heythatsanam
-
Posts
29 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by heythatsanam
-
-
Hi there,
Can someone help me with my computer. Whenever I turn my computer on, it takes forever for the icons to load and when I have to use Firefox!
On my Control panel, it shows Search protect programs which are viruses.
!Please help me with my computer !!!!
-
Hi MrCharlie,
Thank you once again for all your help.
Here are the following logs you've requested:Fixlist LOG
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014 01
Ran by Owner at 2014-04-03 16:06:00 Run:1
Running from C:\Documents and Settings\Owner\Desktop\FRST
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - URL http://search.condui...7A2F0AFFEB29&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON http://search.zoneal...hDev3&Lan=en&q={searchTerms}&gu=00674ddf02a8433b9ed0a9291062edcc&tu=11J3y00DC2B0Ca0&sku=&tstsId=&ver=&&r=281
CHR HKCU\...\Chrome\Extension: [pbofibgamhkgoonaocfgemncghhadmgb] - C:\Documents and Settings\Owner\Local Settings\Application Data\CRE\pbofibgamhkgoonaocfgemncghhadmgb.crx
CHR HKLM\...\Chrome\Extension: [pbofibgamhkgoonaocfgemncghhadmgb] - C:\Documents and Settings\Owner\Local Settings\Application Data\CRE\pbofibgamhkgoonaocfgemncghhadmgb.crx
C:\Documents and Settings\Owner\Local Settings\Temp\ntdll_dump.dll
C:\Documents and Settings\Owner\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Owner\Application Data\CamLayout.ini
C:\Documents and Settings\Owner\Application Data\CamShapes.ini
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
*****************
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F5C06B15-C34B-4DA9-B402-8E7E2E2D4463} => Key not found.
HKCR\Wow6432Node\CLSID\{F5C06B15-C34B-4DA9-B402-8E7E2E2D4463} => Key not found.
HKCU\SOFTWARE\Google\Chrome\Extensions\pbofibgamhkgoonaocfgemncghhadmgb => Key deleted successfully.
"CHR HKCU\...\Chrome\Extension: [pbofibgamhkgoonaocfgemncghhadmgb] - C:\Documents and Settings\Owner\Local Settings\Application Data\CRE\pbofibgamhkgoonaocfgemncghhadmgb.crx" => File/Directory not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\pbofibgamhkgoonaocfgemncghhadmgb => Key deleted successfully.
"CHR HKLM\...\Chrome\Extension: [pbofibgamhkgoonaocfgemncghhadmgb] - C:\Documents and Settings\Owner\Local Settings\Application Data\CRE\pbofibgamhkgoonaocfgemncghhadmgb.crx" => File/Directory not found.
"C:\Documents and Settings\Owner\Local Settings\Temp\ntdll_dump.dll" => File/Directory not found.
"C:\Documents and Settings\Owner\Local Settings\Temp\Quarantine.exe" => File/Directory not found.
C:\Documents and Settings\Owner\Application Data\CamLayout.ini => Moved successfully.
C:\Documents and Settings\Owner\Application Data\CamShapes.ini => Moved successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":0B4227B4" ADS removed successfully.
==== End of Fixlog ====AdwCleaner LOG
# AdwCleaner v3.023 - Report created 03/04/2014 at 16:11:13
# Updated 01/04/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Owner - ANAM-RNFR3WMDD7
# Running from : C:\Documents and Settings\Owner\My Documents\Downloads\adwcleaner(1).exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Value Deleted : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
-\\ Mozilla Firefox v28.0 (en-US)
[ File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\i8j6xi5j.default-1396147886042\prefs.js ]
[ File : C:\Documents and Settings\Dena\Application Data\Mozilla\Firefox\Profiles\8boufv13.default\prefs.js ]
[ File : C:\Documents and Settings\SHAK\Application Data\Mozilla\Firefox\Profiles\vd8ncv3g.default\prefs.js ]
*************************
AdwCleaner[R5].txt - [1274 octets] - [03/04/2014 16:07:58]
AdwCleaner[s4].txt - [1199 octets] - [03/04/2014 16:11:13]
########## EOF - C:\AdwCleaner\AdwCleaner[s4].txt - [1259 octets] ##########
Malwarebytes LOG
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2014.04.01.02
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: ANAM-RNFR3WMDD7 [administrator]
4/3/2014 4:17:53 PM
mbam-log-2014-04-03 (16-17-53).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 264231
Time elapsed: 16 minute(s), 53 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01
Ran by Owner (administrator) on ANAM-RNFR3WMDD7 on 31-03-2014 23:12:42
Running from C:\Documents and Settings\Owner\My Documents\Downloads
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(Dell) C:\Program Files\Dell\Click 2 Fix+\srvc.exe
(Dell) C:\Program Files\Dell\Click 2 Fix+\cust.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Dell) C:\Program Files\Dell\Click 2 Fix+\capp.exe
(Dell) C:\Program Files\Dell\Click 2 Fix+\cutil.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
==================== Registry (Whitelisted) ==================
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
HKU\S-1-5-21-1935655697-725345543-1398031866-1003\...\Winlogon: [shell] -
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=58&CUI=&UM=5&UP=SP16BF35BB-350F-497B-BFE0-7A2F0AFFEB29&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\i8j6xi5j.default-1396147886042
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @alibaba.com/nptrademanager;version=1.0 - C:\Program Files\TradeManager\nptrademanager.dll No File
FF Plugin: @alibaba.com/npwangwang;version=1.0 - C:\Program Files\TradeManager\npwangwang.dll No File
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @alibaba.com/npAliSSOLogin;version=1.0 - C:\Program Files\TradeManager\npAliSSOLogin.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nptrademanager.dll ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwangwang.dll ( )
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-03-18]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
========================== Services (Whitelisted) =================
R2 Dell Click 2 Fix+; C:\Program Files\Dell\Click 2 Fix+\srvc.exe [94016 2014-02-03] (Dell)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation)
==================== Drivers (Whitelisted) ====================
R3 BCMModem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [1101696 2003-08-29] (Broadcom Corporation)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 CVirtA; C:\WINDOWS\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [30976 2013-11-07] ()
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S3 NuidFltr; C:\WINDOWS\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
S3 SNP2STD; C:\WINDOWS\System32\DRIVERS\snp2sxp.sys [10305280 2006-06-07] ()
S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
R3 {6080A529-897E-4629-A488-ABA0C29B635E}; C:\WINDOWS\System32\drivers\ialmsbw.sys [113504 2003-04-15] (Intel Corporation)
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}; C:\WINDOWS\System32\drivers\ialmkchw.sys [78752 2003-04-15] (Intel Corporation)
U0 PROCMON23; System32\Drivers\PROCMON23.SYS [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-31 22:18 - 2014-03-31 22:19 - 00003392 _____ () C:\Documents and Settings\Owner\Desktop\Rkill.txt
2014-03-31 22:13 - 2014-03-31 22:13 - 00000730 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2014-03-31 22:13 - 2014-03-31 22:13 - 00000724 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2014-03-31 22:13 - 2014-03-31 22:13 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-31 20:41 - 2014-03-31 20:43 - 00000051 _____ () C:\Documents and Settings\Owner\Desktop\faisal.txt
2014-03-31 18:46 - 2014-03-31 18:46 - 00681062 _____ () C:\Documents and Settings\Owner\Desktop\bookmarks.html
2014-03-31 18:44 - 2014-03-31 18:44 - 00001644 _____ () C:\Documents and Settings\All Users\Desktop\Dell Click 2 Fix+.lnk
2014-03-31 18:44 - 2014-03-31 18:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Dell Click 2 Fix+
2014-03-31 18:43 - 2014-03-31 18:43 - 01006776 _____ (Dell ) C:\Documents and Settings\Owner\Desktop\DellClick2Fix+_DownloadManager_V1.0.0.5-7811e890c1c5a4013dd1f7708d2471ab.exe
2014-03-31 18:06 - 2014-03-31 18:07 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-03-31 17:21 - 2014-03-31 17:21 - 00000016 _____ () C:\Documents and Settings\Owner\Desktop\lol.txt
2014-03-31 17:20 - 2014-03-31 17:20 - 00000803 _____ () C:\Documents and Settings\Owner\Start Menu\Programs\Internet Explorer.lnk
2014-03-31 16:58 - 2014-03-31 16:58 - 00030329 _____ () C:\WINDOWS\KB940157Uninst.log
2014-03-31 16:58 - 2014-03-31 16:58 - 00006182 _____ () C:\WINDOWS\FaxSetup.log
2014-03-31 16:58 - 2014-03-31 16:58 - 00002956 _____ () C:\WINDOWS\ocgen.log
2014-03-31 16:58 - 2014-03-31 16:58 - 00002359 _____ () C:\WINDOWS\tsoc.log
2014-03-31 16:58 - 2014-03-31 16:58 - 00002052 _____ () C:\WINDOWS\comsetup.log
2014-03-31 16:58 - 2014-03-31 16:58 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-03-31 16:58 - 2014-03-31 16:58 - 00001361 _____ () C:\WINDOWS\setupapi.log
2014-03-31 16:58 - 2014-03-31 16:58 - 00001248 _____ () C:\WINDOWS\ntdtcsetup.log
2014-03-31 16:58 - 2014-03-31 16:58 - 00000971 _____ () C:\WINDOWS\iis6.log
2014-03-31 16:58 - 2014-03-31 16:58 - 00000342 _____ () C:\WINDOWS\ocmsn.log
2014-03-31 16:58 - 2014-03-31 16:58 - 00000309 _____ () C:\WINDOWS\msgsocm.log
2014-03-31 14:38 - 2014-03-31 16:06 - 00000120 _____ () C:\WINDOWS\setupact.log
2014-03-31 14:38 - 2014-03-31 14:38 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-03-30 23:23 - 2014-03-30 23:23 - 00000666 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\CourseSaver.lnk
2014-03-30 23:23 - 2014-03-30 23:23 - 00000660 _____ () C:\Documents and Settings\All Users\Desktop\CourseSaver.lnk
2014-03-30 23:23 - 2014-03-30 23:23 - 00000000 ____D () C:\Program Files\CourseSaver
2014-03-30 23:12 - 2014-03-31 23:12 - 00000000 ____D () C:\FRST
2014-03-30 15:07 - 2014-03-30 15:07 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 13 Reading Comprehension 2 & Strategy 2
2014-03-30 15:06 - 2014-03-30 15:07 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 12 Schedule Your Organic Chemistry 2 Flex
2014-03-30 15:06 - 2014-03-30 15:07 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 11 General Chemistry 2
2014-03-30 15:06 - 2014-03-30 15:07 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 10 Quantitative Reasoning 2
2014-03-30 15:05 - 2014-03-30 15:05 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 9 Schedule Your Perceptual Ability 2 Flex
2014-03-30 15:04 - 2014-03-30 15:07 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 6 Schedule Your Organic Chemistry 1 Flex
2014-03-30 15:04 - 2014-03-30 15:04 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 7 Full Length 1 - Take at Home
2014-03-30 15:03 - 2014-03-30 15:05 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 8 Biology 2
2014-03-30 15:00 - 2014-03-30 15:02 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 5 General Chemistry 1
2014-03-30 14:58 - 2014-03-30 15:00 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 4 Quantitative Reasoning 1
2014-03-30 14:56 - 2014-03-30 14:57 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 3 Schedule Your Perceptual Ability 1 Flex
2014-03-30 14:49 - 2014-03-31 14:11 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 2 Biology 1
2014-03-30 14:44 - 2014-03-30 14:53 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 1 Strategy 1 & Reading Comprehension 1
2014-03-29 17:20 - 2014-03-29 22:54 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\General Chemistry Quizzes
2014-03-29 02:53 - 2014-03-29 02:53 - 00000000 ____D () C:\WINDOWS\system32\QuickTime
2014-03-29 02:52 - 2014-03-29 02:52 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Camtasia Studio 6
2014-03-29 02:51 - 2014-03-29 02:51 - 00000000 ____D () C:\Program Files\TechSmith
2014-03-29 02:51 - 2014-03-29 02:51 - 00000000 ____D () C:\Program Files\Common Files\TechSmith Shared
2014-03-29 01:49 - 2014-03-29 01:49 - 00000096 _____ () C:\Documents and Settings\Owner\Application Data\version2.xml
2014-03-29 01:43 - 2014-03-29 01:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\CheckPoint
2014-03-29 00:01 - 2014-03-29 00:01 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\TechSmith
2014-03-29 00:00 - 2014-03-29 02:58 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\Camtasia Studio
2014-03-28 23:46 - 2014-03-29 02:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TechSmith
2014-03-21 02:12 - 2014-03-21 02:12 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Windows Search
2014-03-19 00:37 - 2014-03-31 22:47 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-03-19 00:37 - 2014-03-19 13:07 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-03-18 20:56 - 2014-03-18 20:56 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-03-18 17:43 - 2014-03-31 22:13 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-18 15:31 - 2014-02-25 21:59 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe
2014-03-18 15:31 - 2014-02-25 21:59 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe
2014-03-11 21:44 - 2014-03-11 21:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-03-11 21:44 - 2014-03-11 21:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-03-09 19:16 - 2014-03-09 19:16 - 00000129 _____ () C:\Shortcut to 3½ Floppy (A).lnk
==================== One Month Modified Files and Folders =======
2014-03-31 23:12 - 2014-03-30 23:12 - 00000000 ____D () C:\FRST
2014-03-31 23:00 - 2011-10-06 21:12 - 01807447 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-31 22:47 - 2014-03-19 00:37 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-03-31 22:47 - 2013-05-25 16:00 - 00000340 _____ () C:\WINDOWS\Tasks\AVG-Secure-Search-Update_MAY2013_TB_rel.job
2014-03-31 22:47 - 2011-10-05 20:12 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-03-31 22:47 - 2011-10-05 20:12 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-03-31 22:46 - 2011-10-06 17:27 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-31 22:45 - 2011-10-06 17:29 - 00032320 _____ () C:\WINDOWS\SchedLgU.Txt
2014-03-31 22:45 - 2011-10-06 17:29 - 00000278 ___SH () C:\Documents and Settings\Owner\ntuser.ini
2014-03-31 22:38 - 2012-10-11 00:22 - 00000974 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-725345543-1398031866-1004UA.job
2014-03-31 22:21 - 2011-10-06 17:29 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-03-31 22:19 - 2014-03-31 22:18 - 00003392 _____ () C:\Documents and Settings\Owner\Desktop\Rkill.txt
