Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser hijacked-constant pop ups need help


  • This topic is locked This topic is locked
14 replies to this topic

#1 pigfoot

pigfoot

  • Members
  • 184 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:MIAMI, FLORIDA, USA
  • Local time:06:23 AM

Posted 05 March 2015 - 12:23 AM

I have browsers hijacked I think because there is constant pop ups with save pro  and  guru saver.  Please help.  What should I do first?

 
 


BC AdBot (Login to Remove)

 


m

#2 pigfoot

pigfoot
  • Topic Starter

  • Members
  • 184 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:MIAMI, FLORIDA, USA
  • Local time:06:23 AM

Posted 05 March 2015 - 12:44 AM

Here is the report:

 

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 11.31.2
Run by Ken at 23:39:44 on 2015-03-04
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1023.699 [GMT -6:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page =
uSearch Page = hxxp://my.juno.com/s/search?r=minisearch
uSearch Bar = hxxp://my.juno.com/s/search?r=minisearch
uInternet Settings,ProxyServer = 117.171.0.226:250
uSearchAssistant =
uSearchURL,(Default) = hxxp://my.juno.com/s/search?r=minisearch
uURLSearchHooks: H - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: MSS+ Identifier: {0e8a89ad-95d7-40eb-8d9d-083ef7066a01} - c:\program files\mcafeearrow-10x10.png security scan\3.0.318\McAfeeMSS_IE.dll
BHO: Pop-up Blocker: {52706ef7-d7a2-49ad-a615-e903858cf284} - c:\program files\netzero\qsacc\X1IEBHO.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.8.0_31\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre1.8.0_31\bin\jp2ssv.dll
BHO: NetZero Toolbar Helper: {fe3098b0-04a3-41fd-8ca9-bea39cb14c87} - c:\program files\netzero\ucreg.dll
BHO: Juno Toolbar Helper: {fe3098b1-04a3-41fd-8ca9-bea39cb14c87} - c:\program files\juno\ucreg.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: ZeroBar: {f0f8ecbe-d460-4b34-b007-56a92e8f84a7} - c:\program files\netzero\Toolbar.dll
TB: JunoBar: {5854fac4-5bf0-47dd-b5a9-a5ea8cff3cf4} - c:\program files\juno\Toolbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
uPolicies-explorer: <NO NAME> =
IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\icq7.5\ICQ.exe
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: internet
Trusted Zone: mcafeearrow-10x10.png.com
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdatearrow-10x10.png/v6/V5Controls/en/x86/client/wuweb_site.cab?1230087268602
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{68765F38-9C7B-45C6-9CFD-DA5B86395864} : DhcpNameServer = 10.0.0.1
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\40.0.2214.115\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\ken\application data\mozilla\firefox\profiles\j7s5h6jz.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.26.9\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre1.8.0_31\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre1.8.0_31\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mcafee security scanarrow-10x10.png\3.0.318\npMcAfeeMSS.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_16_0_0_305.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 Apache2.2;Apache2.2;c:\program files\apache software foundation\apache2.2\bin\httpd.exe [2009-9-28 24645]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1ca13184601dd2;Google Update Service (gupdate1ca13184601dd2);c:\program files\google\update\GoogleUpdate.exe [2009-8-1 107912]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2014-4-3 315008]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-8-1 107912]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\manycam.sys --> c:\windows\system32\drivers\ManyCam.sys [?]
S3 McComponentHostService;McAfee Security Scanarrow-10x10.png Component Host Service;c:\program files\mcafeearrow-10x10.png security scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-5-31 34248]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2015-2-7 114800]
S3 PID_0900_V;Logitech ClickSmart 310(PID_0900_V);c:\windows\system32\drivers\LV551AV.sys [2009-2-7 220055]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== Created Last 30 ================
.
2015-03-05 05:06:41    --------    d-----w-    c:\windows\system32\wbem\repository\FS
2015-03-05 05:06:41    --------    d-----w-    c:\windows\system32\wbem\Repository
2015-03-04 21:38:49    --------    d-----w-    c:\program files\SaverPrio
2015-03-04 21:37:58    --------    d-----w-    c:\program files\MoviePile Downloader
2015-03-04 21:35:37    --------    d-----w-    c:\program files\topdeAl
2015-03-04 21:34:48    --------    d-----w-    c:\program files\SaaverPrOi
2015-03-04 08:00:46    --------    d-----w-    c:\program files\ReactorSys
2015-02-11 18:20:18    --------    d-----w-    c:\documents and settings\all users\application data\b47c311700000fda
2015-02-11 18:19:26    --------    d-----w-    c:\program files\Media Freeware
2015-02-11 18:18:39    --------    d-----w-    c:\documents and settings\ken\application data\Binkiland
2015-02-11 18:18:06    --------    d-----w-    c:\documents and settings\ken\local settings\application data\Setup1937531
2015-02-11 18:17:44    --------    d-----w-    c:\program files\WSE_Binkiland
2015-02-11 18:17:38    --------    d-----w-    c:\documents and settings\ken\local settings\application data\teri
2015-02-11 18:17:29    --------    d-----w-    c:\program files\IntelliTerm_1.10.0.8
.
==================== Find3M  ====================
.
2015-02-07 06:29:43    71344    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2015-02-07 06:29:43    701616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2015-01-30 08:08:25    96680    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2015-01-30 08:08:23    146432    ----a-w-    c:\windows\system32\javacpl.cpl
2015-01-06 19:24:07    114904    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2013-12-14 08:17:36    50053120    ----a-w-    c:\program files\GUT168.tmp
2013-12-14 08:10:01    50053120    ----a-w-    c:\program files\GUT159.tmp
2001-08-18 12:00:00    94784    -csha-w-    c:\windows\twain.dll
2008-04-14 00:12:07    50688    --sha-w-    c:\windows\twain_32.dll
2011-02-08 13:33:55    978944    --sha-w-    c:\windows\system32\mfc42.dll
2008-04-14 00:12:01    57344    --sha-w-    c:\windows\system32\msvcirt.dll
2008-04-14 00:12:01    413696    --sha-w-    c:\windows\system32\msvcp60.dll
2013-01-26 03:55:44    552448    --sha-w-    c:\windows\system32\oleaut32.dll
2008-04-14 00:12:32    11776    --sha-w-    c:\windows\system32\regsvr32.exe
.
============= FINISH: 23:40:48.90 ===============
 

 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 10/13/2008 11:52:11 PM
System Uptime: 3/4/2015 11:33:30 PM (0 hours ago)
.
Motherboard: Dell Computer Corporation |  | Dimension 8200               
Processor:               Intel® Pentium® 4 CPU 2.00GHz | Microprocessor | 1994/100mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 128 GiB total, 4.914 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (NTFS) - 105 GiB total, 1.428 GiB free.
G: is FIXED (NTFS) - 128 GiB total, 35.128 GiB free.
H: is FIXED (NTFS) - 105 GiB total, 90.619 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ROOT\NET\0000
Manufacturer:
Name:
PNP Device ID: ROOT\NET\0000
Service:
.
Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Microsoft Kernel Acoustic Echo Canceller
Device ID: SW\{4245FF73-1DB4-11D2-86E4-98AE20524153}\{9B365890-165F-11D0-A195-0020AFD156E4}
Manufacturer: Microsoft
Name: Microsoft Kernel Acoustic Echo Canceller
PNP Device ID: SW\{4245FF73-1DB4-11D2-86E4-98AE20524153}\{9B365890-165F-11D0-A195-0020AFD156E4}
Service: aec
.
==== System Restore Points ===================
.
RP559: 12/4/2014 1:11:11 AM - System Checkpoint
RP560: 12/5/2014 1:26:24 AM - System Checkpoint
RP561: 12/7/2014 10:41:14 PM - System Checkpoint
RP562: 12/14/2014 12:22:55 AM - System Checkpoint
RP563: 12/15/2014 12:47:51 AM - System Checkpoint
RP564: 12/16/2014 7:17:51 PM - System Checkpoint
RP565: 12/19/2014 12:41:59 AM - System Checkpoint
RP566: 12/20/2014 11:00:02 PM - System Checkpoint
RP567: 12/22/2014 1:56:00 AM - System Checkpoint
RP568: 12/24/2014 6:59:41 PM - System Checkpoint
RP569: 12/26/2014 12:09:05 AM - System Checkpoint
RP570: 12/27/2014 2:22:16 PM - System Checkpoint
RP571: 12/28/2014 8:51:24 PM - System Checkpoint
RP572: 12/31/2014 9:39:35 PM - System Checkpoint
RP573: 1/2/2015 7:41:13 PM - System Checkpoint
RP574: 1/4/2015 4:00:46 PM - System Checkpoint
RP575: 1/5/2015 10:13:46 PM - System Checkpoint
RP576: 1/8/2015 1:54:31 AM - System Checkpoint
RP577: 1/9/2015 3:23:20 PM - System Checkpoint
RP578: 1/10/2015 3:54:24 PM - System Checkpoint
RP579: 1/12/2015 8:31:42 PM - System Checkpoint
RP580: 1/16/2015 1:27:47 PM - System Checkpoint
RP581: 1/21/2015 10:11:39 PM - System Checkpoint
RP582: 1/23/2015 2:46:30 AM - System Checkpoint
RP583: 1/24/2015 5:32:41 AM - System Checkpoint
RP584: 1/25/2015 5:39:42 AM - System Checkpoint
RP585: 1/26/2015 7:06:55 AM - System Checkpoint
RP586: 1/27/2015 7:16:46 AM - System Checkpoint
RP587: 1/28/2015 1:55:22 PM - System Checkpoint
RP588: 1/29/2015 2:58:04 PM - System Checkpoint
RP589: 1/30/2015 3:18:57 PM - System Checkpoint
RP590: 1/31/2015 6:08:03 PM - System Checkpoint
RP591: 2/1/2015 7:04:39 PM - System Checkpoint
RP592: 2/2/2015 7:35:28 PM - System Checkpoint
RP593: 2/3/2015 8:13:42 PM - System Checkpoint
RP594: 2/4/2015 8:15:00 PM - System Checkpoint
RP595: 2/5/2015 8:29:37 PM - System Checkpoint
RP596: 2/6/2015 9:01:14 PM - System Checkpoint
RP597: 2/7/2015 10:36:03 PM - System Checkpoint
RP598: 2/8/2015 10:49:31 PM - System Checkpoint
RP599: 2/11/2015 1:51:15 AM - System Checkpoint
RP600: 2/11/2015 12:19:25 PM - Installed Free Auto Shutdown
RP601: 2/11/2015 12:25:20 PM - Restore Operation
RP602: 2/13/2015 7:51:16 PM - System Checkpoint
RP603: 2/14/2015 9:22:01 PM - System Checkpoint
RP604: 2/16/2015 2:01:27 PM - System Checkpoint
RP605: 2/17/2015 2:14:44 PM - System Checkpoint
RP606: 2/19/2015 12:42:53 AM - System Checkpoint
RP607: 2/20/2015 8:08:32 PM - System Checkpoint
RP608: 2/21/2015 10:48:58 PM - System Checkpoint
RP609: 2/22/2015 10:53:58 PM - System Checkpoint
RP610: 2/24/2015 4:20:08 PM - System Checkpoint
RP611: 2/25/2015 9:22:22 PM - System Checkpoint
RP612: 2/26/2015 11:03:31 PM - System Checkpoint
RP613: 2/27/2015 11:10:14 PM - System Checkpoint
RP614: 3/1/2015 12:25:01 AM - System Checkpoint
RP615: 3/4/2015 11:05:15 PM - Restore Operation
.
==== Installed Programs ======================
.
µTorrent
32 Bit HP CIO Components Installer
7-Zip 9.20
ACDSee
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 16 NPAPI
Adobe Illustrator CS5
Adobe Reader XI (11.0.08)
AdsGone Spyware Blocker Popup Killer 2009 8.0.0 build 1!
Akamai NetSession Interface
AoA Audio Extractor
Apache HTTP Server 2.2.14
Apple Application Support
Apple Software Update
Applian FLV Player
ArcSoft PhotoFantasy
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.3
Bass Audio Decoder (remove only)
Best Anonymous Browser
Blaze Media Pro
BufferChm
Burn4Free CD & DVD 5.1.0.0
BusinessCards MX
CCleaner
ClickBook 14
Copy
Corel Applications
Critical Update for Windows Media Player 11 (KB959772)
DeleteHistoryFree
Dell ResourceCD
Destination Component
DeviceDiscovery
DJ_AIO_05_F4400_Software_Min
eFax Messenger Plus
Elecard Codec SDK G4 Eval
eMule
EPSON Printer Software
Eraser 5.8.8
ESET Online Scanner v3
F4400
FFMPEG Core Files (remove only)
File-Saver
Free MOV 2 AVI
Google Chrome
Google Update Helper
GPBaseService2
Greeting Card Factory Photo Card Maker 2.0
Hewlett-Packard ACLM.NET v1.1.0.0
Hide My IP 5.1
Hide The IP 2009
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Deskjet F4400 All-In-One Driver Software 12.0 Rel .5
HP Imaging Device Functions 12.0
HP Product Detection
HP Smart Web Printing
HP Solution Center 12.0
HP SwfScan
HP Update
HPProductAssistant
ICQ7.5
InfraRecorder
Java 8 Update 31
Java Auto Updater
JavaFX 2.0.3
Junk Mail filter update
Juno Internet
KMPlayer (remove only)
LG VZW United Drivers
liteCAM
Logitech QuickCam
Magic M4A to MP3 Converter 3.1
Malwarebytes Anti-Malware version 2.0.4.1028
ManyCam 2.6.43 (remove only)
McAfee Security Scan Plus
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Picture It! Photo 2002
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219
Microsoft Works 2002 Setup Launcher
Microsoft XML Parser
Modem Helper
Mozilla Firefox 35.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
NeoDownloader 2.6.3
NeoDownloader Lite 2.4
Nero 12 Full Repack
Nero 8 Essentials
neroxml
NetZero Internet
NVIDIA Display Driver
NVIDIA Windows 2000/XP Display Drivers
OpenSource AVI Splitter (remove only)
OpenSource Flash Video Splitter (remove only)
Opera 11.64
Opera 12.17
PhoneTools
PowerDVD
QuickCam Drivers
QuickTime
Scan
Secure-Delete 1.0
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB2879017)
Security Update for Windows Internet Explorer 8 (KB2888505)
Security Update for Windows Internet Explorer 8 (KB2898785)
Security Update for Windows Internet Explorer 8 (KB2909210)
Security Update for Windows Internet Explorer 8 (KB2909921)
Security Update for Windows Internet Explorer 8 (KB2925418)
Security Update for Windows Internet Explorer 8 (KB2936068)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB2834904)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2893984)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB2914368)
Security Update for Windows XP (KB2916036)
Security Update for Windows XP (KB2922229)
Security Update for Windows XP (KB2929961)
Security Update for Windows XP (KB2930275)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Segoe UI
Skype™ 6.20
SmartWebPrinting
SnagIt 6
SolutionCenter
Sothink SWF Quicker
Sound Blaster Live! Value
Status
SUPERAntiSpyware
TimeLeft
Toolbox
TrayApp
Trillian
Undelete File Recovery
Unlocker 1.9.2
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB2904266)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
VC80CRTRedist - 8.0.50727.6195
VCRedistSetup
Video Thumbnails Maker by Scorp (remove only)
VKMusic 4
VLC media player 2.0.1
VSO Media Player 1.4.10.498
Vuze
WeatherMate
WebFldrs XP
WebReg
Windows Imaging Component
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
Winmx Community 1
WinRAR archiver
Works Suite OS Pack
Works Synchronization
X-Lite 3.0
Xvid 1.1.3 final uninstall
Yahoo! Messenger
Yahoo! Software Update
Zoom Player (remove only)
.
==== Event Viewer Messages From Past Week ========
.
2/28/2015 5:18:00 AM, error: Schedule [7901]  - The At1.job command failed to start due to the following error:  %%2147942402
2/28/2015 2:29:06 PM, error: NetBT [4311]  - Initialization failed because the driver device could not be created.
.
==== End Of File ===========================
 

 

 

 



#3 pigfoot

pigfoot
  • Topic Starter

  • Members
  • 184 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:MIAMI, FLORIDA, USA
  • Local time:06:23 AM

Posted 05 March 2015 - 05:42 AM

More reports to maybe help solve this quicker:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.3 (03.01.2015:1)
OS: Microsoft Windows XP x86
Ran by Ken on Thu 03/05/2015 at  4:05:31.98
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registryarrow-10x10.png Values

