Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

computer very slow freezing up constantly see many adchoices


  • This topic is locked This topic is locked
22 replies to this topic

#1 pigfoot

pigfoot

  • Members
  • 184 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:MIAMI, FLORIDA, USA
  • Local time:04:10 AM

Posted 24 January 2018 - 09:13 PM

I have this computer and it is running very slow lately and freezing up when going to  many webpages no matter what browser I am using.  Also when I try to go to certain LOCAL DISKS   like  "D"  or  "E"  the computer just freezes up and I have to shut it down manually. Also when  I try to shut down the computer normally  it logs off  but windows  will not  shut down on its  own.  I have to do it manually.  I tried to shut it down normally in  safe mode and it does  log off on its  own  but  it still takes a long time.  I am seeing a lot of strange things happening  and  am  concerned its a bad  virus or malware.  .

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21.01.2018
Ran by Ken (administrator) on KEN-RW9IJ6PKV6S (24-01-2018 20:00:38)
Running from C:\Documents and Settings\Ken\My Documents\allison-angel
Loaded Profiles: Ken (Available Profiles: Ken & Administrator)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Creative Technology Ltd.) C:\WINDOWS\system32\devldr32.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apache Software Foundation) C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
(Apache Software Foundation) C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Skype Technologies) C:\Program Files\Skype\Updater\Updater.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-09-03] (SUPERAntiSpyware.com)
HKU\S-1-5-21-329068152-688789844-839522115-1004\...\Policies\Explorer: []
HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_18_0_0_232_pepper.exe [1156296 2015-09-08] (Adobe Systems Incorporated)
HKLM\...\Providers\2a4159f: C:\DOCUME~1\Ken\LOCALS~1\Temp\1C0.tmp
HKLM\...\Providers\4b21d9: C:\DOCUME~1\Ken\LOCALS~1\Temp\E.tmp
HKLM\...\Providers\f16eb3: C:\DOCUME~1\Ken\LOCALS~1\Temp\16.tmp
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [77824 2008-05-13] (SuperAdBlocker.com)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [.DEFAULT] => http=127.0.0.1:27811
AutoConfigURL: [.DEFAULT] => http=127.0.0.1:27811
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{68765F38-9C7B-45C6-9CFD-DA5B86395864}: [DhcpNameServer] 10.0.0.1

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-329068152-688789844-839522115-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-329068152-688789844-839522115-1004 -> Moikrug URL = hxxp://moikrug.ru/persons/?clid=48578&charset=utf-8&keywords={searchTerms}&submitted=1
SearchScopes: HKU\S-1-5-21-329068152-688789844-839522115-1004 -> Yandex URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie8
SearchScopes: HKU\S-1-5-21-329068152-688789844-839522115-1004 -> {0B4E655B-C124-4B66-939A-CE98A637404F} URL = hxxp://www.flickr.com/search/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-329068152-688789844-839522115-1004 -> {5F0969D7-3FDA-4B3D-A865-2C1562A2F2BA} URL = hxxp://delicious.com/search?p={searchTerms}
SearchScopes: HKU\S-1-5-21-329068152-688789844-839522115-1004 -> {D3C0278A-5D7E-495C-96AF-A232818368CB} URL = hxxp://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2008-10-16] (Hewlett-Packard Co.)
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll [2013-02-05] (McAfee, Inc.)
BHO: Pop-up Blocker -> {52706EF7-D7A2-49AD-A615-E903858CF284} -> C:\Program Files\NetZero\qsacc\X1IEBHO.dll [2009-07-09] (NetZero, Inc.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2017-11-17] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-11-17] (Oracle Corporation)
BHO: NetZero Toolbar Helper -> {FE3098B0-04A3-41fd-8CA9-BEA39CB14C87} -> C:\Program Files\NetZero\ucreg.dll [2010-06-30] (NetZero, Inc.)
BHO: Juno Toolbar Helper -> {FE3098B1-04A3-41fd-8CA9-BEA39CB14C87} -> C:\Program Files\Juno\ucreg.dll [2012-04-26] (Juno, Inc.)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008-10-16] (Hewlett-Packard Co.)
Toolbar: HKLM - ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll [2010-06-30] (NetZero, Inc.)
Toolbar: HKLM - JunoBar - {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - C:\Program Files\Juno\Toolbar.dll [2012-04-26] (Juno, Inc.)
Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll [2008-04-13] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\j7s5h6jz.default [2018-01-20]
FF NetworkProxy: C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\j7s5h6jz.default -> backup.ftp", "120.234.46.114"
FF Extension: (FoxyProxy Standard) - C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\j7s5h6jz.default\Extensions\foxyproxy@eric.h.jung [2017-02-11] [Legacy]
FF Extension: (YouTube Center) - C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\j7s5h6jz.default\Extensions\jid1-cwbvBTE216jjpg@jetpack.xpi [2016-04-27] [Legacy]
FF Extension: (Adblock Plus) - C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\j7s5h6jz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-01-10]
FF Extension: (Greasemonkey) - C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\j7s5h6jz.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2018-01-20]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff => not found
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-01-08] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF Extension: (HP Smart Web Printing) - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2015-03-24] [Legacy] [not signed]
FF HKU\S-1-5-21-329068152-688789844-839522115-1004\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_28_0_0_137.dll [2018-01-10] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2015-06-29] (DivX, LLC)
FF Plugin: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-11-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-11-17] (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll [2013-02-05] (McAfee, Inc.)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2008-11-05] (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR Profile: C:\Documents and Settings\Ken\Local Settings\Application Data\Google\Chrome\User Data\Default [2018-01-24]
CHR Extension: (Adblock Plus) - C:\Documents and Settings\Ken\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-11-26]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Ken\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-28]
CHR crx: C:\Program Files\Google\Chrome\Application\46.0.2490.86\default_apps\search.crx [2015-11-06]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apache2.2; C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe [24645 2009-09-28] (Apache Software Foundation) [File not signed]
S4 gupdate1ca13184601dd2; C:\Program Files\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2008-10-16] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [135168 2008-10-16] (Hewlett-Packard Co.) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [270336 2001-02-23] (Microsoft Corporation) [File not signed]
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S2 Apple Mobile Device; "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [X]
S3 WsDrvInst; "C:\Program Files\Wondershare\MobileGo\DriverInstall.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 0502E87E; C:\WINDOWS\System32\drivers\0502E87E.sys [153784 2015-09-14] (Kaspersky Lab ZAO)
R3 basic2; C:\WINDOWS\System32\DRIVERS\basic2.sys [77426 2001-09-07] (Conexant Systems)
S3 bvrp_pci; C:\WINDOWS\system32\Drivers\bvrp_pci.sys [4272 2001-06-20] () [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R3 ctljystk; C:\WINDOWS\System32\DRIVERS\ctljystk.sys [3712 2001-08-17] (Creative Technology Ltd.)
R3 emu10k; C:\WINDOWS\System32\drivers\emu10k1f.sys [777088 2001-09-13] (Creative Technology Ltd.)
R3 emu10k1; C:\WINDOWS\System32\drivers\ctlface.sys [6912 2001-07-11] (Creative Technology Ltd.)
R3 Eplpdx02; C:\WINDOWS\system32\Drivers\EPLPDX02.SYS [70084 2001-08-09] (MK Systems CO., LTD.) [File not signed]
R1 epp32; C:\EEK\bin\epp32.sys [112408 2015-09-15] (Emsisoft GmbH)
R2 Fallback; C:\WINDOWS\System32\DRIVERS\fallback.sys [310899 2001-09-07] (Conexant Systems)
R2 Fsks; C:\WINDOWS\System32\DRIVERS\fsksnt.sys [127405 2001-09-07] (Conexant Systems)
R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2008-10-13] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2008-10-13] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2008-10-13] (HP)
S3 HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFBS2S2.sys [220032 2004-08-03] (Conexant Systems, Inc.)
S3 HSF_DP; C:\WINDOWS\System32\DRIVERS\HSFDPSP2.sys [1041536 2004-08-03] (Conexant Systems, Inc.)
S3 hsf_msft; C:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys [542879 2001-08-17] (Conexant)
R2 K56; C:\WINDOWS\System32\DRIVERS\k56nt.sys [426783 2001-09-07] (Conexant Systems)
S3 LVBulk; C:\WINDOWS\System32\DRIVERS\LVBulk.sys [10261 2002-02-01] (Logitech Inc.)
S3 mferkdk; C:\WINDOWS\System32\drivers\mferkdk.sys [34248 2010-02-17] (McAfee, Inc.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R1 OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [13632 2001-08-22] (Dell Computer Corporation) [File not signed]
R2 PfModNT; C:\WINDOWS\system32\PfModNT.sys [6752 1999-12-17] (Creative Technology Ltd.) [File not signed]
S3 PID_0900_V; C:\WINDOWS\System32\DRIVERS\LV551AV.sys [220055 2002-02-01] (Logitech Inc.)
R3 Rksample; C:\WINDOWS\System32\DRIVERS\rksample.sys [67654 2001-09-07] (Conexant Systems)
R3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12872 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67656 2010-05-10] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 sfman; C:\WINDOWS\System32\drivers\sfman.sys [36992 2001-08-31] (Creative Technology Ltd.)
R2 SoftFax; C:\WINDOWS\System32\DRIVERS\faxnt.sys [217019 2001-09-07] (Conexant Systems)
R2 SpeakerPhone; C:\WINDOWS\System32\DRIVERS\spkpnt.sys [80449 2001-09-07] (Conexant Systems)
R2 Tones; C:\WINDOWS\System32\DRIVERS\tonesnt.sys [56607 2001-09-07] (Conexant Systems)
S3 usbbus; C:\WINDOWS\System32\DRIVERS\lgusbbus.sys [13056 2014-11-17] (LG Electronics Inc.)
S3 UsbDiag; C:\WINDOWS\System32\DRIVERS\lgusbdiag.sys [22016 2014-11-21] (LG Electronics Inc.)
S3 USBModem; C:\WINDOWS\System32\DRIVERS\lgusbmodem.sys [25216 2014-11-17] (LG Electronics Inc.)
R2 V124; C:\WINDOWS\System32\DRIVERS\v124nt.sys [534125 2001-09-07] (Conexant Systems)
S3 vulfnths; C:\WINDOWS\System32\Drivers\vulfnth.sys [6912 2003-08-04] (VIA Technologies, Inc.) [File not signed]
R3 vulfntrs; C:\WINDOWS\System32\Drivers\vulfntr.sys [11392 2003-08-04] (VIA Technologies, Inc.) [File not signed]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S2 StarOpen; no ImagePath
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-23 02:42 - 2018-01-23 02:42 - 000000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2018-01-15 03:42 - 2018-01-24 05:21 - 000032572 _____ C:\WINDOWS\SchedLgU.Txt
2018-01-15 02:46 - 2018-01-24 05:26 - 000219162 _____ C:\WINDOWS\ntbtlog.txt
2018-01-10 02:13 - 2018-01-10 02:13 - 000000000 ____D C:\Documents and Settings\Ken\My Documents\BREAD MACHINE
2018-01-09 12:06 - 2018-01-09 12:15 - 000151328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2018-01-07 19:55 - 2018-01-07 19:55 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\MB2Migration
2018-01-01 15:36 - 2018-01-01 15:37 - 000002090 _____ C:\TDSSKiller.2.8.6.0_01.01.2018_15.36.23_log.txt
2017-12-30 03:23 - 2018-01-24 19:58 - 000000276 ____H C:\WINDOWS\Tasks\CCleaner Update.job