2014-03-31 22:13 - 2014-03-31 22:13 - 00000730 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2014-03-31 22:13 - 2014-03-31 22:13 - 00000724 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2014-03-31 22:13 - 2014-03-31 22:13 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-31 22:13 - 2014-03-18 17:43 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-31 20:43 - 2014-03-31 20:41 - 00000051 _____ () C:\Documents and Settings\Owner\Desktop\faisal.txt
2014-03-31 18:52 - 2014-02-22 20:59 - 00023392 _____ () C:\WINDOWS\system32\nscompat.tlb
2014-03-31 18:52 - 2014-02-22 20:59 - 00016832 _____ () C:\WINDOWS\system32\amcompat.tlb
2014-03-31 18:46 - 2014-03-31 18:46 - 00681062 _____ () C:\Documents and Settings\Owner\Desktop\bookmarks.html
2014-03-31 18:44 - 2014-03-31 18:44 - 00001644 _____ () C:\Documents and Settings\All Users\Desktop\Dell Click 2 Fix+.lnk
2014-03-31 18:44 - 2014-03-31 18:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Dell Click 2 Fix+
2014-03-31 18:43 - 2014-03-31 18:43 - 01006776 _____ (Dell ) C:\Documents and Settings\Owner\Desktop\DellClick2Fix+_DownloadManager_V1.0.0.5-7811e890c1c5a4013dd1f7708d2471ab.exe
2014-03-31 18:38 - 2012-10-11 00:22 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-725345543-1398031866-1004Core.job
2014-03-31 18:16 - 2011-10-05 20:08 - 00000210 ___SH () C:\boot.ini
2014-03-31 18:16 - 2002-09-03 13:11 - 00000884 _____ () C:\WINDOWS\win.ini
2014-03-31 18:16 - 2002-09-03 13:06 - 00000227 _____ () C:\WINDOWS\system.ini
2014-03-31 18:10 - 2013-10-29 11:17 - 00000000 ____D () C:\Program Files\Dell
2014-03-31 18:07 - 2014-03-31 18:06 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-03-31 17:21 - 2014-03-31 17:21 - 00000016 _____ () C:\Documents and Settings\Owner\Desktop\lol.txt
2014-03-31 17:20 - 2014-03-31 17:20 - 00000803 _____ () C:\Documents and Settings\Owner\Start Menu\Programs\Internet Explorer.lnk
2014-03-31 17:20 - 2011-10-08 03:50 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\Google
2014-03-31 17:20 - 2011-10-08 03:49 - 00000000 ____D () C:\Program Files\Google
2014-03-31 16:58 - 2014-03-31 16:58 - 00030329 _____ () C:\WINDOWS\KB940157Uninst.log
2014-03-31 16:58 - 2014-03-31 16:58 - 00006182 _____ () C:\WINDOWS\FaxSetup.log
2014-03-31 16:58 - 2014-03-31 16:58 - 00002956 _____ () C:\WINDOWS\ocgen.log
2014-03-31 16:58 - 2014-03-31 16:58 - 00002359 _____ () C:\WINDOWS\tsoc.log
2014-03-31 16:58 - 2014-03-31 16:58 - 00002052 _____ () C:\WINDOWS\comsetup.log
2014-03-31 16:58 - 2014-03-31 16:58 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-03-31 16:58 - 2014-03-31 16:58 - 00001361 _____ () C:\WINDOWS\setupapi.log
2014-03-31 16:58 - 2014-03-31 16:58 - 00001248 _____ () C:\WINDOWS\ntdtcsetup.log
2014-03-31 16:58 - 2014-03-31 16:58 - 00000971 _____ () C:\WINDOWS\iis6.log
2014-03-31 16:58 - 2014-03-31 16:58 - 00000342 _____ () C:\WINDOWS\ocmsn.log
2014-03-31 16:58 - 2014-03-31 16:58 - 00000309 _____ () C:\WINDOWS\msgsocm.log
2014-03-31 16:58 - 2014-02-22 21:14 - 00000000 ____D () C:\Program Files\Windows Desktop Search
2014-03-31 16:06 - 2014-03-31 14:38 - 00000120 _____ () C:\WINDOWS\setupact.log
2014-03-31 14:38 - 2014-03-31 14:38 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-03-31 14:33 - 2012-02-22 00:31 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-03-31 14:20 - 2011-10-06 17:29 - 00000000 ____D () C:\Documents and Settings\Owner
2014-03-31 14:11 - 2014-03-30 14:49 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 2 Biology 1
2014-03-31 02:00 - 2012-11-29 10:26 - 00000340 _____ () C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-ANAM-RNFR3WMDD7-Dena.job
2014-03-31 02:00 - 2012-11-21 02:21 - 00000340 _____ () C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-ANAM-RNFR3WMDD7-SHAK.job
2014-03-31 01:14 - 2012-07-08 21:56 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\white
2014-03-31 00:48 - 2011-10-06 15:45 - 00215552 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-30 23:23 - 2014-03-30 23:23 - 00000666 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\CourseSaver.lnk
2014-03-30 23:23 - 2014-03-30 23:23 - 00000660 _____ () C:\Documents and Settings\All Users\Desktop\CourseSaver.lnk
2014-03-30 23:23 - 2014-03-30 23:23 - 00000000 ____D () C:\Program Files\CourseSaver
2014-03-30 15:07 - 2014-03-30 15:07 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 13 Reading Comprehension 2 & Strategy 2
2014-03-30 15:07 - 2014-03-30 15:06 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 12 Schedule Your Organic Chemistry 2 Flex
2014-03-30 15:07 - 2014-03-30 15:06 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 11 General Chemistry 2
2014-03-30 15:07 - 2014-03-30 15:06 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 10 Quantitative Reasoning 2
2014-03-30 15:07 - 2014-03-30 15:04 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 6 Schedule Your Organic Chemistry 1 Flex
2014-03-30 15:05 - 2014-03-30 15:05 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 9 Schedule Your Perceptual Ability 2 Flex
2014-03-30 15:05 - 2014-03-30 15:03 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 8 Biology 2
2014-03-30 15:04 - 2014-03-30 15:04 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 7 Full Length 1 - Take at Home
2014-03-30 15:02 - 2014-03-30 15:00 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 5 General Chemistry 1
2014-03-30 15:00 - 2014-03-30 14:58 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 4 Quantitative Reasoning 1
2014-03-30 14:57 - 2014-03-30 14:56 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 3 Schedule Your Perceptual Ability 1 Flex
2014-03-30 14:53 - 2014-03-30 14:44 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 1 Strategy 1 & Reading Comprehension 1
2014-03-29 23:12 - 2013-04-10 17:58 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-03-29 22:54 - 2014-03-29 17:20 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\General Chemistry Quizzes
2014-03-29 21:44 - 2011-10-06 21:21 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Macromedia
2014-03-29 18:52 - 2013-10-29 12:01 - 00001552 _____ () C:\Documents and Settings\Owner\Desktop\Dell TEch.txt
2014-03-29 14:12 - 2002-09-03 13:14 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-03-29 02:58 - 2014-03-29 00:00 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\Camtasia Studio
2014-03-29 02:53 - 2014-03-29 02:53 - 00000000 ____D () C:\WINDOWS\system32\QuickTime
2014-03-29 02:52 - 2014-03-29 02:52 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Camtasia Studio 6
2014-03-29 02:51 - 2014-03-29 02:51 - 00000000 ____D () C:\Program Files\TechSmith
2014-03-29 02:51 - 2014-03-29 02:51 - 00000000 ____D () C:\Program Files\Common Files\TechSmith Shared
2014-03-29 02:35 - 2014-03-28 23:46 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TechSmith
2014-03-29 01:54 - 2013-04-09 22:49 - 00004534 _____ () C:\Documents and Settings\Owner\Application Data\CamStudio.cfg
2014-03-29 01:54 - 2013-04-09 22:46 - 00000408 _____ () C:\Documents and Settings\Owner\Application Data\CamShapes.ini
2014-03-29 01:54 - 2013-04-09 22:46 - 00000408 _____ () C:\Documents and Settings\Owner\Application Data\CamLayout.ini
2014-03-29 01:54 - 2013-04-09 22:46 - 00000120 _____ () C:\Documents and Settings\Owner\Application Data\Camdata.ini
2014-03-29 01:52 - 2013-04-09 22:42 - 00000000 ____D () C:\Program Files\CamStudio 2.7
2014-03-29 01:49 - 2014-03-29 01:49 - 00000096 _____ () C:\Documents and Settings\Owner\Application Data\version2.xml
2014-03-29 01:43 - 2014-03-29 01:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\CheckPoint
2014-03-29 00:47 - 2013-04-11 03:28 - 00494206 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1935655697-725345543-1398031866-1003-0.dat
2014-03-29 00:47 - 2013-04-11 03:28 - 00214414 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-03-29 00:44 - 2013-02-28 05:15 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Shoes for ash
2014-03-29 00:01 - 2014-03-29 00:01 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\TechSmith
2014-03-28 23:37 - 2011-10-05 20:10 - 00007042 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-23 22:16 - 2012-11-11 19:16 - 00000309 _____ () C:\Documents and Settings\Owner\Application Data\com.crackdat.crackdatsuite.xml
2014-03-23 22:16 - 2012-11-11 19:15 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Crack the DAT
2014-03-22 18:47 - 2013-04-15 18:12 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\DAT
2014-03-21 17:12 - 2012-09-18 20:07 - 00000178 ___SH () C:\Documents and Settings\SHAK\ntuser.ini
2014-03-21 02:12 - 2014-03-21 02:12 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Windows Search
2014-03-20 01:38 - 2013-10-02 16:06 - 00000269 _____ () C:\Documents and Settings\Owner\Desktop\fax to chase.txt
2014-03-19 13:07 - 2014-03-19 00:37 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-03-18 20:56 - 2014-03-18 20:56 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-03-18 20:55 - 2013-07-13 03:01 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-03-18 20:51 - 2012-09-07 19:31 - 87350280 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-03-16 23:24 - 2013-01-01 02:23 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Puters
2014-03-16 23:22 - 2013-05-22 14:45 - 00000365 _____ () C:\Documents and Settings\Owner\Desktop\LOL999.txt
2014-03-16 23:18 - 2012-03-04 04:36 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Misc
2014-03-16 16:11 - 2013-09-28 20:05 - 00001269 _____ () C:\Documents and Settings\Owner\Desktop\cool.txt
2014-03-16 16:08 - 2013-03-18 19:51 - 00001785 _____ () C:\Documents and Settings\Owner\Desktop\BOUGHT!.txt
2014-03-12 22:58 - 2013-03-20 02:39 - 03444184 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-11 21:45 - 2012-03-05 23:16 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-03-11 21:44 - 2014-03-11 21:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-03-11 21:44 - 2014-03-11 21:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-03-11 21:29 - 2011-10-11 22:01 - 00002347 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
2014-03-11 21:28 - 2011-10-10 01:43 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-03-10 16:51 - 2012-09-18 20:07 - 00000000 ____D () C:\Documents and Settings\SHAK\Application Data\Macromedia
2014-03-09 19:16 - 2014-03-09 19:16 - 00000129 _____ () C:\Shortcut to 3½ Floppy (A).lnk
2014-03-07 00:46 - 2012-02-15 23:07 - 00002479 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
2014-03-06 00:55 - 2013-08-07 17:38 - 00001544 _____ () C:\Documents and Settings\Owner\Desktop\Salonnnn.txt
2014-03-05 15:23 - 2012-01-26 06:01 - 00000132 _____ () C:\Documents and Settings\Owner\Application Data\Adobe PNG Format CS5 Prefs
2014-03-05 14:47 - 2011-10-08 03:47 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Skype
2014-03-05 13:40 - 2011-10-08 03:47 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Skype
Files to move or delete:
====================
C:\Documents and Settings\Owner\Application Data\CamLayout.ini
C:\Documents and Settings\Owner\Application Data\CamShapes.ini
==================== Bamital & volsnap Check =================
C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
==================== End Of Log ============================Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014 01
Ran by Owner at 2014-03-31 23:13:45
Running from C:\Documents and Settings\Owner\My Documents\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
==================== Installed Programs ======================
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.6.0.6090 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.6.0.6090 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.3.300.265 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Photoshop CS5 (HKLM\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
B57Inst (Version: 3.40 - Broadcom) Hidden
BCM V.92 56K Modem (HKLM\...\BCM V.92 56K Modem) (Version: - )
Broadcom Driver Installer (HKLM\...\InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}) (Version: 3.40 - Broadcom)
Camtasia Studio 6 (HKLM\...\{A589DA26-51BD-475D-8C32-E19E34145842}) (Version: 6.0.3 - TechSmith Corporation)
Course Saver Desktop (HKLM\...\com.coursesaver.desktop) (Version: 2.1.18 - UNKNOWN)
Course Saver Desktop (Version: 2.1.18 - UNKNOWN) Hidden
Crack the DAT 2013-2014 (HKLM\...\Crack the DAT) (Version: 2013-2014 - Crack Exam Preparation Software)
Crack the DAT 5.0.26 (HKLM\...\{DCE61563-DA83-47CD-B6E6-D25BEC21B301}_is1) (Version: - Crack DAT)
Dell Click 2 Fix+ (HKLM\...\Dell Click 2 Fix+_is1) (Version: 2.004.032.2546.03 - Dell)
Dell ResourceCD (HKLM\...\{D78653C3-A8FF-415F-92E6-D774E634FF2D}) (Version: - )
Google Talk Plugin (HKLM\...\{43D16DA8-BF42-3C62-89D3-3AD47829DC2E}) (Version: 3.10.2.10212 - Google)
Intel® Extreme Graphics Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: - )
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation)
Microsoft Office 2000 Professional (HKLM\...\{00010409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 28.0 (x86 en-US) (HKLM\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: - )
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Windows XP (KB2492386) (HKLM\...\KB2492386) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
USB2.0 PC Camera (SN9C201&202) (HKLM\...\{75438C0E-9925-412E-AD85-D0E71C6CE2ED}) (Version: 5.7.3.102 - )
WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
WinRAR 4.11 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
==================== Restore Points =========================
14-01-2014 17:49:57 System Checkpoint
15-01-2014 05:54:45 Software Distribution Service 3.0
16-01-2014 07:09:59 Software Distribution Service 3.0
17-01-2014 21:17:33 System Checkpoint
18-01-2014 22:58:06 System Checkpoint
20-01-2014 01:13:57 System Checkpoint
21-01-2014 06:25:08 System Checkpoint
22-01-2014 06:26:14 System Checkpoint
24-01-2014 20:28:07 System Checkpoint
26-01-2014 01:13:14 System Checkpoint
27-01-2014 01:44:57 System Checkpoint
28-01-2014 15:21:36 System Checkpoint
29-01-2014 22:51:49 System Checkpoint
31-01-2014 01:33:13 System Checkpoint
01-02-2014 01:42:05 System Checkpoint
02-02-2014 01:38:00 Removed Bing Bar
02-02-2014 01:41:29 Removed HP Officejet 4620 series Basic Device Software
02-02-2014 01:47:27 Removed HP Officejet 4620 series Help
03-02-2014 02:40:44 System Checkpoint
04-02-2014 21:11:53 System Checkpoint
06-02-2014 03:04:23 System Checkpoint
06-02-2014 07:03:59 Removed I.R.I.S. OCR
06-02-2014 07:08:26 Removed HP Officejet 4620 series Product Improvement Study
06-02-2014 07:11:03 Removed HP Update.