Successfully repaired: [Registryarrow-10x10.png Value] HKEY_CURRENT_USER\Softwarearrow-10x10.png\Microsoft\Internet Explorer\Main\\Search Bar
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Softwarearrow-10x10.png\Microsoft\Internet Explorer\Main\\Search Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{88BA080D-DF1A-45D2-8CE2-8461E30FBFFE}



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Documents and Settings\Ken\Application Data\mozilla\firefox\profiles\j7s5h6jz.default\prefs.js

user_pref("extensions.wD2OFxbDlNHLU4JI.scode", "(function(){try{if(window.self.location.href.indexOf(\"rjn9qjY6qTUFrjw6rdk8rTY8qTn\")>-1){return;}}catch(e){}try{var d=[[\"aceb
user_pref("extensions.zonealarm.hmpgUrl", "hxxp://search.zonealarm.com/?src=hp&tbid=base2013&Lan=en&gu=34784decf32a4d059f4e4bdfe5642db3&tu=11LH0008l2B0008&sku=&tstsId=&ver=&")
user_pref("extensions.zonealarm.kw_url", "hxxp://search.zonealarm.com/search?src=sp&tbid=base2013&Lan=en&gu=34784decf32a4d059f4e4bdfe5642db3&tu=11LH0008l2B0008&sku=&tstsId=&ve
user_pref("extensions.zonealarm.newTabUrl", "hxxp://search.zonealarm.com/?src=nt&tbid=base2013&Lan=en&gu=34784decf32a4d059f4e4bdfe5642db3&tu=11LH0008l2B0008&sku=&tstsId=&ver=&
user_pref("extensions.zonealarm.tlbrSrchUrl", "hxxp://search.zonealarm.com/search?src=tb&tbid=base2013&Lan={dfltLng}&gu=34784decf32a4d059f4e4bdfe5642db3&tu=11LH0008l2B0008&sku
Emptied folder: C:\Documents and Settings\Ken\Application Data\mozilla\firefox\profiles\j7s5h6jz.default\minidumps [89 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scanarrow-10x10.png was completed on Thu 03/05/2015 at  4:11:14.31
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

MiniToolBox by Farbar  Version: 30-11-2014
Ran by Ken (administrator) on 05-03-2015 at 04:16:42
Running from "C:\Documents and Settings\Ken\Desktop"
Microsoft Windows XP Home Edition Service Packarrow-10x10.png 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: 117.171.0.226:250

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================




127.0.0.1       localhost

========================= IP Configuration: ================================

Realtek RTL8139 Family PCI Fast Ethernet NIC = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration         
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



        Host Name . . . . . . . . . . . . : ken-rw9ij6pkv6s

        Primary Dns Suffix  . . . . . . . :

        Node Type . . . . . . . . . . . . : Unknown

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No

        DNS Suffix Search List. . . . . . : westell.com



Ethernet adapter Local Area Connection:



        Connection-specific DNS Suffix  . : westell.com

        Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethernet NIC

        Physical Address. . . . . . . . . : 00-C0-A8-7E-B6-60

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 10.0.0.30

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        Default Gateway . . . . . . . . . : 10.0.0.1

        DHCP Server . . . . . . . . . . . : 10.0.0.1

        DNS Servers . . . . . . . . . . . : 10.0.0.1

        Lease Obtained. . . . . . . . . . : Wednesday, March 04, 2015 11:34:02 PM

        Lease Expires . . . . . . . . . . : Thursday, March 05, 2015 11:34:02 PM

Server:  dslrouter.westell.com
Address:  10.0.0.1

Name:    google.com
Address:  216.58.218.174



Pinging google.com [216.58.218.174] with 32 bytes of data:



Reply from 216.58.218.174: bytes=32 time=32ms TTL=57

Reply from 216.58.218.174: bytes=32 time=31ms TTL=57



Ping statistics for 216.58.218.174:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 31ms, Maximum = 32ms, Average = 31ms

Server:  dslrouter.westell.com
Address:  10.0.0.1

Name:    yahoo.com
Addresses:  98.138.253.109, 206.190.36.45, 98.139.183.24



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Reply from 98.139.183.24: bytes=32 time=85ms TTL=51

Reply from 98.139.183.24: bytes=32 time=83ms TTL=51



Ping statistics for 98.139.183.24:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 83ms, Maximum = 85ms, Average = 84ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 c0 a8 7e b6 60 ...... Realtek RTL8139 Family PCI Fast Ethernet NIC
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         10.0.0.1       10.0.0.30      20
         10.0.0.0    255.255.255.0        10.0.0.30       10.0.0.30      20
        10.0.0.30  255.255.255.255        127.0.0.1       127.0.0.1      20
   10.255.255.255  255.255.255.255        10.0.0.30       10.0.0.30      20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1      1
        224.0.0.0        240.0.0.0        10.0.0.30       10.0.0.30      20
  255.255.255.255  255.255.255.255        10.0.0.30       10.0.0.30      1
Default Gateway:          10.0.0.1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\system32\nwprovau.dll [142336] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 17 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)

**** End of log ****
 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-03-2015
Ran by Ken (administrator) on KEN-RW9IJ6PKV6S on 05-03-2015 04:20:48
Running from C:\Documents and Settings\Ken\Desktop
Loaded Profiles: Ken & Administrator (Available profiles: Ken & Administrator)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Creative Technology Ltd.) C:\WINDOWS\system32\devldr32.exe
(Apache Software Foundation) C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
(Apache Software Foundation) C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
HKU\S-1-5-21-329068152-688789844-839522115-1004\...\Policies\Explorer: []
HKU\S-1-5-21-329068152-688789844-839522115-500\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-329068152-688789844-839522115-500\...\RunOnce: [SpybotDeletingB6242] => command.com /c del "C:\Documents and Settings\All Users\Start Menu\Programs\WinClear\Uninstall WinClear .lnk"
HKU\S-1-5-21-329068152-688789844-839522115-500\...\RunOnce: [SpybotDeletingD5559] => cmd.exe /c del "C:\Documents and Settings\All Users\Start Menu\Programs\WinClear\Uninstall WinClear .lnk"
HKU\S-1-5-21-329068152-688789844-839522115-500\...\RunOnce: [SpybotDeletingB1819] => command.com /c del "C:\Documents and Settings\All Users\Start Menu\Programs\WinClear\WinClear .lnk"
HKU\S-1-5-21-329068152-688789844-839522115-500\...\RunOnce: [SpybotDeletingD3887] => cmd.exe /c del "C:\Documents and Settings\All Users\Start Menu\Programs\WinClear\WinClear .lnk"
HKU\S-1-5-21-329068152-688789844-839522115-500\...\RunOnce: [SpybotDeletingB8154] => command.com /c del "C:\Program Files\WinClear\PluginList.xml"
HKU\S-1-5-21-329068152-688789844-839522115-500\...\RunOnce: [SpybotDeletingD4606] => cmd.exe /c del "C:\Program Files\WinClear\PluginList.xml"
HKU\S-1-5-21-329068152-688789844-839522115-500\...\RunOnce: [SpybotDeletingB9438] => command.com /c del "C:\Program Files\WinClear\SpotList.xml"
HKU\S-1-5-21-329068152-688789844-839522115-500\...\RunOnce: [SpybotDeletingD1988] => cmd.exe /c del "C:\Program Files\WinClear\SpotList.xml"
HKU\S-1-5-21-329068152-688789844-839522115-500\...\RunOnce: [SpybotDeletingB4792] => command.com /c del "C:\Program Files\WinClear\WinClear.exe"
HKU\S-1-5-21-329068152-688789844-839522115-500\...\RunOnce: [SpybotDeletingD6092] => cmd.exe /c del "C:\Program Files\WinClear\WinClear.exe"
HKU\S-1-5-21-329068152-688789844-839522115-500\...\RunOnce: [NeroHomeFirstStart] => C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe [19240 2008-01-04] (Nero AG)
HKU\S-1-5-21-329068152-688789844-839522115-500\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil10s_Plugin.exe -update plugin
HKU\S-1-5-21-329068152-688789844-839522115-500\...\Policies\Explorer: [NoSetActiveDesktop] 0

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-329068152-688789844-839522115-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-329068152-688789844-839522115-1004\Software\Microsoft\Internet Explorer\Main,Start Page =
HKU\S-1-5-21-329068152-688789844-839522115-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-329068152-688789844-839522115-500\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
URLSearchHook: [S-1-5-21-329068152-688789844-839522115-1004] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: HKU\S-1-5-21-329068152-688789844-839522115-1004 - (No Name) - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} -  No File
URLSearchHook: [S-1-5-21-329068152-688789844-839522115-500] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-329068152-688789844-839522115-1004 -> Moikrug URL = http://moikrug.ru/persons/?clid=48578&charset=utf-8&keywords={searchTerms}&submitted=1
SearchScopes: HKU\S-1-5-21-329068152-688789844-839522115-1004 -> Yandex URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie8
SearchScopes: HKU\S-1-5-21-329068152-688789844-839522115-1004 -> {0B4E655B-C124-4B66-939A-CE98A637404F} URL = http://www.flickr.com/search/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-329068152-688789844-839522115-1004 -> {5F0969D7-3FDA-4B3D-A865-2C1562A2F2BA} URL = http://delicious.com/search?p={searchTerms}
SearchScopes: HKU\S-1-5-21-329068152-688789844-839522115-1004 -> {D3C0278A-5D7E-495C-96AF-A232818368CB} URL = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Pop-up Blocker -> {52706EF7-D7A2-49AD-A615-E903858CF284} -> C:\Program Files\NetZero\qsacc\X1IEBHO.dll (NetZero, Inc.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO: NetZero Toolbar Helper -> {FE3098B0-04A3-41fd-8CA9-BEA39CB14C87} -> C:\Program Files\NetZero\ucreg.dll (NetZero, Inc.)
BHO: Juno Toolbar Helper -> {FE3098B1-04A3-41fd-8CA9-BEA39CB14C87} -> C:\Program Files\Juno\ucreg.dll (Juno, Inc.)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll (NetZero, Inc.)
Toolbar: HKLM - JunoBar - {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - C:\Program Files\Juno\Toolbar.dll (Juno, Inc.)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204
Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [77824 2008-05-13] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\j7s5h6jz.default
FF DefaultSearchEngine: Binkiland
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\j7s5h6jz.default\searchplugins\binkiland.xml
FF Extension: FoxyProxy Standard - C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\j7s5h6jz.default\Extensions\foxyproxy@eric.h.jung [2011-09-08]
FF Extension: Візуальныя закладкі - C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\j7s5h6jz.default\Extensions\vb@yandex.ru [2014-03-07]
FF Extension: SaaverPrOi - C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\j7s5h6jz.default\Extensions\xxfRBT@U.edu [2015-03-04]
FF Extension: Greasemonkey - C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\j7s5h6jz.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2010-02-13]
FF Extension: YouTube Center - C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\j7s5h6jz.default\Extensions\jid1-cwbvBTE216jjpg@jetpack.xpi [2014-06-10]
FF Extension: Adblock Plus - C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\j7s5h6jz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-08]
FF Extension: Hide My IP - C:\Program Files\Mozilla Firefox\extensions\staff@hide-my-ip(2).com [2009-03-04]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-14]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2012-06-13]
FF HKU\S-1-5-21-329068152-688789844-839522115-1004\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://binkiland.com/?f=7&a=bnk_ir_15_07&cd=2XzuyEtN2Y1L1QzutDtD0CtD0AzzyB0E0ByCyCtDtDyCyByBtN0D0Tzu0StCtCtAyBtN1L2XzutAtFzztFtDtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyBtAyC0EyCyByDzytGyBtBzzyEtG0BtD0EzztG0E0EyByCtGyDzy0C0Bzy0FtDyB0E0EyBtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzy0EyB0B0C0A0EtG0CtB0CzztGyEtBtAtAtG0ByD0AyBtGtCtA0D0A0FtCyC0BtByCyBtB2Q&cr=1612777799&ir=",
            "https://www.google.com/"
CHR DefaultSearchKeyword: Default -> binkiland.com
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Profile: C:\Documents and Settings\Ken\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Ken\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-21]
CHR Extension: (MoviePile Downloader) - C:\Documents and Settings\Ken\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jffbcpkfdlpegbadfomimojhgaaoaeed [2015-03-04]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Ken\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-21]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path Or update_url value

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apache2.2; C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe [24645 2009-09-28] (Apache Software Foundation) [File not signed]
S2 gupdate1ca13184601dd2; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-10-24] (Google Inc.)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2008-10-16] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [135168 2008-10-16] (Hewlett-Packard Co.) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [270336 2001-02-23] (Microsoft Corporation) [File not signed]
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S3 idsvc; "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 basic2; C:\WINDOWS\System32\DRIVERS\basic2.sys [77426 2001-09-07] (Conexant Systems)
S3 bvrp_pci; C:\WINDOWS\system32\Drivers\bvrp_pci.sys [4272 2001-06-20] () [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R3 ctljystk; C:\WINDOWS\System32\DRIVERS\ctljystk.sys [3712 2001-08-17] (Creative Technology Ltd.)
R3 emu10k; C:\WINDOWS\System32\drivers\emu10k1f.sys [777088 2001-09-13] (Creative Technology Ltd.)
R3 emu10k1; C:\WINDOWS\System32\drivers\ctlface.sys [6912 2001-07-11] (Creative Technology Ltd.)
R3 Eplpdx02; C:\WINDOWS\system32\Drivers\EPLPDX02.SYS [70084 2001-08-09] (MK Systems CO., LTD.) [File not signed]
R2 Fallback; C:\WINDOWS\System32\DRIVERS\fallback.sys [310899 2001-09-07] (Conexant Systems)
R2 Fsks; C:\WINDOWS\System32\DRIVERS\fsksnt.sys [127405 2001-09-07] (Conexant Systems)
R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2008-10-13] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2008-10-13] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2008-10-13] (HP)
S3 HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFBS2S2.sys [220032 2004-08-03] (Conexant Systems, Inc.)
S3 HSF_DP; C:\WINDOWS\System32\DRIVERS\HSFDPSP2.sys [1041536 2004-08-03] (Conexant Systems, Inc.)
S3 hsf_msft; C:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys [542879 2001-08-17] (Conexant)
R2 K56; C:\WINDOWS\System32\DRIVERS\k56nt.sys [426783 2001-09-07] (Conexant Systems)
S3 LVBulk; C:\WINDOWS\System32\DRIVERS\LVBulk.sys [10261 2002-02-01] (Logitech Inc.)
S3 mferkdk; C:\WINDOWS\System32\drivers\mferkdk.sys [34248 2010-02-17] (McAfee, Inc.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R1 OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [13632 2001-08-22] (Dell Computer Corporation) [File not signed]
R2 PfModNT; C:\WINDOWS\system32\PfModNT.sys [6752 1999-12-17] (Creative Technology Ltd.) [File not signed]
S3 PID_0900_V; C:\WINDOWS\System32\DRIVERS\LV551AV.sys [220055 2002-02-01] (Logitech Inc.)
R3 Rksample; C:\WINDOWS\System32\DRIVERS\rksample.sys [67654 2001-09-07] (Conexant Systems)
R3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12872 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67656 2010-05-10] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 sfman; C:\WINDOWS\System32\drivers\sfman.sys [36992 2001-08-31] (Creative Technology Ltd.)
R2 SoftFax; C:\WINDOWS\System32\DRIVERS\faxnt.sys [217019 2001-09-07] (Conexant Systems)
R2 SpeakerPhone; C:\WINDOWS\System32\DRIVERS\spkpnt.sys [80449 2001-09-07] (Conexant Systems)
R2 Tones; C:\WINDOWS\System32\DRIVERS\tonesnt.sys [56607 2001-09-07] (Conexant Systems)
S3 usbbus; C:\WINDOWS\System32\DRIVERS\lgusbbus.sys [13056 2013-04-24] (LG Electronics Inc.)
S3 UsbDiag; C:\WINDOWS\System32\DRIVERS\lgusbdiag.sys [20864 2013-04-24] (LG Electronics Inc.)
S3 USBModem; C:\WINDOWS\System32\DRIVERS\lgusbmodem.sys [25216 2013-04-24] (LG Electronics Inc.)
R2 V124; C:\WINDOWS\System32\DRIVERS\v124nt.sys [534125 2001-09-07] (Conexant Systems)
S3 vulfnths; C:\WINDOWS\System32\Drivers\vulfnth.sys [6912 2003-08-04] (VIA Technologies, Inc.) [File not signed]
R3 vulfntrs; C:\WINDOWS\System32\Drivers\vulfntr.sys [11392 2003-08-04] (VIA Technologies, Inc.) [File not signed]
S4 hpt3xx; No ImagePath
S3 ManyCam; system32\DRIVERS\ManyCam.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 TlntSvr; No ImagePath
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]
U3 mbr; \??\C:\DOCUME~1\Ken\LOCALS~1\Temp\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-05 04:20 - 2015-03-05 04:21 - 00019368 _____ () C:\Documents and Settings\Ken\Desktop\FRST.txt
2015-03-05 04:19 - 2015-03-05 04:19 - 01132544 _____ (Farbar) C:\Documents and Settings\Ken\Desktop\FRST.exe
2015-03-05 04:16 - 2015-03-05 04:16 - 00006883 _____ () C:\Documents and Settings\Ken\Desktop\Result.txt
2015-03-05 04:11 - 2015-03-05 04:11 - 00002137 _____ () C:\Documents and Settings\Ken\Desktop\JRT.txt
2015-03-04 15:38 - 2015-03-04 23:05 - 00000000 ____D () C:\Program Files\SaverPrio
2015-03-04 15:37 - 2015-03-04 23:05 - 00000000 ____D () C:\Program Files\MoviePile Downloader
2015-03-04 15:35 - 2015-03-04 23:05 - 00000000 ____D () C:\Program Files\topdeAl
2015-03-04 15:34 - 2015-03-04 23:05 - 00000000 ____D () C:\Program Files\SaaverPrOi
2015-03-04 02:00 - 2015-03-04 23:07 - 00000000 ____D () C:\Program Files\ReactorSys
2015-02-11 12:20 - 2015-03-04 02:01 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\b47c311700000fda
2015-02-11 12:19 - 2015-02-11 12:19 - 00000000 ____D () C:\Program Files\Media Freeware
2015-02-11 12:18 - 2015-03-05 04:18 - 00000410 _____ () C:\WINDOWS\Tasks\At1.job
2015-02-11 12:18 - 2015-02-11 12:25 - 00000000 ____D () C:\Documents and Settings\Ken\Local Settings\Application Data\Setup1937531
2015-02-11 12:18 - 2015-02-11 12:18 - 00000000 ____D () C:\Documents and Settings\Ken\Application Data\Binkiland
2015-02-11 12:17 - 2015-02-11 12:26 - 00000000 ____D () C:\Program Files\WSE_Binkiland
2015-02-11 12:17 - 2015-02-11 12:26 - 00000000 ____D () C:\Program Files\IntelliTerm_1.10.0.8
2015-02-11 12:17 - 2015-02-11 12:25 - 00000000 ____D () C:\Documents and Settings\Ken\Local Settings\Application Data\teri
2015-02-07 00:20 - 2015-02-07 00:20 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-02-07 00:20 - 2015-02-07 00:20 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Mozilla
2015-02-05 15:04 - 2015-02-05 15:04 - 00000000 ____D () C:\Documents and Settings\Ken\Application Data\VSO