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-24 20:01 - 2011-12-06 21:50 - 000000000 ____D C:\Documents and Settings\Ken\Local Settings\temp
2018-01-24 20:00 - 2014-03-14 03:54 - 000000000 ____D C:\FRST
2018-01-24 19:58 - 2015-09-08 03:26 - 000000418 _____ C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1441704404.job
2018-01-24 19:58 - 2013-01-17 23:21 - 000000296 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-329068152-688789844-839522115-1004.job
2018-01-24 19:58 - 2013-01-17 23:05 - 000000274 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-329068152-688789844-839522115-1004.job
2018-01-24 19:58 - 2010-03-27 19:21 - 000000274 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-329068152-688789844-839522115-1004.job
2018-01-24 19:58 - 2009-08-01 20:34 - 000000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2018-01-24 19:58 - 2008-10-13 22:49 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-01-24 19:44 - 2011-10-08 21:52 - 000000000 ____D C:\Documents and Settings\Ken\My Documents\allison-angel
2018-01-24 19:41 - 2008-10-14 00:52 - 000036864 _____ C:\Documents and Settings\Ken\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-01-24 19:36 - 2009-08-01 20:34 - 000000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2018-01-24 05:56 - 2010-03-03 00:55 - 000000000 ____D C:\Documents and Settings\Ken\Application Data\vlc
2018-01-24 05:45 - 2008-10-13 22:58 - 000000178 ___SH C:\Documents and Settings\Ken\ntuser.ini
2018-01-24 05:43 - 2009-07-29 22:28 - 000001324 _____ C:\WINDOWS\system32\d3d9caps.dat
2018-01-24 05:24 - 2010-12-14 02:34 - 000000069 _____ C:\WINDOWS\NeroDigital.ini
2018-01-24 04:52 - 2011-12-29 23:41 - 000000000 ____D C:\Documents and Settings\Ken\My Documents\camvis-dec
2018-01-23 03:25 - 2010-01-24 22:32 - 000000178 __SHC C:\Documents and Settings\Administrator\ntuser.ini
2018-01-23 02:42 - 2011-12-06 21:50 - 000000000 ____D C:\Documents and Settings\Administrator\Local Settings\temp
2018-01-23 02:29 - 2015-01-26 04:31 - 000000000 ____D C:\KMPlayer
2018-01-23 01:44 - 2001-08-18 06:00 - 000002206 _____ C:\WINDOWS\system32\wpa.dbl
2018-01-21 19:17 - 2015-02-07 00:20 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2018-01-20 04:58 - 2015-09-08 03:33 - 000000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2018-01-20 04:54 - 2008-10-14 00:53 - 000000000 ____D C:\Documents and Settings\Ken\My Documents\passwordss
2018-01-20 04:49 - 2017-11-26 02:28 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-01-15 05:17 - 2008-10-13 17:40 - 000000000 ____D C:\Documents and Settings
2018-01-14 21:58 - 2011-05-22 20:13 - 000000000 ____D C:\Program Files\Opera
2018-01-10 02:10 - 2014-08-20 04:12 - 000000000 ____D C:\Documents and Settings\Ken\Local Settings\Application Data\Adobe
2018-01-10 02:10 - 2012-04-04 21:12 - 000803328 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2018-01-10 02:10 - 2011-05-23 18:17 - 000144896 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2018-01-10 02:10 - 2008-10-13 22:48 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-01-09 23:11 - 2012-02-25 01:59 - 000000000 ____D C:\Documents and Settings\Ken\My Documents\cindy
2018-01-09 23:11 - 2008-10-13 22:58 - 000000000 ____D C:\Documents and Settings\Ken
2018-01-09 12:17 - 2012-09-16 23:59 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2017-12-30 03:23 - 2016-02-29 01:44 - 000000682 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2017-12-30 03:23 - 2016-02-29 01:44 - 000000000 ____D C:\Program Files\CCleaner

==================== Files in the root of some directories =======

2013-12-14 02:10 - 2013-12-14 02:10 - 050053120 ____C () C:\Program Files\GUT159.tmp
2013-12-14 02:17 - 2013-12-14 02:17 - 050053120 ____C () C:\Program Files\GUT168.tmp
2010-10-19 23:19 - 2010-10-19 23:19 - 000000186 ____C () C:\Documents and Settings\Ken\Application Data\16003.bat
2010-10-19 23:21 - 2010-10-19 23:21 - 000000186 ____C () C:\Documents and Settings\Ken\Application Data\33619.bat
2012-02-15 01:06 - 2012-02-15 01:07 - 000000026 ____C () C:\Documents and Settings\Ken\Application Data\ClockTraySkins.ini
2012-03-15 03:37 - 2012-03-15 03:38 - 000000859 ____C () C:\Documents and Settings\Ken\Application Data\coreavc.ini
2012-02-15 01:02 - 2012-02-15 01:54 - 000000549 ____C () C:\Documents and Settings\Ken\Application Data\FreeDesktopClock.ini
2013-05-19 13:25 - 2013-05-19 13:25 - 000000068 ____C () C:\Documents and Settings\Ken\Application Data\mbam.context.scan
2011-07-26 21:16 - 2011-01-04 09:26 - 000076407 ____C () C:\Documents and Settings\Ken\Application Data\Smiley.ico
2008-10-14 00:52 - 2018-01-24 19:41 - 000036864 _____ () C:\Documents and Settings\Ken\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-10-09 00:12 - 2017-10-09 00:12 - 002440206 _____ () C:\Documents and Settings\Ken\Local Settings\Application Data\[j0002]-[p01].bmp
2009-11-29 21:51 - 2015-03-24 02:33 - 000030151 ____C () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2015-08-15 15:06 - 2015-08-15 15:06 - 000003785 _____ () C:\Documents and Settings\All Users\Application Data\lpm.dat

