Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer running slow and take long to boot after Yandex


  • Please log in to reply
18 replies to this topic

#1 pigfoot

pigfoot

  • Members
  • 186 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:MIAMI, FLORIDA, USA
  • Local time:09:16 PM

Posted 08 March 2014 - 02:14 PM

This computer was taking too long to boot and everything seems sluggish when trying to browse on all browsers.  Yandex was secretly installed somehow and I tried to remove it but I think it left stuff  still.  I had a topic before but it was closed and was told to reopen this  topic to continue.

 

http://www.bleepingcomputer.com/forums/t/520898/computer-running-slowtakes-long-to-boot-up/#entry3260236

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.45.2
Run by Ken at 13:06:09 on 2014-03-08
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1023.312 [GMT -6:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://my.netzero.net/s/search?r=minisearch
uSearch Page = hxxp://my.netzero.net/s/search?r=minisearch
uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch
uURLSearchHooks: {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.0.318\McAfeeMSS_IE.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: NetZero Toolbar Helper: {FE3098B0-04A3-41fd-8CA9-BEA39CB14C87} - c:\program files\netzero\UCReg.dll
BHO: Juno Toolbar Helper: {FE3098B1-04A3-41fd-8CA9-BEA39CB14C87} - c:\program files\juno\UCReg.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: ZeroBar: {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - c:\program files\netzero\Toolbar.dll
TB: JunoBar: {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - c:\program files\juno\Toolbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Display All Images with Full Quality - "res://c:\program files\juno\qsacc\appres.dll/228"
IE: Display Image with Full Quality - "res://c:\program files\juno\qsacc\appres.dll/227"
IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\icq7.5\ICQ.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\windows\system32\HMIPCore.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: mcafee.com
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230087268602
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{68765F38-9C7B-45C6-9CFD-DA5B86395864} : DHCPNameServer = 192.168.2.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\33.0.1750.146\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\ken\application data\mozilla\firefox\profiles\j7s5h6jz.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mcafee security scan\3.0.318\npMcAfeeMSS.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll
FF - ExtSQL: 2014-03-07 11:58; vb@yandex.ru; c:\documents and settings\ken\application data\mozilla\firefox\profiles\j7s5h6jz.default\extensions\vb@yandex.ru
FF - ExtSQL: !HIDDEN! 2012-06-13 02:35; smartwebprinting@hp.com; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn2
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 Apache2.2;Apache2.2;c:\program files\apache software foundation\apache2.2\bin\httpd.exe [2009-9-28 24645]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1ca13184601dd2;Google Update Service (gupdate1ca13184601dd2);c:\program files\google\update\GoogleUpdate.exe [2009-8-1 133104]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-3-1 161384]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\manycam.sys --> c:\windows\system32\drivers\ManyCam.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-5-31 34248]
S3 PID_0900_V;Logitech ClickSmart 310(PID_0900_V);c:\windows\system32\drivers\LV551AV.sys [2009-2-7 220055]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== File Associations ===============
.
ShellExec: Illustrator.exe: open=\"c:\program files\adobe\adobe illustrator cs5\support files\contents\windows\illustrator.exe\" \"%1\"
.
=============== Created Last 30 ================
.
2014-03-08 03:28:02    --------    d-----w-    c:\windows\system32\wbem\repository\FS
2014-03-08 03:28:02    --------    d-----w-    c:\windows\system32\wbem\Repository
2014-03-08 03:26:17    --------    d-----w-    c:\program files\VKMusic 4
2014-03-07 09:58:37    --------    d-----w-    c:\documents and settings\ken\application data\Opera Software
2014-03-07 09:55:40    --------    d-----w-    c:\program files\VKMusic 4(2)
.
==================== Find3M  ====================
.
2014-02-05 23:26:52    920064    ----a-w-    c:\windows\system32\wininet.dll
2014-02-05 23:26:43    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2014-02-05 23:26:42    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2014-02-05 23:26:37    18944    ----a-w-    c:\windows\system32\corpol.dll
2014-02-05 22:24:05    385024    ----a-w-    c:\windows\system32\html.iec
2014-01-04 03:13:05    420864    ----a-w-    c:\windows\system32\vbscript.dll
2013-12-14 23:52:53    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-12-14 23:52:51    145408    ----a-w-    c:\windows\system32\javacpl.cpl
2013-12-14 08:17:36    50053120    ----a-w-    c:\program files\GUT168.tmp
2013-12-14 08:10:01    50053120    ----a-w-    c:\program files\GUT159.tmp
2013-12-13 20:05:53    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-13 20:05:53    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2001-08-18 12:00:00    94784    -csh--w-    c:\windows\twain.dll
2008-04-14 00:12:07    50688    --sh--w-    c:\windows\twain_32.dll
2011-02-08 13:33:55    978944    --sh--w-    c:\windows\system32\mfc42.dll
2008-04-14 00:12:01    57344    --sh--w-    c:\windows\system32\msvcirt.dll
2008-04-14 00:12:01    413696    --sha-w-    c:\windows\system32\msvcp60.dll
2013-01-26 03:55:44    552448    --sh--w-    c:\windows\system32\oleaut32.dll
2008-04-14 00:12:32    11776    --sh--w-    c:\windows\system32\regsvr32.exe
.
============= FINISH: 13:07:25.15 ===============
 

 

 

 

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,741 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:16 PM

Posted 10 March 2014 - 08:46 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

Let me know what problem persists.

#3 pigfoot

pigfoot
  • Topic Starter

  • Members
  • 186 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:MIAMI, FLORIDA, USA
  • Local time:09:16 PM

Posted 14 March 2014 - 05:01 AM

# AdwCleaner v3.022 - Report created 14/03/2014 at 04:38:30
# Updated 13/03/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Ken - KEN-RW9IJ6PKV6S
# Running from : C:\Documents and Settings\Ken\My Documents\camvis-dec\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\Yandex
Folder Deleted : C:\Documents and Settings\Ken\Local Settings\Application Data\Yandex
Folder Deleted : C:\Documents and Settings\Ken\Application Data\Yandex
Folder Deleted : C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\j7s5h6jz.default\Yandex

***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

[x] Not Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
[x] Not Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
[x] Not Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl []

-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\j7s5h6jz.default\prefs.js ]


[ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\etfywvr3.default\prefs.js ]


-\\ Google Chrome v33.0.1750.146

[ File : C:\Documents and Settings\Ken\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2371 octets] - [09/01/2014 18:53:02]
AdwCleaner[R1].txt - [1890 octets] - [14/03/2014 04:34:21]
AdwCleaner[S0].txt - [2472 octets] - [09/01/2014 18:55:01]
AdwCleaner[S1].txt - [1698 octets] - [14/03/2014 04:38:30]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1758 octets] ##########
 

 

 

 

 

 

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Microsoft Windows XP x86
Ran by Ken on Fri 03/14/2014 at  4:44:45.60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Documents and Settings\Ken\Application Data\mozilla\firefox\profiles\j7s5h6jz.default\minidumps [89 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 03/14/2014 at  4:51:51.75
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by Ken (administrator) on KEN-RW9IJ6PKV6S on 14-03-2014 04:54:31
Running from C:\Documents and Settings\Ken\My Documents\emoticons
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Creative Technology Ltd.) C:\WINDOWS\system32\devldr32.exe
(Apache Software Foundation) C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
(Apache Software Foundation) C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
HKU\S-1-5-21-329068152-688789844-839522115-1004\...\Policies\Explorer: []