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-05 04:21 - 2011-12-06 21:50 - 00000000 ____D () C:\Documents and Settings\Ken\Local Settings\temp
2015-03-05 04:20 - 2014-03-14 03:54 - 00000000 ____D () C:\FRST
2015-03-05 04:14 - 2014-01-09 18:47 - 00401920 _____ (Farbar) C:\Documents and Settings\Ken\Desktop\MiniToolBox.exe
2015-03-05 04:05 - 2009-08-01 20:34 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-05 04:03 - 2013-08-19 17:41 - 01388333 _____ (Thisisu) C:\Documents and Settings\Ken\Desktop\JRT.exe
2015-03-04 23:35 - 2011-12-03 20:09 - 01764742 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-04 23:34 - 2013-01-17 23:21 - 00000296 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-329068152-688789844-839522115-1004.job
2015-03-04 23:34 - 2013-01-17 23:05 - 00000274 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-329068152-688789844-839522115-1004.job
2015-03-04 23:34 - 2011-06-15 02:44 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-03-04 23:34 - 2011-06-15 02:44 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2015-03-04 23:34 - 2010-03-27 19:21 - 00000274 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-329068152-688789844-839522115-1004.job
2015-03-04 23:34 - 2009-08-01 20:34 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-04 23:34 - 2008-10-13 22:49 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-04 23:32 - 2011-06-15 02:43 - 00031782 _____ () C:\WINDOWS\SchedLgU.Txt
2015-03-04 23:32 - 2008-10-13 22:58 - 00000178 ___SH () C:\Documents and Settings\Ken\ntuser.ini
2015-03-04 23:07 - 2001-08-18 06:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2015-03-04 23:06 - 2010-01-24 22:31 - 00000000 ____D () C:\Documents and Settings\Administrator
2015-03-04 23:06 - 2008-10-13 22:57 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2015-03-04 23:06 - 2008-10-13 22:57 - 00000000 __SHD () C:\Documents and Settings\LocalService
2015-03-04 23:06 - 2008-10-13 22:46 - 00000000 ____D () C:\WINDOWS\Registration
2015-03-04 14:59 - 2009-07-29 22:28 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat
2015-03-04 05:05 - 2010-03-03 00:55 - 00000000 ____D () C:\Documents and Settings\Ken\Application Data\vlc
2015-03-04 04:24 - 2011-12-29 23:41 - 00000000 ____D () C:\Documents and Settings\Ken\My Documents\camvis-dec
2015-03-03 03:35 - 2009-01-01 22:39 - 00000000 ____D () C:\Documents and Settings\Ken\My Documents\emoticons
2015-03-02 05:51 - 2008-10-14 01:00 - 00000000 ____D () C:\Documents and Settings\Ken\My Documents\streamate-vids
2015-03-01 17:24 - 2012-03-17 00:21 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TEMP
2015-02-28 17:20 - 2011-09-27 20:50 - 00002195 _____ () C:\Documents and Settings\Ken\Desktop\newyahoo-omg.txt
2015-02-28 16:11 - 2008-10-14 00:52 - 00205312 _____ () C:\Documents and Settings\Ken\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-28 15:16 - 2010-12-14 02:34 - 00000069 _____ () C:\WINDOWS\NeroDigital.ini
2015-02-26 23:27 - 2013-01-17 23:05 - 00000282 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-329068152-688789844-839522115-1004.job
2015-02-26 23:21 - 2013-01-17 23:21 - 00000322 _____ () C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-329068152-688789844-839522115-1004.job
2015-02-25 16:41 - 2013-07-17 03:59 - 00635378 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-329068152-688789844-839522115-1004-0.dat
2015-02-25 16:41 - 2013-07-17 03:59 - 00258466 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2015-02-25 16:29 - 2015-01-26 04:31 - 00000000 ____D () C:\KMPlayer
2015-02-25 16:09 - 2012-03-16 00:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Zoom Player
2015-02-22 01:54 - 2008-10-14 00:53 - 00000000 ____D () C:\Documents and Settings\Ken\My Documents\passwordss
2015-02-20 03:07 - 2014-02-08 01:37 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-02-12 23:43 - 2010-03-27 19:21 - 00000282 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-688789844-839522115-1004.job
2015-02-12 23:36 - 2013-01-17 23:21 - 00000304 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-329068152-688789844-839522115-1004.job
2015-02-07 11:57 - 2008-12-24 02:23 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-02-07 00:30 - 2014-08-20 04:12 - 00000000 ____D () C:\Documents and Settings\Ken\Local Settings\Application Data\Adobe
2015-02-07 00:29 - 2012-04-04 21:12 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-02-07 00:29 - 2011-05-23 18:17 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-02-07 00:20 - 2013-11-19 13:50 - 00000730 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-07 00:20 - 2011-05-24 03:34 - 00000724 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

==================== Files in the root of some directories =======

2013-12-14 02:10 - 2013-12-14 02:10 - 50053120 _____ () C:\Program Files\GUT159.tmp
2013-12-14 02:17 - 2013-12-14 02:17 - 50053120 _____ () C:\Program Files\GUT168.tmp
2010-10-19 23:19 - 2010-10-19 23:19 - 0000186 ____C () C:\Documents and Settings\Ken\Application Data\16003.bat
2010-10-19 23:21 - 2010-10-19 23:21 - 0000186 ____C () C:\Documents and Settings\Ken\Application Data\33619.bat
2012-02-15 01:06 - 2012-02-15 01:07 - 0000026 ____C () C:\Documents and Settings\Ken\Application Data\ClockTraySkins.ini
2012-03-15 03:37 - 2012-03-15 03:38 - 0000859 _____ () C:\Documents and Settings\Ken\Application Data\coreavc.ini
2012-02-15 01:02 - 2012-02-15 01:54 - 0000549 ____C () C:\Documents and Settings\Ken\Application Data\FreeDesktopClock.ini
2013-05-19 13:25 - 2013-05-19 13:25 - 0000068 _____ () C:\Documents and Settings\Ken\Application Data\mbam.context.scan
2011-07-26 21:16 - 2011-01-04 09:26 - 0076407 ____C () C:\Documents and Settings\Ken\Application Data\Smiley.ico
2008-10-14 00:52 - 2015-02-28 16:11 - 0205312 _____ () C:\Documents and Settings\Ken\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Files to move or delete:
====================
C:\Windows\Tasks\At1.job


Some content of TEMP:
====================
C:\Documents and Settings\Ken\Local Settings\temp\0004.exe
C:\Documents and Settings\Ken\Local Settings\temp\aae.exe
C:\Documents and Settings\Ken\Local Settings\temp\BNKStubSetup.exe
C:\Documents and Settings\Ken\Local Settings\temp\jre-8u31-windows-au.exe
C:\Documents and Settings\Ken\Local Settings\temp\KMP_3.9.1.132.exe
C:\Documents and Settings\Ken\Local Settings\temp\optprosetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-03-2015
Ran by Ken at 2015-03-05 04:22:36
Running from C:\Documents and Settings\Ken\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-329068152-688789844-839522115-1004\...\uTorrent) (Version: 3.4.2.32691 - BitTorrent Inc.)
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
ACDSee (HKLM\...\ACDSee) (Version:  - )
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.3.300.270 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Illustrator CS5 (HKLM\...\{E7C95B46-4554-4F45-B4E9-3D1BFF134D64}_is1) (Version:  - Adobe)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
AdsGone Spyware Blocker Popup Killer 2009 8.0.0 build 1! (HKLM\...\AdsGone Spyware Blocker Popup Killer 2009_is1) (Version:  - A1Tech, Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-329068152-688789844-839522115-1004\...\Akamai) (Version:  - )
AoA Audio Extractor (HKLM\...\{D1725D54-279A-40C5-A70D-23C1785DB920}_is1) (Version:  - AoAMedia.com)
Apache HTTP Server 2.2.14 (HKLM\...\{85262A06-2D8C-4BC1-B6ED-5A705D09CFFC}) (Version: 2.2.14 - Apache Software Foundation)
Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Applian FLV Player (HKLM\...\Applian FLV Player2.0.24) (Version: 2.0.24 - Applian Technologies Inc.)
ArcSoft PhotoFantasy (HKLM\...\ArcSoft PhotoFantasy) (Version:  - )
AVS Update Manager 1.0 (HKLM\...\AVS Update Manager_is1) (Version:  - Online Media Technologies Ltd.)
AVS Video Converter 6 (HKLM\...\AVS4YOU Video Converter 6_is1) (Version:  - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.3 (HKLM\...\AVS4YOU Software Navigator_is1) (Version:  - Online Media Technologies Ltd.)
Bass Audio Decoder (remove only) (HKLM\...\Bass Audio Decoder) (Version:  - )
Best Anonymous Browser (HKLM\...\Best Anonymous Browser_is1) (Version:  - )
Blaze Media Pro (HKLM\...\Blaze Media Pro) (Version: 9.10 - Mystik Media)
Blaze Media Pro (Version: 9.10 - Mystik Media) Hidden
BufferChm (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Burn4Free CD & DVD 5.1.0.0 (HKLM\...\Burn4Free CD & DVD_is1) (Version:  - Ikysasoft s.r.l. uninominale)
BusinessCards MX (HKLM\...\{0D5B5ED2-3E38-4585-B1F3-64B2A9EA95D6}_is1) (Version: 4.88 - MOJOSOFT)
CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform)
ClickBook 14 (HKLM\...\ClickBook_is1) (Version: 14 - Blue Squirrel)
Copy (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Corel Applications (HKLM\...\Corel Applications) (Version:  - )
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version:  - Microsoft Corporation)
DeleteHistoryFree (HKLM\...\{620797B0-A022-4B57-A95E-DD7DD0328007}) (Version: 2.3 - MoRUN.net)
Dell ResourceCD (HKLM\...\{D78653C3-A8FF-415F-92E6-D774E634FF2D}) (Version:  - )
Destination Component (Version: 110.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 120.0.194.000 - Hewlett-Packard) Hidden
DJ_AIO_05_F4400_Software_Min (Version: 120.0.235.000 - Hewlett-Packard) Hidden
eFax Messenger Plus (HKLM\...\eFax Messenger Plus) (Version: 2.07 - eFax.com)
Elecard Codec SDK G4 Eval (HKLM\...\Elecard Codec SDK G4 1.0.1.80507 Eval) (Version: 1.0.1.80507 - Elecard)
eMule (HKLM\...\eMule) (Version:  - )
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - )
Eraser 5.8.8 (HKLM\...\{B80CC46C-5839-4A48-B051-3CACF23A2718}_is1) (Version: Eraser 5.8.8 - The Eraser Project)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
F4400 (Version: 120.0.235.000 - Hewlett-Packard) Hidden
FFMPEG Core Files (remove only) (HKLM\...\FFMPEG Core Files) (Version:  - )
File-Saver (HKLM\...\File-Saver_is1) (Version:  - )
Free MOV 2 AVI  (HKLM\...\Free MOV 2 AVI) (Version:  - Free MOV 2 AVI)
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
GPBaseService2 (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Greeting Card Factory Photo Card Maker 2.0 (HKLM\...\{3A94053A-EC5C-4061-8121-893FD68171C6}) (Version: 2.0.0.4 - Nova Development)
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000 - Hewlett-Packard) Hidden
Hide My IP 5.1 (HKLM\...\HMIP50_is1) (Version:  - )
Hide The IP 2009 (HKLM\...\Hide The IP 2009) (Version:  - AVSoftware)
Hide The IP 2009 (Version: 2.2.1.1 - AVSoftware) Hidden
HP Deskjet F4400 All-In-One Driver Software 12.0 Rel .5 (HKLM\...\{0167F157-DAB9-46b0-86C4-7C66DDA85B48}) (Version: 12.0 - HP)
HP Imaging Device Functions 12.0 (HKLM\...\HP Imaging Device Functions) (Version: 12.0 - HP)
HP Product Detection (HKLM\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Smart Web Printing (HKLM\...\HP Smart Web Printing) (Version: 4.05 - HP)
HP Solution Center 12.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 12.0 - HP)
HP SwfScan (HKLM\...\{EA594B1B-9546-4833-879F-FD20BD7B2334}) (Version: 1.0.71.2 - Hewlett Packard, Inc.)
HP Update (HKLM\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPProductAssistant (Version: 120.0.194.000 - Hewlett-Packard) Hidden
ICQ7.5 (HKLM\...\{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}) (Version: 7.5 - ICQ)
InfraRecorder (HKLM\...\InfraRecorder) (Version:  - )
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JavaFX 2.0.3 (HKLM\...\{1111706F-666A-4037-7777-203328764D10}) (Version: 2.0.3 - Oracle Corporation)
Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Juno Internet (HKLM\...\{a0296e52-6e9b-11d6-ace4-00105a0cf83f}) (Version: 8.9.4.0 - United Online)
KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version: 3.9.1.132 - PandoraTV)
LG VZW United Drivers (HKLM\...\{E86DE69E-A94E-41B6-8661-7372FCA1A83C}) (Version: 2.13.0 - LG Electronics)
liteCAM (HKLM\...\{BC8373FC-142C-40B9-AB2A-DA984391A9BD}) (Version: 2.92.0000 - innoheim)
Logitech QuickCam (HKLM\...\{77E70C3C-DBB9-4C47-8663-1E1F81FEC623}) (Version: 6.00.0000 - Logitech, Inc.)
Magic M4A to MP3 Converter 3.1 (HKLM\...\Magic M4A to MP3 Converter_is1) (Version:  - Magic Video,Inc)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
ManyCam 2.6.43 (remove only) (HKLM\...\ManyCam) (Version: 2.6.43 - ManyCam LLC)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.0.318.3 - McAfee, Inc.)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Picture It! Photo 2002 (HKLM\...\{C769A271-7E1C-48F9-B331-474600DD4C06}) (Version: 6.0.0.0000 - Microsoft)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works 2002 Setup Launcher (HKLM\...\Works2002Setup) (Version:  - )
Modem Helper (HKLM\...\{7F142D56-3326-11D5-B229-002078017FBF}) (Version:  - )
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB973686) (HKLM\...\{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}) (Version: 6.20.2003.0 - Microsoft Corporation)
NeoDownloader 2.6.3 (HKLM\...\{E76CDDCE-EFC0-4FE5-9972-9489CE49AA55}_is1) (Version: 2.6.3 - Neowise Software Inc.)
NeoDownloader Lite 2.4 (HKLM\...\{3CB3508A-5388-42FF-BDA6-43271D2C7F0A}_is1) (Version:  - Neowise Software Inc.)
Nero 12 Full Repack (HKLM\...\NMMS12) (Version:  - )
Nero 8 Essentials (HKLM\...\{8C6CB33A-AA86-446C-8C4D-304A7FA51033}) (Version: 8.10.380 - Nero AG)
NetZero Internet (HKLM\...\{6c651250-2eb2-11d5-8e33-0050dad72ac2}) (Version: 8.9.3.0 - NetZero, Inc.)
NVIDIA Display Driver (HKLM\...\NVIDIA Display Driver) (Version:  - )
NVIDIA Windows 2000/XP Display Drivers (HKLM\...\NVIDIA) (Version:  - )
OpenSource AVI Splitter (remove only) (HKLM\...\OpenSource AVI Splitter) (Version:  - )
OpenSource Flash Video Splitter (remove only) (HKLM\...\OpenSource Flash Video Splitter) (Version:  - )
Opera 11.64 (HKLM\...\Opera 11.64.1403) (Version: 11.64.1403 - Opera Software ASA)
Opera 12.17 (HKLM\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
PhoneTools (HKLM\...\{E3436EE2-D5CB-4249-840B-3A0140CC34C1}) (Version:  - )
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version:  - )
QuickCam Drivers (HKLM\...\QCDrivers) (Version:  - )
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Scan (Version: 12.0.0.0 - Hewlett-Packard) Hidden
Secure-Delete 1.0 (HKLM\...\Secure-Delete_is1) (Version: 1.0 - Pub)
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Skype™ 6.20 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
SmartWebPrinting (Version: 120.0.194.000 - Hewlett-Packard) Hidden
SnagIt 6 (HKLM\...\SnagIt6) (Version: 6.1 - TechSmith Corporation)
SolutionCenter (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Sothink SWF Quicker (HKLM\...\{D3490D20-3AE0-459D-AAD6-59195140EAC2}_is1) (Version: 4.7 - SourceTec Software Co., LTD)
Sound Blaster Live! Value (HKLM\...\Sound Blaster Live! Value) (Version:  - )
Status (Version: 120.0.194.000 - Hewlett-Packard) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 4.44.1000 - SUPERAntiSpyware.com)
TimeLeft (HKLM\...\TIMELEFT3_is1) (Version: 3.57 - NesterSoft Inc.)
Toolbox (Version: 120.0.194.000 - Hewlett-Packard) Hidden
TrayApp (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Trillian (HKLM\...\Trillian) (Version:  - Cerulean Studios, LLC)
Undelete File Recovery (HKLM\...\Undelete File Recovery_is1) (Version:  - )
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
Video Thumbnails Maker by Scorp (remove only) (HKLM\...\Video Thumbnails Maker) (Version:  - )
VKMusic 4 (HKLM\...\VKMusic 4_is1) (Version: 4.36 - )
VLC media player 2.0.1 (HKLM\...\VLC media player) (Version: 2.0.1 - VideoLAN)
VSO Media Player 1.4.10.498 (HKLM\...\{59F1E8E6-60EC-4CC1-8C72-E0F38E585215}_is1) (Version: 1.4.10.498 - VSO Software)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.5.0.0 - Azureus Software, Inc.)
WeatherMate (HKLM\...\{5A60A4A0-3EAF-42D1-B6CA-9BD331AF8C2F}) (Version: 3.4 - Ravi Bhavnani)
WebFldrs XP (Version: 9.50.5318 - Microsoft Corporation) Hidden
WebReg (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
Winmx Community 1 (HKLM\...\Winmx Community 1) (Version:  - )
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
Works Suite OS Pack (Version: 1.0.0.0000 - Microsoft Corporation) Hidden
Works Synchronization (Version: 1.0.0.0000 - Your Company Name) Hidden
X-Lite 3.0 (HKLM\...\X-Lite 1.5_is1) (Version:  - CounterPath Solutions Inc.)
Xvid 1.1.3 final uninstall (HKLM\...\Xvid_is1) (Version: 1.1 - Xvid team (Koepi))
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )
Zoom Player (remove only) (HKLM\...\ZoomPlayer) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-329068152-688789844-839522115-1004_Classes\CLSID\{047466F1-82AE-455A-AFC4-D3AC463FBF6B}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-688789844-839522115-1004_Classes\CLSID\{2614C37E-2C78-4bfb-B7A6-E49B62B9CD9B}\localserver32 -> "C:\Documents and Settings\Ken\Local Settings\Application Data\Yandex\Updater\yupdate-executor.exe"  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-329068152-688789844-839522115-1004_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Documents and Settings\Ken\Local Settings\Application Data\Google\Update\1.3.21.165\psuser.dll No (the data entry has 5 more characters).
CustomCLSID: HKU\S-1-5-21-329068152-688789844-839522115-1004_Classes\CLSID\{D236C998-BECE-472D-B939-541727B72AEF}\localserver32 -> "C:\Documents and Settings\Ken\Local Settings\Application Data\Yandex\Updater\yupdate-executor.exe"  (the data entry has 7 more characters).