Some files in TEMP:
====================
2018-01-23 02:07 - 2018-01-23 02:07 - 001864256 _____ (Oracle Corporation) C:\Documents and Settings\Ken\Local Settings\temp\jre-8u161-windows-au.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21.01.2018
Ran by Ken (24-01-2018 20:02:46)
Running from C:\Documents and Settings\Ken\My Documents\allison-angel
Microsoft Windows XP Home Edition Service Pack 3 (X86) (2008-10-14 04:52:11)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-329068152-688789844-839522115-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-329068152-688789844-839522115-1006 - Limited - Enabled)
Guest (S-1-5-21-329068152-688789844-839522115-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-329068152-688789844-839522115-1000 - Limited - Disabled)
Ken (S-1-5-21-329068152-688789844-839522115-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Ken
SUPPORT_388945a0 (S-1-5-21-329068152-688789844-839522115-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-329068152-688789844-839522115-1004\...\uTorrent) (Version: 3.4.2.32691 - BitTorrent Inc.)
32 Bit HP CIO Components Installer (HKLM\...\{A80FA752-C491-4ED9-ABF0-4278563160B2}) (Version: 7.1.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
ACDSee (HKLM\...\ACDSee) (Version: - )
Acrobat.com (HKLM\...\{6421F085-1FAA-DE13-D02A-CFB412C522A4}) (Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.3.300.270 - Adobe Systems Incorporated)
Adobe Flash Player 18 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Adobe Illustrator CS5 (HKLM\...\{E7C95B46-4554-4F45-B4E9-3D1BFF134D64}_is1) (Version: - Adobe)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
AdsGone Spyware Blocker Popup Killer 2009 8.0.0 build 1! (HKLM\...\AdsGone Spyware Blocker Popup Killer 2009_is1) (Version: - A1Tech, Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-329068152-688789844-839522115-1004\...\Akamai) (Version: - )
AoA Audio Extractor (HKLM\...\{D1725D54-279A-40C5-A70D-23C1785DB920}_is1) (Version: - AoAMedia.com)
Apache HTTP Server 2.2.14 (HKLM\...\{85262A06-2D8C-4BC1-B6ED-5A705D09CFFC}) (Version: 2.2.14 - Apache Software Foundation)
Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{A75CA58D-DB9C-4D14-9428-E0C7B0F623DC}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ArcSoft PhotoFantasy (HKLM\...\ArcSoft PhotoFantasy) (Version: - )
Ashampoo Burning Studio 6 FREE v.6.84 (HKLM\...\{91B33C97-3ED1-03EA-A67B-244AA4D7B559}_is1) (Version: 6.8.4 - Ashampoo GmbH & Co. KG)
AVS Update Manager 1.0 (HKLM\...\AVS Update Manager_is1) (Version: - Online Media Technologies Ltd.)
AVS Video Converter 6 (HKLM\...\AVS4YOU Video Converter 6_is1) (Version: - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.3 (HKLM\...\AVS4YOU Software Navigator_is1) (Version: - Online Media Technologies Ltd.)
Bass Audio Decoder (remove only) (HKLM\...\Bass Audio Decoder) (Version: - )
Best Anonymous Browser (HKLM\...\Best Anonymous Browser_is1) (Version: - )
Blaze Media Pro (HKLM\...\{C8C8387B-A98B-44E8-807A-1A9B7F51FFDA}) (Version: 9.10 - Mystik Media) Hidden
Blaze Media Pro (HKLM\...\Blaze Media Pro) (Version: 9.10 - Mystik Media)
BufferChm (HKLM\...\{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Burn4Free CD & DVD 5.1.0.0 (HKLM\...\Burn4Free CD & DVD_is1) (Version: - Ikysasoft s.r.l. uninominale)
BusinessCards MX (HKLM\...\{0D5B5ED2-3E38-4585-B1F3-64B2A9EA95D6}_is1) (Version: 4.88 - MOJOSOFT)
CCleaner (HKLM\...\CCleaner) (Version: 5.38 - Piriform)
ClickBook 14 (HKLM\...\ClickBook_is1) (Version: 14 - Blue Squirrel)
Copy (HKLM\...\{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Corel Applications (HKLM\...\Corel Applications) (Version: - )
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version: - Microsoft Corporation)
Debut Video Capture Software (HKLM\...\Debut) (Version: 3.01 - NCH Software)
DeleteHistoryFree (HKLM\...\{620797B0-A022-4B57-A95E-DD7DD0328007}) (Version: 2.3 - MoRUN.net)
Dell ResourceCD (HKLM\...\{D78653C3-A8FF-415F-92E6-D774E634FF2D}) (Version: - )
Destination Component (HKLM\...\{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}) (Version: 110.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM\...\{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
DivX Setup (HKLM\...\DivX Setup) (Version: 2.7.0.77 - DivX, LLC)
DJ_AIO_05_F4400_Software_Min (HKLM\...\{d281ba0e-1617-4a62-bb37-b73671035e36}) (Version: 120.0.235.000 - Hewlett-Packard) Hidden
eFax Messenger Plus (HKLM\...\eFax Messenger Plus) (Version: 2.07 - eFax.com)
Elecard Codec SDK G4 Eval (HKLM\...\Elecard Codec SDK G4 1.0.1.80507 Eval) (Version: 1.0.1.80507 - Elecard)
eMule (HKLM\...\eMule) (Version: - )
Eraser 5.8.8 (HKLM\...\{B80CC46C-5839-4A48-B051-3CACF23A2718}_is1) (Version: Eraser 5.8.8 - The Eraser Project)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
F4400 (HKLM\...\{0409c45d-df44-4b98-93b0-572697aa054a}) (Version: 120.0.235.000 - Hewlett-Packard) Hidden
FFMPEG Core Files (remove only) (HKLM\...\FFMPEG Core Files) (Version: - )
File-Saver (HKLM\...\File-Saver_is1) (Version: - )
Flash Movie Player 1.5 (HKLM\...\Flash Movie Player) (Version: 1.5 - Eolsoft)
FLV Player Ver 1.00 (HKLM\...\FLV Player Ver 1.00_is1) (Version: - FLV Hosting)
Free MOV 2 AVI (HKLM\...\Free MOV 2 AVI) (Version: - Free MOV 2 AVI)
GOM Player (HKLM\...\GOM Player) (Version: 2.2.72.5234 - Gretech Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.28.15 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService2 (HKLM\...\{F648FD09-7CEA-4257-BC68-A8389189FD51}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Greeting Card Factory Photo Card Maker 2.0 (HKLM\...\{3A94053A-EC5C-4061-8121-893FD68171C6}) (Version: 2.0.0.4 - Nova Development)
Hewlett-Packard ACLM.NET v1.1.0.0 (HKLM\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
Hide My IP 5.1 (HKLM\...\HMIP50_is1) (Version: - )
Hide The IP 2009 (HKLM\...\{50897E53-4A8B-4C0C-81C0-DCFA6893C753}) (Version: 2.2.1.1 - AVSoftware) Hidden
Hide The IP 2009 (HKLM\...\Hide The IP 2009) (Version: - AVSoftware)
HP Deskjet F4400 All-In-One Driver Software 12.0 Rel .5 (HKLM\...\{0167F157-DAB9-46b0-86C4-7C66DDA85B48}) (Version: 12.0 - HP)
HP Imaging Device Functions 12.0 (HKLM\...\HP Imaging Device Functions) (Version: 12.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Product Detection (HKLM\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Smart Web Printing (HKLM\...\HP Smart Web Printing) (Version: 4.05 - HP)
HP Solution Center 12.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 12.0 - HP)
HP SwfScan (HKLM\...\{EA594B1B-9546-4833-879F-FD20BD7B2334}) (Version: 1.0.71.2 - Hewlett Packard, Inc.)
HP Update (HKLM\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPPhotoSmartDiscLabelContent1 (HKLM\...\{681B698F-C997-42C3-B184-B489C6CA24C9}) (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (HKLM\...\{D79113E7-274C-470B-BD46-01B10219DF6A}) (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM\...\{9D1B99B7-DAD8-440d-B4FB-1915332FBCC2}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
ICQ7.5 (HKLM\...\{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}) (Version: 7.5 - ICQ)
InfraRecorder (HKLM\...\InfraRecorder) (Version: - )
Java 8 Update 151 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
JavaFX 2.0.3 (HKLM\...\{1111706F-666A-4037-7777-203328764D10}) (Version: 2.0.3 - Oracle Corporation)
Junk Mail filter update (HKLM\...\{8E5233E1-7495-44FB-8DEB-4BE906D59619}) (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Juno Internet (HKLM\...\{a0296e52-6e9b-11d6-ace4-00105a0cf83f}) (Version: 8.9.4.0 - United Online)
KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version: 3.9.1.132 - PandoraTV)
LG VZW United Drivers (HKLM\...\{BEEBD17D-FF29-4508-8032-2D1FA66F7B77}) (Version: 2.23.1 - LG Electronics)
liteCAM (HKLM\...\{BC8373FC-142C-40B9-AB2A-DA984391A9BD}) (Version: 2.92.0000 - innoheim)
Logitech QuickCam (HKLM\...\{77E70C3C-DBB9-4C47-8663-1E1F81FEC623}) (Version: 6.00.0000 - Logitech, Inc.)
Magic M4A to MP3 Converter 3.1 (HKLM\...\Magic M4A to MP3 Converter_is1) (Version: - Magic Video,Inc)