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC83637064398CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ru.msn.com/?rd=1&ucc=RU&dcc=RU&opt=0&ocid=iehp&tc=4
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: HKCU - (No Name) - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} -  No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - Moikrug URL = http://moikrug.ru/persons/?clid=48578&charset=utf-8&keywords={searchTerms}&submitted=1
SearchScopes: HKCU - Yandex URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie8
SearchScopes: HKCU - {0B4E655B-C124-4B66-939A-CE98A637404F} URL = http://www.flickr.com/search/?q={searchTerms}
SearchScopes: HKCU - {5F0969D7-3FDA-4B3D-A865-2C1562A2F2BA} URL = http://delicious.com/search?p={searchTerms}
SearchScopes: HKCU - {88BA080D-DF1A-45D2-8CE2-8461E30FBFFE} URL = http://search.netzero.net/search?action=search&source=browserboxapp_isp&query={searchTerms}
SearchScopes: HKCU - {D3C0278A-5D7E-495C-96AF-A232818368CB} URL = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: NetZero Toolbar Helper - {FE3098B0-04A3-41fd-8CA9-BEA39CB14C87} - C:\Program Files\NetZero\ucreg.dll (NetZero, Inc.)
BHO: Juno Toolbar Helper - {FE3098B1-04A3-41fd-8CA9-BEA39CB14C87} - C:\Program Files\Juno\ucreg.dll (Juno, Inc.)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll (NetZero, Inc.)
Toolbar: HKLM - JunoBar - {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - C:\Program Files\Juno\Toolbar.dll (Juno, Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204
Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [77824 2008-05-13] (SuperAdBlocker.com)
Winsock: Catalog9 01 C:\WINDOWS\system32\HMIPCore.dll [282928] (My Privacy Tools, Inc.)
Winsock: Catalog9 02 C:\WINDOWS\system32\HMIPCore.dll [282928] (My Privacy Tools, Inc.)
Winsock: Catalog9 13 C:\WINDOWS\system32\HMIPCore.dll [282928] (My Privacy Tools, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\j7s5h6jz.default
FF NewTab: yafd:tabs
FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: FoxyProxy Standard - C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\j7s5h6jz.default\Extensions\foxyproxy@eric.h.jung [2011-09-09]
FF Extension: Візуальныя закладкі - C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\j7s5h6jz.default\Extensions\vb@yandex.ru [2014-03-07]
FF Extension: Greasemonkey - C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\j7s5h6jz.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2010-02-13]
FF Extension: Adblock Plus - C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\j7s5h6jz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-08]
FF Extension: Hide My IP - C:\Program Files\Mozilla Firefox\extensions\staff@hide-my-ip(2).com [2009-03-04]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2012-06-13]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2012-06-13]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Extension: (Google Wallet) - C:\Documents and Settings\Ken\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-08]

========================== Services (Whitelisted) =================

R2 Apache2.2; C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe [24645 2009-09-28] (Apache Software Foundation)
S2 gupdate1ca13184601dd2; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-08-01] (Google Inc.)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-14] (Oracle Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S3 idsvc; "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [X]

==================== Drivers (Whitelisted) ====================

R3 basic2; C:\WINDOWS\System32\DRIVERS\basic2.sys [77426 2001-09-07] (Conexant Systems)
S3 bvrp_pci; C:\WINDOWS\system32\Drivers\bvrp_pci.sys [4272 2001-06-20] ()
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R3 ctljystk; C:\WINDOWS\System32\DRIVERS\ctljystk.sys [3712 2001-08-17] (Creative Technology Ltd.)
R3 emu10k; C:\WINDOWS\System32\drivers\emu10k1f.sys [777088 2001-09-13] (Creative Technology Ltd.)
R3 emu10k1; C:\WINDOWS\System32\drivers\ctlface.sys [6912 2001-07-11] (Creative Technology Ltd.)
R3 Eplpdx02; C:\WINDOWS\system32\Drivers\EPLPDX02.SYS [70084 2001-08-09] (MK Systems CO., LTD.)
R2 Fallback; C:\WINDOWS\System32\DRIVERS\fallback.sys [310899 2001-09-07] (Conexant Systems)
R2 Fsks; C:\WINDOWS\System32\DRIVERS\fsksnt.sys [127405 2001-09-07] (Conexant Systems)
R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2008-10-13] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2008-10-13] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2008-10-13] (HP)
S3 HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFBS2S2.sys [220032 2004-08-03] (Conexant Systems, Inc.)
S3 HSF_DP; C:\WINDOWS\System32\DRIVERS\HSFDPSP2.sys [1041536 2004-08-03] (Conexant Systems, Inc.)
S3 hsf_msft; C:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys [542879 2001-08-17] (Conexant)
R2 K56; C:\WINDOWS\System32\DRIVERS\k56nt.sys [426783 2001-09-07] (Conexant Systems)
S3 LVBulk; C:\WINDOWS\System32\DRIVERS\LVBulk.sys [10261 2002-02-01] (Logitech Inc.)
S3 mferkdk; C:\WINDOWS\System32\drivers\mferkdk.sys [34248 2010-02-17] (McAfee, Inc.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R2 PfModNT; C:\WINDOWS\system32\PfModNT.sys [6752 1999-12-17] (Creative Technology Ltd.)
S3 PID_0900_V; C:\WINDOWS\System32\DRIVERS\LV551AV.sys [220055 2002-02-01] (Logitech Inc.)
R3 Rksample; C:\WINDOWS\System32\DRIVERS\rksample.sys [67654 2001-09-07] (Conexant Systems)
R3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12872 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67656 2010-05-10] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 sfman; C:\WINDOWS\System32\drivers\sfman.sys [36992 2001-08-31] (Creative Technology Ltd.)
R2 SoftFax; C:\WINDOWS\System32\DRIVERS\faxnt.sys [217019 2001-09-07] (Conexant Systems)
R2 SpeakerPhone; C:\WINDOWS\System32\DRIVERS\spkpnt.sys [80449 2001-09-07] (Conexant Systems)
R2 Tones; C:\WINDOWS\System32\DRIVERS\tonesnt.sys [56607 2001-09-07] (Conexant Systems)
S3 usbbus; C:\WINDOWS\System32\DRIVERS\lgusbbus.sys [13056 2013-04-24] (LG Electronics Inc.)
S3 UsbDiag; C:\WINDOWS\System32\DRIVERS\lgusbdiag.sys [20864 2013-04-24] (LG Electronics Inc.)
S3 USBModem; C:\WINDOWS\System32\DRIVERS\lgusbmodem.sys [25216 2013-04-24] (LG Electronics Inc.)
R2 V124; C:\WINDOWS\System32\DRIVERS\v124nt.sys [534125 2001-09-07] (Conexant Systems)
S3 vulfnths; C:\WINDOWS\System32\Drivers\vulfnth.sys [6912 2003-08-04] (VIA Technologies, Inc.)
R3 vulfntrs; C:\WINDOWS\System32\Drivers\vulfntr.sys [11392 2003-08-04] (VIA Technologies, Inc.)
S4 hpt3xx; No ImagePath
S3 ManyCam; system32\DRIVERS\ManyCam.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 TlntSvr;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-14 04:54 - 2014-03-14 04:54 - 00000000 ____D () C:\FRST
2014-03-14 04:51 - 2014-03-14 04:51 - 00000735 _____ () C:\Documents and Settings\Ken\Desktop\JRT.txt
2014-03-14 04:41 - 2014-02-20 00:33 - 01037734 _____ (Thisisu) C:\Documents and Settings\Ken\Desktop\JRT_NEW.exe
2014-03-13 05:05 - 2014-03-13 05:06 - 00130872 _____ () C:\WINDOWS\KB2925418-IE8.log
2014-03-13 05:05 - 2014-03-13 05:06 - 00018548 _____ () C:\WINDOWS\FaxSetup.log
2014-03-13 05:05 - 2014-03-13 05:06 - 00008868 _____ () C:\WINDOWS\ocgen.log
2014-03-13 05:05 - 2014-03-13 05:06 - 00007077 _____ () C:\WINDOWS\tsoc.log
2014-03-13 05:05 - 2014-03-13 05:06 - 00006042 _____ () C:\WINDOWS\comsetup.log
2014-03-13 05:05 - 2014-03-13 05:06 - 00004134 _____ () C:\WINDOWS\setupapi.log
2014-03-13 05:05 - 2014-03-13 05:06 - 00003672 _____ () C:\WINDOWS\ntdtcsetup.log
2014-03-13 05:05 - 2014-03-13 05:06 - 00002893 _____ () C:\WINDOWS\iis6.log
2014-03-13 05:05 - 2014-03-13 05:06 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-03-13 05:05 - 2014-03-13 05:06 - 00001026 _____ () C:\WINDOWS\ocmsn.log
2014-03-13 05:05 - 2014-03-13 05:06 - 00000927 _____ () C:\WINDOWS\msgsocm.log
2014-03-13 05:05 - 2014-03-13 05:05 - 00002747 _____ () C:\WINDOWS\updspapi.log
2014-03-13 05:05 - 2014-03-13 05:05 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2014-03-13 05:05 - 2014-03-13 05:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-03-13 05:05 - 2014-03-13 05:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-03-13 05:05 - 2014-03-13 05:05 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-03-13 05:05 - 2014-03-13 05:05 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-03-13 00:50 - 2014-03-13 05:05 - 00127374 _____ () C:\WINDOWS\KB2929961.log
2014-03-13 00:49 - 2014-03-13 05:05 - 00130611 _____ () C:\WINDOWS\KB2930275.log
2014-03-08 14:07 - 2014-03-08 14:07 - 00009867 _____ () C:\Documents and Settings\Ken\Desktop\dds.txt
2014-03-07 22:26 - 2014-03-07 22:27 - 00000000 ____D () C:\Program Files\VKMusic 4
2014-03-07 22:26 - 2014-03-07 22:27 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\VKMusic 4
2014-03-07 04:58 - 2014-03-07 04:58 - 00000000 ____D () C:\Documents and Settings\Ken\Application Data\Opera Software
2014-03-07 04:55 - 2014-03-07 22:26 - 00000000 ____D () C:\Program Files\VKMusic 4(2)
2014-02-13 14:39 - 2014-02-13 14:39 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$