==================== Restore Points  =========================

07-12-2014 22:41:14 System Checkpoint
14-12-2014 00:22:55 System Checkpoint
15-12-2014 00:47:51 System Checkpoint
16-12-2014 19:17:51 System Checkpoint
19-12-2014 00:41:59 System Checkpoint
20-12-2014 23:00:02 System Checkpoint
22-12-2014 01:56:00 System Checkpoint
24-12-2014 18:59:41 System Checkpoint
26-12-2014 00:09:05 System Checkpoint
27-12-2014 14:22:16 System Checkpoint
28-12-2014 20:51:24 System Checkpoint
31-12-2014 21:39:35 System Checkpoint
02-01-2015 19:41:13 System Checkpoint
04-01-2015 16:00:46 System Checkpoint
05-01-2015 22:13:46 System Checkpoint
08-01-2015 01:54:31 System Checkpoint
09-01-2015 15:23:20 System Checkpoint
10-01-2015 15:54:24 System Checkpoint
12-01-2015 20:31:42 System Checkpoint
16-01-2015 13:27:47 System Checkpoint
21-01-2015 22:11:39 System Checkpoint
23-01-2015 02:46:30 System Checkpoint
24-01-2015 05:32:41 System Checkpoint
25-01-2015 05:39:42 System Checkpoint
26-01-2015 07:06:55 System Checkpoint
27-01-2015 07:16:46 System Checkpoint
28-01-2015 13:55:22 System Checkpoint
29-01-2015 14:58:04 System Checkpoint
30-01-2015 15:18:57 System Checkpoint
31-01-2015 18:08:03 System Checkpoint
01-02-2015 19:04:39 System Checkpoint
02-02-2015 19:35:28 System Checkpoint
03-02-2015 20:13:42 System Checkpoint
04-02-2015 20:15:00 System Checkpoint
05-02-2015 20:29:37 System Checkpoint
06-02-2015 21:01:14 System Checkpoint
07-02-2015 22:36:03 System Checkpoint
08-02-2015 22:49:31 System Checkpoint
11-02-2015 01:51:15 System Checkpoint
11-02-2015 12:19:25 Installed Free Auto Shutdown
11-02-2015 12:25:20 Restore Operation
13-02-2015 19:51:16 System Checkpoint
14-02-2015 21:22:01 System Checkpoint
16-02-2015 14:01:27 System Checkpoint
17-02-2015 14:14:44 System Checkpoint
19-02-2015 00:42:53 System Checkpoint
20-02-2015 20:08:32 System Checkpoint
21-02-2015 22:48:58 System Checkpoint
22-02-2015 22:53:58 System Checkpoint
24-02-2015 16:20:08 System Checkpoint
25-02-2015 21:22:22 System Checkpoint
26-02-2015 23:03:31 System Checkpoint
27-02-2015 23:10:14 System Checkpoint
01-03-2015 00:25:01 System Checkpoint
04-03-2015 23:05:15 Restore Operation

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2011-12-04 19:15 - 2014-04-05 23:06 - 00000855 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\AdsGone.job => C:\Program Files\AdsGone\AdsGone.exe-t C:\Program Files\AdsGone\AdsGone.exe
Task: C:\WINDOWS\Tasks\At1.job => C:\DOCUME~1\Ken\APPLIC~1\BINKIL~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-329068152-688789844-839522115-1004.job => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-329068152-688789844-839522115-1004.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-329068152-688789844-839522115-1004.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-329068152-688789844-839522115-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-329068152-688789844-839522115-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-329068152-688789844-839522115-1004.job => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-688789844-839522115-1004.job => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe

==================== Loaded Modules (whitelisted) ==============

2015-02-07 00:20 - 2015-01-23 04:37 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2015-02-07 00:29 - 2015-02-07 00:29 - 16852144 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\WINDOWS\$NtUninstallKB24270$:SummaryInformation
AlternateDataStreams: C:\WINDOWS\$NtUninstallKB41265$:SummaryInformation
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-329068152-688789844-839522115-1004\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Ken\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
HKU\S-1-5-21-329068152-688789844-839522115-500\Control Panel\Desktop\\Wallpaper -> (None)
DNS Servers: 10.0.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax.com Tray Menu.lnk => C:\WINDOWS\pss\eFax.com Tray Menu.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Status Monitor 3 Environment Check 2.lnk => C:\WINDOWS\pss\EPSON Status Monitor 3 Environment Check 2.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Live Menu.lnk => C:\WINDOWS\pss\Live Menu.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\WINDOWS\pss\McAfee Security Scan Plus.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk => C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Monitor Apache Servers.lnk => C:\WINDOWS\pss\Monitor Apache Servers.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk => C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^Ken^Start Menu^Programs^Startup^AdsGone.lnk => C:\WINDOWS\pss\AdsGone.lnkStartup
MSCONFIG\startupfolder: C:^Documents and Settings^Ken^Start Menu^Programs^Startup^Corel Print Office Registration.lnk => C:\WINDOWS\pss\Corel Print Office Registration.lnkStartup
MSCONFIG\startupfolder: C:^Documents and Settings^Ken^Start Menu^Programs^Startup^ctfmon.lnk => C:\WINDOWS\pss\ctfmon.lnkStartup
MSCONFIG\startupfolder: C:^Documents and Settings^Ken^Start Menu^Programs^Startup^_uninst_31060226.lnk => C:\WINDOWS\pss\_uninst_31060226.lnkStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AHQInit => C:\Program Files\Creative\SBLive\Program\AHQInit.exe
MSCONFIG\startupreg: Akamai NetSession Interface => C:\Documents and Settings\Ken\Local Settings\Application Data\Akamai\netsession_win.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BYR_AGENT => C:\LGMobileUpgrade\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: DeleteHistoryFree => C:\Program Files\DeleteHistoryFree\dhf.exe
MSCONFIG\startupreg: DIAGENT => C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE startup
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: Eraser => C:\Program Files\Eraser\Eraser.exe -hide
MSCONFIG\startupreg: FkqnDaLnwp.exe => C:\Documents and Settings\All Users\Application Data\FkqnDaLnwp.exe
MSCONFIG\startupreg: Google Update => "C:\Documents and Settings\Ken\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpqSRMon => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
MSCONFIG\startupreg: ICQ => "C:\Program Files\ICQ7.5\ICQ.exe" silent loginmode=4
MSCONFIG\startupreg: Juno_uoltray => C:\Program Files\Juno\exec.exe regrun
MSCONFIG\startupreg: KernelFaultCheck => %systemroot%\system32\dumprep 0 -k
MSCONFIG\startupreg: LVCOMS => C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
MSCONFIG\startupreg: Malwarebytes Anti-Malware (reboot) => "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
MSCONFIG\startupreg: Malwarebytes' Anti-Malware (reboot) => "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
MSCONFIG\startupreg: Mega Manager => C:\Program Files\Megaupload\Mega Manager\MegaManager.exe /Tray
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: Microsoft Works Portfolio => C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
MSCONFIG\startupreg: Microsoft Works Update Detection => C:\Program Files\Microsoft Works\WkDetect.exe
MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
MSCONFIG\startupreg: MsnMsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
MSCONFIG\startupreg: NetZero_uoltray => C:\Program Files\NetZero\exec.exe regrun
MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
MSCONFIG\startupreg: nwiz => nwiz.exe /install
MSCONFIG\startupreg: Praetorian => C:\Documents and Settings\Ken\Local Settings\Application Data\Yandex\Updater\praetorian.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: ReminderApp => C:\Program Files\Nova Development\Greeting Card Factory Photo Card Maker 2.0\ReminderApp.exe
MSCONFIG\startupreg: Share-to-Web Namespace Daemon => C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: TkBellExe => "C:\program files\real\realplayer\update\realsched.exe"  -osboot
MSCONFIG\startupreg: UpdReg => C:\WINDOWS\Updreg.exe
MSCONFIG\startupreg: WeatherMate => "C:\Program Files\WeatherMate\WeatherMate.exe"
MSCONFIG\startupreg: WorksFUD => C:\Program Files\Microsoft Works\wkfud.exe

==================== Accounts: =============================

Administrator (S-1-5-21-329068152-688789844-839522115-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Guest (S-1-5-21-329068152-688789844-839522115-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-329068152-688789844-839522115-1000 - Limited - Disabled)
Ken (S-1-5-21-329068152-688789844-839522115-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Ken
SUPPORT_388945a0 (S-1-5-21-329068152-688789844-839522115-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Microsoft Kernel Acoustic Echo Canceller
Description: Microsoft Kernel Acoustic Echo Canceller
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: aec
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/04/2015 06:06:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x075c0a20.
Processing media-specific event for [explorer.exe!ws!]

Error: (03/02/2015 06:24:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x06780a20.
Processing media-specific event for [explorer.exe!ws!]

Error: (03/01/2015 05:24:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application vmp.exe, version 1.4.10.498, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [vmp.exe!ws!]

Error: (02/28/2015 05:16:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x038f0a21.
Processing media-specific event for [explorer.exe!ws!]

Error: (02/28/2015 03:40:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module , version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [explorer.exe!ws!]

Error: (02/27/2015 02:41:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application acdsee.exe, version 3.1.0.0, faulting module acdsee.exe, version 3.1.0.0, fault address 0x000a11c3.
Processing media-specific event for [acdsee.exe!ws!]

Error: (02/26/2015 10:46:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x4ec674b2.
Processing media-specific event for [explorer.exe!ws!]

Error: (02/25/2015 04:41:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.
Processing media-specific event for [drwtsn32.exe!ws!]

Error: (02/25/2015 04:41:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x07db0a20.
Processing media-specific event for [explorer.exe!ws!]

Error: (02/25/2015 03:48:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application acdsee.exe, version 3.1.0.0, faulting module acdsee.exe, version 3.1.0.0, fault address 0x000a0d1a.
Processing media-specific event for [acdsee.exe!ws!]