06-02-2014 07:11:45 Removed Skype™ 6.13
07-02-2014 08:00:36 Software Distribution Service 3.0
09-02-2014 05:42:28 System Checkpoint
10-02-2014 08:50:26 System Checkpoint
11-02-2014 23:23:49 System Checkpoint
13-02-2014 02:54:19 System Checkpoint
13-02-2014 08:01:12 Software Distribution Service 3.0
15-02-2014 05:33:36 System Checkpoint
18-02-2014 02:55:11 System Checkpoint
18-02-2014 05:35:50 Installed Achiever
19-02-2014 04:37:11 Removed Achiever
20-02-2014 04:53:35 System Checkpoint
21-02-2014 20:45:06 System Checkpoint
22-02-2014 22:21:19 System Checkpoint
23-02-2014 00:24:32 Installed Java 7 Update 51
23-02-2014 00:37:04 Pre Install Click 2 Fix restore point
23-02-2014 01:10:57 Software Distribution Service 3.0
23-02-2014 06:01:44 Software Distribution Service 3.0
24-02-2014 03:41:32 Software Distribution Service 3.0
25-02-2014 04:19:06 System Checkpoint
26-02-2014 04:54:36 System Checkpoint
28-02-2014 19:49:33 System Checkpoint
01-03-2014 23:21:00 System Checkpoint
03-03-2014 00:02:04 System Checkpoint
04-03-2014 02:44:31 System Checkpoint
05-03-2014 03:22:54 System Checkpoint
05-03-2014 18:48:36 Removed Skype™ 6.14
06-03-2014 21:14:35 System Checkpoint
07-03-2014 21:57:53 System Checkpoint
09-03-2014 01:47:24 System Checkpoint
10-03-2014 07:02:03 System Checkpoint
10-03-2014 21:15:08 Software Distribution Service 3.0
12-03-2014 01:43:49 Software Distribution Service 3.0
14-03-2014 18:44:02 System Checkpoint
16-03-2014 21:39:54 System Checkpoint
17-03-2014 23:51:10 System Checkpoint
19-03-2014 00:49:57 Software Distribution Service 3.0
20-03-2014 18:59:19 System Checkpoint
21-03-2014 19:24:05 System Checkpoint
22-03-2014 22:07:14 System Checkpoint
29-03-2014 03:46:25 Installed Camtasia Studio 8
29-03-2014 06:13:12 Removed Camtasia Studio 8
29-03-2014 06:38:58 Restore Operation
29-03-2014 06:51:15 Installed Camtasia Studio 6
29-03-2014 07:01:10 Software Distribution Service 3.0
30-03-2014 02:02:19 Software Distribution Service 3.0
31-03-2014 02:21:48 System Checkpoint
31-03-2014 20:19:53 Pre Install Click 2 Fix restore point
31-03-2014 22:11:12 Pre Install Click 2 Fix+ restore point
31-03-2014 22:44:06 Pre Install Click 2 Fix+ restore point
01-04-2014 02:34:09 Dell Click 2 Fix+ restore point
==================== Hosts content: ==========================
2002-09-03 12:34 - 2011-01-12 18:45 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-ANAM-RNFR3WMDD7-Dena.job => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
Task: C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-ANAM-RNFR3WMDD7-SHAK.job => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_MAY2013_TB_rel.job => C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_MAY2013_TB.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-725345543-1398031866-1004Core.job => C:\Documents and Settings\Dena\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-725345543-1398031866-1004UA.job => C:\Documents and Settings\Dena\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
==================== Loaded Modules (whitelisted) =============
2014-03-31 18:44 - 2014-02-03 23:33 - 00166216 _____ () C:\Program Files\Dell\Click 2 Fix+\SSLEAY32.DLL
2014-03-31 18:44 - 2014-02-03 23:29 - 00833856 _____ () C:\Program Files\Dell\Click 2 Fix+\LIBEAY32.dll
2014-03-31 18:44 - 2014-02-03 23:32 - 00579576 _____ () C:\Program Files\Dell\Click 2 Fix+\sqlite3.dll
2014-03-31 18:44 - 2014-02-03 23:30 - 00018240 _____ () C:\Program Files\Dell\Click 2 Fix+\node.dll
2014-03-31 22:13 - 2014-03-15 04:40 - 03642480 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2013-08-19 23:01 - 2013-08-19 23:01 - 16166280 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\02387577.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\83409464.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\02387577.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\83409464.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "DisplayName"="Dell"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "ErrorControl"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "ImagePath"="C:\Program Files\Dell\Click 2 Fix\srvc.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "ObjectName"="LocalSystem"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "Start"="2"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "Type"="272"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix\Parameters => "Application"="C:\Program Files\Dell\Click 2 Fix\srvc.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix\Parameters => "AppParameters"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "DisplayName"="Dell"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "ErrorControl"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "ImagePath"="C:\Program Files\Dell\Click 2 Fix+\srvc.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "ObjectName"="LocalSystem"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "Start"="2"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "Type"="272"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+\Parameters => "Application"="C:\Program Files\Dell\Click 2 Fix+\srvc.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+\Parameters => "AppParameters"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk => C:\WINDOWS\pss\Windows Search.lnkCommon Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: BCMSMMSG => BCMSMMSG.exe
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: FixCamera => C:\WINDOWS\FixCamera.exe
MSCONFIG\startupreg: HotKeysCmds => C:\WINDOWS\System32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\WINDOWS\System32\igfxtray.exe
MSCONFIG\startupreg: snp2std => C:\WINDOWS\vsnp2std.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: tsnp2std => C:\WINDOWS\tsnp2std.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/31/2014 04:58:25 PM) (Source: LoadPerf) (User: )
Description: Unloading the performance counter strings for service wsearchidxpi (wsearchidxpi) failed. The
Error code is the first DWORD in Data section.
Error: (03/31/2014 04:58:25 PM) (Source: LoadPerf) (User: )
Description: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.
Error: (03/31/2014 04:58:25 PM) (Source: LoadPerf) (User: )
Description: Unloading the performance counter strings for service UGTHRSVC (UGTHRSVC) failed. The
Error code is the first DWORD in Data section.
Error: (03/31/2014 04:58:25 PM) (Source: LoadPerf) (User: )
Description: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.
Error: (03/31/2014 04:58:25 PM) (Source: LoadPerf) (User: )
Description: Unloading the performance counter strings for service UGatherer (UGatherer) failed. The
Error code is the first DWORD in Data section.
Error: (03/31/2014 04:58:25 PM) (Source: LoadPerf) (User: )
Description: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.
Error: (03/31/2014 04:35:38 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Fix it 50226 -- This Microsoft Fix it does not apply because the computer requires a Microsoft download or Microsoft Update.
Error: (03/31/2014 03:39:22 PM) (Source: Windows Search Service) (User: )
Description: Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\3.3 GAS Q1.LNK
Error: (03/31/2014 03:39:22 PM) (Source: Windows Search Service) (User: )
Description: Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\3.3 GAS Q1.LNK
Error: (03/31/2014 02:36:03 PM) (Source: Application Hang) (User: )
Description: Fault bucket 1432846009.
System errors:
=============
Error: (03/31/2014 10:34:23 PM) (Source: SideBySide) (User: )
Description: Generate Activation Context failed for C:\DOCUME~1\Owner\LOCALS~1\Temp\is-05DLU.tmp\Screen_resolution.dll.
Reference error message: The operation completed successfully.
.
Error: (03/31/2014 10:34:23 PM) (Source: SideBySide) (User: )
Description: Resolve Partial Assembly failed for Microsoft.VC90.DebugCRT.
Reference error message: The referenced assembly is not installed on your system.
.
Error: (03/31/2014 10:34:23 PM) (Source: SideBySide) (User: )
Description: Dependent Assembly Microsoft.VC90.DebugCRT could not be found and Last Error was The referenced assembly is not installed on your system.
Error: (03/31/2014 10:34:23 PM) (Source: SideBySide) (User: )
Description: Generate Activation Context failed for C:\DOCUME~1\Owner\LOCALS~1\Temp\is-05DLU.tmp\Screen_resolution.dll.
Reference error message: The operation completed successfully.
.
Error: (03/31/2014 10:34:23 PM) (Source: SideBySide) (User: )
Description: Resolve Partial Assembly failed for Microsoft.VC90.DebugCRT.
Reference error message: The referenced assembly is not installed on your system.
.
Error: (03/31/2014 10:34:23 PM) (Source: SideBySide) (User: )
Description: Dependent Assembly Microsoft.VC90.DebugCRT could not be found and Last Error was The referenced assembly is not installed on your system.
Error: (03/31/2014 10:25:02 PM) (Source: SideBySide) (User: )
Description: Generate Activation Context failed for C:\DOCUME~1\Owner\LOCALS~1\Temp\is-C9NBA.tmp\Screen_resolution.dll.
Reference error message: The operation completed successfully.
.
Error: (03/31/2014 10:25:02 PM) (Source: SideBySide) (User: )
Description: Resolve Partial Assembly failed for Microsoft.VC90.DebugCRT.
Reference error message: The referenced assembly is not installed on your system.
.
Error: (03/31/2014 10:25:02 PM) (Source: SideBySide) (User: )
Description: Dependent Assembly Microsoft.VC90.DebugCRT could not be found and Last Error was The referenced assembly is not installed on your system.