ManyCam 2.6.43 (remove only) (HKLM\...\ManyCam) (Version: 2.6.43 - ManyCam LLC)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.0.318.3 - McAfee, Inc.)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Picture It! Photo 2002 (HKLM\...\{C769A271-7E1C-48F9-B331-474600DD4C06}) (Version: 6.0.0.0000 - Microsoft)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WinUsb 1.0 (HKLM\...\winusb0100) (Version: - Microsoft Corporation)
Microsoft Works 2002 Setup Launcher (HKLM\...\Works2002Setup) (Version: - )
Modem Helper (HKLM\...\{7F142D56-3326-11D5-B229-002078017FBF}) (Version: - )
Mozilla Firefox 52.5.3 ESR (x86 en-US) (HKLM\...\Mozilla Firefox 52.5.3 ESR (x86 en-US)) (Version: 52.5.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.5.3.6569 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB973686) (HKLM\...\{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}) (Version: 6.20.2003.0 - Microsoft Corporation)
NeoDownloader 2.6.3 (HKLM\...\{E76CDDCE-EFC0-4FE5-9972-9489CE49AA55}_is1) (Version: 2.6.3 - Neowise Software Inc.)
NeoDownloader Lite 2.4 (HKLM\...\{3CB3508A-5388-42FF-BDA6-43271D2C7F0A}_is1) (Version: - Neowise Software Inc.)
Nero 12 Full Repack (HKLM\...\NMMS12) (Version: - )
Nero 8 Essentials (HKLM\...\{8C6CB33A-AA86-446C-8C4D-304A7FA51033}) (Version: 8.10.380 - Nero AG)
NetZero Internet (HKLM\...\{6c651250-2eb2-11d5-8e33-0050dad72ac2}) (Version: 8.9.3.0 - NetZero, Inc.)
NVIDIA Display Driver (HKLM\...\NVIDIA Display Driver) (Version: - )
NVIDIA Windows 2000/XP Display Drivers (HKLM\...\NVIDIA) (Version: - )
OpenSource AVI Splitter (remove only) (HKLM\...\OpenSource AVI Splitter) (Version: - )
OpenSource Flash Video Splitter (remove only) (HKLM\...\OpenSource Flash Video Splitter) (Version: - )
Opera 11.64 (HKLM\...\Opera 11.64.1403) (Version: 11.64.1403 - Opera Software ASA)
Opera 12.18 (HKLM\...\Opera 12.18.1872) (Version: 12.18.1872 - Opera Software ASA)
Opera Stable 36.0.2130.80 (HKLM\...\Opera 36.0.2130.80) (Version: 36.0.2130.80 - Opera Software)
PhoneTools (HKLM\...\{E3436EE2-D5CB-4249-840B-3A0140CC34C1}) (Version: - )
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: - )
QuickCam Drivers (HKLM\...\QCDrivers) (Version: - )
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Scan (HKLM\...\{9CCCFD9C-248F-47FE-9496-1680E3E5C163}) (Version: 12.0.0.0 - Hewlett-Packard) Hidden
Secure-Delete 1.0 (HKLM\...\Secure-Delete_is1) (Version: 1.0 - Pub)
Segoe UI (HKLM\...\{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}) (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Skype™ 7.18 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
SmartWebPrinting (HKLM\...\{800E784D-53E3-4948-B491-9E7FA5EACBDC}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
SnagIt 6 (HKLM\...\SnagIt6) (Version: 6.1 - TechSmith Corporation)
SolutionCenter (HKLM\...\{9603DE6D-4567-4b78-B941-849322373DE2}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Sothink SWF Quicker (HKLM\...\{D3490D20-3AE0-459D-AAD6-59195140EAC2}_is1) (Version: 4.7 - SourceTec Software Co., LTD)
Sound Blaster Live! Value (HKLM\...\Sound Blaster Live! Value) (Version: - )
SPlayer (HKLM\...\SPlayer) (Version: - )
Status (HKLM\...\{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 4.44.1000 - SUPERAntiSpyware.com)
TimeLeft (HKLM\...\TIMELEFT3_is1) (Version: 3.57 - NesterSoft Inc.)
Toolbox (HKLM\...\{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
TrayApp (HKLM\...\{4D304678-738E-42a0-931A-2B022F49DEB8}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Trillian (HKLM\...\Trillian) (Version: - Cerulean Studios, LLC)
Undelete File Recovery (HKLM\...\Undelete File Recovery_is1) (Version: - )
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
VC80CRTRedist - 8.0.50727.6195 (HKLM\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
VCRedistSetup (HKLM\...\{3921A67A-5AB1-4E48-9444-C71814CF3027}) (Version: 1.0.0 - Nero AG) Hidden
Video Thumbnails Maker by Scorp (remove only) (HKLM\...\Video Thumbnails Maker) (Version: - )
VKMusic 4 (HKLM\...\VKMusic 4_is1) (Version: 4.36 - )
VLC media player 2.0.1 (HKLM\...\VLC media player) (Version: 2.0.1 - VideoLAN)
VSO Media Player 1.4.10.498 (HKLM\...\{59F1E8E6-60EC-4CC1-8C72-E0F38E585215}_is1) (Version: 1.4.10.498 - VSO Software)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.5.0.0 - Azureus Software, Inc.)
WeatherMate (HKLM\...\{5A60A4A0-3EAF-42D1-B6CA-9BD331AF8C2F}) (Version: 3.4 - Ravi Bhavnani)
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.5318 - Microsoft Corporation) Hidden
WebReg (HKLM\...\{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
Winmx Community 1 (HKLM\...\Winmx Community 1) (Version: - )
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
Works Suite OS Pack (HKLM\...\{DC19E750-988B-4005-A355-85EF66055EFE}) (Version: 1.0.0.0000 - Microsoft Corporation) Hidden
Works Synchronization (HKLM\...\{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}) (Version: 1.0.0.0000 - Your Company Name) Hidden
X-Lite 3.0 (HKLM\...\X-Lite 1.5_is1) (Version: - CounterPath Solutions Inc.)
Xvid 1.1.3 final uninstall (HKLM\...\Xvid_is1) (Version: 1.1 - Xvid team (Koepi))
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version: - )
Zoom Player (remove only) (HKLM\...\ZoomPlayer) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-329068152-688789844-839522115-1004_Classes\CLSID\{047466F1-82AE-455A-AFC4-D3AC463FBF6B}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329068152-688789844-839522115-1004_Classes\CLSID\{2614C37E-2C78-4bfb-B7A6-E49B62B9CD9B}\localserver32 -> "C:\Documents and Settings\Ken\Local Settings\Application Data\Yandex\Updater\yupdate-executor.exe" => No File
CustomCLSID: HKU\S-1-5-21-329068152-688789844-839522115-1004_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Documents and Settings\Ken\Local Settings\Application Data\Google\Update\1.3.21.165\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-329068152-688789844-839522115-1004_Classes\CLSID\{D236C998-BECE-472D-B939-541727B72AEF}\localserver32 -> "C:\Documents and Settings\Ken\Local Settings\Application Data\Yandex\Updater\yupdate-executor.exe" => No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers1: [AVS Video Converter 6] -> {6230EF55-8E71-4F40-861A-DBA282584FF5} => C:\Program Files\AVS4YOU\AVSVideoConverter6\AVSVideoConverterShExt.dll [2009-10-14] (Online Media Technologies Ltd.)
ContextMenuHandlers1: [BackupData] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\Secure-Delete\Secure-Delete.dll [2007-07-15] ()
ContextMenuHandlers1: [CopyToCD] -> {39F0FA09-4451-4477-9D23-4B9ADDEEF838} => C:\Program Files\VSO\common\CTShell.dll [2013-06-05] (VSO Software SARL)
ContextMenuHandlers1: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll [2007-11-05] (Nero AG)
ContextMenuHandlers1: [Erasext] -> {8BE13461-936F-11D1-A87D-444553540000} => C:\WINDOWS\System32\erasext.dll [2009-12-16] (-)
ContextMenuHandlers1: [jZip] -> {E677C7AD-2B66-4539-AA29-3771A1CFEDA9} => -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2008-09-16] ()
ContextMenuHandlers2: [Erasext] -> {8BE13461-936F-11D1-A87D-444553540000} => C:\WINDOWS\System32\erasext.dll [2009-12-16] (-)
ContextMenuHandlers2: [ShellPlusContextMenu] -> {1C311AAA-D8B1-4A0A-BEE5-2387FEC583DA} => C:\PROGRA~1\BURN4F~1\B4FM.dll -> No File
ContextMenuHandlers3: [ShellPlusContextMenu] -> {1C311AAA-D8B1-4A0A-BEE5-2387FEC583DA} => C:\PROGRA~1\BURN4F~1\B4FM.dll -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers4: [BackupData] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\Secure-Delete\Secure-Delete.dll [2007-07-15] ()
ContextMenuHandlers4: [CopyToCD] -> {39F0FA09-4451-4477-9D23-4B9ADDEEF838} => C:\Program Files\VSO\common\CTShell.dll [2013-06-05] (VSO Software SARL)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2008-09-16] ()
ContextMenuHandlers4: [ZPShellExt] -> {ABE00001-0123-ABED-1248-0248ADFA1909} => -> No File
ContextMenuHandlers6: [BackupData] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\Secure-Delete\Secure-Delete.dll [2007-07-15] ()
ContextMenuHandlers6: [CopyToCD] -> {39F0FA09-4451-4477-9D23-4B9ADDEEF838} => C:\Program Files\VSO\common\CTShell.dll [2013-06-05] (VSO Software SARL)
ContextMenuHandlers6: [Erasext] -> {8BE13461-936F-11D1-A87D-444553540000} => C:\WINDOWS\System32\erasext.dll [2009-12-16] (-)
ContextMenuHandlers6: [jZip] -> {E677C7AD-2B66-4539-AA29-3771A1CFEDA9} => -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2008-09-16] ()