System errors:
=============
Error: (03/05/2015 04:18:00 AM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942402

Error: (03/05/2015 03:18:00 AM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942402

Error: (03/05/2015 02:18:00 AM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942402

Error: (03/05/2015 01:18:00 AM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942402

Error: (03/05/2015 00:18:00 AM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942402

Error: (03/04/2015 11:34:15 PM) (Source: 0) (EventID: 4311) (User: )
Description:

Error: (03/04/2015 11:18:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942402

Error: (03/04/2015 11:08:12 PM) (Source: 0) (EventID: 4311) (User: )
Description:

Error: (03/04/2015 10:54:05 PM) (Source: 0) (EventID: 4311) (User: )
Description:

Error: (03/04/2015 03:18:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942402


Microsoft Office Sessions:
=========================
Error: (03/04/2015 06:06:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.0.2900.5512unknown0.0.0.0075c0a20

Error: (03/02/2015 06:24:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.0.2900.5512unknown0.0.0.006780a20

Error: (03/01/2015 05:24:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: vmp.exe1.4.10.498unknown0.0.0.000000000

Error: (02/28/2015 05:16:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.0.2900.5512unknown0.0.0.0038f0a21

Error: (02/28/2015 03:40:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.0.2900.55120.0.0.000000000

Error: (02/27/2015 02:41:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: acdsee.exe3.1.0.0acdsee.exe3.1.0.0000a11c3

Error: (02/26/2015 10:46:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.0.2900.5512unknown0.0.0.04ec674b2

Error: (02/25/2015 04:41:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: drwtsn32.exe5.1.2600.0dbghelp.dll5.1.2600.55120001295d

Error: (02/25/2015 04:41:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.0.2900.5512unknown0.0.0.007db0a20

Error: (02/25/2015 03:48:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: acdsee.exe3.1.0.0acdsee.exe3.1.0.0000a0d1a


==================== Memory info ===========================

Processor:  Intel® Pentium® 4 CPU 2.00GHz
Percentage of memory in use: 60%
Total physical RAM: 1023.01 MB
Available physical RAM: 409.09 MB
Total Pagefile: 1311.6 MB
Available Pagefile: 782.49 MB
Total Virtual: 2047.88 MB
Available Virtual: 1928.98 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:127.99 GB) (Free:5.24 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive f: (New Volume) (Fixed) (Total:104.89 GB) (Free:1.43 GB) NTFS
Drive g: () (Fixed) (Total:127.99 GB) (Free:35.13 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive h: (New Volume) (Fixed) (Total:104.83 GB) (Free:90.62 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 232.9 GB) (Disk ID: 4AAE4AAD)
Partition 1: (Active) - (Size=128 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=104.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 232.8 GB) (Disk ID: 43EF44D0)
Partition 1: (Active) - (Size=128 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=104.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

 

 

 

System Summary Information  can't be put here because when I try to zip it the file is 40kb and it says over size limit.

 

 

 
 


#4 pigfoot

pigfoot
  • Topic Starter

  • Members
  • 184 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:MIAMI, FLORIDA, USA
  • Local time:06:23 AM

Posted 05 March 2015 - 05:51 AM


 
 

Attached Files



#5 pigfoot

pigfoot
  • Topic Starter

  • Members
  • 184 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:MIAMI, FLORIDA, USA
  • Local time:06:23 AM

Posted 06 March 2015 - 03:09 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-03-2015
Ran by Ken (administrator) on KEN-RW9IJ6PKV6S on 06-03-2015 02:05:09
Running from C:\Documents and Settings\Ken\My Documents\Downloads
Loaded Profiles: Ken (Available profiles: Ken & Administrator)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Creative Technology Ltd.) C:\WINDOWS\system32\devldr32.exe
(Apache Software Foundation) C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
(Apache Software Foundation) C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
HKU\S-1-5-21-329068152-688789844-839522115-1004\...\Policies\Explorer: []

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-329068152-688789844-839522115-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-329068152-688789844-839522115-1004\Software\Microsoft\Internet Explorer\Main,Start Page =
HKU\S-1-5-21-329068152-688789844-839522115-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
URLSearchHook: [S-1-5-21-329068152-688789844-839522115-1004] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: HKU\S-1-5-21-329068152-688789844-839522115-1004 - (No Name) - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} -  No File
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-329068152-688789844-839522115-1004 -> Moikrug URL = http://moikrug.ru/persons/?clid=48578&charset=utf-8&keywords={searchTerms}&submitted=1
SearchScopes: HKU\S-1-5-21-329068152-688789844-839522115-1004 -> Yandex URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie8
SearchScopes: HKU\S-1-5-21-329068152-688789844-839522115-1004 -> {0B4E655B-C124-4B66-939A-CE98A637404F} URL = http://www.flickr.com/search/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-329068152-688789844-839522115-1004 -> {5F0969D7-3FDA-4B3D-A865-2C1562A2F2BA} URL = http://delicious.com/search?p={searchTerms}
SearchScopes: HKU\S-1-5-21-329068152-688789844-839522115-1004 -> {D3C0278A-5D7E-495C-96AF-A232818368CB} URL = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Pop-up Blocker -> {52706EF7-D7A2-49AD-A615-E903858CF284} -> C:\Program Files\NetZero\qsacc\X1IEBHO.dll (NetZero, Inc.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO: NetZero Toolbar Helper -> {FE3098B0-04A3-41fd-8CA9-BEA39CB14C87} -> C:\Program Files\NetZero\ucreg.dll (NetZero, Inc.)
BHO: Juno Toolbar Helper -> {FE3098B1-04A3-41fd-8CA9-BEA39CB14C87} -> C:\Program Files\Juno\ucreg.dll (Juno, Inc.)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll (NetZero, Inc.)
Toolbar: HKLM - JunoBar - {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - C:\Program Files\Juno\Toolbar.dll (Juno, Inc.)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204
Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [77824 2008-05-13] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\j7s5h6jz.default
FF DefaultSearchEngine: Binkiland
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\j7s5h6jz.default\searchplugins\binkiland.xml
FF Extension: FoxyProxy Standard - C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\j7s5h6jz.default\Extensions\foxyproxy@eric.h.jung [2015-03-05]
FF Extension: Візуальныя закладкі - C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\j7s5h6jz.default\Extensions\vb@yandex.ru [2014-03-07]
FF Extension: SaaverPrOi - C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\j7s5h6jz.default\Extensions\xxfRBT@U.edu [2015-03-04]
FF Extension: YouTube Center - C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\j7s5h6jz.default\Extensions\jid1-cwbvBTE216jjpg@jetpack.xpi [2014-06-10]
FF Extension: Adblock Plus - C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\j7s5h6jz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-08]
FF Extension: Greasemonkey - C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\j7s5h6jz.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-03-05]
FF Extension: Hide My IP - C:\Program Files\Mozilla Firefox\extensions\staff@hide-my-ip(2).com [2009-03-04]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-14]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2012-06-13]
FF HKU\S-1-5-21-329068152-688789844-839522115-1004\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://binkiland.com/?f=7&a=bnk_ir_15_07&cd=2XzuyEtN2Y1L1QzutDtD0CtD0AzzyB0E0ByCyCtDtDyCyByBtN0D0Tzu0StCtCtAyBtN1L2XzutAtFzztFtDtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyBtAyC0EyCyByDzytGyBtBzzyEtG0BtD0EzztG0E0EyByCtGyDzy0C0Bzy0FtDyB0E0EyBtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzy0EyB0B0C0A0EtG0CtB0CzztGyEtBtAtAtG0ByD0AyBtGtCtA0D0A0FtCyC0BtByCyBtB2Q&cr=1612777799&ir=",
            "https://www.google.com/"
CHR DefaultSearchKeyword: Default -> binkiland.com
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Profile: C:\Documents and Settings\Ken\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Ken\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-21]
CHR Extension: (MoviePile Downloader) - C:\Documents and Settings\Ken\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jffbcpkfdlpegbadfomimojhgaaoaeed [2015-03-04]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Ken\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-21]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path Or update_url value

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apache2.2; C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe [24645 2009-09-28] (Apache Software Foundation) [File not signed]
S2 gupdate1ca13184601dd2; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-10-24] (Google Inc.)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2008-10-16] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [135168 2008-10-16] (Hewlett-Packard Co.) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [270336 2001-02-23] (Microsoft Corporation) [File not signed]
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S3 idsvc; "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 basic2; C:\WINDOWS\System32\DRIVERS\basic2.sys [77426 2001-09-07] (Conexant Systems)
S3 bvrp_pci; C:\WINDOWS\system32\Drivers\bvrp_pci.sys [4272 2001-06-20] () [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R3 ctljystk; C:\WINDOWS\System32\DRIVERS\ctljystk.sys [3712 2001-08-17] (Creative Technology Ltd.)
R3 emu10k; C:\WINDOWS\System32\drivers\emu10k1f.sys [777088 2001-09-13] (Creative Technology Ltd.)
R3 emu10k1; C:\WINDOWS\System32\drivers\ctlface.sys [6912 2001-07-11] (Creative Technology Ltd.)
R3 Eplpdx02; C:\WINDOWS\system32\Drivers\EPLPDX02.SYS [70084 2001-08-09] (MK Systems CO., LTD.) [File not signed]
R2 Fallback; C:\WINDOWS\System32\DRIVERS\fallback.sys [310899 2001-09-07] (Conexant Systems)
R2 Fsks; C:\WINDOWS\System32\DRIVERS\fsksnt.sys [127405 2001-09-07] (Conexant Systems)
R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2008-10-13] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2008-10-13] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2008-10-13] (HP)
S3 HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFBS2S2.sys [220032 2004-08-03] (Conexant Systems, Inc.)
S3 HSF_DP; C:\WINDOWS\System32\DRIVERS\HSFDPSP2.sys [1041536 2004-08-03] (Conexant Systems, Inc.)
S3 hsf_msft; C:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys [542879 2001-08-17] (Conexant)
R2 K56; C:\WINDOWS\System32\DRIVERS\k56nt.sys [426783 2001-09-07] (Conexant Systems)
S3 LVBulk; C:\WINDOWS\System32\DRIVERS\LVBulk.sys [10261 2002-02-01] (Logitech Inc.)
S3 mferkdk; C:\WINDOWS\System32\drivers\mferkdk.sys [34248 2010-02-17] (McAfee, Inc.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R1 OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [13632 2001-08-22] (Dell Computer Corporation) [File not signed]
R2 PfModNT; C:\WINDOWS\system32\PfModNT.sys [6752 1999-12-17] (Creative Technology Ltd.) [File not signed]
S3 PID_0900_V; C:\WINDOWS\System32\DRIVERS\LV551AV.sys [220055 2002-02-01] (Logitech Inc.)
R3 Rksample; C:\WINDOWS\System32\DRIVERS\rksample.sys [67654 2001-09-07] (Conexant Systems)
R3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12872 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67656 2010-05-10] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 sfman; C:\WINDOWS\System32\drivers\sfman.sys [36992 2001-08-31] (Creative Technology Ltd.)
R2 SoftFax; C:\WINDOWS\System32\DRIVERS\faxnt.sys [217019 2001-09-07] (Conexant Systems)
R2 SpeakerPhone; C:\WINDOWS\System32\DRIVERS\spkpnt.sys [80449 2001-09-07] (Conexant Systems)
R2 Tones; C:\WINDOWS\System32\DRIVERS\tonesnt.sys [56607 2001-09-07] (Conexant Systems)
S3 usbbus; C:\WINDOWS\System32\DRIVERS\lgusbbus.sys [13056 2013-04-24] (LG Electronics Inc.)
S3 UsbDiag; C:\WINDOWS\System32\DRIVERS\lgusbdiag.sys [20864 2013-04-24] (LG Electronics Inc.)
S3 USBModem; C:\WINDOWS\System32\DRIVERS\lgusbmodem.sys [25216 2013-04-24] (LG Electronics Inc.)
R2 V124; C:\WINDOWS\System32\DRIVERS\v124nt.sys [534125 2001-09-07] (Conexant Systems)
S3 vulfnths; C:\WINDOWS\System32\Drivers\vulfnth.sys [6912 2003-08-04] (VIA Technologies, Inc.) [File not signed]
R3 vulfntrs; C:\WINDOWS\System32\Drivers\vulfntr.sys [11392 2003-08-04] (VIA Technologies, Inc.) [File not signed]
S4 hpt3xx; No ImagePath
S3 ManyCam; system32\DRIVERS\ManyCam.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 TlntSvr; No ImagePath
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-05 04:50 - 2015-03-05 04:50 - 00053182 _____ () C:\Documents and Settings\Ken\Desktop\summary.zip
2015-03-05 04:26 - 2015-03-05 04:27 - 01112982 _____ () C:\Documents and Settings\Ken\Desktop\summary.nfo
2015-03-05 04:22 - 2015-03-05 04:22 - 00037623 _____ () C:\Documents and Settings\Ken\Desktop\Addition.txt
2015-03-05 04:20 - 2015-03-05 04:22 - 00029275 _____ () C:\Documents and Settings\Ken\Desktop\FRST.txt
2015-03-05 04:19 - 2015-03-05 04:19 - 01132544 _____ (Farbar) C:\Documents and Settings\Ken\Desktop\FRST.exe
2015-03-05 04:16 - 2015-03-05 04:16 - 00006883 _____ () C:\Documents and Settings\Ken\Desktop\Result.txt
2015-03-05 04:11 - 2015-03-05 04:11 - 00002137 _____ () C:\Documents and Settings\Ken\Desktop\JRT.txt
2015-03-04 15:38 - 2015-03-04 23:05 - 00000000 ____D () C:\Program Files\SaverPrio
2015-03-04 15:37 - 2015-03-04 23:05 - 00000000 ____D () C:\Program Files\MoviePile Downloader
2015-03-04 15:35 - 2015-03-04 23:05 - 00000000 ____D () C:\Program Files\topdeAl
2015-03-04 15:34 - 2015-03-04 23:05 - 00000000 ____D () C:\Program Files\SaaverPrOi
2015-03-04 02:00 - 2015-03-04 23:07 - 00000000 ____D () C:\Program Files\ReactorSys
2015-02-11 12:20 - 2015-03-04 02:01 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\b47c311700000fda
2015-02-11 12:19 - 2015-02-11 12:19 - 00000000 ____D () C:\Program Files\Media Freeware
2015-02-11 12:18 - 2015-03-05 15:18 - 00000410 _____ () C:\WINDOWS\Tasks\At1.job
2015-02-11 12:18 - 2015-02-11 12:25 - 00000000 ____D () C:\Documents and Settings\Ken\Local Settings\Application Data\Setup1937531
2015-02-11 12:18 - 2015-02-11 12:18 - 00000000 ____D () C:\Documents and Settings\Ken\Application Data\Binkiland
2015-02-11 12:17 - 2015-02-11 12:26 - 00000000 ____D () C:\Program Files\WSE_Binkiland
2015-02-11 12:17 - 2015-02-11 12:26 - 00000000 ____D () C:\Program Files\IntelliTerm_1.10.0.8
2015-02-11 12:17 - 2015-02-11 12:25 - 00000000 ____D () C:\Documents and Settings\Ken\Local Settings\Application Data\teri
2015-02-07 00:20 - 2015-02-07 00:20 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-02-07 00:20 - 2015-02-07 00:20 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Mozilla
2015-02-05 15:04 - 2015-02-05 15:04 - 00000000 ____D () C:\Documents and Settings\Ken\Application Data\VSO