Error: (03/31/2014 10:25:02 PM) (Source: SideBySide) (User: )
Description: Generate Activation Context failed for C:\DOCUME~1\Owner\LOCALS~1\Temp\is-C9NBA.tmp\Screen_resolution.dll.
Reference error message: The operation completed successfully.
.
Microsoft Office Sessions:
=========================
Error: (03/31/2014 04:58:25 PM) (Source: LoadPerf)(User: )
Description: wsearchidxpiwsearchidxpi
Error: (03/31/2014 04:58:25 PM) (Source: LoadPerf)(User: )
Description: Performance
Error: (03/31/2014 04:58:25 PM) (Source: LoadPerf)(User: )
Description: UGTHRSVCUGTHRSVC
Error: (03/31/2014 04:58:25 PM) (Source: LoadPerf)(User: )
Description: Performance
Error: (03/31/2014 04:58:25 PM) (Source: LoadPerf)(User: )
Description: UGathererUGatherer
Error: (03/31/2014 04:58:25 PM) (Source: LoadPerf)(User: )
Description: Performance
Error: (03/31/2014 04:35:38 PM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Microsoft Fix it 50226 -- This Microsoft Fix it does not apply because the computer requires a Microsoft download or Microsoft Update.(NULL)(NULL)(NULL)
Error: (03/31/2014 03:39:22 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\3.3 GAS Q1.LNK
Error: (03/31/2014 03:39:22 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\3.3 GAS Q1.LNK
Error: (03/31/2014 02:36:03 PM) (Source: Application Hang)(User: )
Description: 1432846009
==================== Memory info ===========================
Percentage of memory in use: 27%
Total physical RAM: 2046 MB
Available physical RAM: 1473.93 MB
Total Pagefile: 4968.77 MB
Available Pagefile: 4585.54 MB
Total Virtual: 2047.88 MB
Available Virtual: 1958.11 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:74.52 GB) (Free:34.04 GB) NTFS ==>[Drive with boot components (Windows XP)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: CBF3CBF3)
Partition: GPT Partition Type.
==================== End Of Log ============================ -
Thank god you are Life Saver. I have check boxed Addition.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01
Ran by Owner (administrator) on ANAM-RNFR3WMDD7 on 31-03-2014 23:01:42
Running from C:\Documents and Settings\Owner\My Documents\Downloads
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(Dell) C:\Program Files\Dell\Click 2 Fix+\srvc.exe
(Dell) C:\Program Files\Dell\Click 2 Fix+\cust.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Dell) C:\Program Files\Dell\Click 2 Fix+\capp.exe
(Dell) C:\Program Files\Dell\Click 2 Fix+\cutil.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
==================== Registry (Whitelisted) ==================
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
HKU\S-1-5-21-1935655697-725345543-1398031866-1003\...\Winlogon: [shell] -
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=58&CUI=&UM=5&UP=SP16BF35BB-350F-497B-BFE0-7A2F0AFFEB29&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\i8j6xi5j.default-1396147886042
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @alibaba.com/nptrademanager;version=1.0 - C:\Program Files\TradeManager\nptrademanager.dll No File
FF Plugin: @alibaba.com/npwangwang;version=1.0 - C:\Program Files\TradeManager\npwangwang.dll No File
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @alibaba.com/npAliSSOLogin;version=1.0 - C:\Program Files\TradeManager\npAliSSOLogin.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nptrademanager.dll ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwangwang.dll ( )
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-03-18]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
========================== Services (Whitelisted) =================
R2 Dell Click 2 Fix+; C:\Program Files\Dell\Click 2 Fix+\srvc.exe [94016 2014-02-03] (Dell)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation)
==================== Drivers (Whitelisted) ====================
R3 BCMModem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [1101696 2003-08-29] (Broadcom Corporation)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 CVirtA; C:\WINDOWS\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [30976 2013-11-07] ()
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S3 NuidFltr; C:\WINDOWS\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
S3 SNP2STD; C:\WINDOWS\System32\DRIVERS\snp2sxp.sys [10305280 2006-06-07] ()
S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
R3 {6080A529-897E-4629-A488-ABA0C29B635E}; C:\WINDOWS\System32\drivers\ialmsbw.sys [113504 2003-04-15] (Intel Corporation)
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}; C:\WINDOWS\System32\drivers\ialmkchw.sys [78752 2003-04-15] (Intel Corporation)
U0 PROCMON23; System32\Drivers\PROCMON23.SYS [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-31 22:18 - 2014-03-31 22:19 - 00003392 _____ () C:\Documents and Settings\Owner\Desktop\Rkill.txt
2014-03-31 22:13 - 2014-03-31 22:13 - 00000730 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2014-03-31 22:13 - 2014-03-31 22:13 - 00000724 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2014-03-31 22:13 - 2014-03-31 22:13 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-31 20:41 - 2014-03-31 20:43 - 00000051 _____ () C:\Documents and Settings\Owner\Desktop\faisal.txt
2014-03-31 18:46 - 2014-03-31 18:46 - 00681062 _____ () C:\Documents and Settings\Owner\Desktop\bookmarks.html
2014-03-31 18:44 - 2014-03-31 18:44 - 00001644 _____ () C:\Documents and Settings\All Users\Desktop\Dell Click 2 Fix+.lnk
2014-03-31 18:44 - 2014-03-31 18:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Dell Click 2 Fix+
2014-03-31 18:43 - 2014-03-31 18:43 - 01006776 _____ (Dell ) C:\Documents and Settings\Owner\Desktop\DellClick2Fix+_DownloadManager_V1.0.0.5-7811e890c1c5a4013dd1f7708d2471ab.exe
2014-03-31 18:06 - 2014-03-31 18:07 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-03-31 17:21 - 2014-03-31 17:21 - 00000016 _____ () C:\Documents and Settings\Owner\Desktop\lol.txt
2014-03-31 17:20 - 2014-03-31 17:20 - 00000803 _____ () C:\Documents and Settings\Owner\Start Menu\Programs\Internet Explorer.lnk
2014-03-31 16:58 - 2014-03-31 16:58 - 00030329 _____ () C:\WINDOWS\KB940157Uninst.log
2014-03-31 16:58 - 2014-03-31 16:58 - 00006182 _____ () C:\WINDOWS\FaxSetup.log
2014-03-31 16:58 - 2014-03-31 16:58 - 00002956 _____ () C:\WINDOWS\ocgen.log
2014-03-31 16:58 - 2014-03-31 16:58 - 00002359 _____ () C:\WINDOWS\tsoc.log
2014-03-31 16:58 - 2014-03-31 16:58 - 00002052 _____ () C:\WINDOWS\comsetup.log
2014-03-31 16:58 - 2014-03-31 16:58 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-03-31 16:58 - 2014-03-31 16:58 - 00001361 _____ () C:\WINDOWS\setupapi.log
2014-03-31 16:58 - 2014-03-31 16:58 - 00001248 _____ () C:\WINDOWS\ntdtcsetup.log
2014-03-31 16:58 - 2014-03-31 16:58 - 00000971 _____ () C:\WINDOWS\iis6.log
2014-03-31 16:58 - 2014-03-31 16:58 - 00000342 _____ () C:\WINDOWS\ocmsn.log
2014-03-31 16:58 - 2014-03-31 16:58 - 00000309 _____ () C:\WINDOWS\msgsocm.log
2014-03-31 14:38 - 2014-03-31 16:06 - 00000120 _____ () C:\WINDOWS\setupact.log
2014-03-31 14:38 - 2014-03-31 14:38 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-03-30 23:23 - 2014-03-30 23:23 - 00000666 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\CourseSaver.lnk
2014-03-30 23:23 - 2014-03-30 23:23 - 00000660 _____ () C:\Documents and Settings\All Users\Desktop\CourseSaver.lnk
2014-03-30 23:23 - 2014-03-30 23:23 - 00000000 ____D () C:\Program Files\CourseSaver
2014-03-30 23:12 - 2014-03-31 23:01 - 00000000 ____D () C:\FRST
2014-03-30 15:07 - 2014-03-30 15:07 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 13 Reading Comprehension 2 & Strategy 2
2014-03-30 15:06 - 2014-03-30 15:07 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 12 Schedule Your Organic Chemistry 2 Flex
2014-03-30 15:06 - 2014-03-30 15:07 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 11 General Chemistry 2
2014-03-30 15:06 - 2014-03-30 15:07 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 10 Quantitative Reasoning 2
2014-03-30 15:05 - 2014-03-30 15:05 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 9 Schedule Your Perceptual Ability 2 Flex
2014-03-30 15:04 - 2014-03-30 15:07 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 6 Schedule Your Organic Chemistry 1 Flex
2014-03-30 15:04 - 2014-03-30 15:04 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 7 Full Length 1 - Take at Home
2014-03-30 15:03 - 2014-03-30 15:05 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 8 Biology 2
2014-03-30 15:00 - 2014-03-30 15:02 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 5 General Chemistry 1
2014-03-30 14:58 - 2014-03-30 15:00 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 4 Quantitative Reasoning 1
2014-03-30 14:56 - 2014-03-30 14:57 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 3 Schedule Your Perceptual Ability 1 Flex
2014-03-30 14:49 - 2014-03-31 14:11 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 2 Biology 1
2014-03-30 14:44 - 2014-03-30 14:53 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 1 Strategy 1 & Reading Comprehension 1
2014-03-29 17:20 - 2014-03-29 22:54 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\General Chemistry Quizzes
2014-03-29 02:53 - 2014-03-29 02:53 - 00000000 ____D () C:\WINDOWS\system32\QuickTime
2014-03-29 02:52 - 2014-03-29 02:52 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Camtasia Studio 6
2014-03-29 02:51 - 2014-03-29 02:51 - 00000000 ____D () C:\Program Files\TechSmith
2014-03-29 02:51 - 2014-03-29 02:51 - 00000000 ____D () C:\Program Files\Common Files\TechSmith Shared
2014-03-29 01:49 - 2014-03-29 01:49 - 00000096 _____ () C:\Documents and Settings\Owner\Application Data\version2.xml
2014-03-29 01:43 - 2014-03-29 01:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\CheckPoint
2014-03-29 00:01 - 2014-03-29 00:01 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\TechSmith
2014-03-29 00:00 - 2014-03-29 02:58 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\Camtasia Studio
2014-03-28 23:46 - 2014-03-29 02:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TechSmith
2014-03-21 02:12 - 2014-03-21 02:12 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Windows Search
2014-03-19 00:37 - 2014-03-31 22:47 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-03-19 00:37 - 2014-03-19 13:07 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-03-18 20:56 - 2014-03-18 20:56 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-03-18 17:43 - 2014-03-31 22:13 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-18 15:31 - 2014-02-25 21:59 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe
2014-03-18 15:31 - 2014-02-25 21:59 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe
2014-03-11 21:44 - 2014-03-11 21:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-03-11 21:44 - 2014-03-11 21:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-03-09 19:16 - 2014-03-09 19:16 - 00000129 _____ () C:\Shortcut to 3½ Floppy (A).lnk
==================== One Month Modified Files and Folders =======
2014-03-31 23:01 - 2014-03-30 23:12 - 00000000 ____D () C:\FRST
2014-03-31 23:00 - 2011-10-06 21:12 - 01807447 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-31 22:47 - 2014-03-19 00:37 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-03-31 22:47 - 2013-05-25 16:00 - 00000340 _____ () C:\WINDOWS\Tasks\AVG-Secure-Search-Update_MAY2013_TB_rel.job
2014-03-31 22:47 - 2011-10-05 20:12 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-03-31 22:47 - 2011-10-05 20:12 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-03-31 22:46 - 2011-10-06 17:27 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-31 22:45 - 2011-10-06 17:29 - 00032320 _____ () C:\WINDOWS\SchedLgU.Txt
2014-03-31 22:45 - 2011-10-06 17:29 - 00000278 ___SH () C:\Documents and Settings\Owner\ntuser.ini
2014-03-31 22:38 - 2012-10-11 00:22 - 00000974 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-725345543-1398031866-1004UA.job
2014-03-31 22:21 - 2011-10-06 17:29 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-03-31 22:19 - 2014-03-31 22:18 - 00003392 _____ () C:\Documents and Settings\Owner\Desktop\Rkill.txt
2014-03-31 22:13 - 2014-03-31 22:13 - 00000730 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2014-03-31 22:13 - 2014-03-31 22:13 - 00000724 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2014-03-31 22:13 - 2014-03-31 22:13 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-31 22:13 - 2014-03-18 17:43 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-31 20:43 - 2014-03-31 20:41 - 00000051 _____ () C:\Documents and Settings\Owner\Desktop\faisal.txt
2014-03-31 18:52 - 2014-02-22 20:59 - 00023392 _____ () C:\WINDOWS\system32\nscompat.tlb
2014-03-31 18:52 - 2014-02-22 20:59 - 00016832 _____ () C:\WINDOWS\system32\amcompat.tlb
2014-03-31 18:46 - 2014-03-31 18:46 - 00681062 _____ () C:\Documents and Settings\Owner\Desktop\bookmarks.html
2014-03-31 18:44 - 2014-03-31 18:44 - 00001644 _____ () C:\Documents and Settings\All Users\Desktop\Dell Click 2 Fix+.lnk
2014-03-31 18:44 - 2014-03-31 18:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Dell Click 2 Fix+
2014-03-31 18:43 - 2014-03-31 18:43 - 01006776 _____ (Dell ) C:\Documents and Settings\Owner\Desktop\DellClick2Fix+_DownloadManager_V1.0.0.5-7811e890c1c5a4013dd1f7708d2471ab.exe
2014-03-31 18:38 - 2012-10-11 00:22 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-725345543-1398031866-1004Core.job