==================== Scheduled Tasks=============================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_18_0_0_232_pepper.exe
Task: C:\WINDOWS\Tasks\AdsGone.job => C:\Program Files\AdsGone\AdsGone.exe-t C:\Program Files\AdsGone\AdsGone.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\CCleaner Update.job => C:\Program Files\CCleaner\CCUpdate.exe
Task: C:\WINDOWS\Tasks\DebutSevenDays.job => C:\Program Files\NCH Software\Debut\debut.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1441704404.job => C:\Program Files\Opera\launcher.exe
Task: C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-329068152-688789844-839522115-1004.job => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-329068152-688789844-839522115-1004.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-329068152-688789844-839522115-1004.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-329068152-688789844-839522115-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-329068152-688789844-839522115-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-329068152-688789844-839522115-1004.job => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-688789844-839522115-1004.job => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Documents and Settings\Ken\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Zoom Player\Buy or Upgrade Zoom Player.lnk -> hxxp://inmatrix.com/shop_relay/buyshortcut.shtm
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Zoom Player\Download Skins.lnk -> hxxp://skins.inmatrix.com
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Zoom Player\Video Tutorials.lnk -> hxxp://inmatrix.com/tutorial_redir.htm
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Zoom Player\Help\Forum.lnk -> hxxp://forum.inmatrix.com
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Zoom Player\Help\Frequently Asked Questions.lnk -> hxxp://www.inmatrix.com/zplayer/fa
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Zoom Player\Help\Home Page.lnk -> hxxp://www.inmatrix.com
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Zoom Player\Help\Media Setup Guide.lnk -> hxxp://www.inmatrix.com/articles/mediasetup.shtm
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Zoom Player\Help\Online Help.lnk -> hxxp://www.inmatrix.com/zplaye
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Zoom Player\Help\Usage Guides.lnk -> hxxp://www.inmatrix.com/articles.shtm
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Apache HTTP Server 2.2\Apache Online Documentation.lnk -> hxxp://httpd.apache.org/docs/2.2
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Apache HTTP Server 2.2\Help, I'm Stuck!.lnk -> hxxp://httpd.apache.org/docs/2.2/faq