==================== One Month Modified Files and Folders =======

2014-03-14 04:54 - 2014-03-14 04:54 - 00000000 ____D () C:\FRST
2014-03-14 04:54 - 2009-01-01 23:39 - 00000000 ____D () C:\Documents and Settings\Ken\My Documents\emoticons
2014-03-14 04:51 - 2014-03-14 04:51 - 00000735 _____ () C:\Documents and Settings\Ken\Desktop\JRT.txt
2014-03-14 04:41 - 2011-12-03 21:09 - 01094132 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-14 04:40 - 2011-06-15 03:44 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-03-14 04:40 - 2011-06-15 03:44 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-03-14 04:39 - 2013-01-18 00:21 - 00000296 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-329068152-688789844-839522115-1004.job
2014-03-14 04:39 - 2013-01-18 00:05 - 00000274 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-329068152-688789844-839522115-1004.job
2014-03-14 04:39 - 2011-06-15 03:43 - 00032544 _____ () C:\WINDOWS\SchedLgU.Txt
2014-03-14 04:39 - 2010-03-27 20:21 - 00000274 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-329068152-688789844-839522115-1004.job
2014-03-14 04:39 - 2009-08-01 21:34 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-14 04:39 - 2008-10-13 23:58 - 00000178 ___SH () C:\Documents and Settings\Ken\ntuser.ini
2014-03-14 04:39 - 2008-10-13 23:49 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-14 04:38 - 2014-01-09 18:46 - 00000000 ____D () C:\AdwCleaner
2014-03-14 04:33 - 2010-12-14 03:34 - 00000069 _____ () C:\WINDOWS\NeroDigital.ini
2014-03-14 04:32 - 2011-12-30 00:41 - 00000000 ____D () C:\Documents and Settings\Ken\My Documents\camvis-dec
2014-03-14 04:29 - 2009-08-01 21:34 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-14 04:04 - 2010-03-03 01:55 - 00000000 ____D () C:\Documents and Settings\Ken\Application Data\vlc
2014-03-13 12:54 - 2009-07-27 22:29 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-13 12:54 - 2008-10-13 18:40 - 00277352 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-13 05:06 - 2014-03-13 05:05 - 00130872 _____ () C:\WINDOWS\KB2925418-IE8.log
2014-03-13 05:06 - 2014-03-13 05:05 - 00018548 _____ () C:\WINDOWS\FaxSetup.log
2014-03-13 05:06 - 2014-03-13 05:05 - 00008868 _____ () C:\WINDOWS\ocgen.log
2014-03-13 05:06 - 2014-03-13 05:05 - 00007077 _____ () C:\WINDOWS\tsoc.log
2014-03-13 05:06 - 2014-03-13 05:05 - 00006042 _____ () C:\WINDOWS\comsetup.log
2014-03-13 05:06 - 2014-03-13 05:05 - 00004134 _____ () C:\WINDOWS\setupapi.log
2014-03-13 05:06 - 2014-03-13 05:05 - 00003672 _____ () C:\WINDOWS\ntdtcsetup.log
2014-03-13 05:06 - 2014-03-13 05:05 - 00002893 _____ () C:\WINDOWS\iis6.log
2014-03-13 05:06 - 2014-03-13 05:05 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-03-13 05:06 - 2014-03-13 05:05 - 00001026 _____ () C:\WINDOWS\ocmsn.log
2014-03-13 05:06 - 2014-03-13 05:05 - 00000927 _____ () C:\WINDOWS\msgsocm.log
2014-03-13 05:05 - 2014-03-13 05:05 - 00002747 _____ () C:\WINDOWS\updspapi.log
2014-03-13 05:05 - 2014-03-13 05:05 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2014-03-13 05:05 - 2014-03-13 05:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-03-13 05:05 - 2014-03-13 05:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-03-13 05:05 - 2014-03-13 05:05 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-03-13 05:05 - 2014-03-13 05:05 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-03-13 05:05 - 2014-03-13 00:50 - 00127374 _____ () C:\WINDOWS\KB2929961.log
2014-03-13 05:05 - 2014-03-13 00:49 - 00130611 _____ () C:\WINDOWS\KB2930275.log
2014-03-13 05:04 - 2010-06-03 17:00 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
2014-03-13 04:55 - 2009-07-29 23:28 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-03-13 04:49 - 2008-10-14 02:00 - 00000000 ____D () C:\Documents and Settings\Ken\My Documents\streamate-vids
2014-03-12 04:14 - 2013-07-17 04:59 - 00377192 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-329068152-688789844-839522115-1004-0.dat
2014-03-12 04:14 - 2013-07-17 04:59 - 00258466 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-03-12 01:15 - 2009-01-07 23:56 - 00000000 ____D () C:\Program Files\Winmx
2014-03-09 16:56 - 2008-10-13 18:41 - 00647124 ____C () C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-08 14:07 - 2014-03-08 14:07 - 00009867 _____ () C:\Documents and Settings\Ken\Desktop\dds.txt
2014-03-08 14:07 - 2014-01-24 15:07 - 00023991 _____ () C:\Documents and Settings\Ken\Desktop\attach.txt
2014-03-08 04:36 - 2014-02-08 02:37 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-03-07 22:29 - 2001-08-18 07:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-03-07 22:28 - 2010-01-24 23:31 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-03-07 22:28 - 2008-10-13 23:57 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-03-07 22:28 - 2008-10-13 23:57 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-03-07 22:28 - 2008-10-13 23:46 - 00000000 ____D () C:\WINDOWS\Registration
2014-03-07 22:27 - 2014-03-07 22:26 - 00000000 ____D () C:\Program Files\VKMusic 4
2014-03-07 22:27 - 2014-03-07 22:26 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\VKMusic 4
2014-03-07 22:26 - 2014-03-07 04:55 - 00000000 ____D () C:\Program Files\VKMusic 4(2)
2014-03-07 05:01 - 2012-03-07 03:03 - 00000000 ____D () C:\Documents and Settings\Ken\Local Settings\Application Data\VKMusic 4
2014-03-07 04:58 - 2014-03-07 04:58 - 00000000 ____D () C:\Documents and Settings\Ken\Application Data\Opera Software
2014-03-06 14:01 - 2009-02-22 02:43 - 00000000 ____D () C:\Documents and Settings\Ken\Application Data\Skype
2014-03-04 00:21 - 2013-01-18 00:21 - 00000322 _____ () C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-329068152-688789844-839522115-1004.job
2014-03-02 04:13 - 2008-10-14 01:52 - 00022016 _____ () C:\Documents and Settings\Ken\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-28 00:43 - 2010-03-27 20:21 - 00000282 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-688789844-839522115-1004.job
2014-02-28 00:36 - 2013-01-18 00:21 - 00000304 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-329068152-688789844-839522115-1004.job
2014-02-28 00:27 - 2013-01-18 00:05 - 00000282 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-329068152-688789844-839522115-1004.job
2014-02-26 00:02 - 2011-05-24 02:54 - 00000000 ____D () C:\WINDOWS\Minidump
2014-02-25 23:57 - 2008-10-14 02:37 - 00000000 __SHD () C:\Documents and Settings\Ken\UserData
2014-02-24 16:24 - 2001-08-18 07:00 - 00174592 ____N (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-24 16:24 - 2001-08-18 07:00 - 00174592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ie4uinit.exe
2014-02-24 06:46 - 2010-04-30 21:51 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll
2014-02-24 06:46 - 2008-10-13 23:48 - 00759296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vgx.dll
2014-02-24 06:46 - 2001-08-18 07:00 - 06022144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2014-02-24 06:46 - 2001-08-18 07:00 - 06022144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-24 06:46 - 2001-08-18 07:00 - 01216000 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\urlmon.dll
2014-02-24 06:46 - 2001-08-18 07:00 - 01216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-24 06:46 - 2001-08-18 07:00 - 00920064 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wininet.dll
2014-02-24 06:46 - 2001-08-18 07:00 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-24 06:46 - 2001-08-18 07:00 - 00611840 ____N (Microsoft Corporation) C:\WINDOWS\system32\mstime.dll
2014-02-24 06:46 - 2001-08-18 07:00 - 00611840 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstime.dll
2014-02-24 06:46 - 2001-08-18 07:00 - 00206848 ____N (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2014-02-24 06:46 - 2001-08-18 07:00 - 00206848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\occache.dll
2014-02-24 06:46 - 2001-08-18 07:00 - 00105984 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\url.dll
2014-02-24 06:46 - 2001-08-18 07:00 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2014-02-24 06:46 - 2001-08-18 07:00 - 00067072 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtmled.dll
2014-02-24 06:46 - 2001-08-18 07:00 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-02-24 06:45 - 2012-06-12 18:32 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll
2014-02-24 06:45 - 2011-03-16 22:26 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll
2014-02-24 06:45 - 2010-04-30 21:51 - 02006016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iertutil.dll
2014-02-24 06:45 - 2010-04-30 21:51 - 00630272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeeds.dll
2014-02-24 06:45 - 2010-04-30 21:51 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll
2014-02-24 06:45 - 2010-04-30 21:51 - 00055296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2014-02-24 06:45 - 2010-02-25 11:54 - 11113472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieframe.dll
2014-02-24 06:45 - 2009-03-08 04:39 - 11113472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-24 06:45 - 2009-03-08 04:32 - 02006016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-24 06:45 - 2009-03-08 04:32 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-24 06:45 - 2009-03-08 04:31 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2014-02-24 06:45 - 2001-08-18 07:00 - 01469440 ____N (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-02-24 06:45 - 2001-08-18 07:00 - 01469440 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetcpl.cpl
2014-02-24 06:45 - 2001-08-18 07:00 - 00387584 ____N (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-02-24 06:45 - 2001-08-18 07:00 - 00387584 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedkcs32.dll
2014-02-24 06:45 - 2001-08-18 07:00 - 00184320 ____N (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-02-24 06:45 - 2001-08-18 07:00 - 00184320 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iepeers.dll
2014-02-24 06:45 - 2001-08-18 07:00 - 00043520 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\licmgr10.dll
2014-02-24 06:45 - 2001-08-18 07:00 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2014-02-24 06:45 - 2001-08-18 07:00 - 00025600 ____N (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-24 06:45 - 2001-08-18 07:00 - 00025600 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsproxy.dll
2014-02-24 06:45 - 2001-08-18 07:00 - 00018944 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\corpol.dll
2014-02-24 06:45 - 2001-08-18 07:00 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\corpol.dll
2014-02-24 05:54 - 2008-10-14 00:42 - 00385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-02-20 00:33 - 2014-03-14 04:41 - 01037734 _____ (Thisisu) C:\Documents and Settings\Ken\Desktop\JRT_NEW.exe
2014-02-14 21:34 - 2008-12-26 00:44 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-02-13 14:39 - 2014-02-13 14:39 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-02-13 14:24 - 2013-08-16 02:30 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-02-13 14:20 - 2008-12-25 01:54 - 85946576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