2014-03-31 18:16 - 2011-10-05 20:08 - 00000210 ___SH () C:\boot.ini
2014-03-31 18:16 - 2002-09-03 13:11 - 00000884 _____ () C:\WINDOWS\win.ini
2014-03-31 18:16 - 2002-09-03 13:06 - 00000227 _____ () C:\WINDOWS\system.ini
2014-03-31 18:10 - 2013-10-29 11:17 - 00000000 ____D () C:\Program Files\Dell
2014-03-31 18:07 - 2014-03-31 18:06 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-03-31 17:21 - 2014-03-31 17:21 - 00000016 _____ () C:\Documents and Settings\Owner\Desktop\lol.txt
2014-03-31 17:20 - 2014-03-31 17:20 - 00000803 _____ () C:\Documents and Settings\Owner\Start Menu\Programs\Internet Explorer.lnk
2014-03-31 17:20 - 2011-10-08 03:50 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\Google
2014-03-31 17:20 - 2011-10-08 03:49 - 00000000 ____D () C:\Program Files\Google
2014-03-31 16:58 - 2014-03-31 16:58 - 00030329 _____ () C:\WINDOWS\KB940157Uninst.log
2014-03-31 16:58 - 2014-03-31 16:58 - 00006182 _____ () C:\WINDOWS\FaxSetup.log
2014-03-31 16:58 - 2014-03-31 16:58 - 00002956 _____ () C:\WINDOWS\ocgen.log
2014-03-31 16:58 - 2014-03-31 16:58 - 00002359 _____ () C:\WINDOWS\tsoc.log
2014-03-31 16:58 - 2014-03-31 16:58 - 00002052 _____ () C:\WINDOWS\comsetup.log
2014-03-31 16:58 - 2014-03-31 16:58 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-03-31 16:58 - 2014-03-31 16:58 - 00001361 _____ () C:\WINDOWS\setupapi.log
2014-03-31 16:58 - 2014-03-31 16:58 - 00001248 _____ () C:\WINDOWS\ntdtcsetup.log
2014-03-31 16:58 - 2014-03-31 16:58 - 00000971 _____ () C:\WINDOWS\iis6.log
2014-03-31 16:58 - 2014-03-31 16:58 - 00000342 _____ () C:\WINDOWS\ocmsn.log
2014-03-31 16:58 - 2014-03-31 16:58 - 00000309 _____ () C:\WINDOWS\msgsocm.log
2014-03-31 16:58 - 2014-02-22 21:14 - 00000000 ____D () C:\Program Files\Windows Desktop Search
2014-03-31 16:06 - 2014-03-31 14:38 - 00000120 _____ () C:\WINDOWS\setupact.log
2014-03-31 14:38 - 2014-03-31 14:38 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-03-31 14:33 - 2012-02-22 00:31 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-03-31 14:20 - 2011-10-06 17:29 - 00000000 ____D () C:\Documents and Settings\Owner
2014-03-31 14:11 - 2014-03-30 14:49 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 2 Biology 1
2014-03-31 02:00 - 2012-11-29 10:26 - 00000340 _____ () C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-ANAM-RNFR3WMDD7-Dena.job
2014-03-31 02:00 - 2012-11-21 02:21 - 00000340 _____ () C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-ANAM-RNFR3WMDD7-SHAK.job
2014-03-31 01:14 - 2012-07-08 21:56 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\white
2014-03-31 00:48 - 2011-10-06 15:45 - 00215552 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-30 23:23 - 2014-03-30 23:23 - 00000666 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\CourseSaver.lnk
2014-03-30 23:23 - 2014-03-30 23:23 - 00000660 _____ () C:\Documents and Settings\All Users\Desktop\CourseSaver.lnk
2014-03-30 23:23 - 2014-03-30 23:23 - 00000000 ____D () C:\Program Files\CourseSaver
2014-03-30 15:07 - 2014-03-30 15:07 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 13 Reading Comprehension 2 & Strategy 2
2014-03-30 15:07 - 2014-03-30 15:06 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 12 Schedule Your Organic Chemistry 2 Flex
2014-03-30 15:07 - 2014-03-30 15:06 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 11 General Chemistry 2
2014-03-30 15:07 - 2014-03-30 15:06 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 10 Quantitative Reasoning 2
2014-03-30 15:07 - 2014-03-30 15:04 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 6 Schedule Your Organic Chemistry 1 Flex
2014-03-30 15:05 - 2014-03-30 15:05 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 9 Schedule Your Perceptual Ability 2 Flex
2014-03-30 15:05 - 2014-03-30 15:03 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 8 Biology 2
2014-03-30 15:04 - 2014-03-30 15:04 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 7 Full Length 1 - Take at Home
2014-03-30 15:02 - 2014-03-30 15:00 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 5 General Chemistry 1
2014-03-30 15:00 - 2014-03-30 14:58 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 4 Quantitative Reasoning 1
2014-03-30 14:57 - 2014-03-30 14:56 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 3 Schedule Your Perceptual Ability 1 Flex
2014-03-30 14:53 - 2014-03-30 14:44 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 1 Strategy 1 & Reading Comprehension 1
2014-03-29 23:12 - 2013-04-10 17:58 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-03-29 22:54 - 2014-03-29 17:20 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\General Chemistry Quizzes
2014-03-29 21:44 - 2011-10-06 21:21 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Macromedia
2014-03-29 18:52 - 2013-10-29 12:01 - 00001552 _____ () C:\Documents and Settings\Owner\Desktop\Dell TEch.txt
2014-03-29 14:12 - 2002-09-03 13:14 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-03-29 02:58 - 2014-03-29 00:00 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\Camtasia Studio
2014-03-29 02:53 - 2014-03-29 02:53 - 00000000 ____D () C:\WINDOWS\system32\QuickTime
2014-03-29 02:52 - 2014-03-29 02:52 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Camtasia Studio 6
2014-03-29 02:51 - 2014-03-29 02:51 - 00000000 ____D () C:\Program Files\TechSmith
2014-03-29 02:51 - 2014-03-29 02:51 - 00000000 ____D () C:\Program Files\Common Files\TechSmith Shared
2014-03-29 02:35 - 2014-03-28 23:46 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TechSmith
2014-03-29 01:54 - 2013-04-09 22:49 - 00004534 _____ () C:\Documents and Settings\Owner\Application Data\CamStudio.cfg
2014-03-29 01:54 - 2013-04-09 22:46 - 00000408 _____ () C:\Documents and Settings\Owner\Application Data\CamShapes.ini
2014-03-29 01:54 - 2013-04-09 22:46 - 00000408 _____ () C:\Documents and Settings\Owner\Application Data\CamLayout.ini
2014-03-29 01:54 - 2013-04-09 22:46 - 00000120 _____ () C:\Documents and Settings\Owner\Application Data\Camdata.ini
2014-03-29 01:52 - 2013-04-09 22:42 - 00000000 ____D () C:\Program Files\CamStudio 2.7
2014-03-29 01:49 - 2014-03-29 01:49 - 00000096 _____ () C:\Documents and Settings\Owner\Application Data\version2.xml
2014-03-29 01:43 - 2014-03-29 01:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\CheckPoint
2014-03-29 00:47 - 2013-04-11 03:28 - 00494206 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1935655697-725345543-1398031866-1003-0.dat
2014-03-29 00:47 - 2013-04-11 03:28 - 00214414 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-03-29 00:44 - 2013-02-28 05:15 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Shoes for ash
2014-03-29 00:01 - 2014-03-29 00:01 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\TechSmith
2014-03-28 23:37 - 2011-10-05 20:10 - 00007042 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-23 22:16 - 2012-11-11 19:16 - 00000309 _____ () C:\Documents and Settings\Owner\Application Data\com.crackdat.crackdatsuite.xml
2014-03-23 22:16 - 2012-11-11 19:15 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Crack the DAT
2014-03-22 18:47 - 2013-04-15 18:12 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\DAT
2014-03-21 17:12 - 2012-09-18 20:07 - 00000178 ___SH () C:\Documents and Settings\SHAK\ntuser.ini
2014-03-21 02:12 - 2014-03-21 02:12 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Windows Search
2014-03-20 01:38 - 2013-10-02 16:06 - 00000269 _____ () C:\Documents and Settings\Owner\Desktop\fax to chase.txt
2014-03-19 13:07 - 2014-03-19 00:37 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-03-18 20:56 - 2014-03-18 20:56 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-03-18 20:55 - 2013-07-13 03:01 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-03-18 20:51 - 2012-09-07 19:31 - 87350280 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-03-16 23:24 - 2013-01-01 02:23 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Puters
2014-03-16 23:22 - 2013-05-22 14:45 - 00000365 _____ () C:\Documents and Settings\Owner\Desktop\LOL999.txt
2014-03-16 23:18 - 2012-03-04 04:36 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Misc
2014-03-16 16:11 - 2013-09-28 20:05 - 00001269 _____ () C:\Documents and Settings\Owner\Desktop\cool.txt
2014-03-16 16:08 - 2013-03-18 19:51 - 00001785 _____ () C:\Documents and Settings\Owner\Desktop\BOUGHT!.txt
2014-03-12 22:58 - 2013-03-20 02:39 - 03444184 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-11 21:45 - 2012-03-05 23:16 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-03-11 21:44 - 2014-03-11 21:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-03-11 21:44 - 2014-03-11 21:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-03-11 21:29 - 2011-10-11 22:01 - 00002347 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
2014-03-11 21:28 - 2011-10-10 01:43 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-03-10 16:51 - 2012-09-18 20:07 - 00000000 ____D () C:\Documents and Settings\SHAK\Application Data\Macromedia
2014-03-09 19:16 - 2014-03-09 19:16 - 00000129 _____ () C:\Shortcut to 3½ Floppy (A).lnk
2014-03-07 00:46 - 2012-02-15 23:07 - 00002479 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
2014-03-06 00:55 - 2013-08-07 17:38 - 00001544 _____ () C:\Documents and Settings\Owner\Desktop\Salonnnn.txt
2014-03-05 15:23 - 2012-01-26 06:01 - 00000132 _____ () C:\Documents and Settings\Owner\Application Data\Adobe PNG Format CS5 Prefs
2014-03-05 14:47 - 2011-10-08 03:47 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Skype
2014-03-05 13:40 - 2011-10-08 03:47 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Skype
Files to move or delete:
====================
C:\Documents and Settings\Owner\Application Data\CamLayout.ini
C:\Documents and Settings\Owner\Application Data\CamShapes.ini
==================== Bamital & volsnap Check =================
C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
==================== End Of Log ============================Addition LOG
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014 01
Ran by Owner at 2014-03-31 23:03:07
Running from C:\Documents and Settings\Owner\My Documents\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
==================== Installed Programs ======================
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.6.0.6090 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.6.0.6090 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.3.300.265 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Photoshop CS5 (HKLM\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
B57Inst (Version: 3.40 - Broadcom) Hidden
BCM V.92 56K Modem (HKLM\...\BCM V.92 56K Modem) (Version: - )
Broadcom Driver Installer (HKLM\...\InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}) (Version: 3.40 - Broadcom)
Camtasia Studio 6 (HKLM\...\{A589DA26-51BD-475D-8C32-E19E34145842}) (Version: 6.0.3 - TechSmith Corporation)
Course Saver Desktop (HKLM\...\com.coursesaver.desktop) (Version: 2.1.18 - UNKNOWN)
Course Saver Desktop (Version: 2.1.18 - UNKNOWN) Hidden
Crack the DAT 2013-2014 (HKLM\...\Crack the DAT) (Version: 2013-2014 - Crack Exam Preparation Software)
Crack the DAT 5.0.26 (HKLM\...\{DCE61563-DA83-47CD-B6E6-D25BEC21B301}_is1) (Version: - Crack DAT)
Dell Click 2 Fix+ (HKLM\...\Dell Click 2 Fix+_is1) (Version: 2.004.032.2546.03 - Dell)
Dell ResourceCD (HKLM\...\{D78653C3-A8FF-415F-92E6-D774E634FF2D}) (Version: - )
Google Talk Plugin (HKLM\...\{43D16DA8-BF42-3C62-89D3-3AD47829DC2E}) (Version: 3.10.2.10212 - Google)
Intel® Extreme Graphics Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: - )
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation)
Microsoft Office 2000 Professional (HKLM\...\{00010409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 28.0 (x86 en-US) (HKLM\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: - )
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Windows XP (KB2492386) (HKLM\...\KB2492386) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
USB2.0 PC Camera (SN9C201&202) (HKLM\...\{75438C0E-9925-412E-AD85-D0E71C6CE2ED}) (Version: 5.7.3.102 - )
WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
WinRAR 4.11 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
==================== Restore Points =========================
14-01-2014 17:49:57 System Checkpoint
15-01-2014 05:54:45 Software Distribution Service 3.0
16-01-2014 07:09:59 Software Distribution Service 3.0
17-01-2014 21:17:33 System Checkpoint
18-01-2014 22:58:06 System Checkpoint
20-01-2014 01:13:57 System Checkpoint
21-01-2014 06:25:08 System Checkpoint
22-01-2014 06:26:14 System Checkpoint
24-01-2014 20:28:07 System Checkpoint
26-01-2014 01:13:14 System Checkpoint
27-01-2014 01:44:57 System Checkpoint
28-01-2014 15:21:36 System Checkpoint
29-01-2014 22:51:49 System Checkpoint
31-01-2014 01:33:13 System Checkpoint
01-02-2014 01:42:05 System Checkpoint
02-02-2014 01:38:00 Removed Bing Bar
02-02-2014 01:41:29 Removed HP Officejet 4620 series Basic Device Software
02-02-2014 01:47:27 Removed HP Officejet 4620 series Help
03-02-2014 02:40:44 System Checkpoint
04-02-2014 21:11:53 System Checkpoint
06-02-2014 03:04:23 System Checkpoint
06-02-2014 07:03:59 Removed I.R.I.S. OCR
06-02-2014 07:08:26 Removed HP Officejet 4620 series Product Improvement Study
06-02-2014 07:11:03 Removed HP Update.