ShortcutWithArgument: C:\Documents and Settings\Ken\Desktop\KMP Games.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.kmpgames.com

==================== Loaded Modules (Whitelisted) ==============


==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\0502E87E.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\0502E87E.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-329068152-688789844-839522115-1004\...\internet -> internet
IE trusted site: HKU\S-1-5-21-329068152-688789844-839522115-1004\...\mcafee.com -> hxxp://mcafee.com
IE trusted site: HKU\S-1-5-21-329068152-688789844-839522115-1004\...\mcafee.com -> hxxps://mcafee.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2011-12-04 19:15 - 2014-04-05 23:06 - 000000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-329068152-688789844-839522115-1004\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 10.0.0.1
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax.com Tray Menu.lnk => C:\WINDOWS\pss\eFax.com Tray Menu.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Status Monitor 3 Environment Check 2.lnk => C:\WINDOWS\pss\EPSON Status Monitor 3 Environment Check 2.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Live Menu.lnk => C:\WINDOWS\pss\Live Menu.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\WINDOWS\pss\McAfee Security Scan Plus.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk => C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Monitor Apache Servers.lnk => C:\WINDOWS\pss\Monitor Apache Servers.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk => C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^Ken^Start Menu^Programs^Startup^AdsGone.lnk => C:\WINDOWS\pss\AdsGone.lnkStartup
MSCONFIG\startupfolder: C:^Documents and Settings^Ken^Start Menu^Programs^Startup^Corel Print Office Registration.lnk => C:\WINDOWS\pss\Corel Print Office Registration.lnkStartup
MSCONFIG\startupfolder: C:^Documents and Settings^Ken^Start Menu^Programs^Startup^ctfmon.lnk => C:\WINDOWS\pss\ctfmon.lnkStartup
MSCONFIG\startupfolder: C:^Documents and Settings^Ken^Start Menu^Programs^Startup^_uninst_31060226.lnk => C:\WINDOWS\pss\_uninst_31060226.lnkStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AHQInit => C:\Program Files\Creative\SBLive\Program\AHQInit.exe
MSCONFIG\startupreg: Akamai NetSession Interface => C:\Documents and Settings\Ken\Local Settings\Application Data\Akamai\netsession_win.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BYR_AGENT => C:\LGMobileUpgrade\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: DeleteHistoryFree => C:\Program Files\DeleteHistoryFree\dhf.exe
MSCONFIG\startupreg: DIAGENT => C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE startup
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: Eraser => C:\Program Files\Eraser\Eraser.exe -hide
MSCONFIG\startupreg: FkqnDaLnwp.exe => C:\Documents and Settings\All Users\Application Data\FkqnDaLnwp.exe
MSCONFIG\startupreg: Google Update => "C:\Documents and Settings\Ken\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpqSRMon => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
MSCONFIG\startupreg: ICQ => "C:\Program Files\ICQ7.5\ICQ.exe" silent loginmode=4
MSCONFIG\startupreg: Juno_uoltray => C:\Program Files\Juno\exec.exe regrun
MSCONFIG\startupreg: KernelFaultCheck => %systemroot%\system32\dumprep 0 -k
MSCONFIG\startupreg: LVCOMS => C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
MSCONFIG\startupreg: Malwarebytes Anti-Malware (reboot) => "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
MSCONFIG\startupreg: Malwarebytes' Anti-Malware (reboot) => "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
MSCONFIG\startupreg: Mega Manager => C:\Program Files\Megaupload\Mega Manager\MegaManager.exe /Tray
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: Microsoft Works Portfolio => C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
MSCONFIG\startupreg: Microsoft Works Update Detection => C:\Program Files\Microsoft Works\WkDetect.exe
MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
MSCONFIG\startupreg: MsnMsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
MSCONFIG\startupreg: NetZero_uoltray => C:\Program Files\NetZero\exec.exe regrun
MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
MSCONFIG\startupreg: nwiz => nwiz.exe /install
MSCONFIG\startupreg: Praetorian => C:\Documents and Settings\Ken\Local Settings\Application Data\Yandex\Updater\praetorian.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: ReminderApp => C:\Program Files\Nova Development\Greeting Card Factory Photo Card Maker 2.0\ReminderApp.exe
MSCONFIG\startupreg: Share-to-Web Namespace Daemon => C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: TkBellExe => "C:\program files\real\realplayer\update\realsched.exe" -osboot
MSCONFIG\startupreg: UpdReg => C:\WINDOWS\Updreg.exe
MSCONFIG\startupreg: WeatherMate => "C:\Program Files\WeatherMate\WeatherMate.exe"
MSCONFIG\startupreg: WorksFUD => C:\Program Files\Microsoft Works\wkfud.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\msnmsgr.exe] => Enabled:Windows Live Messenger
DomainProfile\AuthorizedApplications: [C:\Documents and Settings\Ken\Local Settings\Temp\ms0cfg32.exe] => Enabled:Application Layer Gateway Service
DomainProfile\AuthorizedApplications: [C:\WINDOWS\system32\lsass.exe] => Enabled:LSA Shell
DomainProfile\AuthorizedApplications: [C:\Program Files\ICQ7.5\ICQ.exe] => Enabled:ICQ7.5
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe] => Enabled:hpqtra08.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe] => Enabled:hpqste08.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe] => Enabled:hposid01.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe] => Enabled:hpqkygrp.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe] => Enabled:hpfccopy.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe] => Enabled:hpoews01.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe] => Enabled:hpiscnapp.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe] => Enabled:hpqphotocrm.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe] => Enabled:hpqpsapp.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe] => Enabled:hpqcopy2.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe] => Enabled:hpqpse.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe] => Enabled:hpqsudi.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe] => Enabled:hpqgplgtupl.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe] => Enabled:hpqgpc01.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe] => Enabled:Yahoo! Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\NetMeeting\conf.exe] => Disabled:Windows® NetMeeting®
StandardProfile\AuthorizedApplications: [C:\Program Files\CounterPath\X-Lite\x-lite.exe] => Enabled:X-Lite
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\dpvsetup.exe] => Enabled:Microsoft DirectPlay Voice Test
StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Plugin Manager\skypePM.exe] => Enabled:Skype Extras Manager
StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\msnmsgr.exe] => Enabled:Windows Live Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\Opera\opera.exe] => Enabled:Opera Internet Browser
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Ken\Local Settings\Application Data\Akamai\netsession_win.exe] => Enabled:Akamai NetSession Interface
StandardProfile\AuthorizedApplications: [C:\Program Files\ICQ7.5\ICQ.exe] => Enabled:ICQ7.5
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Ken\Application Data\uTorrent\uTorrent.exe] => Enabled:µTorrent
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\eMule\emule.exe] => Enabled:eMule
StandardProfile\AuthorizedApplications: [C:\Program Files\Vuze\Azureus.exe] => Enabled:Azureus / Vuze
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe] => Enabled:hpqtra08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe] => Enabled:hpqste08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe] => Enabled:hposid01.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe] => Enabled:hpqkygrp.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe] => Enabled:hpfccopy.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe] => Enabled:hpoews01.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe] => Enabled:hpiscnapp.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe] => Enabled:hpqphotocrm.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe] => Enabled:hpqpsapp.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe] => Enabled:hpqcopy2.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe] => Enabled:hpqpse.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe] => Enabled:hpqsudi.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe] => Enabled:hpqgplgtupl.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe] => Enabled:hpqgpc01.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Wondershare\MobileGo\MobileGoService.exe] => Enabled:MobileGoService
StandardProfile\AuthorizedApplications: [C:\Program Files\Wondershare\MobileGo\MobileGo.exe] => Enabled:Wondershare MobileGo
StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\GloballyOpenPorts: [1900:TCP] => :LocalSubNet:Enabled:UDP 1900
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008

==================== Restore Points =========================

16-01-2018 05:05:17 System Checkpoint
18-01-2018 19:21:57 System Checkpoint

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Microsoft Kernel Acoustic Echo Canceller
Description: Microsoft Kernel Acoustic Echo Canceller
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: aec
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/23/2018 03:11:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x0462cd40.
Processing media-specific event for [explorer.exe!ws!]

Error: (01/09/2018 12:15:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbamservice.exe, version 3.1.0.595, faulting module unknown, version 0.0.0.0, fault address 0x0620e050.
Processing media-specific event for [mbamservice.exe!ws!]

Error: (01/07/2018 07:57:13 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (01/07/2018 07:57:12 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/16/2017 10:57:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application opera.exe, version 12.18.1872.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (10/10/2017 12:41:13 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (09/27/2017 01:35:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module osavisplitter.ax, version 1.5.3.3933, fault address 0x00030d44.
Processing media-specific event for [explorer.exe!ws!]

Error: (09/26/2017 11:23:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application NeroExpress.exe, version 12.0.20.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (09/19/2017 01:59:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application gom.exe, version 2.2.72.5234, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x0000120e.
Processing media-specific event for [gom.exe!ws!]

Error: (09/19/2017 01:55:59 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application opera.exe, version 12.18.1872.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (01/24/2018 07:58:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Apple Mobile Device service failed to start due to the following error:
The system cannot find the file specified.

Error: (01/24/2018 07:58:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The StarOpen service failed to start due to the following error:
The system cannot find the file specified.

Error: (01/24/2018 07:58:51 PM) (Source: 0) (EventID: 4311) (User: )
Description: Event-ID 4311

Error: (01/24/2018 07:57:16 PM) (Source: 0) (EventID: 11) (User: )
Description: Event-ID 11

Error: (01/24/2018 07:57:16 PM) (Source: 0) (EventID: 15) (User: )
Description: Event-ID 15

Error: (01/24/2018 07:56:23 PM) (Source: 0) (EventID: 11) (User: )
Description: Event-ID 11

Error: (01/24/2018 07:56:23 PM) (Source: 0) (EventID: 15) (User: )
Description: Event-ID 15

Error: (01/24/2018 07:55:29 PM) (Source: 0) (EventID: 11) (User: )
Description: Event-ID 11

Error: (01/24/2018 07:55:29 PM) (Source: 0) (EventID: 15) (User: )
Description: Event-ID 15

Error: (01/24/2018 07:54:36 PM) (Source: 0) (EventID: 11) (User: )
Description: Event-ID 11


==================== Memory info ===========================

Processor: Intel® Pentium® 4 CPU 2.00GHz
Percentage of memory in use: 34%
Total physical RAM: 1023.01 MB
Available physical RAM: 670.23 MB
Total Virtual: 1306.99 MB
Available Virtual: 1112.09 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:127.99 GB) (Free:15.85 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive f: (New Volume) (Fixed) (Total:104.89 GB) (Free:0.06 GB) NTFS
Drive g: () (Fixed) (Total:127.99 GB) (Free:2.42 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive h: (New Volume) (Fixed) (Total:104.83 GB) (Free:6.88 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 232.9 GB) (Disk ID: 4AAE4AAD)
Partition 1: (Active) - (Size=128 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=104.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 232.8 GB) (Disk ID: 43EF44D0)
Partition 1: (Active) - (Size=128 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=104.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

 

 

 

 



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,203 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:10 AM

Posted 25 January 2018 - 04:59 PM

Greetings pigfoot and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Could you describe your computer setup. It looks like you have 2 hard drives, each with Windows XP installed.