Some content of TEMP:
====================
C:\Documents and Settings\Ken\Local Settings\temp\Quarantine.exe
C:\Documents and Settings\Ken\Local Settings\temp\Setup-praetorian.exe
C:\Documents and Settings\Ken\Local Settings\temp\yupdate-exec-praetorian.exe


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

 

 

 

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014  01
Ran by Ken at 2014-03-14 04:56:17
Running from C:\Documents and Settings\Ken\My Documents\emoticons
Boot Mode: Normal
==========================================================


==================== Security Center ========================


==================== Installed Programs ======================

µTorrent (HKCU\...\uTorrent) (Version: 3.3.2.30180 - BitTorrent Inc.)
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
ACDSee (HKLM\...\ACDSee) (Version:  - )
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe AIR (Version: 1.5.3.9120 - Adobe Systems Inc.) Hidden
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.3.300.270 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Illustrator CS5 (HKLM\...\{E7C95B46-4554-4F45-B4E9-3D1BFF134D64}_is1) (Version:  - Adobe)
Adobe Reader XI (11.0.05) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.05 - Adobe Systems Incorporated)
AdsGone Spyware Blocker Popup Killer 2009 8.0.0 build 1! (HKLM\...\AdsGone Spyware Blocker Popup Killer 2009_is1) (Version:  - A1Tech, Inc.)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - )
AoA Audio Extractor (HKLM\...\{D1725D54-279A-40C5-A70D-23C1785DB920}_is1) (Version:  - AoAMedia.com)
Apache HTTP Server 2.2.14 (HKLM\...\{85262A06-2D8C-4BC1-B6ED-5A705D09CFFC}) (Version: 2.2.14 - Apache Software Foundation)
Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Applian FLV Player (HKLM\...\Applian FLV Player2.0.24) (Version: 2.0.24 - Applian Technologies Inc.)
ArcSoft PhotoFantasy (HKLM\...\ArcSoft PhotoFantasy) (Version:  - )
AVS Update Manager 1.0 (HKLM\...\AVS Update Manager_is1) (Version:  - Online Media Technologies Ltd.)
AVS Video Converter 6 (HKLM\...\AVS4YOU Video Converter 6_is1) (Version:  - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.3 (HKLM\...\AVS4YOU Software Navigator_is1) (Version:  - Online Media Technologies Ltd.)
Bass Audio Decoder (remove only) (HKLM\...\Bass Audio Decoder) (Version:  - )
Best Anonymous Browser (HKLM\...\Best Anonymous Browser_is1) (Version:  - )
Blaze Media Pro (HKLM\...\Blaze Media Pro) (Version: 9.10 - Mystik Media)
Blaze Media Pro (Version: 9.10 - Mystik Media) Hidden
BufferChm (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Burn4Free CD & DVD 5.1.0.0 (HKLM\...\Burn4Free CD & DVD_is1) (Version:  - Ikysasoft s.r.l. uninominale)
BusinessCards MX (HKLM\...\{0D5B5ED2-3E38-4585-B1F3-64B2A9EA95D6}_is1) (Version: 4.88 - MOJOSOFT)
CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform)
ClickBook 14 (HKLM\...\ClickBook_is1) (Version: 14 - Blue Squirrel)
Copy (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Corel Applications (HKLM\...\Corel Applications) (Version:  - )
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version:  - Microsoft Corporation)
DeleteHistoryFree (HKLM\...\{620797B0-A022-4B57-A95E-DD7DD0328007}) (Version: 2.3 - MoRUN.net)
Dell ResourceCD (HKLM\...\{D78653C3-A8FF-415F-92E6-D774E634FF2D}) (Version:  - )
Destination Component (Version: 110.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 120.0.194.000 - Hewlett-Packard) Hidden
DJ_AIO_05_F4400_Software_Min (Version: 120.0.235.000 - Hewlett-Packard) Hidden
eFax Messenger Plus (HKLM\...\eFax Messenger Plus) (Version: 2.07 - eFax.com)
Elecard Codec SDK G4 Eval (HKLM\...\Elecard Codec SDK G4 1.0.1.80507 Eval) (Version: 1.0.1.80507 - Elecard)
eMule (HKLM\...\eMule) (Version:  - )
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - )
Eraser 5.8.8 (HKLM\...\{B80CC46C-5839-4A48-B051-3CACF23A2718}_is1) (Version: Eraser 5.8.8 - The Eraser Project)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
F4400 (Version: 120.0.235.000 - Hewlett-Packard) Hidden
FFMPEG Core Files (remove only) (HKLM\...\FFMPEG Core Files) (Version:  - )
File-Saver (HKLM\...\File-Saver_is1) (Version:  - )
Free MOV 2 AVI  (HKLM\...\Free MOV 2 AVI) (Version:  - Free MOV 2 AVI)
Google Chrome (HKLM\...\Google Chrome) (Version: 33.0.1750.146 - Google Inc.)
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
GPBaseService2 (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Greeting Card Factory Photo Card Maker 2.0 (HKLM\...\{3A94053A-EC5C-4061-8121-893FD68171C6}) (Version: 2.0.0.4 - Nova Development)
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000 - Hewlett-Packard) Hidden
Hide My IP 5.1 (HKLM\...\HMIP50_is1) (Version:  - )
Hide The IP 2009 (HKLM\...\Hide The IP 2009) (Version:  - AVSoftware)
Hide The IP 2009 (Version: 2.2.1.1 - AVSoftware) Hidden
HP Deskjet F4400 All-In-One Driver Software 12.0 Rel .5 (HKLM\...\{0167F157-DAB9-46b0-86C4-7C66DDA85B48}) (Version: 12.0 - HP)
HP Imaging Device Functions 12.0 (HKLM\...\HP Imaging Device Functions) (Version: 12.0 - HP)
HP Product Detection (HKLM\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Smart Web Printing (HKLM\...\HP Smart Web Printing) (Version: 4.05 - HP)
HP Solution Center 12.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 12.0 - HP)
HP SwfScan (HKLM\...\{EA594B1B-9546-4833-879F-FD20BD7B2334}) (Version: 1.0.71.2 - Hewlett Packard, Inc.)
HP Update (HKLM\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPProductAssistant (Version: 120.0.194.000 - Hewlett-Packard) Hidden