06-02-2014 07:11:45 Removed Skype™ 6.13
07-02-2014 08:00:36 Software Distribution Service 3.0
09-02-2014 05:42:28 System Checkpoint
10-02-2014 08:50:26 System Checkpoint
11-02-2014 23:23:49 System Checkpoint
13-02-2014 02:54:19 System Checkpoint
13-02-2014 08:01:12 Software Distribution Service 3.0
15-02-2014 05:33:36 System Checkpoint
18-02-2014 02:55:11 System Checkpoint
18-02-2014 05:35:50 Installed Achiever
19-02-2014 04:37:11 Removed Achiever
20-02-2014 04:53:35 System Checkpoint
21-02-2014 20:45:06 System Checkpoint
22-02-2014 22:21:19 System Checkpoint
23-02-2014 00:24:32 Installed Java 7 Update 51
23-02-2014 00:37:04 Pre Install Click 2 Fix restore point
23-02-2014 01:10:57 Software Distribution Service 3.0
23-02-2014 06:01:44 Software Distribution Service 3.0
24-02-2014 03:41:32 Software Distribution Service 3.0
25-02-2014 04:19:06 System Checkpoint
26-02-2014 04:54:36 System Checkpoint
28-02-2014 19:49:33 System Checkpoint
01-03-2014 23:21:00 System Checkpoint
03-03-2014 00:02:04 System Checkpoint
04-03-2014 02:44:31 System Checkpoint
05-03-2014 03:22:54 System Checkpoint
05-03-2014 18:48:36 Removed Skype™ 6.14
06-03-2014 21:14:35 System Checkpoint
07-03-2014 21:57:53 System Checkpoint
09-03-2014 01:47:24 System Checkpoint
10-03-2014 07:02:03 System Checkpoint
10-03-2014 21:15:08 Software Distribution Service 3.0
12-03-2014 01:43:49 Software Distribution Service 3.0
14-03-2014 18:44:02 System Checkpoint
16-03-2014 21:39:54 System Checkpoint
17-03-2014 23:51:10 System Checkpoint
19-03-2014 00:49:57 Software Distribution Service 3.0
20-03-2014 18:59:19 System Checkpoint
21-03-2014 19:24:05 System Checkpoint
22-03-2014 22:07:14 System Checkpoint
29-03-2014 03:46:25 Installed Camtasia Studio 8
29-03-2014 06:13:12 Removed Camtasia Studio 8
29-03-2014 06:38:58 Restore Operation
29-03-2014 06:51:15 Installed Camtasia Studio 6
29-03-2014 07:01:10 Software Distribution Service 3.0
30-03-2014 02:02:19 Software Distribution Service 3.0
31-03-2014 02:21:48 System Checkpoint
31-03-2014 20:19:53 Pre Install Click 2 Fix restore point
31-03-2014 22:11:12 Pre Install Click 2 Fix+ restore point
31-03-2014 22:44:06 Pre Install Click 2 Fix+ restore point
01-04-2014 02:34:09 Dell Click 2 Fix+ restore point
==================== Hosts content: ==========================
2002-09-03 12:34 - 2011-01-12 18:45 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-ANAM-RNFR3WMDD7-Dena.job => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
Task: C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-ANAM-RNFR3WMDD7-SHAK.job => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_MAY2013_TB_rel.job => C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_MAY2013_TB.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-725345543-1398031866-1004Core.job => C:\Documents and Settings\Dena\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-725345543-1398031866-1004UA.job => C:\Documents and Settings\Dena\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
==================== Loaded Modules (whitelisted) =============
2014-03-31 18:44 - 2014-02-03 23:33 - 00166216 _____ () C:\Program Files\Dell\Click 2 Fix+\SSLEAY32.DLL
2014-03-31 18:44 - 2014-02-03 23:29 - 00833856 _____ () C:\Program Files\Dell\Click 2 Fix+\LIBEAY32.dll
2014-03-31 18:44 - 2014-02-03 23:32 - 00579576 _____ () C:\Program Files\Dell\Click 2 Fix+\sqlite3.dll
2014-03-31 18:44 - 2014-02-03 23:30 - 00018240 _____ () C:\Program Files\Dell\Click 2 Fix+\node.dll
2014-03-31 22:13 - 2014-03-15 04:40 - 03642480 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2013-08-19 23:01 - 2013-08-19 23:01 - 16166280 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\02387577.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\83409464.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\02387577.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\83409464.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "DisplayName"="Dell"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "ErrorControl"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "ImagePath"="C:\Program Files\Dell\Click 2 Fix\srvc.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "ObjectName"="LocalSystem"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "Start"="2"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "Type"="272"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix\Parameters => "Application"="C:\Program Files\Dell\Click 2 Fix\srvc.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix\Parameters => "AppParameters"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "DisplayName"="Dell"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "ErrorControl"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "ImagePath"="C:\Program Files\Dell\Click 2 Fix+\srvc.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "ObjectName"="LocalSystem"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "Start"="2"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "Type"="272"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+\Parameters => "Application"="C:\Program Files\Dell\Click 2 Fix+\srvc.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+\Parameters => "AppParameters"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk => C:\WINDOWS\pss\Windows Search.lnkCommon Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: BCMSMMSG => BCMSMMSG.exe
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: FixCamera => C:\WINDOWS\FixCamera.exe
MSCONFIG\startupreg: HotKeysCmds => C:\WINDOWS\System32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\WINDOWS\System32\igfxtray.exe
MSCONFIG\startupreg: snp2std => C:\WINDOWS\vsnp2std.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: tsnp2std => C:\WINDOWS\tsnp2std.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/31/2014 04:58:25 PM) (Source: LoadPerf) (User: )
Description: Unloading the performance counter strings for service wsearchidxpi (wsearchidxpi) failed. The
Error code is the first DWORD in Data section.
Error: (03/31/2014 04:58:25 PM) (Source: LoadPerf) (User: )
Description: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.
Error: (03/31/2014 04:58:25 PM) (Source: LoadPerf) (User: )
Description: Unloading the performance counter strings for service UGTHRSVC (UGTHRSVC) failed. The
Error code is the first DWORD in Data section.
Error: (03/31/2014 04:58:25 PM) (Source: LoadPerf) (User: )
Description: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.
Error: (03/31/2014 04:58:25 PM) (Source: LoadPerf) (User: )
Description: Unloading the performance counter strings for service UGatherer (UGatherer) failed. The
Error code is the first DWORD in Data section.
Error: (03/31/2014 04:58:25 PM) (Source: LoadPerf) (User: )
Description: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.
Error: (03/31/2014 04:35:38 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Fix it 50226 -- This Microsoft Fix it does not apply because the computer requires a Microsoft download or Microsoft Update.
Error: (03/31/2014 03:39:22 PM) (Source: Windows Search Service) (User: )
Description: Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\3.3 GAS Q1.LNK
Error: (03/31/2014 03:39:22 PM) (Source: Windows Search Service) (User: )
Description: Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\3.3 GAS Q1.LNK
Error: (03/31/2014 02:36:03 PM) (Source: Application Hang) (User: )
Description: Fault bucket 1432846009.
System errors:
=============
Error: (03/31/2014 10:34:23 PM) (Source: SideBySide) (User: )
Description: Generate Activation Context failed for C:\DOCUME~1\Owner\LOCALS~1\Temp\is-05DLU.tmp\Screen_resolution.dll.
Reference error message: The operation completed successfully.
.
Error: (03/31/2014 10:34:23 PM) (Source: SideBySide) (User: )
Description: Resolve Partial Assembly failed for Microsoft.VC90.DebugCRT.
Reference error message: The referenced assembly is not installed on your system.
.
Error: (03/31/2014 10:34:23 PM) (Source: SideBySide) (User: )
Description: Dependent Assembly Microsoft.VC90.DebugCRT could not be found and Last Error was The referenced assembly is not installed on your system.
Error: (03/31/2014 10:34:23 PM) (Source: SideBySide) (User: )
Description: Generate Activation Context failed for C:\DOCUME~1\Owner\LOCALS~1\Temp\is-05DLU.tmp\Screen_resolution.dll.
Reference error message: The operation completed successfully.
.
Error: (03/31/2014 10:34:23 PM) (Source: SideBySide) (User: )
Description: Resolve Partial Assembly failed for Microsoft.VC90.DebugCRT.
Reference error message: The referenced assembly is not installed on your system.
.
Error: (03/31/2014 10:34:23 PM) (Source: SideBySide) (User: )
Description: Dependent Assembly Microsoft.VC90.DebugCRT could not be found and Last Error was The referenced assembly is not installed on your system.
Error: (03/31/2014 10:25:02 PM) (Source: SideBySide) (User: )
Description: Generate Activation Context failed for C:\DOCUME~1\Owner\LOCALS~1\Temp\is-C9NBA.tmp\Screen_resolution.dll.
Reference error message: The operation completed successfully.
.
Error: (03/31/2014 10:25:02 PM) (Source: SideBySide) (User: )
Description: Resolve Partial Assembly failed for Microsoft.VC90.DebugCRT.
Reference error message: The referenced assembly is not installed on your system.
.
Error: (03/31/2014 10:25:02 PM) (Source: SideBySide) (User: )
Description: Dependent Assembly Microsoft.VC90.DebugCRT could not be found and Last Error was The referenced assembly is not installed on your system.
Error: (03/31/2014 10:25:02 PM) (Source: SideBySide) (User: )
Description: Generate Activation Context failed for C:\DOCUME~1\Owner\LOCALS~1\Temp\is-C9NBA.tmp\Screen_resolution.dll.
Reference error message: The operation completed successfully.
.
Microsoft Office Sessions:
=========================
Error: (03/31/2014 04:58:25 PM) (Source: LoadPerf)(User: )
Description: wsearchidxpiwsearchidxpi
Error: (03/31/2014 04:58:25 PM) (Source: LoadPerf)(User: )
Description: Performance
Error: (03/31/2014 04:58:25 PM) (Source: LoadPerf)(User: )
Description: UGTHRSVCUGTHRSVC
Error: (03/31/2014 04:58:25 PM) (Source: LoadPerf)(User: )
Description: Performance
Error: (03/31/2014 04:58:25 PM) (Source: LoadPerf)(User: )
Description: UGathererUGatherer
Error: (03/31/2014 04:58:25 PM) (Source: LoadPerf)(User: )
Description: Performance
Error: (03/31/2014 04:35:38 PM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Microsoft Fix it 50226 -- This Microsoft Fix it does not apply because the computer requires a Microsoft download or Microsoft Update.(NULL)(NULL)(NULL)
Error: (03/31/2014 03:39:22 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\3.3 GAS Q1.LNK
Error: (03/31/2014 03:39:22 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\3.3 GAS Q1.LNK
Error: (03/31/2014 02:36:03 PM) (Source: Application Hang)(User: )
Description: 1432846009
==================== Memory info ===========================
Percentage of memory in use: 27%
Total physical RAM: 2046 MB
Available physical RAM: 1481.77 MB
Total Pagefile: 4968.77 MB
Available Pagefile: 4592.5 MB
Total Virtual: 2047.88 MB
Available Virtual: 1950.11 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:74.52 GB) (Free:34.04 GB) NTFS ==>[Drive with boot components (Windows XP)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: CBF3CBF3)
Partition: GPT Partition Type.
