Files\Wajam
Folder Deleted : C:\Program Files\Yontoo
Folder Deleted : C:\WINDOWS\Installer\{EBE677C0-CBCB-4EBF-8098-E27E1B5271CF}

***** [Registry] *****

Key Deleted : HKCU\Software\5828dd0e03bb949
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\Crossrider
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\NetAssistant 3.8.3
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A899079D-206F-43A6-BE6A-07E0FA648EA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E5C66DD8-308B-4A4F-AF0A-3D04F25B5343}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A93C934-025B-4C3A-B38E-9654A7003239}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A899079D-206F-43A6-BE6A-07E0FA648EA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF0118D4-63FF-4138-9327-F3028FB1A578}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E5C66DD8-308B-4A4F-AF0A-3D04F25B5343}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\NetAssistant 3.8.3
Key Deleted : HKCU\Software\Supreme Savings
Key Deleted : HKCU\Software\Wajam
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\5828dd0e03bb949
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BF0118D4-63FF-4138-9327-F3028FB1A578}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0019962.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0019962.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0019962.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3196716
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\Software\DomaIQ
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hhbgpoakplhahbklhkcfbpicgjcaoglk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Deleted : HKLM\Software\InfoAtoms
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{EBE677C0-CBCB-4EBF-8098-E27E1B5271CF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\InfoAtoms
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Supreme Savings
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Updater Service
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wajam
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C792A75A-2A1F-4991-9B85-291745478A79}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EBE677C0-CBCB-4EBF-8098-E27E1B5271CF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InfoAtoms
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Supreme Savings
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\Software\Supreme Savings
Key Deleted : HKLM\Software\Wajam
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [infoatoms@infoatoms.com]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={ECC15163-AA9B-11E2-93BD-0015F26BBFA2} --> hxxp://www.google.com

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1yoh94um.default\prefs.js

Deleted : user_pref( "browser.search.order.1 ", "Search the web (Babylon) ");
Deleted : user_pref( "browser.search.selectedEngine ", "Search the web (Babylon) ");

File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qud01wj7.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v27.0.1453.94

File : C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted [l.1] : icon_url ={ "backup ":{ "session ":{ "urls_to_restore_on_startup ":[ "hxxp://www.google.com"]}}, "browser ":{ "last_know[...]

File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [19349 octets] - [06/06/2013 10:27:41]

########## EOF - C:\AdwCleaner[S1].txt - [19410 octets] ##########

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Microsoft Windows XP x86
Ran by HP_Administrator on Thu 06/06/2013 at 10:42:52.10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\systweak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{22222222-2222-2222-2222-220122992262}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8C1A36A1-F5EF-3B23-94E4-ED31FE1B3197}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A8E30123-30B0-46F8-B4BE-A1647116E812}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab}



~~~ Files

Successfully deleted: [File] "C:\WINDOWS\couponprinter.ocx "



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\HP_Administrator\Application Data\strongvault "
Successfully deleted: [Folder] "C:\Documents and Settings\HP_Administrator\Application Data\systweak "
Successfully deleted: [Folder] "C:\Program Files\coupons "
Successfully deleted: [Folder] "C:\Program Files\w3i "
Successfully deleted: [Folder] "C:\Documents and Settings\HP_Administrator\start menu\programs\netassistant "
Successfully deleted: [Folder] "C:\WINDOWS\system32\ai_recyclebin "



~~~ FireFox

Successfully deleted: [Folder] "C:\Program Files\Mozilla Firefox\extensions\infoatoms@infoatoms.com "
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 06/06/2013 at 10:53:16.37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~