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-06 02:05 - 2014-03-14 03:54 - 00000000 ____D () C:\FRST
2015-03-06 02:05 - 2011-12-06 21:50 - 00000000 ____D () C:\Documents and Settings\Ken\Local Settings\temp
2015-03-06 02:05 - 2009-08-01 20:34 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-06 01:20 - 2011-12-03 20:09 - 01772966 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-06 01:20 - 2011-06-15 02:44 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-03-06 01:19 - 2013-01-17 23:21 - 00000296 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-329068152-688789844-839522115-1004.job
2015-03-06 01:19 - 2013-01-17 23:05 - 00000274 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-329068152-688789844-839522115-1004.job
2015-03-06 01:19 - 2011-06-15 02:44 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2015-03-06 01:19 - 2010-03-27 19:21 - 00000274 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-329068152-688789844-839522115-1004.job
2015-03-06 01:19 - 2009-08-01 20:34 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-06 01:19 - 2008-10-13 22:49 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-05 15:53 - 2011-06-15 02:43 - 00032034 _____ () C:\WINDOWS\SchedLgU.Txt
2015-03-05 15:53 - 2008-10-13 22:58 - 00000178 ___SH () C:\Documents and Settings\Ken\ntuser.ini
2015-03-05 15:49 - 2009-07-29 22:28 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat
2015-03-05 05:53 - 2010-03-03 00:55 - 00000000 ____D () C:\Documents and Settings\Ken\Application Data\vlc
2015-03-05 05:52 - 2010-12-14 02:34 - 00000069 _____ () C:\WINDOWS\NeroDigital.ini
2015-03-05 05:52 - 2008-10-14 00:52 - 00206336 _____ () C:\Documents and Settings\Ken\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-05 05:06 - 2008-10-14 01:00 - 00000000 ____D () C:\Documents and Settings\Ken\My Documents\streamate-vids
2015-03-05 04:26 - 2001-08-18 06:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2015-03-05 04:14 - 2014-01-09 18:47 - 00401920 _____ (Farbar) C:\Documents and Settings\Ken\Desktop\MiniToolBox.exe
2015-03-05 04:03 - 2013-08-19 17:41 - 01388333 _____ (Thisisu) C:\Documents and Settings\Ken\Desktop\JRT.exe
2015-03-04 23:06 - 2010-01-24 22:31 - 00000000 ____D () C:\Documents and Settings\Administrator
2015-03-04 23:06 - 2008-10-13 22:57 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2015-03-04 23:06 - 2008-10-13 22:57 - 00000000 __SHD () C:\Documents and Settings\LocalService
2015-03-04 23:06 - 2008-10-13 22:46 - 00000000 ____D () C:\WINDOWS\Registration
2015-03-04 04:24 - 2011-12-29 23:41 - 00000000 ____D () C:\Documents and Settings\Ken\My Documents\camvis-dec
2015-03-03 03:35 - 2009-01-01 22:39 - 00000000 ____D () C:\Documents and Settings\Ken\My Documents\emoticons
2015-03-01 17:24 - 2012-03-17 00:21 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TEMP
2015-02-28 17:20 - 2011-09-27 20:50 - 00002195 _____ () C:\Documents and Settings\Ken\Desktop\newyahoo-omg.txt
2015-02-26 23:27 - 2013-01-17 23:05 - 00000282 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-329068152-688789844-839522115-1004.job
2015-02-26 23:21 - 2013-01-17 23:21 - 00000322 _____ () C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-329068152-688789844-839522115-1004.job
2015-02-25 16:41 - 2013-07-17 03:59 - 00635378 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-329068152-688789844-839522115-1004-0.dat
2015-02-25 16:41 - 2013-07-17 03:59 - 00258466 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2015-02-25 16:29 - 2015-01-26 04:31 - 00000000 ____D () C:\KMPlayer
2015-02-25 16:09 - 2012-03-16 00:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Zoom Player
2015-02-22 01:54 - 2008-10-14 00:53 - 00000000 ____D () C:\Documents and Settings\Ken\My Documents\passwordss
2015-02-20 03:07 - 2014-02-08 01:37 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-02-12 23:43 - 2010-03-27 19:21 - 00000282 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-688789844-839522115-1004.job
2015-02-12 23:36 - 2013-01-17 23:21 - 00000304 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-329068152-688789844-839522115-1004.job
2015-02-07 11:57 - 2008-12-24 02:23 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-02-07 00:30 - 2014-08-20 04:12 - 00000000 ____D () C:\Documents and Settings\Ken\Local Settings\Application Data\Adobe
2015-02-07 00:29 - 2012-04-04 21:12 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-02-07 00:29 - 2011-05-23 18:17 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-02-07 00:20 - 2013-11-19 13:50 - 00000730 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-07 00:20 - 2011-05-24 03:34 - 00000724 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

==================== Files in the root of some directories =======

2013-12-14 02:10 - 2013-12-14 02:10 - 50053120 _____ () C:\Program Files\GUT159.tmp
2013-12-14 02:17 - 2013-12-14 02:17 - 50053120 _____ () C:\Program Files\GUT168.tmp
2010-10-19 23:19 - 2010-10-19 23:19 - 0000186 ____C () C:\Documents and Settings\Ken\Application Data\16003.bat
2010-10-19 23:21 - 2010-10-19 23:21 - 0000186 ____C () C:\Documents and Settings\Ken\Application Data\33619.bat
2012-02-15 01:06 - 2012-02-15 01:07 - 0000026 ____C () C:\Documents and Settings\Ken\Application Data\ClockTraySkins.ini
2012-03-15 03:37 - 2012-03-15 03:38 - 0000859 _____ () C:\Documents and Settings\Ken\Application Data\coreavc.ini
2012-02-15 01:02 - 2012-02-15 01:54 - 0000549 ____C () C:\Documents and Settings\Ken\Application Data\FreeDesktopClock.ini
2013-05-19 13:25 - 2013-05-19 13:25 - 0000068 _____ () C:\Documents and Settings\Ken\Application Data\mbam.context.scan
2011-07-26 21:16 - 2011-01-04 09:26 - 0076407 ____C () C:\Documents and Settings\Ken\Application Data\Smiley.ico
2008-10-14 00:52 - 2015-03-05 05:52 - 0206336 _____ () C:\Documents and Settings\Ken\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Files to move or delete:
====================
C:\Windows\Tasks\At1.job


Some content of TEMP:
====================
C:\Documents and Settings\Ken\Local Settings\temp\0004.exe
C:\Documents and Settings\Ken\Local Settings\temp\aae.exe
C:\Documents and Settings\Ken\Local Settings\temp\BNKStubSetup.exe
C:\Documents and Settings\Ken\Local Settings\temp\jre-8u31-windows-au.exe
C:\Documents and Settings\Ken\Local Settings\temp\KMP_3.9.1.132.exe
C:\Documents and Settings\Ken\Local Settings\temp\optprosetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-03-2015
Ran by Ken at 2015-03-06 02:07:01
Running from C:\Documents and Settings\Ken\My Documents\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-329068152-688789844-839522115-1004\...\uTorrent) (Version: 3.4.2.32691 - BitTorrent Inc.)
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
ACDSee (HKLM\...\ACDSee) (Version:  - )
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.3.300.270 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Illustrator CS5 (HKLM\...\{E7C95B46-4554-4F45-B4E9-3D1BFF134D64}_is1) (Version:  - Adobe)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
AdsGone Spyware Blocker Popup Killer 2009 8.0.0 build 1! (HKLM\...\AdsGone Spyware Blocker Popup Killer 2009_is1) (Version:  - A1Tech, Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-329068152-688789844-839522115-1004\...\Akamai) (Version:  - )
AoA Audio Extractor (HKLM\...\{D1725D54-279A-40C5-A70D-23C1785DB920}_is1) (Version:  - AoAMedia.com)
Apache HTTP Server 2.2.14 (HKLM\...\{85262A06-2D8C-4BC1-B6ED-5A705D09CFFC}) (Version: 2.2.14 - Apache Software Foundation)
Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Applian FLV Player (HKLM\...\Applian FLV Player2.0.24) (Version: 2.0.24 - Applian Technologies Inc.)
ArcSoft PhotoFantasy (HKLM\...\ArcSoft PhotoFantasy) (Version:  - )
AVS Update Manager 1.0 (HKLM\...\AVS Update Manager_is1) (Version:  - Online Media Technologies Ltd.)
AVS Video Converter 6 (HKLM\...\AVS4YOU Video Converter 6_is1) (Version:  - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.3 (HKLM\...\AVS4YOU Software Navigator_is1) (Version:  - Online Media Technologies Ltd.)
Bass Audio Decoder (remove only) (HKLM\...\Bass Audio Decoder) (Version:  - )
Best Anonymous Browser (HKLM\...\Best Anonymous Browser_is1) (Version:  - )
Blaze Media Pro (HKLM\...\Blaze Media Pro) (Version: 9.10 - Mystik Media)
Blaze Media Pro (Version: 9.10 - Mystik Media) Hidden
BufferChm (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Burn4Free CD & DVD 5.1.0.0 (HKLM\...\Burn4Free CD & DVD_is1) (Version:  - Ikysasoft s.r.l. uninominale)
BusinessCards MX (HKLM\...\{0D5B5ED2-3E38-4585-B1F3-64B2A9EA95D6}_is1) (Version: 4.88 - MOJOSOFT)
CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform)
ClickBook 14 (HKLM\...\ClickBook_is1) (Version: 14 - Blue Squirrel)
Copy (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Corel Applications (HKLM\...\Corel Applications) (Version:  - )
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version:  - Microsoft Corporation)
DeleteHistoryFree (HKLM\...\{620797B0-A022-4B57-A95E-DD7DD0328007}) (Version: 2.3 - MoRUN.net)
Dell ResourceCD (HKLM\...\{D78653C3-A8FF-415F-92E6-D774E634FF2D}) (Version:  - )
Destination Component (Version: 110.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 120.0.194.000 - Hewlett-Packard) Hidden
DJ_AIO_05_F4400_Software_Min (Version: 120.0.235.000 - Hewlett-Packard) Hidden
eFax Messenger Plus (HKLM\...\eFax Messenger Plus) (Version: 2.07 - eFax.com)
Elecard Codec SDK G4 Eval (HKLM\...\Elecard Codec SDK G4 1.0.1.80507 Eval) (Version: 1.0.1.80507 - Elecard)
eMule (HKLM\...\eMule) (Version:  - )
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - )
Eraser 5.8.8 (HKLM\...\{B80CC46C-5839-4A48-B051-3CACF23A2718}_is1) (Version: Eraser 5.8.8 - The Eraser Project)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
F4400 (Version: 120.0.235.000 - Hewlett-Packard) Hidden
FFMPEG Core Files (remove only) (HKLM\...\FFMPEG Core Files) (Version:  - )
File-Saver (HKLM\...\File-Saver_is1) (Version:  - )
Free MOV 2 AVI  (HKLM\...\Free MOV 2 AVI) (Version:  - Free MOV 2 AVI)
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
GPBaseService2 (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Greeting Card Factory Photo Card Maker 2.0 (HKLM\...\{3A94053A-EC5C-4061-8121-893FD68171C6}) (Version: 2.0.0.4 - Nova Development)
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000 - Hewlett-Packard) Hidden
Hide My IP 5.1 (HKLM\...\HMIP50_is1) (Version:  - )
Hide The IP 2009 (HKLM\...\Hide The IP 2009) (Version:  - AVSoftware)
Hide The IP 2009 (Version: 2.2.1.1 - AVSoftware) Hidden
HP Deskjet F4400 All-In-One Driver Software 12.0 Rel .5 (HKLM\...\{0167F157-DAB9-46b0-86C4-7C66DDA85B48}) (Version: 12.0 - HP)
HP Imaging Device Functions 12.0 (HKLM\...\HP Imaging Device Functions) (Version: 12.0 - HP)
HP Product Detection (HKLM\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Smart Web Printing (HKLM\...\HP Smart Web Printing) (Version: 4.05 - HP)
HP Solution Center 12.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 12.0 - HP)
HP SwfScan (HKLM\...\{EA594B1B-9546-4833-879F-FD20BD7B2334}) (Version: 1.0.71.2 - Hewlett Packard, Inc.)
HP Update (HKLM\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPProductAssistant (Version: 120.0.194.000 - Hewlett-Packard) Hidden
ICQ7.5 (HKLM\...\{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}) (Version: 7.5 - ICQ)
InfraRecorder (HKLM\...\InfraRecorder) (Version:  - )
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JavaFX 2.0.3 (HKLM\...\{1111706F-666A-4037-7777-203328764D10}) (Version: 2.0.3 - Oracle Corporation)
Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Juno Internet (HKLM\...\{a0296e52-6e9b-11d6-ace4-00105a0cf83f}) (Version: 8.9.4.0 - United Online)
KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version: 3.9.1.132 - PandoraTV)
LG VZW United Drivers (HKLM\...\{E86DE69E-A94E-41B6-8661-7372FCA1A83C}) (Version: 2.13.0 - LG Electronics)
liteCAM (HKLM\...\{BC8373FC-142C-40B9-AB2A-DA984391A9BD}) (Version: 2.92.0000 - innoheim)
Logitech QuickCam (HKLM\...\{77E70C3C-DBB9-4C47-8663-1E1F81FEC623}) (Version: 6.00.0000 - Logitech, Inc.)
Magic M4A to MP3 Converter 3.1 (HKLM\...\Magic M4A to MP3 Converter_is1) (Version:  - Magic Video,Inc)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
ManyCam 2.6.43 (remove only) (HKLM\...\ManyCam) (Version: 2.6.43 - ManyCam LLC)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.0.318.3 - McAfee, Inc.)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Picture It! Photo 2002 (HKLM\...\{C769A271-7E1C-48F9-B331-474600DD4C06}) (Version: 6.0.0.0000 - Microsoft)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works 2002 Setup Launcher (HKLM\...\Works2002Setup) (Version:  - )
Modem Helper (HKLM\...\{7F142D56-3326-11D5-B229-002078017FBF}) (Version:  - )
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB973686) (HKLM\...\{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}) (Version: 6.20.2003.0 - Microsoft Corporation)
NeoDownloader 2.6.3 (HKLM\...\{E76CDDCE-EFC0-4FE5-9972-9489CE49AA55}_is1) (Version: 2.6.3 - Neowise Software Inc.)
NeoDownloader Lite 2.4 (HKLM\...\{3CB3508A-5388-42FF-BDA6-43271D2C7F0A}_is1) (Version:  - Neowise Software Inc.)
Nero 12 Full Repack (HKLM\...\NMMS12) (Version:  - )
Nero 8 Essentials (HKLM\...\{8C6CB33A-AA86-446C-8C4D-304A7FA51033}) (Version: 8.10.380 - Nero AG)
NetZero Internet (HKLM\...\{6c651250-2eb2-11d5-8e33-0050dad72ac2}) (Version: 8.9.3.0 - NetZero, Inc.)
NVIDIA Display Driver (HKLM\...\NVIDIA Display Driver) (Version:  - )
NVIDIA Windows 2000/XP Display Drivers (HKLM\...\NVIDIA) (Version:  - )
OpenSource AVI Splitter (remove only) (HKLM\...\OpenSource AVI Splitter) (Version:  - )
OpenSource Flash Video Splitter (remove only) (HKLM\...\OpenSource Flash Video Splitter) (Version:  - )
Opera 11.64 (HKLM\...\Opera 11.64.1403) (Version: 11.64.1403 - Opera Software ASA)
Opera 12.17 (HKLM\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
PhoneTools (HKLM\...\{E3436EE2-D5CB-4249-840B-3A0140CC34C1}) (Version:  - )
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version:  - )
QuickCam Drivers (HKLM\...\QCDrivers) (Version:  - )
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Scan (Version: 12.0.0.0 - Hewlett-Packard) Hidden
Secure-Delete 1.0 (HKLM\...\Secure-Delete_is1) (Version: 1.0 - Pub)
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Skype™ 6.20 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
SmartWebPrinting (Version: 120.0.194.000 - Hewlett-Packard) Hidden
SnagIt 6 (HKLM\...\SnagIt6) (Version: 6.1 - TechSmith Corporation)
SolutionCenter (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Sothink SWF Quicker (HKLM\...\{D3490D20-3AE0-459D-AAD6-59195140EAC2}_is1) (Version: 4.7 - SourceTec Software Co., LTD)
Sound Blaster Live! Value (HKLM\...\Sound Blaster Live! Value) (Version:  - )
Status (Version: 120.0.194.000 - Hewlett-Packard) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 4.44.1000 - SUPERAntiSpyware.com)
TimeLeft (HKLM\...\TIMELEFT3_is1) (Version: 3.57 - NesterSoft Inc.)
Toolbox (Version: 120.0.194.000 - Hewlett-Packard) Hidden
TrayApp (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Trillian (HKLM\...\Trillian) (Version:  - Cerulean Studios, LLC)
Undelete File Recovery (HKLM\...\Undelete File Recovery_is1) (Version:  - )
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
Video Thumbnails Maker by Scorp (remove only) (HKLM\...\Video Thumbnails Maker) (Version:  - )
VKMusic 4 (HKLM\...\VKMusic 4_is1) (Version: 4.36 - )
VLC media player 2.0.1 (HKLM\...\VLC media player) (Version: 2.0.1 - VideoLAN)
VSO Media Player 1.4.10.498 (HKLM\...\{59F1E8E6-60EC-4CC1-8C72-E0F38E585215}_is1) (Version: 1.4.10.498 - VSO Software)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.5.0.0 - Azureus Software, Inc.)
WeatherMate (HKLM\...\{5A60A4A0-3EAF-42D1-B6CA-9BD331AF8C2F}) (Version: 3.4 - Ravi Bhavnani)
WebFldrs XP (Version: 9.50.5318 - Microsoft Corporation) Hidden
WebReg (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
Winmx Community 1 (HKLM\...\Winmx Community 1) (Version:  - )
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
Works Suite OS Pack (Version: 1.0.0.0000 - Microsoft Corporation) Hidden
Works Synchronization (Version: 1.0.0.0000 - Your Company Name) Hidden
X-Lite 3.0 (HKLM\...\X-Lite 1.5_is1) (Version:  - CounterPath Solutions Inc.)
Xvid 1.1.3 final uninstall (HKLM\...\Xvid_is1) (Version: 1.1 - Xvid team (Koepi))
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )
Zoom Player (remove only) (HKLM\...\ZoomPlayer) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-329068152-688789844-839522115-1004_Classes\CLSID\{047466F1-82AE-455A-AFC4-D3AC463FBF6B}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-688789844-839522115-1004_Classes\CLSID\{2614C37E-2C78-4bfb-B7A6-E49B62B9CD9B}\localserver32 -> "C:\Documents and Settings\Ken\Local Settings\Application Data\Yandex\Updater\yupdate-executor.exe"  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-329068152-688789844-839522115-1004_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Documents and Settings\Ken\Local Settings\Application Data\Google\Update\1.3.21.165\psuser.dll No (the data entry has 5 more characters).
CustomCLSID: HKU\S-1-5-21-329068152-688789844-839522115-1004_Classes\CLSID\{D236C998-BECE-472D-B939-541727B72AEF}\localserver32 -> "C:\Documents and Settings\Ken\Local Settings\Application Data\Yandex\Updater\yupdate-executor.exe"  (the data entry has 7 more characters).