==================== End Of Log ============================ -
Dear MrCharlie,
My brother accidnetally downloaded SUPERAntiSpyware Program on my computer, and now My computer is lagging again, super slow and the mouse is lagging. I am so upset right now. I can't believe it. I think it gave me malware when he downloaded it from the internet!!!!
-
Hi MrCharlie,
I noticed on my registry , I had OUTFoxTv registry.. Isnt that suppose to be malware ..I also noticed when I am watching educational videos on my computer, they are lagging. Especially on Youtube. It wasnt like that before..
When I am surfing the internet, its super fast though...Any clues? Thanks!! 
-
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014 01
Ran by Owner at 2014-03-30 23:17:04
Running from C:\Documents and Settings\Owner\My Documents\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
==================== Installed Programs ======================
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.6.0.6090 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.6.0.6090 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.3.300.265 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Photoshop CS5 (HKLM\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
B57Inst (Version: 3.40 - Broadcom) Hidden
BCM V.92 56K Modem (HKLM\...\BCM V.92 56K Modem) (Version: - )
Broadcom Driver Installer (HKLM\...\InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}) (Version: 3.40 - Broadcom)
Camtasia Studio 6 (HKLM\...\{A589DA26-51BD-475D-8C32-E19E34145842}) (Version: 6.0.3 - TechSmith Corporation)
Crack the DAT 2013-2014 (HKLM\...\Crack the DAT) (Version: 2013-2014 - Crack Exam Preparation Software)
Crack the DAT 5.0.26 (HKLM\...\{DCE61563-DA83-47CD-B6E6-D25BEC21B301}_is1) (Version: - Crack DAT)
Dell ResourceCD (HKLM\...\{D78653C3-A8FF-415F-92E6-D774E634FF2D}) (Version: - )
Google Talk Plugin (HKLM\...\{43D16DA8-BF42-3C62-89D3-3AD47829DC2E}) (Version: 3.10.2.10212 - Google)
Intel® Extreme Graphics Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: - )
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 (Version: - Microsoft Corporation) Hidden
Microsoft Office 2000 Professional (HKLM\...\{00010409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 28.0 (x86 en-US) (HKLM\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: - )
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Windows XP (KB2492386) (HKLM\...\KB2492386) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
USB2.0 PC Camera (SN9C201&202) (HKLM\...\{75438C0E-9925-412E-AD85-D0E71C6CE2ED}) (Version: 5.7.3.102 - )
WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Format 11 runtime (Version: - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows Media Player 11 (Version: - Microsoft Corporation) Hidden
Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinRAR 4.11 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
==================== Restore Points =========================
14-01-2014 17:49:57 System Checkpoint
15-01-2014 05:54:45 Software Distribution Service 3.0
16-01-2014 07:09:59 Software Distribution Service 3.0
17-01-2014 21:17:33 System Checkpoint
18-01-2014 22:58:06 System Checkpoint
20-01-2014 01:13:57 System Checkpoint
21-01-2014 06:25:08 System Checkpoint
22-01-2014 06:26:14 System Checkpoint
24-01-2014 20:28:07 System Checkpoint
26-01-2014 01:13:14 System Checkpoint
27-01-2014 01:44:57 System Checkpoint
28-01-2014 15:21:36 System Checkpoint
29-01-2014 22:51:49 System Checkpoint
31-01-2014 01:33:13 System Checkpoint
01-02-2014 01:42:05 System Checkpoint
02-02-2014 01:38:00 Removed Bing Bar
02-02-2014 01:41:29 Removed HP Officejet 4620 series Basic Device Software
02-02-2014 01:47:27 Removed HP Officejet 4620 series Help
03-02-2014 02:40:44 System Checkpoint
04-02-2014 21:11:53 System Checkpoint
06-02-2014 03:04:23 System Checkpoint
06-02-2014 07:03:59 Removed I.R.I.S. OCR
06-02-2014 07:08:26 Removed HP Officejet 4620 series Product Improvement Study
06-02-2014 07:11:03 Removed HP Update.
06-02-2014 07:11:45 Removed Skype™ 6.13
07-02-2014 08:00:36 Software Distribution Service 3.0
09-02-2014 05:42:28 System Checkpoint
10-02-2014 08:50:26 System Checkpoint
11-02-2014 23:23:49 System Checkpoint
13-02-2014 02:54:19 System Checkpoint
13-02-2014 08:01:12 Software Distribution Service 3.0
15-02-2014 05:33:36 System Checkpoint
18-02-2014 02:55:11 System Checkpoint
18-02-2014 05:35:50 Installed Achiever
19-02-2014 04:37:11 Removed Achiever
20-02-2014 04:53:35 System Checkpoint
21-02-2014 20:45:06 System Checkpoint
22-02-2014 22:21:19 System Checkpoint
23-02-2014 00:24:32 Installed Java 7 Update 51
23-02-2014 00:37:04 Pre Install Click 2 Fix restore point
23-02-2014 01:10:57 Software Distribution Service 3.0
23-02-2014 06:01:44 Software Distribution Service 3.0
24-02-2014 03:41:32 Software Distribution Service 3.0
25-02-2014 04:19:06 System Checkpoint
26-02-2014 04:54:36 System Checkpoint
28-02-2014 19:49:33 System Checkpoint
01-03-2014 23:21:00 System Checkpoint
03-03-2014 00:02:04 System Checkpoint
04-03-2014 02:44:31 System Checkpoint
05-03-2014 03:22:54 System Checkpoint
05-03-2014 18:48:36 Removed Skype™ 6.14
06-03-2014 21:14:35 System Checkpoint
07-03-2014 21:57:53 System Checkpoint
09-03-2014 01:47:24 System Checkpoint
10-03-2014 07:02:03 System Checkpoint
10-03-2014 21:15:08 Software Distribution Service 3.0
12-03-2014 01:43:49 Software Distribution Service 3.0
14-03-2014 18:44:02 System Checkpoint
16-03-2014 21:39:54 System Checkpoint
17-03-2014 23:51:10 System Checkpoint
19-03-2014 00:49:57 Software Distribution Service 3.0
20-03-2014 18:59:19 System Checkpoint
21-03-2014 19:24:05 System Checkpoint
22-03-2014 22:07:14 System Checkpoint
29-03-2014 03:46:25 Installed Camtasia Studio 8
29-03-2014 06:13:12 Removed Camtasia Studio 8
29-03-2014 06:38:58 Restore Operation
29-03-2014 06:51:15 Installed Camtasia Studio 6
29-03-2014 07:01:10 Software Distribution Service 3.0
30-03-2014 02:02:19 Software Distribution Service 3.0
31-03-2014 02:21:48 System Checkpoint
==================== Hosts content: ==========================
2002-09-03 12:34 - 2011-01-12 19:45 - 00000734 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-ANAM-RNFR3WMDD7-Dena.job => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
Task: C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-ANAM-RNFR3WMDD7-SHAK.job => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_MAY2013_TB_rel.job => C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_MAY2013_TB.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-725345543-1398031866-1004Core.job => C:\Documents and Settings\Dena\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-725345543-1398031866-1004UA.job => C:\Documents and Settings\Dena\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
==================== Loaded Modules (whitelisted) =============
2012-04-25 22:21 - 2012-02-17 20:55 - 00166912 _____ () C:\Program Files\WinRAR\rarext.dll
2002-09-03 12:53 - 2014-02-05 04:55 - 00562688 _____ () C:\WINDOWS\System32\qedit.dll
2002-09-03 12:44 - 2008-04-14 08:42 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2002-09-03 12:53 - 2013-01-02 02:49 - 01292288 _____ () C:\WINDOWS\System32\quartz.dll
2002-09-03 12:30 - 2008-04-14 08:41 - 00059904 _____ () C:\WINDOWS\System32\devenum.dll
2014-03-18 17:43 - 2014-03-18 17:44 - 03642480 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\02387577.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\83409464.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\02387577.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\83409464.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "DisplayName"="Dell"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "ErrorControl"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "ImagePath"="C:\Program Files\Dell\Click 2 Fix\srvc.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "ObjectName"="LocalSystem"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "Start"="2"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "Type"="272"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix\Parameters => "Application"="C:\Program Files\Dell\Click 2 Fix\srvc.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix\Parameters => "AppParameters"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "DisplayName"="Dell"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "ErrorControl"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "ImagePath"="C:\Program Files\Dell\Click 2 Fix+\srvc.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "ObjectName"="LocalSystem"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "Start"="2"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "Type"="272"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+\Parameters => "Application"="C:\Program Files\Dell\Click 2 Fix+\srvc.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+\Parameters => "AppParameters"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk => C:\WINDOWS\pss\Windows Search.lnkCommon Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: BCMSMMSG => BCMSMMSG.exe
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: FixCamera => C:\WINDOWS\FixCamera.exe
MSCONFIG\startupreg: HotKeysCmds => C:\WINDOWS\System32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\WINDOWS\System32\igfxtray.exe
MSCONFIG\startupreg: snp2std => C:\WINDOWS\vsnp2std.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: tsnp2std => C:\WINDOWS\tsnp2std.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/30/2014 10:57:16 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\NEW FOLDER> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Error: (03/30/2014 10:57:15 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\NEW FOLDER> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Error: (03/30/2014 10:57:13 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\NEW FOLDER> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Error: (03/30/2014 10:57:13 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\NEW FOLDER> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Error: (03/30/2014 10:57:12 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\DOWNLOADS\ADWCLEANER.EXE> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Error: (03/30/2014 10:57:12 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\DOWNLOADS\ADWCLEANER.EXE> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Error: (03/30/2014 10:49:45 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\1.4 NUCLEAR CHEMISTRY RADIOACTIVITY Q1.LNK> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Error: (03/30/2014 10:49:42 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\RK_QUARANTINE\ROGUEKILLER.INI> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Error: (03/30/2014 10:25:48 PM) (Source: Application Hang) (User: )
Description: Hanging application CamRecorder.exe, version 6.0.3.928, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (03/30/2014 10:25:35 PM) (Source: Application Hang) (User: )
Description: Hanging application CamRecorder.exe, version 6.0.3.928, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
System errors:
=============
Error: (03/30/2014 10:47:50 PM) (Source: Service Control Manager) (User: )
Description: The OutfoxTvService service failed to start due to the following error:
%%2
Error: (03/30/2014 02:36:36 PM) (Source: Service Control Manager) (User: )
Description: The OutfoxTvService service failed to start due to the following error:
%%2
Error: (03/30/2014 00:29:54 AM) (Source: Service Control Manager) (User: )
Description: The OutfoxTvService service failed to start due to the following error:
%%2
Error: (03/30/2014 00:28:01 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Error: (03/30/2014 00:23:05 AM) (Source: DCOM) (User: ANAM-RNFR3WMDD7)
Description: DCOM got error "%%1084" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error: (03/30/2014 00:18:25 AM) (Source: DCOM) (User: ANAM-RNFR3WMDD7)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error: (03/30/2014 00:18:04 AM) (Source: DCOM) (User: ANAM-RNFR3WMDD7)
Description: DCOM got error "%%1084" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error: (03/30/2014 00:17:58 AM) (Source: DCOM) (User: ANAM-RNFR3WMDD7)
Description: DCOM got error "%%1084" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error: (03/30/2014 00:17:24 AM) (Source: DCOM) (User: ANAM-RNFR3WMDD7)
Description: DCOM got error "%%1084" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error: (03/30/2014 00:17:22 AM) (Source: DCOM) (User: ANAM-RNFR3WMDD7)
Description: DCOM got error "%%1084" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Microsoft Office Sessions:
=========================
Error: (03/30/2014 10:57:16 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\NEW FOLDER
Error: (03/30/2014 10:57:15 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\NEW FOLDER
Error: (03/30/2014 10:57:13 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\NEW FOLDER
Error: (03/30/2014 10:57:13 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\NEW FOLDER
Error: (03/30/2014 10:57:12 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\DOWNLOADS\ADWCLEANER.EXE
Error: (03/30/2014 10:57:12 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\DOWNLOADS\ADWCLEANER.EXE
Error: (03/30/2014 10:49:45 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\1.4 NUCLEAR CHEMISTRY RADIOACTIVITY Q1.LNK
Error: (03/30/2014 10:49:42 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\RK_QUARANTINE\ROGUEKILLER.INI
Error: (03/30/2014 10:25:48 PM) (Source: Application Hang)(User: )
Description: CamRecorder.exe6.0.3.928hungapp0.0.0.000000000
Error: (03/30/2014 10:25:35 PM) (Source: Application Hang)(User: )
Description: CamRecorder.exe6.0.3.928hungapp0.0.0.000000000
==================== Memory info ===========================
Percentage of memory in use: 28%
Total physical RAM: 2046 MB
Available physical RAM: 1470.68 MB
Total Pagefile: 4968.77 MB
Available Pagefile: 4573.69 MB
Total Virtual: 2047.88 MB
Available Virtual: 1958.31 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:74.52 GB) (Free:33.68 GB) NTFS ==>[Drive with boot components (Windows XP)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: CBF3CBF3)
Partition: GPT Partition Type.
==================== End Of Log ============================ -
Hi MrCharlie!
Here are the logs!