Drive c: () (Fixed) (Total:127.99 GB) (Free:15.85 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive f: (New Volume) (Fixed) (Total:104.89 GB) (Free:0.06 GB) NTFS
Drive g: () (Fixed) (Total:127.99 GB) (Free:2.42 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive h: (New Volume) (Fixed) (Total:104.83 GB) (Free:6.88 GB) NTFS


Please consider and do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have Peer 2 Peer (torrent) program(s) installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Peer 2 Peer programs, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about CryptoLocker Ransomware, a type of Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Malwarebytes AdwCleaner

-------------------
  • Please download AdwCleaner and save it on your desktop.
  • Close all open programs and browsers
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed if there are threats found you will see Found 3 threats or something similar above the progress bar
  • Click each tab under Results and uncheck any items you want to keep
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Click OK twice to finish the removal process by automatically rebooting your computer
  • Once completed an AdwCleaner document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-329068152-688789844-839522115-1004\...\Policies\Explorer: []
ProxyServer: [.DEFAULT] => http=127.0.0.1:27811
AutoConfigURL: [.DEFAULT] => http=127.0.0.1:27811
FF NetworkProxy: C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\j7s5h6jz.default -> backup.ftp", "120.234.46.114"
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff => not found
S3 WsDrvInst; "C:\Program Files\Wondershare\MobileGo\DriverInstall.exe"
S2 StarOpen; no ImagePath
CustomCLSID: HKU\S-1-5-21-329068152-688789844-839522115-1004_Classes\CLSID\{2614C37E-2C78-4bfb-B7A6-E49B62B9CD9B}\localserver32 -> "C:\Documents and Settings\Ken\Local Settings\Application Data\Yandex\Updater\yupdate-executor.exe"
C:\Documents and Settings\Ken\Local Settings\Application Data\Yandex
CustomCLSID: HKU\S-1-5-21-329068152-688789844-839522115-1004_Classes\CLSID\{D236C998-BECE-472D-B939-541727B72AEF}\localserver32 -> "C:\Documents and Settings\Ken\Local Settings\Application Data\Yandex\Updater\yupdate-executor.exe"
File: C:\WINDOWS\System32\drivers\0502E87E.sys
File: C:\Documents and Settings\All Users\Application Data\FkqnDaLnwp.exe
cmd: netsh winsock reset catalog
cmd: netsh int ip reset C:\resettcpip.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: Bitsadmin /Reset /Allusers
cmd: ipconfig /flushdns
Removeproxy:
emptytemp:
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Copy/paste the following in the Search Field
*2a4159f*;*4b21d9*;*f16eb3*
  • Click Search Registry button
  • When completed click OK and a Searchreg.txt document will open on your desktop
  • Copy and paste the contents of that document your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Hard drives?
  • AdwCleaner log
  • Fixlog
  • SearchReg log
  • Update on computer performance

Edited by Oh My!, 25 January 2018 - 08:56 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 pigfoot

pigfoot
  • Topic Starter

  • Members
  • 184 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:MIAMI, FLORIDA, USA
  • Local time:04:10 AM

Posted 26 January 2018 - 04:05 PM

I first wanted to run MALWAREBYTES ADCLEANER like you wanted but when I downloaded it and try to open I am getting this popup which I added in an attachment. Please advise me what to do.

 

 

Attached Files



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,203 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:10 AM

Posted 26 January 2018 - 07:07 PM

Please skip that step.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 pigfoot

pigfoot
  • Topic Starter

  • Members
  • 184 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:MIAMI, FLORIDA, USA
  • Local time:04:10 AM

Posted 27 January 2018 - 05:17 PM

Here is the 

Fixlog
SearchReg log.   I also forgot to mention  in the post earlier that when I tried to have JAVA  update it would do nothing. It would just close the popup box where it shows it needed to update.  As for the other secondary hardrive  it is just a slave drive which is just used to store files.

 

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 27.01.2018
Ran by Ken (27-01-2018 15:58:44) Run:2
Running from C:\Documents and Settings\Ken\Desktop
Loaded Profiles: Ken (Available Profiles: Ken & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-329068152-688789844-839522115-1004\...\Policies\Explorer: []
ProxyServer: [.DEFAULT] => http=127.0.0.1:27811
AutoConfigURL: [.DEFAULT] => http=127.0.0.1:27811
FF NetworkProxy: C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\j7s5h6jz.default -> backup.ftp", "120.234.46.114"
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff => not found
S3 WsDrvInst; "C:\Program Files\Wondershare\MobileGo\DriverInstall.exe"
S2 StarOpen; no ImagePath
CustomCLSID: HKU\S-1-5-21-329068152-688789844-839522115-1004_Classes\CLSID\{2614C37E-2C78-4bfb-B7A6-E49B62B9CD9B}\localserver32 -> "C:\Documents and Settings\Ken\Local Settings\Application Data\Yandex\Updater\yupdate-executor.exe"
C:\Documents and Settings\Ken\Local Settings\Application Data\Yandex
CustomCLSID: HKU\S-1-5-21-329068152-688789844-839522115-1004_Classes\CLSID\{D236C998-BECE-472D-B939-541727B72AEF}\localserver32 -> "C:\Documents and Settings\Ken\Local Settings\Application Data\Yandex\Updater\yupdate-executor.exe"
File: C:\WINDOWS\System32\drivers\0502E87E.sys
File: C:\Documents and Settings\All Users\Application Data\FkqnDaLnwp.exe
cmd: netsh winsock reset catalog
cmd: netsh int ip reset C:\resettcpip.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: Bitsadmin /Reset /Allusers
cmd: ipconfig /flushdns
Removeproxy:
emptytemp:

*****************

Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-329068152-688789844-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\" => removed successfully.
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer" => removed successfully.
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL" => not found
FF NetworkProxy: C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\j7s5h6jz.default -> backup.ftp", "120.234.46.114" => "C:\Documents and Settings\Ken\Application Data\C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\j7s5h6jz.default\prefs.js" not found
"HKLM\Software\Mozilla\Firefox\Extensions\\jqs@sun.com" => removed successfully.
"HKLM\System\CurrentControlSet\Services\WsDrvInst" => removed successfully.
WsDrvInst => service removed successfully.
"HKLM\System\CurrentControlSet\Services\StarOpen" => removed successfully.
StarOpen => service removed successfully.
"HKU\S-1-5-21-329068152-688789844-839522115-1004_Classes\CLSID\{2614C37E-2C78-4bfb-B7A6-E49B62B9CD9B}" => removed successfully.
"C:\Documents and Settings\Ken\Local Settings\Application Data\Yandex" => not found
"HKU\S-1-5-21-329068152-688789844-839522115-1004_Classes\CLSID\{D236C998-BECE-472D-B939-541727B72AEF}" => removed successfully.

========================= File: C:\WINDOWS\System32\drivers\0502E87E.sys ========================

C:\WINDOWS\System32\drivers\0502E87E.sys
File is digitally signed
MD5: 10003EB659D2EA81AC5222009834CB0D
Creation and modification date: 2015-09-14 01:24 - 2015-09-14 01:24
Size: 000153784
Attributes: ----A
Company Name: Kaspersky Lab ZAO
Internal Name: KL1
Original Name: KL1.SYS
Product: Kaspersky Anti-Virus
Description: Kaspersky Unified Driver
File Version: 6.8.0.54
Product Version: 6.0.1.990
Copyright: © 2015 Kaspersky Lab ZAO. All Rights Reserved.
VirusTotal: https://www.virustotal.com/file/5e822b5cb52e4206e949dbb6bf8b3ca92ee06ed712c498fa54b86fa7b65db2a4/analysis/1509714574/

====== End of File: ======


========================= File: C:\Documents and Settings\All Users\Application Data\FkqnDaLnwp.exe ========================

"C:\Documents and Settings\All Users\Application Data\FkqnDaLnwp.exe" => not found
====== End of File: ======


========= netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the machine in order to complete the reset.


========= End of CMD: =========


========= netsh int ip reset C:\resettcpip.txt =========



========= End of CMD: =========


========= netsh advfirewall reset =========

The following command was not found: advfirewall reset.

========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

The following command was not found: advfirewall set allprofiles state ON.

========= End of CMD: =========


========= Bitsadmin /Reset /Allusers =========

'Bitsadmin' is not recognized as an internal or external command,
operable program or batch file.

========= End of CMD: =========


========= ipconfig /flushdns =========



Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========= End of CMD: =========


========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully.
"HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully.
"HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully.
"HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully.
"HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully.
"HKU\S-1-5-21-329068152-688789844-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully.
"HKU\S-1-5-21-329068152-688789844-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully.