ICQ7.5 (HKLM\...\{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}) (Version: 7.5 - ICQ)
InfraRecorder (HKLM\...\InfraRecorder) (Version:  - )
Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JavaFX 2.0.3 (HKLM\...\{1111706F-666A-4037-7777-203328764D10}) (Version: 2.0.3 - Oracle Corporation)
Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Juno Internet (HKLM\...\{a0296e52-6e9b-11d6-ace4-00105a0cf83f}) (Version: 8.9.4.0 - United Online)
LG VZW United Drivers (HKLM\...\{E86DE69E-A94E-41B6-8661-7372FCA1A83C}) (Version: 2.13.0 - LG Electronics)
liteCAM (HKLM\...\{BC8373FC-142C-40B9-AB2A-DA984391A9BD}) (Version: 2.92.0000 - innoheim)
Logitech QuickCam (HKLM\...\{77E70C3C-DBB9-4C47-8663-1E1F81FEC623}) (Version: 6.00.0000 - Logitech, Inc.)
Magic M4A to MP3 Converter 3.1 (HKLM\...\Magic M4A to MP3 Converter_is1) (Version:  - Magic Video,Inc)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
ManyCam 2.6.43 (remove only) (HKLM\...\ManyCam) (Version: 2.6.43 - ManyCam LLC)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.0.318.3 - McAfee, Inc.)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Picture It! Photo 2002 (HKLM\...\{C769A271-7E1C-48F9-B331-474600DD4C06}) (Version: 6.0.0.0000 - Microsoft)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works 2002 Setup Launcher (HKLM\...\Works2002Setup) (Version:  - )
Microsoft XML Parser (Version: 8.70.1104.04 - Microsoft Corporation) Hidden
Modem Helper (HKLM\...\{7F142D56-3326-11D5-B229-002078017FBF}) (Version:  - )
Mozilla Firefox 25.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 25.0.1 (x86 en-US)) (Version: 25.0.1 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB973686) (HKLM\...\{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}) (Version: 6.20.2003.0 - Microsoft Corporation)
NeoDownloader 2.6.3 (HKLM\...\{E76CDDCE-EFC0-4FE5-9972-9489CE49AA55}_is1) (Version: 2.6.3 - Neowise Software Inc.)
NeoDownloader Lite 2.4 (HKLM\...\{3CB3508A-5388-42FF-BDA6-43271D2C7F0A}_is1) (Version:  - Neowise Software Inc.)
Nero 12 Full Repack (HKLM\...\NMMS12) (Version:  - )
Nero 8 Essentials (HKLM\...\{8C6CB33A-AA86-446C-8C4D-304A7FA51033}) (Version: 8.10.380 - Nero AG)
neroxml (Version: 1.0.0 - Nero AG) Hidden
NetZero Internet (HKLM\...\{6c651250-2eb2-11d5-8e33-0050dad72ac2}) (Version: 8.9.3.0 - NetZero, Inc.)
NVIDIA Display Driver (HKLM\...\NVIDIA Display Driver) (Version:  - )
NVIDIA Windows 2000/XP Display Drivers (HKLM\...\NVIDIA) (Version:  - )
OpenSource AVI Splitter (remove only) (HKLM\...\OpenSource AVI Splitter) (Version:  - )
OpenSource Flash Video Splitter (remove only) (HKLM\...\OpenSource Flash Video Splitter) (Version:  - )
Opera 11.64 (HKLM\...\Opera 11.64.1403) (Version: 11.64.1403 - Opera Software ASA)
Opera 12.16 (HKLM\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA)
PhoneTools (HKLM\...\{E3436EE2-D5CB-4249-840B-3A0140CC34C1}) (Version:  - )
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version:  - )
QuickCam Drivers (HKLM\...\QCDrivers) (Version:  - )
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Scan (Version: 12.0.0.0 - Hewlett-Packard) Hidden
Secure-Delete 1.0 (HKLM\...\Secure-Delete_is1) (Version: 1.0 - Pub)
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Skype™ 6.3 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.)
SmartWebPrinting (Version: 120.0.194.000 - Hewlett-Packard) Hidden
SnagIt 6 (HKLM\...\SnagIt6) (Version: 6.1 - TechSmith Corporation)
SolutionCenter (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Sothink SWF Quicker (HKLM\...\{D3490D20-3AE0-459D-AAD6-59195140EAC2}_is1) (Version: 4.7 - SourceTec Software Co., LTD)
Sound Blaster Live! Value (HKLM\...\Sound Blaster Live! Value) (Version:  - )
Status (Version: 120.0.194.000 - Hewlett-Packard) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 4.44.1000 - SUPERAntiSpyware.com)
TimeLeft (HKLM\...\TIMELEFT3_is1) (Version: 3.57 - NesterSoft Inc.)
Toolbox (Version: 120.0.194.000 - Hewlett-Packard) Hidden
TrayApp (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Trillian (HKLM\...\Trillian) (Version:  - Cerulean Studios, LLC)
Undelete File Recovery (HKLM\...\Undelete File Recovery_is1) (Version:  - )
Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955839) (HKLM\...\KB955839) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB961503) (HKLM\...\KB961503) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB976749) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB978207) (Version: 1 - Microsoft Corporation) Hidden
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
Video Thumbnails Maker by Scorp (remove only) (HKLM\...\Video Thumbnails Maker) (Version:  - )
VKMusic 4 (HKLM\...\VKMusic 4_is1) (Version: 4.36 - )
VLC media player 2.0.1 (HKLM\...\VLC media player) (Version: 2.0.1 - VideoLAN)
WeatherMate (HKLM\...\{5A60A4A0-3EAF-42D1-B6CA-9BD331AF8C2F}) (Version: 3.4 - Ravi Bhavnani)
WebFldrs XP (Version: 9.50.5318 - Microsoft Corporation) Hidden
WebReg (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
Winmx Community 1 (HKLM\...\Winmx Community 1) (Version:  - )
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
Works Suite OS Pack (Version: 1.0.0.0000 - Microsoft Corporation) Hidden
Works Synchronization (Version: 1.0.0.0000 - Your Company Name) Hidden
X-Lite 3.0 (HKLM\...\X-Lite 1.5_is1) (Version:  - CounterPath Solutions Inc.)
Xvid 1.1.3 final uninstall (HKLM\...\Xvid_is1) (Version: 1.1 - Xvid team (Koepi))
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )
Zoom Player (remove only) (HKLM\...\ZoomPlayer) (Version:  - )