==================== Restore Points  =========================

07-12-2014 22:41:14 System Checkpoint
14-12-2014 00:22:55 System Checkpoint
15-12-2014 00:47:51 System Checkpoint
16-12-2014 19:17:51 System Checkpoint
19-12-2014 00:41:59 System Checkpoint
20-12-2014 23:00:02 System Checkpoint
22-12-2014 01:56:00 System Checkpoint
24-12-2014 18:59:41 System Checkpoint
26-12-2014 00:09:05 System Checkpoint
27-12-2014 14:22:16 System Checkpoint
28-12-2014 20:51:24 System Checkpoint
31-12-2014 21:39:35 System Checkpoint
02-01-2015 19:41:13 System Checkpoint
04-01-2015 16:00:46 System Checkpoint
05-01-2015 22:13:46 System Checkpoint
08-01-2015 01:54:31 System Checkpoint
09-01-2015 15:23:20 System Checkpoint
10-01-2015 15:54:24 System Checkpoint
12-01-2015 20:31:42 System Checkpoint
16-01-2015 13:27:47 System Checkpoint
21-01-2015 22:11:39 System Checkpoint
23-01-2015 02:46:30 System Checkpoint
24-01-2015 05:32:41 System Checkpoint
25-01-2015 05:39:42 System Checkpoint
26-01-2015 07:06:55 System Checkpoint
27-01-2015 07:16:46 System Checkpoint
28-01-2015 13:55:22 System Checkpoint
29-01-2015 14:58:04 System Checkpoint
30-01-2015 15:18:57 System Checkpoint
31-01-2015 18:08:03 System Checkpoint
01-02-2015 19:04:39 System Checkpoint
02-02-2015 19:35:28 System Checkpoint
03-02-2015 20:13:42 System Checkpoint
04-02-2015 20:15:00 System Checkpoint
05-02-2015 20:29:37 System Checkpoint
06-02-2015 21:01:14 System Checkpoint
07-02-2015 22:36:03 System Checkpoint
08-02-2015 22:49:31 System Checkpoint
11-02-2015 01:51:15 System Checkpoint
11-02-2015 12:19:25 Installed Free Auto Shutdown
11-02-2015 12:25:20 Restore Operation
13-02-2015 19:51:16 System Checkpoint
14-02-2015 21:22:01 System Checkpoint
16-02-2015 14:01:27 System Checkpoint
17-02-2015 14:14:44 System Checkpoint
19-02-2015 00:42:53 System Checkpoint
20-02-2015 20:08:32 System Checkpoint
21-02-2015 22:48:58 System Checkpoint
22-02-2015 22:53:58 System Checkpoint
24-02-2015 16:20:08 System Checkpoint
25-02-2015 21:22:22 System Checkpoint
26-02-2015 23:03:31 System Checkpoint
27-02-2015 23:10:14 System Checkpoint
01-03-2015 00:25:01 System Checkpoint
04-03-2015 23:05:15 Restore Operation
06-03-2015 01:35:23 System Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2011-12-04 19:15 - 2014-04-05 23:06 - 00000855 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\AdsGone.job => C:\Program Files\AdsGone\AdsGone.exe-t C:\Program Files\AdsGone\AdsGone.exe
Task: C:\WINDOWS\Tasks\At1.job => C:\DOCUME~1\Ken\APPLIC~1\BINKIL~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-329068152-688789844-839522115-1004.job => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-329068152-688789844-839522115-1004.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-329068152-688789844-839522115-1004.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-329068152-688789844-839522115-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-329068152-688789844-839522115-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-329068152-688789844-839522115-1004.job => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-688789844-839522115-1004.job => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe

==================== Loaded Modules (whitelisted) ==============

2015-02-07 00:20 - 2015-01-23 04:37 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2015-02-07 00:29 - 2015-02-07 00:29 - 16852144 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\WINDOWS\$NtUninstallKB24270$:SummaryInformation
AlternateDataStreams: C:\WINDOWS\$NtUninstallKB41265$:SummaryInformation
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-329068152-688789844-839522115-1004\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Ken\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 10.0.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax.com Tray Menu.lnk => C:\WINDOWS\pss\eFax.com Tray Menu.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Status Monitor 3 Environment Check 2.lnk => C:\WINDOWS\pss\EPSON Status Monitor 3 Environment Check 2.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Live Menu.lnk => C:\WINDOWS\pss\Live Menu.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\WINDOWS\pss\McAfee Security Scan Plus.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk => C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Monitor Apache Servers.lnk => C:\WINDOWS\pss\Monitor Apache Servers.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk => C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^Ken^Start Menu^Programs^Startup^AdsGone.lnk => C:\WINDOWS\pss\AdsGone.lnkStartup
MSCONFIG\startupfolder: C:^Documents and Settings^Ken^Start Menu^Programs^Startup^Corel Print Office Registration.lnk => C:\WINDOWS\pss\Corel Print Office Registration.lnkStartup
MSCONFIG\startupfolder: C:^Documents and Settings^Ken^Start Menu^Programs^Startup^ctfmon.lnk => C:\WINDOWS\pss\ctfmon.lnkStartup
MSCONFIG\startupfolder: C:^Documents and Settings^Ken^Start Menu^Programs^Startup^_uninst_31060226.lnk => C:\WINDOWS\pss\_uninst_31060226.lnkStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AHQInit => C:\Program Files\Creative\SBLive\Program\AHQInit.exe
MSCONFIG\startupreg: Akamai NetSession Interface => C:\Documents and Settings\Ken\Local Settings\Application Data\Akamai\netsession_win.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BYR_AGENT => C:\LGMobileUpgrade\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: DeleteHistoryFree => C:\Program Files\DeleteHistoryFree\dhf.exe
MSCONFIG\startupreg: DIAGENT => C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE startup
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: Eraser => C:\Program Files\Eraser\Eraser.exe -hide
MSCONFIG\startupreg: FkqnDaLnwp.exe => C:\Documents and Settings\All Users\Application Data\FkqnDaLnwp.exe
MSCONFIG\startupreg: Google Update => "C:\Documents and Settings\Ken\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpqSRMon => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
MSCONFIG\startupreg: ICQ => "C:\Program Files\ICQ7.5\ICQ.exe" silent loginmode=4
MSCONFIG\startupreg: Juno_uoltray => C:\Program Files\Juno\exec.exe regrun
MSCONFIG\startupreg: KernelFaultCheck => %systemroot%\system32\dumprep 0 -k
MSCONFIG\startupreg: LVCOMS => C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
MSCONFIG\startupreg: Malwarebytes Anti-Malware (reboot) => "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
MSCONFIG\startupreg: Malwarebytes' Anti-Malware (reboot) => "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
MSCONFIG\startupreg: Mega Manager => C:\Program Files\Megaupload\Mega Manager\MegaManager.exe /Tray
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: Microsoft Works Portfolio => C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
MSCONFIG\startupreg: Microsoft Works Update Detection => C:\Program Files\Microsoft Works\WkDetect.exe
MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
MSCONFIG\startupreg: MsnMsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
MSCONFIG\startupreg: NetZero_uoltray => C:\Program Files\NetZero\exec.exe regrun
MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
MSCONFIG\startupreg: nwiz => nwiz.exe /install
MSCONFIG\startupreg: Praetorian => C:\Documents and Settings\Ken\Local Settings\Application Data\Yandex\Updater\praetorian.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: ReminderApp => C:\Program Files\Nova Development\Greeting Card Factory Photo Card Maker 2.0\ReminderApp.exe
MSCONFIG\startupreg: Share-to-Web Namespace Daemon => C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: TkBellExe => "C:\program files\real\realplayer\update\realsched.exe"  -osboot
MSCONFIG\startupreg: UpdReg => C:\WINDOWS\Updreg.exe
MSCONFIG\startupreg: WeatherMate => "C:\Program Files\WeatherMate\WeatherMate.exe"
MSCONFIG\startupreg: WorksFUD => C:\Program Files\Microsoft Works\wkfud.exe

==================== Accounts: =============================

Administrator (S-1-5-21-329068152-688789844-839522115-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Guest (S-1-5-21-329068152-688789844-839522115-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-329068152-688789844-839522115-1000 - Limited - Disabled)
Ken (S-1-5-21-329068152-688789844-839522115-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Ken
SUPPORT_388945a0 (S-1-5-21-329068152-688789844-839522115-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Microsoft Kernel Acoustic Echo Canceller
Description: Microsoft Kernel Acoustic Echo Canceller
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: aec
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/05/2015 03:37:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application YahooMessenger.exe, version 9.0.0.2018, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/04/2015 06:06:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x075c0a20.
Processing media-specific event for [explorer.exe!ws!]

Error: (03/02/2015 06:24:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x06780a20.
Processing media-specific event for [explorer.exe!ws!]

Error: (03/01/2015 05:24:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application vmp.exe, version 1.4.10.498, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [vmp.exe!ws!]

Error: (02/28/2015 05:16:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x038f0a21.
Processing media-specific event for [explorer.exe!ws!]

Error: (02/28/2015 03:40:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module , version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [explorer.exe!ws!]

Error: (02/27/2015 02:41:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application acdsee.exe, version 3.1.0.0, faulting module acdsee.exe, version 3.1.0.0, fault address 0x000a11c3.
Processing media-specific event for [acdsee.exe!ws!]

Error: (02/26/2015 10:46:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x4ec674b2.
Processing media-specific event for [explorer.exe!ws!]

Error: (02/25/2015 04:41:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.
Processing media-specific event for [drwtsn32.exe!ws!]

Error: (02/25/2015 04:41:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x07db0a20.
Processing media-specific event for [explorer.exe!ws!]


System errors:
=============
Error: (03/06/2015 01:19:55 AM) (Source: 0) (EventID: 4311) (User: )
Description:

Error: (03/05/2015 03:18:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942402

Error: (03/05/2015 03:06:27 PM) (Source: 0) (EventID: 4311) (User: )
Description:

Error: (03/05/2015 05:18:00 AM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942402

Error: (03/05/2015 04:18:00 AM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942402

Error: (03/05/2015 03:18:00 AM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942402

Error: (03/05/2015 02:18:00 AM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942402

Error: (03/05/2015 01:18:00 AM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942402

Error: (03/05/2015 00:18:00 AM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942402

Error: (03/04/2015 11:34:15 PM) (Source: 0) (EventID: 4311) (User: )
Description:


Microsoft Office Sessions:
=========================
Error: (03/05/2015 03:37:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: YahooMessenger.exe9.0.0.2018hungapp0.0.0.000000000

Error: (03/04/2015 06:06:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.0.2900.5512unknown0.0.0.0075c0a20

Error: (03/02/2015 06:24:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.0.2900.5512unknown0.0.0.006780a20

Error: (03/01/2015 05:24:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: vmp.exe1.4.10.498unknown0.0.0.000000000

Error: (02/28/2015 05:16:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.0.2900.5512unknown0.0.0.0038f0a21

Error: (02/28/2015 03:40:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.0.2900.55120.0.0.000000000

Error: (02/27/2015 02:41:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: acdsee.exe3.1.0.0acdsee.exe3.1.0.0000a11c3

Error: (02/26/2015 10:46:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.0.2900.5512unknown0.0.0.04ec674b2

Error: (02/25/2015 04:41:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: drwtsn32.exe5.1.2600.0dbghelp.dll5.1.2600.55120001295d

Error: (02/25/2015 04:41:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.0.2900.5512unknown0.0.0.007db0a20


==================== Memory info ===========================

Processor:  Intel® Pentium® 4 CPU 2.00GHz
Percentage of memory in use: 74%
Total physical RAM: 1023.01 MB
Available physical RAM: 263.41 MB
Total Pagefile: 1311.62 MB
Available Pagefile: 704.08 MB
Total Virtual: 2047.88 MB
Available Virtual: 1933.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:127.99 GB) (Free:5.07 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive f: (New Volume) (Fixed) (Total:104.89 GB) (Free:1.43 GB) NTFS
Drive g: () (Fixed) (Total:127.99 GB) (Free:35.13 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive h: (New Volume) (Fixed) (Total:104.83 GB) (Free:90.62 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 232.9 GB) (Disk ID: 4AAE4AAD)
Partition 1: (Active) - (Size=128 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=104.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 232.8 GB) (Disk ID: 43EF44D0)
Partition 1: (Active) - (Size=128 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=104.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:23 AM

Posted 09 March 2015 - 09:45 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

I suggest you remove this using the Add/Remove programs.
uTorrent quietly installs a cryptocurrency miner on users' computers
http://www.pcworld.com/article/2893982/utorrent-quietly-installs-a-cryptocurrency-miner-on-users-computers.html
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CloseProcesses:

HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKU\S-1-5-21-329068152-688789844-839522115-500\...\RunOnce: [SpybotDeletingB6242] => command.com /c del "C:\Documents and Settings\All Users\Start Menu\Programs\WinClear\Uninstall WinClear .lnk"
HKU\S-1-5-21-329068152-688789844-839522115-500\...\RunOnce: [SpybotDeletingD5559] => cmd.exe /c del "C:\Documents and Settings\All Users\Start Menu\Programs\WinClear\Uninstall WinClear .lnk"
HKU\S-1-5-21-329068152-688789844-839522115-500\...\RunOnce: [SpybotDeletingB1819] => command.com /c del "C:\Documents and Settings\All Users\Start Menu\Programs\WinClear\WinClear .lnk"
HKU\S-1-5-21-329068152-688789844-839522115-500\...\RunOnce: [SpybotDeletingD3887] => cmd.exe /c del "C:\Documents and Settings\All Users\Start Menu\Programs\WinClear\WinClear .lnk"
HKU\S-1-5-21-329068152-688789844-839522115-500\...\RunOnce: [SpybotDeletingD4606] => cmd.exe /c del "C:\Program Files\WinClear\PluginList.xml"
HKU\S-1-5-21-329068152-688789844-839522115-500\...\RunOnce: [SpybotDeletingB9438] => command.com /c del "C:\Program Files\WinClear\SpotList.xml"
HKU\S-1-5-21-329068152-688789844-839522115-500\...\RunOnce: [SpybotDeletingD1988] => cmd.exe /c del "C:\Program Files\WinClear\SpotList.xml"
HKU\S-1-5-21-329068152-688789844-839522115-500\...\RunOnce: [SpybotDeletingB4792] => command.com /c del "C:\Program Files\WinClear\WinClear.exe"
HKU\S-1-5-21-329068152-688789844-839522115-500\...\RunOnce: [SpybotDeletingD6092] => cmd.exe /c del "C:\Program Files\WinClear\WinClear.exe"
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-329068152-688789844-839522115-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
URLSearchHook: [S-1-5-21-329068152-688789844-839522115-1004] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: HKU\S-1-5-21-329068152-688789844-839522115-1004 - (No Name) - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} -  No File
URLSearchHook: [S-1-5-21-329068152-688789844-839522115-500] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM -> DefaultScope value is missing.
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
FF DefaultSearchEngine: Binkiland
FF SearchPlugin: C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\j7s5h6jz.default\searchplugins\binkiland.xml
FF Extension: SaaverPrOi - C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\j7s5h6jz.default\Extensions\xxfRBT@U.edu [2015-03-04]
CHR StartupUrls: Default -> "hxxp://binkiland.com/?f=7&a=bnk_ir_15_07&cd=2XzuyEtN2Y1L1QzutDtD0CtD0AzzyB0E0ByCyCtDtDyCyByBtN0D0Tzu0StCtCtAyBtN1L2XzutAtFzztFtDtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyBtAyC0EyCyByDzytGyBtBzzyEtG0BtD0EzztG0E0EyByCtGyDzy0C0Bzy0FtDyB0E0EyBtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzy0EyB0B0C0A0EtG0CtB0CzztGyEtBtAtAtG0ByD0AyBtGtCtA0D0A0FtCyC0BtByCyBtB2Q&cr=1612777799&ir=",
CHR DefaultSearchKeyword: Default -> binkiland.com
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path Or update_url value
S3 idsvc; "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [X]
S4 hpt3xx; No ImagePath
S3 ManyCam; system32\DRIVERS\ManyCam.sys [X]
U3 TlntSvr; No ImagePath
U3 mbr; \??\C:\DOCUME~1\Ken\LOCALS~1\Temp\mbr.sys [X]
Task: C:\WINDOWS\Tasks\At1.job => C:\DOCUME~1\Ken\APPLIC~1\BINKIL~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
AlternateDataStreams: C:\WINDOWS\$NtUninstallKB24270$:SummaryInformation
AlternateDataStreams: C:\WINDOWS\$NtUninstallKB41265$:SummaryInformation
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE
C:\Documents and Settings\Ken\Local Settings\temp\0004.exe
C:\Documents and Settings\Ken\Local Settings\temp\aae.exe
C:\Documents and Settings\Ken\Local Settings\temp\BNKStubSetup.exe
C:\Documents and Settings\Ken\Local Settings\temp\jre-8u31-windows-au.exe
C:\Documents and Settings\Ken\Local Settings\temp\KMP_3.9.1.132.exe
C:\Documents and Settings\Ken\Local Settings\temp\optprosetup.exe
C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\j7s5h6jz.default\searchplugins\binkiland.xml
C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\j7s5h6jz.default\Extensions\xxfRBT@U.edu

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

How is the computer running now?