========= End of RemoveProxy: =========


=========== EmptyTemp: ==========

BITS transfer queue => 11038 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache => 237785 B
Java, Flash, Steam htmlcache => 856179 B
Windows/system/dllcache/drivers => 3548971 B
Edge => 0 B
Chrome => 236224105 B
Firefox => 130187115 B
Opera => 126976 B

Temp, IE cache, history, cookies, recent:
Documents and Settings => 0 B
Default User => 32994 B
All Users => 0 B
systemprofile => 388069608 B
LocalService => 256079 B
NetworkService => 2139177 B
Ken => 40835217 B
Administrator => 178576 B

RecycleBin => 1196760280 B
EmptyTemp: => 1.9 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 16:00:38 ====

 

 

 

 

 

Farbar Recovery Scan Tool (x86) Version: 27.01.2018
Ran by Ken (27-01-2018 16:12:57)
Running from C:\Documents and Settings\Ken\Desktop
Boot Mode: Normal

================== Search Registry: "2a4159f;4b21d9;f16eb3" ===========


===================== Search result for "2a4159f" ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Providers]
"Order"="LanMan Print Services
Internet Print Provider
4b21d9
f16eb3
2a4159f"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Providers\2a4159f]


===================== Search result for "4b21d9" ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Providers]
"Order"="LanMan Print Services
Internet Print Provider
4b21d9
f16eb3
2a4159f"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Providers\4b21d9]


===================== Search result for "f16eb3" ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Providers]
"Order"="LanMan Print Services
Internet Print Provider
4b21d9
f16eb3
2a4159f"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Providers\f16eb3]

====== End of Search ======



#6 pigfoot

pigfoot
  • Topic Starter

  • Members
  • 184 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:MIAMI, FLORIDA, USA
  • Local time:04:10 AM

Posted 27 January 2018 - 05:40 PM

I  forgot to mention that after I did the above steps the computer is still freezing up when I go to a webpage..some a lot more than others.Also  when I just am typing this here now on this thread the letters are coming up as much as 10 seconds after I type and freezing up...then the computer becomes responsive again and the letters start  showing  up  I typed.

 

 

 

Attached Files



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,203 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:10 AM

Posted 27 January 2018 - 06:04 PM

Thank you for the detailed information.

Please do these things.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CloseProcesses:
FF NetworkProxy: C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\j7s5h6jz.default -> backup.ftp", "120.234.46.114"
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff => not found
ExportKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Providers
cmd: sfc /scannow
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

GSmartControl for Windows

-------------------
  • Download GSmartControl for Windows and save it to your desktop
  • Right click on gsmartcontrol.exe and select Run as administrator
  • Follow the prompts to install the program all the way through the Finish button
  • Hit the Windows Key + E at the same time
  • Navigate to and double click the C:\Program Files\gsmartcontrol folder
  • Right click the gsmartcontrol application icon (size approx. 1,934 KB) and select Run as administrator
  • Allow the program to search for and list your hard drive(s)
  • Double click your drive C: drive
  • Go to the Self-tests tab
  • Make sure that the Test Type is set to Short-Self test
  • Click the Execute button
  • After the test completes, click the View Output button and copy and paste the contents in your reply
===================================================

Running chkdsk Scan with Report

--------------------
  • Click Start, run, type cmd and hit Enter
  • Copy and paste the following after the command prompt and click Enter

cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\chkdskreport.txt"

  • The black command window will remain empty for a few minutes. When completed you will see the C:\Windows\system32> prompt
  • When completed a chkdskreport.txt document will appear on your desktop
  • Copy and paste the contents of the report on your desktop in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • GSmart report
  • chkdsk report

Edited by Oh My!, 28 January 2018 - 04:05 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 pigfoot

pigfoot
  • Topic Starter

  • Members
  • 184 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:MIAMI, FLORIDA, USA
  • Local time:04:10 AM

Posted 28 January 2018 - 05:49 AM

Gsmart would not run..I put a attachment to show you the popup why it not worked;

 

 

 

 

The type of the file system is NTFS.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
CHKDSK is verifying indexes (stage 2 of 3)...
CHKDSK is verifying security descriptors (stage 3 of 3)...
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
Correcting errors in the Volume Bitmap.
Windows found problems with the file system.
Run CHKDSK with the /F (fix) option to correct these.

134206978 KB total disk space.
115204896 KB in 171461 files.
68908 KB in 14425 indexes.
0 KB in bad sectors.
540414 KB in use by the system.
65536 KB occupied by the log file.
18392760 KB available on disk.

4096 bytes in each allocation unit.
33551744 total allocation units on disk.
4598190 allocation units available on disk.

 

 

 

 

 

 

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 27.01.2018
Ran by Ken (28-01-2018 04:04:54) Run:3
Running from C:\Documents and Settings\Ken\Desktop
Loaded Profiles: Ken (Available Profiles: Ken & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CloseProcesses:
FF NetworkProxy: C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\j7s5h6jz.default -> backup.ftp", "120.234.46.114"
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff => not found
ExportKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Providers
cmd: sfc /scannow

*****************

Processes closed successfully.
FF NetworkProxy: C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\j7s5h6jz.default -> backup.ftp", "120.234.46.114" => "C:\Documents and Settings\Ken\Application Data\C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\j7s5h6jz.default\prefs.js" not found
"HKLM\Software\Mozilla\Firefox\Extensions\\jqs@sun.com" => not found
================== ExportKey: ===================

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Providers]
"Order"="LanMan Print Services
Internet Print Provider
4b21d9
f16eb3
2a4159f"
"EventLog"="27"
"NetPopup"="0"
"NetPopupToComputer"="0"
"RetryPopup"="0"
"RestartJobOnPoolError"="600"
"RestartJobOnPoolEnabled"="1"
"LogonTime"="d2c8a68d1898d301"
[HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\2a4159f]
"Name"="C:\DOCUME~1\Ken\LOCALS~1\Temp\1C0.tmp"
[HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\4b21d9]
"Name"="C:\DOCUME~1\Ken\LOCALS~1\Temp\E.tmp"
[HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\f16eb3]
"Name"="C:\DOCUME~1\Ken\LOCALS~1\Temp\16.tmp"
[HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\Internet Print Provider]
"DisplayName"="HTTP Print Services"
"Name"="inetpp.dll"
[HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\LanMan Print Services]
"DisplayName"="LanMan Print Services"
"Name"="win32spl.dll"
[HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\LanMan Print Services\servers]
"addprinterdrivers"="0"

=== End of ExportKey ===

========= sfc /scannow =========


========= End of CMD: =========



The system needed a reboot.

==== End of Fixlog 04:04:55 ====

 

 

 

 

 

 

 

 

 

 

Attached Files



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,203 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:10 AM

Posted 28 January 2018 - 05:24 PM

Greetings.

Thank you for your patience while I did some testing.

Please download another GSmart program from the post above (I modified it) and run the steps as provided.

===================================================

Running Chkdsk /r From Command Prompt with Report

--------------------
  • Close any open programs
  • Delete the chkdskreport.txt document on your Desktop
  • Click Start, Programs, Accessories
  • Right click on Command Prompt and select Run as Administrator
  • Copy and paste the following after the command prompt and press Enter

CMD /C ECHO Y|CHKDSK C: /R /X | SHUTDOWN /R /T 05

  • Please allow the system to reboot on its own and run the program. This may take a long time
  • When completed copy and paste the following after the command prompt and press Enter

CMD /C ECHO Y|CHKDSK C: | SHUTDOWN /R /T 05 |find /v "percent" >> "%userprofile%\desktop\chkdskreport.txt"

  • Please allow the system to reboot on its own and run the program. This may take a bit of time
  • When completed copy and paste the contents of the chkdskreport.txt document that will be on your Desktop
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CloseProcesses:
DeleteKey: HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\2a4159f
DeleteKey: HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\4b21d9
DeleteKey: HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\f16eb3
cmd: sfc /scannow
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • GSmart report
  • chkdskreport
  • Fixlog

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,203 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:10 AM

Posted 01 February 2018 - 06:53 PM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,203 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:10 AM

Posted 03 February 2018 - 10:13 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,203 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:10 AM

Posted 04 February 2018 - 09:27 AM

This topic has been re-opened at the request of the person who originally posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 pigfoot

pigfoot
  • Topic Starter

  • Members
  • 184 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:MIAMI, FLORIDA, USA
  • Local time:04:10 AM

Posted 04 February 2018 - 04:46 PM

I tried running the GSMART first but get this  popup:

 

 

 

Attached Files



#14 pigfoot

pigfoot
  • Topic Starter

  • Members
  • 184 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:MIAMI, FLORIDA, USA
  • Local time:04:10 AM

Posted 04 February 2018 - 04:47 PM

Should I delete it and reinstall again  GSMART?



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,203 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:10 AM

Posted 04 February 2018 - 05:35 PM

Greetings.

It appears one of the required system files is not part of Windows XP. This program should work.

===================================================

Crystal Disk Info

--------------
  • Download Crystal Disk Info and save it to your Desktop
  • Right click on the icon and select Run as administrator (Windows XP simply double click)
  • Select I accept the agreement and click Next 4 times
  • Click Install
  • Click Finish to launch the program
  • On the CrystalDiskInfo screen click Edit, then Copy
  • Paste the information in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • CrystalDisk information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users