==================== Restore Points  =========================

14-12-2013 07:57:35 Installed DirectX
14-12-2013 08:06:27 Removed Google Earth.
14-12-2013 08:15:28 Removed Google Earth.
14-12-2013 08:39:20 Removed Google Earth Plug-in.
14-12-2013 23:51:57 Removed Java 7 Update 45
14-12-2013 23:52:45 Installed Java 7 Update 45
16-12-2013 06:21:50 System Checkpoint
17-12-2013 06:34:39 System Checkpoint
19-12-2013 04:19:23 System Checkpoint
21-12-2013 07:32:52 System Checkpoint
23-12-2013 08:01:24 System Checkpoint
25-12-2013 02:44:49 System Checkpoint
26-12-2013 04:04:30 System Checkpoint
29-12-2013 08:54:37 System Checkpoint
31-12-2013 02:10:58 System Checkpoint
03-01-2014 06:58:46 System Checkpoint
04-01-2014 07:36:05 System Checkpoint
07-01-2014 08:32:09 System Checkpoint
09-01-2014 03:56:23 Software Distribution Service 3.0
09-01-2014 05:34:17 Restore Operation
09-01-2014 06:01:09 Software Distribution Service 3.0
10-01-2014 04:28:25 Software Distribution Service 3.0
10-01-2014 04:33:54 Installed Microsoft Fix it 50267
11-01-2014 07:09:36 System Checkpoint
12-01-2014 11:50:51 System Checkpoint
14-01-2014 15:39:44 Software Distribution Service 3.0
15-01-2014 16:24:23 Software Distribution Service 3.0
17-01-2014 01:42:08 System Checkpoint
18-01-2014 23:46:40 System Checkpoint
20-01-2014 01:51:36 System Checkpoint
22-01-2014 16:12:56 System Checkpoint
28-01-2014 06:16:26 System Checkpoint
30-01-2014 02:44:20 System Checkpoint
31-01-2014 03:17:15 System Checkpoint
01-02-2014 04:56:49 System Checkpoint
02-02-2014 05:24:49 System Checkpoint
03-02-2014 05:52:41 System Checkpoint
05-02-2014 04:03:22 System Checkpoint
06-02-2014 06:11:47 System Checkpoint
07-02-2014 19:25:16 System Checkpoint
09-02-2014 05:44:13 System Checkpoint
10-02-2014 06:47:45 System Checkpoint
11-02-2014 09:34:47 System Checkpoint
13-02-2014 06:32:55 System Checkpoint
13-02-2014 19:08:50 Software Distribution Service 3.0
15-02-2014 03:00:12 System Checkpoint
16-02-2014 06:59:47 System Checkpoint
17-02-2014 07:44:29 System Checkpoint
19-02-2014 07:10:49 System Checkpoint
21-02-2014 05:12:08 System Checkpoint
22-02-2014 06:45:47 System Checkpoint
25-02-2014 02:32:55 System Checkpoint
26-02-2014 05:23:42 System Checkpoint
01-03-2014 04:44:18 System Checkpoint
02-03-2014 05:02:23 System Checkpoint
03-03-2014 05:25:13 System Checkpoint
04-03-2014 05:47:15 System Checkpoint
05-03-2014 08:42:02 System Checkpoint
07-03-2014 06:09:28 System Checkpoint
07-03-2014 18:13:05 Удален Элементы Яндекса 7.2 для Internet Explorer
08-03-2014 03:24:28 Restore Operation
09-03-2014 04:07:30 System Checkpoint
10-03-2014 07:45:53 System Checkpoint
12-03-2014 07:23:26 System Checkpoint
13-03-2014 10:02:58 Software Distribution Service 3.0

==================== Hosts content: ==========================

2011-12-04 20:15 - 2013-09-03 18:19 - 00000732 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\AdsGone.job => C:\Program Files\AdsGone\AdsGone.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-329068152-688789844-839522115-1004.job => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-329068152-688789844-839522115-1004.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-329068152-688789844-839522115-1004.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-329068152-688789844-839522115-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-329068152-688789844-839522115-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-329068152-688789844-839522115-1004.job => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-688789844-839522115-1004.job => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe

==================== Loaded Modules (whitelisted) =============

2013-11-19 14:50 - 2013-11-12 22:39 - 03363952 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\WINDOWS\$NtUninstallKB24270$:SummaryInformation
AlternateDataStreams: C:\WINDOWS\$NtUninstallKB41265$:SummaryInformation
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax.com Tray Menu.lnk => C:\WINDOWS\pss\eFax.com Tray Menu.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Status Monitor 3 Environment Check 2.lnk => C:\WINDOWS\pss\EPSON Status Monitor 3 Environment Check 2.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Live Menu.lnk => C:\WINDOWS\pss\Live Menu.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\WINDOWS\pss\McAfee Security Scan Plus.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk => C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Monitor Apache Servers.lnk => C:\WINDOWS\pss\Monitor Apache Servers.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk => C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^Ken^Start Menu^Programs^Startup^AdsGone.lnk => C:\WINDOWS\pss\AdsGone.lnkStartup
MSCONFIG\startupfolder: C:^Documents and Settings^Ken^Start Menu^Programs^Startup^Corel Print Office Registration.lnk => C:\WINDOWS\pss\Corel Print Office Registration.lnkStartup
MSCONFIG\startupfolder: C:^Documents and Settings^Ken^Start Menu^Programs^Startup^ctfmon.lnk => C:\WINDOWS\pss\ctfmon.lnkStartup
MSCONFIG\startupfolder: C:^Documents and Settings^Ken^Start Menu^Programs^Startup^_uninst_31060226.lnk => C:\WINDOWS\pss\_uninst_31060226.lnkStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AHQInit => C:\Program Files\Creative\SBLive\Program\AHQInit.exe
MSCONFIG\startupreg: Akamai NetSession Interface => C:\Documents and Settings\Ken\Local Settings\Application Data\Akamai\netsession_win.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BYR_AGENT => C:\LGMobileUpgrade\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: DeleteHistoryFree => C:\Program Files\DeleteHistoryFree\dhf.exe
MSCONFIG\startupreg: DIAGENT => C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE startup
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: Eraser => C:\Program Files\Eraser\Eraser.exe -hide
MSCONFIG\startupreg: FkqnDaLnwp.exe => C:\Documents and Settings\All Users\Application Data\FkqnDaLnwp.exe
MSCONFIG\startupreg: Google Update => "C:\Documents and Settings\Ken\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpqSRMon => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
MSCONFIG\startupreg: ICQ => "C:\Program Files\ICQ7.5\ICQ.exe" silent loginmode=4
MSCONFIG\startupreg: Juno_uoltray => C:\Program Files\Juno\exec.exe regrun
MSCONFIG\startupreg: KernelFaultCheck => %systemroot%\system32\dumprep 0 -k
MSCONFIG\startupreg: LVCOMS => C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
MSCONFIG\startupreg: Malwarebytes Anti-Malware (reboot) => "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
MSCONFIG\startupreg: Malwarebytes' Anti-Malware (reboot) => "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
MSCONFIG\startupreg: Mega Manager => C:\Program Files\Megaupload\Mega Manager\MegaManager.exe /Tray
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: Microsoft Works Portfolio => C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
MSCONFIG\startupreg: Microsoft Works Update Detection => C:\Program Files\Microsoft Works\WkDetect.exe
MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
MSCONFIG\startupreg: MsnMsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
MSCONFIG\startupreg: NetZero_uoltray => C:\Program Files\NetZero\exec.exe regrun
MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
MSCONFIG\startupreg: nwiz => nwiz.exe /install
MSCONFIG\startupreg: Praetorian => C:\Documents and Settings\Ken\Local Settings\Application Data\Yandex\Updater\praetorian.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: ReminderApp => C:\Program Files\Nova Development\Greeting Card Factory Photo Card Maker 2.0\ReminderApp.exe
MSCONFIG\startupreg: Share-to-Web Namespace Daemon => C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: TkBellExe => "C:\program files\real\realplayer\update\realsched.exe"  -osboot
MSCONFIG\startupreg: UpdReg => C:\WINDOWS\Updreg.exe
MSCONFIG\startupreg: WeatherMate => "C:\Program Files\WeatherMate\WeatherMate.exe"
MSCONFIG\startupreg: WorksFUD => C:\Program Files\Microsoft Works\wkfud.exe