#7 pigfoot

pigfoot
  • Topic Starter

  • Members
  • 184 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:MIAMI, FLORIDA, USA
  • Local time:06:23 AM

Posted 14 March 2015 - 10:48 PM

I can not find Utorrent on my computer.  Did you see I have it installed ?  I was working on trying to delete the Savepro malware a couple days before you answered my topic.  I'm not sure if I deleted it all and all its contents but it did stop popping up the savepro junk.  But I did all you said here also.  Also the Adwcleaner  deleted some Yahoo AU service...was this ok?

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by Ken at 2015-03-14 22:22:51 Run:1
Running from C:\Documents and Settings\Ken\My Documents\emoticons
Loaded Profiles: Ken (Available profiles: Ken & Administrator)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start

CloseProcesses:

HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKU\S-1-5-21-329068152-688789844-839522115-500\...\RunOnce: [SpybotDeletingB6242] => command.com /c del "C:\Documents and Settings\All Users\Start Menu\Programs\WinClear\Uninstall WinClear .lnk"
HKU\S-1-5-21-329068152-688789844-839522115-500\...\RunOnce: [SpybotDeletingD5559] => cmd.exe /c del "C:\Documents and Settings\All Users\Start Menu\Programs\WinClear\Uninstall WinClear .lnk"
HKU\S-1-5-21-329068152-688789844-839522115-500\...\RunOnce: [SpybotDeletingB1819] => command.com /c del "C:\Documents and Settings\All Users\Start Menu\Programs\WinClear\WinClear .lnk"
HKU\S-1-5-21-329068152-688789844-839522115-500\...\RunOnce: [SpybotDeletingD3887] => cmd.exe /c del "C:\Documents and Settings\All Users\Start Menu\Programs\WinClear\WinClear .lnk"
HKU\S-1-5-21-329068152-688789844-839522115-500\...\RunOnce: [SpybotDeletingD4606] => cmd.exe /c del "C:\Program Files\WinClear\PluginList.xml"
HKU\S-1-5-21-329068152-688789844-839522115-500\...\RunOnce: [SpybotDeletingB9438] => command.com /c del "C:\Program Files\WinClear\SpotList.xml"
HKU\S-1-5-21-329068152-688789844-839522115-500\...\RunOnce: [SpybotDeletingD1988] => cmd.exe /c del "C:\Program Files\WinClear\SpotList.xml"
HKU\S-1-5-21-329068152-688789844-839522115-500\...\RunOnce: [SpybotDeletingB4792] => command.com /c del "C:\Program Files\WinClear\WinClear.exe"
HKU\S-1-5-21-329068152-688789844-839522115-500\...\RunOnce: [SpybotDeletingD6092] => cmd.exe /c del "C:\Program Files\WinClear\WinClear.exe"
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-329068152-688789844-839522115-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
URLSearchHook: [S-1-5-21-329068152-688789844-839522115-1004] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: HKU\S-1-5-21-329068152-688789844-839522115-1004 - (No Name) - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} -  No File
URLSearchHook: [S-1-5-21-329068152-688789844-839522115-500] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM -> DefaultScope value is missing.
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
FF DefaultSearchEngine: Binkiland
FF SearchPlugin: C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\j7s5h6jz.default\searchplugins\binkiland.xml
FF Extension: SaaverPrOi - C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\j7s5h6jz.default\Extensions\xxfRBT@U.edu [2015-03-04]
CHR StartupUrls: Default -> "hxxp://binkiland.com/?f=7&a=bnk_ir_15_07&cd=2XzuyEtN2Y1L1QzutDtD0CtD0AzzyB0E0ByCyCtDtDyCyByBtN0D0Tzu0StCtCtAyBtN1L2XzutAtFzztFtDtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyBtAyC0EyCyByDzytGyBtBzzyEtG0BtD0EzztG0E0EyByCtGyDzy0C0Bzy0FtDyB0E0EyBtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzy0EyB0B0C0A0EtG0CtB0CzztGyEtBtAtAtG0ByD0AyBtGtCtA0D0A0FtCyC0BtByCyBtB2Q&cr=1612777799&ir=",
CHR DefaultSearchKeyword: Default -> binkiland.com
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path Or update_url value
S3 idsvc; "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [X]
S4 hpt3xx; No ImagePath
S3 ManyCam; system32\DRIVERS\ManyCam.sys [X]
U3 TlntSvr; No ImagePath
U3 mbr; \??\C:\DOCUME~1\Ken\LOCALS~1\Temp\mbr.sys [X]
Task: C:\WINDOWS\Tasks\At1.job => C:\DOCUME~1\Ken\APPLIC~1\BINKIL~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
AlternateDataStreams: C:\WINDOWS\$NtUninstallKB24270$:SummaryInformation
AlternateDataStreams: C:\WINDOWS\$NtUninstallKB41265$:SummaryInformation
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE
C:\Documents and Settings\Ken\Local Settings\temp\0004.exe
C:\Documents and Settings\Ken\Local Settings\temp\aae.exe
C:\Documents and Settings\Ken\Local Settings\temp\BNKStubSetup.exe
C:\Documents and Settings\Ken\Local Settings\temp\jre-8u31-windows-au.exe
C:\Documents and Settings\Ken\Local Settings\temp\KMP_3.9.1.132.exe
C:\Documents and Settings\Ken\Local Settings\temp\optprosetup.exe
C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\j7s5h6jz.default\searchplugins\binkiland.xml
C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\j7s5h6jz.default\Extensions\xxfRBT@U.edu

End
*****************

Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck => value deleted successfully.
HKU\S-1-5-21-329068152-688789844-839522115-500\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB6242 => Value not found.
HKU\S-1-5-21-329068152-688789844-839522115-500\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD5559 => Value not found.
HKU\S-1-5-21-329068152-688789844-839522115-500\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB1819 => Value not found.
HKU\S-1-5-21-329068152-688789844-839522115-500\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD3887 => Value not found.
HKU\S-1-5-21-329068152-688789844-839522115-500\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD4606 => Value not found.
HKU\S-1-5-21-329068152-688789844-839522115-500\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB9438 => Value not found.
HKU\S-1-5-21-329068152-688789844-839522115-500\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD1988 => Value not found.
HKU\S-1-5-21-329068152-688789844-839522115-500\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB4792 => Value not found.
HKU\S-1-5-21-329068152-688789844-839522115-500\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD6092 => Value not found.
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-329068152-688789844-839522115-1004\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
Error setting Default URLSearchHook.
HKU\S-1-5-21-329068152-688789844-839522115-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} => value deleted successfully.
Error setting Default URLSearchHook.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKCR\PROTOCOLS\Handler\livecall" => Key deleted successfully.
HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => Key not found.
"HKCR\PROTOCOLS\Handler\msnim" => Key deleted successfully.
HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => Key not found.
Firefox DefaultSearchEngine deleted successfully.
"FF SearchPlugin: C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\j7s5h6jz.default\searchplugins\binkiland.xml" => not found.
C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\j7s5h6jz.default\Extensions\xxfRBT@U.edu => not found.
Chrome StartupUrls deleted successfully.
Chrome DefaultSearchKeyword not detected.
"HKLM\SOFTWARE\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk" => Key deleted successfully.
idsvc => Service deleted successfully.
hpt3xx => Service deleted successfully.
ManyCam => Service deleted successfully.
TlntSvr => Service deleted successfully.
mbr => Service not found.
C:\WINDOWS\Tasks\At1.job => Moved successfully.
C:\WINDOWS\$NtUninstallKB24270$ => ":SummaryInformation" ADS removed successfully.
C:\WINDOWS\$NtUninstallKB41265$ => ":SummaryInformation" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":8CE646EE" ADS removed successfully.
"C:\Documents and Settings\Ken\Local Settings\temp\0004.exe" => File/Directory not found.
"C:\Documents and Settings\Ken\Local Settings\temp\aae.exe" => File/Directory not found.
"C:\Documents and Settings\Ken\Local Settings\temp\BNKStubSetup.exe" => File/Directory not found.
"C:\Documents and Settings\Ken\Local Settings\temp\jre-8u31-windows-au.exe" => File/Directory not found.
"C:\Documents and Settings\Ken\Local Settings\temp\KMP_3.9.1.132.exe" => File/Directory not found.
"C:\Documents and Settings\Ken\Local Settings\temp\optprosetup.exe" => File/Directory not found.
C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\j7s5h6jz.default\searchplugins\binkiland.xml => Moved successfully.
"C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\j7s5h6jz.default\Extensions\xxfRBT@U.edu" => File/Directory not found.


The system needed a reboot.

==== End of Fixlog 22:22:52 ====

 

 

# AdwCleaner v4.112 - Logfile created 14/03/2015 at 22:38:54
# Updated 09/03/2015 by Xplode
# Database : 2015-03-05.1 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Ken - KEN-RW9IJ6PKV6S
# Running from : C:\Documents and Settings\Ken\My Documents\emoticons\adwcleaner_4.112.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : YahooAUService

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\b47c311700000fda
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\FLV Player
Folder Deleted : C:\Program Files\topdeal
Folder Deleted : C:\Program Files\Check Point Software Technologies LTD
Folder Deleted : C:\Program Files\FLV Player
Folder Deleted : C:\Program Files\WSE_Binkiland
Folder Deleted : C:\Program Files\IntelliTerm_1.10.0.8
Folder Deleted : C:\Program Files\SaaverPrOi
Folder Deleted : C:\Program Files\SaverPrio
Folder Deleted : C:\Documents and Settings\Ken\Application Data\HPAppData
Folder Deleted : C:\Documents and Settings\Ken\Application Data\Binkiland
Folder Deleted : C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\j7s5h6jz.default\Extensions\vb@yandex.ru
Folder Deleted : C:\Documents and Settings\Ken\Local Settings\Application Data\Chromium\User Data\Default\Extensions\nkcpopggjcjkiicpenikeogioednjeac

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{91397D20-1446-11D4-8AF4-0040CA1127B6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{91397D20-1446-11D4-8AF4-0040CA1127B6}
Key Deleted : HKCU\Software\Softonic

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl []

-\\ Mozilla Firefox v36.0.1 (x86 en-US)

[etfywvr3.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://binkiland.com/?f=1&a=bnk_ir_15_07&cd=2XzuyEtN2Y1L1QzutDtD0CtD0AzzyB0E0ByCyCtDtDyCyByBtN0D0Tzu0StCtCtAyBtN1L2XzutAtFzztFtDtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1[...]

-\\ Google Chrome v41.0.2272.89

[C:\Documents and Settings\Ken\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Documents and Settings\Ken\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Documents and Settings\Ken\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_07&cd=2XzuyEtN2Y1L1QzutDtD0CtD0AzzyB0E0ByCyCtDtDyCyByBtN0D0Tzu0StCtCtAyBtN1L2XzutAtFzztFtDtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyBtAyC0EyCyByDzytGyBtBzzyEtG0BtD0EzztG0E0EyByCtGyDzy0C0Bzy0FtDyB0E0EyBtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzy0EyB0B0C0A0EtG0CtB0CzztGyEtBtAtAtG0ByD0AyBtGtCtA0D0A0FtCyC0BtByCyBtB2Q&cr=1612777799&ir=

-\\ Chromium v

[C:\Documents and Settings\Ken\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Documents and Settings\Ken\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Documents and Settings\Ken\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_07&cd=2XzuyEtN2Y1L1QzutDtD0CtD0AzzyB0E0ByCyCtDtDyCyByBtN0D0Tzu0StCtCtAyBtN1L2XzutAtFzztFtDtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyBtAyC0EyCyByDzytGyBtBzzyEtG0BtD0EzztG0E0EyByCtGyDzy0C0Bzy0FtDyB0E0EyBtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzy0EyB0B0C0A0EtG0CtB0CzztGyEtBtAtAtG0ByD0AyBtGtCtA0D0A0FtCyC0BtByCyBtB2Q&cr=1612777799&ir=

-\\ Comodo Dragon v

[C:\Documents and Settings\Ken\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Documents and Settings\Ken\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Documents and Settings\Ken\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_07&cd=2XzuyEtN2Y1L1QzutDtD0CtD0AzzyB0E0ByCyCtDtDyCyByBtN0D0Tzu0StCtCtAyBtN1L2XzutAtFzztFtDtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyBtAyC0EyCyByDzytGyBtBzzyEtG0BtD0EzztG0E0EyByCtGyDzy0C0Bzy0FtDyB0E0EyBtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzy0EyB0B0C0A0EtG0CtB0CzztGyEtBtAtAtG0ByD0AyBtGtCtA0D0A0FtCyC0BtByCyBtB2Q&cr=1612777799&ir=

*************************

AdwCleaner[R0].txt - [2371 bytes] - [09/01/2014 18:53:02]
AdwCleaner[R1].txt - [1890 bytes] - [14/03/2014 04:34:21]
AdwCleaner[R2].txt - [3778 bytes] - [14/03/2015 22:31:20]
AdwCleaner[S0].txt - [2472 bytes] - [09/01/2014 18:55:01]
AdwCleaner[S1].txt - [1838 bytes] - [14/03/2014 04:38:30]
AdwCleaner[S2].txt - [5467 bytes] - [14/03/2015 22:38:54]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [5526  bytes] ##########
 



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:23 AM

Posted 15 March 2015 - 07:43 AM


If uTorrent is nowhere to be found forget about it.
===

Also the Adwcleaner deleted some Yahoo AU service...was this ok?


It's not really required. If you want it back run the AdwCleaner tool and de-quarantine it.

===

How is the computer running now?

#9 pigfoot

pigfoot
  • Topic Starter

  • Members
  • 184 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:MIAMI, FLORIDA, USA
  • Local time:06:23 AM

Posted 19 March 2015 - 11:58 AM

It is running a little better now but still I notice the browsers take a long time to load and sometimes freezes.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:23 AM

Posted 19 March 2015 - 01:14 PM

Try this.

Restore your Windows 7 to the Last good configuration
Follow the instructions on this page.

http://windows.microsoft.com/en-ca/windows/using-last-known-good-configuration#1TC=windows-7
<<<>>>

#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:23 AM

Posted 25 March 2015 - 08:13 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#12 pigfoot

pigfoot
  • Topic Starter

  • Members
  • 184 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:MIAMI, FLORIDA, USA
  • Local time:06:23 AM

Posted 29 March 2015 - 12:53 AM

Try this.

Restore your Windows 7 to the Last good configuration
Follow the instructions on this page.

http://windows.microsoft.com/en-ca/windows/using-last-known-good-configuration#1TC=windows-7
<<<>>>

 

 

I have windows  xp, not  7.



#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:23 AM

Posted 29 March 2015 - 08:35 AM

Sorry about that.

Click the StartBtn.gif button. In the Search box, type Command Prompt, and then, in the list of results, double-click Command Prompt.

at the cursor type:
ipconfig /flushdns <-- (A space between g and / is needed)

ipconfig /release

repeat with
ipconfig /renew

Then hit Enter, type Exit, hit the Enter key.

You may need to run CMD - Command Prompt on Vista - Windows 7/8 with Elevated Privilege
http://www.bleepingcomputer.com/tutorials/windows-elevated-command-prompt/
<<<>>>

Reset the browsers that you use.

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
====

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F
===

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.

===

#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:23 AM

Posted 03 April 2015 - 07:38 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:23 AM

Posted 09 April 2015 - 08:13 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users