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Microsoft Kernel Acoustic Echo Canceller
Description: Microsoft Kernel Acoustic Echo Canceller
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: aec
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/14/2014 04:39:55 AM) (Source: Apache Service) (User: )
Description: The Apache service named  reported the following error:
>>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.2.2 for ServerName     .

Error: (03/14/2014 02:29:15 AM) (Source: Application Error) (User: )
Description: Faulting application acdsee.exe, version 3.1.0.0, faulting module acdsee.exe, version 3.1.0.0, fault address 0x000a0d1a.
Processing media-specific event for [acdsee.exe!ws!]

Error: (03/13/2014 08:13:53 PM) (Source: Apache Service) (User: )
Description: The Apache service named  reported the following error:
>>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.2.2 for ServerName     .

Error: (03/13/2014 00:55:12 PM) (Source: Apache Service) (User: )
Description: The Apache service named  reported the following error:
>>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.2.2 for ServerName     .

Error: (03/12/2014 09:18:40 PM) (Source: Apache Service) (User: )
Description: The Apache service named  reported the following error:
>>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.2.2 for ServerName     .

Error: (03/12/2014 01:28:50 PM) (Source: Apache Service) (User: )
Description: The Apache service named  reported the following error:
>>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.2.2 for ServerName     .

Error: (03/12/2014 11:56:49 AM) (Source: Apache Service) (User: )
Description: The Apache service named  reported the following error:
>>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.2.2 for ServerName     .

Error: (03/12/2014 04:13:42 AM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x05600a20.
Processing media-specific event for [explorer.exe!ws!]

Error: (03/11/2014 09:09:27 PM) (Source: Apache Service) (User: )
Description: The Apache service named  reported the following error:
>>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.2.2 for ServerName     .

Error: (03/11/2014 00:53:40 PM) (Source: Apache Service) (User: )
Description: The Apache service named  reported the following error:
>>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.2.2 for ServerName     .


System errors:
=============
Error: (03/14/2014 02:05:25 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.2.2 for the Network Card with network address 00C0A87EB660 has been
denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).

Error: (03/14/2014 00:24:05 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.2.2 for the Network Card with network address 00C0A87EB660 has been
denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).

Error: (03/14/2014 00:21:45 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.2.2 for the Network Card with network address 00C0A87EB660 has been
denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).

Error: (03/11/2014 01:56:25 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.2.2 for the Network Card with network address 00C0A87EB660 has been
denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).

Error: (03/08/2014 00:59:14 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.2.2 for the Network Card with network address 00C0A87EB660 has been
denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).

Error: (03/07/2014 10:21:33 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.2.2 for the Network Card with network address 00C0A87EB660 has been
denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).

Error: (03/07/2014 01:13:36 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (03/07/2014 01:13:35 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (03/07/2014 01:13:35 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (03/07/2014 01:13:35 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126


Microsoft Office Sessions:
=========================
Error: (03/14/2014 04:39:55 AM) (Source: Apache Service)(User: )
Description: The Apache service namedreported the following error:
>>>httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.2.2 for ServerName

Error: (03/14/2014 02:29:15 AM) (Source: Application Error)(User: )
Description: acdsee.exe3.1.0.0acdsee.exe3.1.0.0000a0d1a

Error: (03/13/2014 08:13:53 PM) (Source: Apache Service)(User: )
Description: The Apache service namedreported the following error:
>>>httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.2.2 for ServerName

Error: (03/13/2014 00:55:12 PM) (Source: Apache Service)(User: )
Description: The Apache service namedreported the following error:
>>>httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.2.2 for ServerName

Error: (03/12/2014 09:18:40 PM) (Source: Apache Service)(User: )
Description: The Apache service namedreported the following error:
>>>httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.2.2 for ServerName

Error: (03/12/2014 01:28:50 PM) (Source: Apache Service)(User: )
Description: The Apache service namedreported the following error:
>>>httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.2.2 for ServerName

Error: (03/12/2014 11:56:49 AM) (Source: Apache Service)(User: )
Description: The Apache service namedreported the following error:
>>>httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.2.2 for ServerName

Error: (03/12/2014 04:13:42 AM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.5512unknown0.0.0.005600a20

Error: (03/11/2014 09:09:27 PM) (Source: Apache Service)(User: )
Description: The Apache service namedreported the following error:
>>>httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.2.2 for ServerName

Error: (03/11/2014 00:53:40 PM) (Source: Apache Service)(User: )
Description: The Apache service namedreported the following error:
>>>httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.2.2 for ServerName


==================== Memory info ===========================

Percentage of memory in use: 54%
Total physical RAM: 1023.01 MB
Available physical RAM: 465.1 MB
Total Pagefile: 1311.54 MB
Available Pagefile: 906.61 MB
Total Virtual: 2047.88 MB
Available Virtual: 1914.43 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:127.99 GB) (Free:58.44 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive f: (New Volume) (Fixed) (Total:104.89 GB) (Free:1.63 GB) NTFS
Drive g: () (Fixed) (Total:127.99 GB) (Free:35.09 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive h: (New Volume) (Fixed) (Total:104.83 GB) (Free:100.55 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 233 GB) (Disk ID: 4AAE4AAD)
Partition 1: (Active) - (Size=128 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=105 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 233 GB) (Disk ID: 43EF44D0)
Partition 1: (Active) - (Size=128 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=105 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#4 pigfoot

pigfoot
  • Topic Starter

  • Members
  • 186 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:MIAMI, FLORIDA, USA
  • Local time:09:16 PM

Posted 14 March 2014 - 10:39 PM

All browsers still seem to  load very very slow.



#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,741 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:16 PM

Posted 15 March 2014 - 07:56 AM

Please download ComboFix from one of these locations:
Link 1
Link 2
IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
RcAuto1.gif
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
whatnext.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

#6 pigfoot

pigfoot
  • Topic Starter

  • Members
  • 186 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:MIAMI, FLORIDA, USA
  • Local time:09:16 PM

Posted 20 March 2014 - 01:14 AM

I tried running COMBOFIX  but it runs about 15 seconds  then  hangs up  on some OUTPUT FOLDER  it  shoes  in  the processes box..then  it  shuts  down.  I made a video of it showing what it does on screen.

 

http://s869.photobucket.com/user/mudcatmudcat/media/combo_zps4464b5e4.mp4.html



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,741 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:16 PM

Posted 20 March 2014 - 07:37 AM

Lets try this.
Delete your current version of ComboFix.exe.

===


Download ComboFix from any of the links below but rename it to SVCHOST.EXE before saving it to your desktop. <- Important.

Link 1
Link 2
==================================
  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

    Double click on the renamed ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


RcAuto1.gif


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click combofix's window while it's running. That may cause it to stall
====

IF WE NEED TO DO SOMETHING DIFFERENT.


We need to try something different. You will need a flash drive to do this...do you have one? If so, please do the following:

A CD will do instead of the Flash Drive.

Download ComboFix from any of the links below but rename it to svchost.exe before saving it to your Flash Driver or CD. <- Important.

Link 1
Link 2

Once you have it downloaded to your Flash Drive or CD, I want you to save it directly to your C:\ drive. Be sure to do this in Normal Mode.
Double click on the renamed ComboFix.exe & follow the prompts.

* When finished, it will produce a report for you.
* Please post the C:\ComboFix.txt so we can continue cleaning the system.

#8 pigfoot

pigfoot
  • Topic Starter

  • Members
  • 186 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:MIAMI, FLORIDA, USA
  • Local time:09:16 PM

Posted 21 March 2014 - 01:39 AM

Lets try this.
Delete your current version of ComboFix.exe.

===


Download ComboFix from any of the links below but rename it to SVCHOST.EXE before saving it to your desktop. <- Important.

Link 1
Link 2
==================================

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

    Double click on the renamed ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


RcAuto1.gif


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click combofix's window while it's running. That may cause it to stall
====

IF WE NEED TO DO SOMETHING DIFFERENT.


We need to try something different. You will need a flash drive to do this...do you have one? If so, please do the following:

A CD will do instead of the Flash Drive.

Download ComboFix from any of the links below but rename it to svchost.exe before saving it to your Flash Driver or CD. <- Important.

Link 1
Link 2

Once you have it downloaded to your Flash Drive or CD, I want you to save it directly to your C:\ drive. Be sure to do this in Normal Mode.
Double click on the renamed ComboFix.exe & follow the prompts.

* When finished, it will produce a report for you.
* Please post the C:\ComboFix.txt so we can continue cleaning the system.

 

 

I am not sure how to do the last pat saving  to C  drive  as   the other part just renaming  combofix to SVCHOST.EXE   did not  work.  Do you download SVCHOST.EXE to a flash drive then when you open  SVCHOST.EXE from the  drive  you save it to c? 



#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,741 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:16 PM

Posted 21 March 2014 - 07:36 AM

I am not sure how to do the last pat saving to C drive as the other part just renaming combofix to SVCHOST.EXE did not work. Do you download SVCHOST.EXE to a flash drive then when you open SVCHOST.EXE from the drive you save it to c?


NO!

Delete the old version of ComboFix.exe.

===

Go the one of the site I suggrested and click on the dowload link.
You will be given a change to save the file, the name will be Combofix.exe.
Change that name to svchost.exe then save it.

Locate the svchost.exe, right click on the file and copy it.
Open your Control panel, righ click on the control panel and Paste the file.

You should now be able to run the file from your Control Panel.

#10 pigfoot

pigfoot
  • Topic Starter

  • Members
  • 186 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:MIAMI, FLORIDA, USA
  • Local time:09:16 PM

Posted 23 March 2014 - 01:41 PM

 

I am not sure how to do the last pat saving to C drive as the other part just renaming combofix to SVCHOST.EXE did not work. Do you download SVCHOST.EXE to a flash drive then when you open SVCHOST.EXE from the drive you save it to c?


NO!

Delete the old version of ComboFix.exe.

===

Go the one of the site I suggrested and click on the dowload link.
You will be given a change to save the file, the name will be Combofix.exe.
Change that name to svchost.exe then save it.

Locate the svchost.exe, right click on the file and copy it.
Open your Control panel, righ click on the control panel and Paste the file.

You should now be able to run the file from your Control Panel.

 

 

 

There is no option to PASTE in the control panel.  When you right click my control panel on WINDOWS XP  all you get is 2 options..."OPEN"   and  "EXPLORE"



#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,741 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:16 PM

Posted 24 March 2014 - 06:58 AM

Can you save the downloaded SVCHOST.EXE file to a Flash drive or a CD?

If you can then right click on the SVCHOST.EXE from the flash drive or CD and drag it to the control panel of the XP.

You should be able to run it from the Control Panel.

#12 pigfoot

pigfoot
  • Topic Starter

  • Members
  • 186 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:MIAMI, FLORIDA, USA
  • Local time:09:16 PM

Posted 25 March 2014 - 03:29 AM

I just put the combofix on a flash drive, renamed  it, tried to drag it to the control panel but it will not drag and stay in the control panel.  I never heard you can even drag and drop an item in or on  the control panel?  Am I missing something or am I that  computer  dumb?

 

I tried running it from the flash drive but it does the same as before..It stalls out on  OUTPUT FOLDER.


Edited by pigfoot, 25 March 2014 - 03:30 AM.


#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,741 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:16 PM

Posted 25 March 2014 - 08:25 AM

You you can drag and drop file to your Desktop in XP

Let see if we can run this repair tool.

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
XP - http://support.microsoft.com/kb/948247
Vista and Seven - http://windows.microsoft.com/en-gb/windows7/create-a-restore-point
Windows 8 - http://www.eightforums.com/tutorials/4690-restore-point-create-windows-8-a.html

Download this program to your desktop.
Tweaking.com - Windows Repair
http://www.bleepingcomputer.com/download/windows-repair-all-in-one-portable/


Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

check mark following options only.

Reset Registry Permissions
Reset File Permissions
Register System Files
Repair WMI
Repair Windows Firewall
Repair Internet Explorer
Repair MDAC & MS Jet
Repair Hosts File
Remove Policies Set By Infections
Repair Icons
Repair Winsock & DNS Cache
Remove Temp Files
Repair Proxy Settings
Unhide Non System Files
Repair Windows Updates
Repair CD/DVD Missing/Not Working
  • Checkmark Restart System When Finished option
  • click the Start button
  • System should restart after repair

Edited by nasdaq, 31 March 2014 - 07:45 AM.


#14 pigfoot

pigfoot
  • Topic Starter

  • Members
  • 186 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:MIAMI, FLORIDA, USA
  • Local time:09:16 PM

Posted 30 March 2014 - 11:14 PM

You you can drag and drop file to your Desktop in XP

Let see if we can run this repair tool.

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
XP - http://support.microsoft.com/kb/948247
Vista and Seven - http://windows.microsoft.com/en-gb/windows7/create-a-restore-point
Windows 8 - http://www.eightforums.com/tutorials/4690-restore-point-create-windows-8-a.html

Download this program to your desktop.
Tweaking.com - Windows Repair
http://www.bleepingcomputer.com/download/windows-repair-all-in-one-portable/


Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

check mark following options alone

Reset Registry Permissions
Reset File Permissions
Register System Files
Repair WMI
Repair Windows Firewall
Repair Internet Explorer
Repair MDAC & MS Jet
Repair Hosts File
Remove Policies Set By Infections
Repair Icons
Repair Winsock & DNS Cache
Remove Temp Files
Repair Proxy Settings
Unhide Non System Files
Repair Windows Updates
Repair CD/DVD Missing/Not Working

  • Checkmark Restart System When Finished option
  • click the Start button
  • System should restart after repair

 

 

 

 

I am not sure what you mean on part-check mark following alone.  Do you mean to leave check marks alone .  Can you specify which ones to put a check mark in?  I took a screenshot of what  I see when I clicked the program-

 

tweaking_zps20fd2e28.jpg



#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,741 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:16 PM

Posted 31 March 2014 - 07:45 AM

My mistake, the instructions should read

check mark following options only




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users