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01
Ran by Owner (administrator) on ANAM-RNFR3WMDD7 on 30-03-2014 23:12:25
Running from C:\Documents and Settings\Owner\My Documents\Downloads
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [MSConfig] - C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [169984 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
HKU\S-1-5-21-1935655697-725345543-1398031866-1003\...\Winlogon: [shell] -
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=58&CUI=&UM=5&UP=SP16BF35BB-350F-497B-BFE0-7A2F0AFFEB29&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKCU - {EEBA3501-49F3-4219-96B6-F8603AF1AD5C} URL = http://www.bing.com/search?q={searchTerms}&r=250
SearchScopes: HKCU - {F5C06B15-C34B-4DA9-B402-8E7E2E2D4463} URL = http://search.zonealarm.com/search?src=sp&tbid=goughDev3&Lan=en&q={searchTerms}&gu=00674ddf02a8433b9ed0a9291062edcc&tu=11J3y00DC2B0Ca0&sku=&tstsId=&ver=&&r=281
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\i8j6xi5j.default-1396147886042
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @alibaba.com/nptrademanager;version=1.0 - C:\Program Files\TradeManager\nptrademanager.dll No File
FF Plugin: @alibaba.com/npwangwang;version=1.0 - C:\Program Files\TradeManager\npwangwang.dll No File
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @alibaba.com/npAliSSOLogin;version=1.0 - C:\Program Files\TradeManager\npAliSSOLogin.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nptrademanager.dll ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwangwang.dll ( )
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-03-18]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
Chrome:
=======
CHR HomePage:
CHR RestoreOnStartup: "sync_promo" :
{
"show_on_first_run_allowed"
CHR DefaultSearchProvider: Search By ZoneAlarm
CHR DefaultSearchURL: http://search.zonealarm.com/search?src=sp&tbid=goughDev3&Lan=en&q={searchTerms}&gu=00674ddf02a8433b9ed0a9291062edcc&tu=11J3y00DC2B0Ca0&sku=&tstsId=&ver=&
CHR HKLM\...\Chrome\Extension: [pbofibgamhkgoonaocfgemncghhadmgb] - C:\Documents and Settings\Owner\Local Settings\Application Data\CRE\pbofibgamhkgoonaocfgemncghhadmgb.crx []
CHR HKCU\...\Chrome\Extension: [pbofibgamhkgoonaocfgemncghhadmgb] - C:\Documents and Settings\Owner\Local Settings\Application Data\CRE\pbofibgamhkgoonaocfgemncghhadmgb.crx []
========================== Services (Whitelisted) =================
S4 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation)
S2 OutfoxTvService; C:\Program Files\OutfoxTV\OutfoxTvService.exe [X]
==================== Drivers (Whitelisted) ====================
R3 BCMModem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [1101696 2003-08-29] (Broadcom Corporation)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 CVirtA; C:\WINDOWS\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [30976 2013-11-07] ()
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S3 NuidFltr; C:\WINDOWS\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
S3 SNP2STD; C:\WINDOWS\System32\DRIVERS\snp2sxp.sys [10305280 2006-06-07] ()
S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
R3 {6080A529-897E-4629-A488-ABA0C29B635E}; C:\WINDOWS\System32\drivers\ialmsbw.sys [113504 2003-04-15] (Intel Corporation)
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}; C:\WINDOWS\System32\drivers\ialmkchw.sys [78752 2003-04-15] (Intel Corporation)
U0 PROCMON23; System32\Drivers\PROCMON23.SYS [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-30 23:12 - 2014-03-30 23:12 - 00000000 ____D () C:\FRST
2014-03-30 22:33 - 2014-03-30 22:33 - 00002253 _____ () C:\Documents and Settings\Owner\Desktop\RKreport[0]_S_03302014_223328.txt
2014-03-30 22:29 - 2014-03-30 22:33 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\RK_Quarantine
2014-03-30 16:36 - 2014-03-30 16:35 - 142051374 _____ () C:\Documents and Settings\Owner\Desktop\Biology Quizzes Workshop.avi
2014-03-30 15:07 - 2014-03-30 15:07 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 13 Reading Comprehension 2 & Strategy 2
2014-03-30 15:06 - 2014-03-30 15:07 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 12 Schedule Your Organic Chemistry 2 Flex
2014-03-30 15:06 - 2014-03-30 15:07 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 11 General Chemistry 2
2014-03-30 15:06 - 2014-03-30 15:07 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 10 Quantitative Reasoning 2
2014-03-30 15:05 - 2014-03-30 15:05 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 9 Schedule Your Perceptual Ability 2 Flex
2014-03-30 15:04 - 2014-03-30 15:07 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 6 Schedule Your Organic Chemistry 1 Flex
2014-03-30 15:04 - 2014-03-30 15:04 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 7 Full Length 1 - Take at Home
2014-03-30 15:03 - 2014-03-30 15:05 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 8 Biology 2
2014-03-30 15:00 - 2014-03-30 15:02 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 5 General Chemistry 1
2014-03-30 14:58 - 2014-03-30 15:00 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 4 Quantitative Reasoning 1
2014-03-30 14:56 - 2014-03-30 14:57 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 3 Schedule Your Perceptual Ability 1 Flex
2014-03-30 14:49 - 2014-03-30 14:57 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 2 Biology 1
2014-03-30 14:44 - 2014-03-30 14:53 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 1 Strategy 1 & Reading Comprehension 1
2014-03-29 17:20 - 2014-03-29 22:54 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\General Chemistry Quizzes
2014-03-29 02:53 - 2014-03-29 02:53 - 00000000 ____D () C:\WINDOWS\system32\QuickTime
2014-03-29 02:52 - 2014-03-29 02:52 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Camtasia Studio 6
2014-03-29 02:51 - 2014-03-29 02:51 - 00000000 ____D () C:\Program Files\TechSmith
2014-03-29 02:51 - 2014-03-29 02:51 - 00000000 ____D () C:\Program Files\Common Files\TechSmith Shared
2014-03-29 01:49 - 2014-03-29 01:49 - 00000096 _____ () C:\Documents and Settings\Owner\Application Data\version2.xml
2014-03-29 01:43 - 2014-03-29 01:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\CheckPoint
2014-03-29 00:01 - 2014-03-29 00:01 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\TechSmith
2014-03-29 00:00 - 2014-03-29 02:58 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\Camtasia Studio
2014-03-28 23:46 - 2014-03-29 02:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TechSmith
2014-03-21 02:12 - 2014-03-21 02:12 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Windows Search
2014-03-19 00:37 - 2014-03-30 22:47 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-03-19 00:37 - 2014-03-19 13:07 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-03-18 20:56 - 2014-03-18 20:56 - 00004870 _____ () C:\WINDOWS\KB2934207.log
2014-03-18 20:56 - 2014-03-18 20:56 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-03-18 17:43 - 2014-03-18 17:44 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-18 15:31 - 2014-02-25 21:59 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe
2014-03-18 15:31 - 2014-02-25 21:59 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe
2014-03-11 21:44 - 2014-03-11 21:46 - 00011599 _____ () C:\WINDOWS\KB2925418-IE8.log
2014-03-11 21:44 - 2014-03-11 21:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-03-11 21:44 - 2014-03-11 21:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-03-11 21:14 - 2014-03-11 21:44 - 00009105 _____ () C:\WINDOWS\KB2929961.log
2014-03-11 21:12 - 2014-03-11 21:44 - 00010423 _____ () C:\WINDOWS\KB2930275.log
2014-03-09 19:16 - 2014-03-09 19:16 - 00000129 _____ () C:\Shortcut to 3½ Floppy (A).lnk
==================== One Month Modified Files and Folders =======
2014-03-30 23:12 - 2014-03-30 23:12 - 00000000 ____D () C:\FRST
2014-03-30 22:48 - 2011-10-06 21:12 - 01736801 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-30 22:47 - 2014-03-19 00:37 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-03-30 22:47 - 2013-05-25 16:00 - 00000340 _____ () C:\WINDOWS\Tasks\AVG-Secure-Search-Update_MAY2013_TB_rel.job
2014-03-30 22:47 - 2011-10-06 17:27 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-30 22:47 - 2011-10-05 20:12 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-03-30 22:47 - 2011-10-05 20:12 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-03-30 22:45 - 2014-02-20 23:01 - 00000000 ____D () C:\AdwCleaner
2014-03-30 22:45 - 2011-10-06 17:29 - 00032112 _____ () C:\WINDOWS\SchedLgU.Txt
2014-03-30 22:45 - 2011-10-06 17:29 - 00000278 ___SH () C:\Documents and Settings\Owner\ntuser.ini
2014-03-30 22:38 - 2012-10-11 00:22 - 00000974 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-725345543-1398031866-1004UA.job
2014-03-30 22:33 - 2014-03-30 22:33 - 00002253 _____ () C:\Documents and Settings\Owner\Desktop\RKreport[0]_S_03302014_223328.txt
2014-03-30 22:33 - 2014-03-30 22:29 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\RK_Quarantine
2014-03-30 22:23 - 2012-02-22 00:31 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-03-30 20:50 - 2011-10-06 15:45 - 00215552 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-30 18:38 - 2012-10-11 00:22 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-725345543-1398031866-1004Core.job
2014-03-30 16:35 - 2014-03-30 16:36 - 142051374 _____ () C:\Documents and Settings\Owner\Desktop\Biology Quizzes Workshop.avi
2014-03-30 15:07 - 2014-03-30 15:07 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 13 Reading Comprehension 2 & Strategy 2
2014-03-30 15:07 - 2014-03-30 15:06 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 12 Schedule Your Organic Chemistry 2 Flex
2014-03-30 15:07 - 2014-03-30 15:06 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 11 General Chemistry 2
2014-03-30 15:07 - 2014-03-30 15:06 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 10 Quantitative Reasoning 2
2014-03-30 15:07 - 2014-03-30 15:04 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 6 Schedule Your Organic Chemistry 1 Flex
2014-03-30 15:05 - 2014-03-30 15:05 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 9 Schedule Your Perceptual Ability 2 Flex
2014-03-30 15:05 - 2014-03-30 15:03 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 8 Biology 2
2014-03-30 15:04 - 2014-03-30 15:04 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 7 Full Length 1 - Take at Home
2014-03-30 15:02 - 2014-03-30 15:00 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 5 General Chemistry 1
2014-03-30 15:00 - 2014-03-30 14:58 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 4 Quantitative Reasoning 1
2014-03-30 14:57 - 2014-03-30 14:56 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 3 Schedule Your Perceptual Ability 1 Flex
2014-03-30 14:57 - 2014-03-30 14:49 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 2 Biology 1
2014-03-30 14:53 - 2014-03-30 14:44 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Session 1 Strategy 1 & Reading Comprehension 1
2014-03-30 02:00 - 2012-11-29 10:26 - 00000340 _____ () C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-ANAM-RNFR3WMDD7-Dena.job
2014-03-30 02:00 - 2012-11-21 02:21 - 00000340 _____ () C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-ANAM-RNFR3WMDD7-SHAK.job
2014-03-29 23:12 - 2013-04-10 17:58 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-03-29 22:54 - 2014-03-29 17:20 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\General Chemistry Quizzes
2014-03-29 21:44 - 2011-10-06 21:21 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Macromedia
2014-03-29 18:52 - 2013-10-29 12:01 - 00001552 _____ () C:\Documents and Settings\Owner\Desktop\Dell TEch.txt
2014-03-29 14:25 - 2013-08-18 04:24 - 00235912 _____ () C:\WINDOWS\setupapi.log
2014-03-29 14:12 - 2002-09-03 13:14 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-03-29 02:58 - 2014-03-29 00:00 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\Camtasia Studio
2014-03-29 02:53 - 2014-03-29 02:53 - 00000000 ____D () C:\WINDOWS\system32\QuickTime
2014-03-29 02:52 - 2014-03-29 02:52 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Camtasia Studio 6
2014-03-29 02:51 - 2014-03-29 02:51 - 00000000 ____D () C:\Program Files\TechSmith
2014-03-29 02:51 - 2014-03-29 02:51 - 00000000 ____D () C:\Program Files\Common Files\TechSmith Shared
2014-03-29 02:51 - 2013-08-18 17:29 - 00011910 _____ () C:\WINDOWS\wmsetup.log
2014-03-29 02:35 - 2014-03-28 23:46 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TechSmith
2014-03-29 02:21 - 2013-08-28 03:25 - 00254093 _____ () C:\WINDOWS\FaxSetup.log
2014-03-29 02:21 - 2013-08-28 03:25 - 00128021 _____ () C:\WINDOWS\ocgen.log
2014-03-29 02:21 - 2013-08-28 03:25 - 00098284 _____ () C:\WINDOWS\tsoc.log
2014-03-29 02:21 - 2013-08-28 03:25 - 00084046 _____ () C:\WINDOWS\comsetup.log
2014-03-29 02:21 - 2013-08-28 03:25 - 00051278 _____ () C:\WINDOWS\ntdtcsetup.log
2014-03-29 02:21 - 2013-08-28 03:25 - 00040105 _____ () C:\WINDOWS\iis6.log
2014-03-29 02:21 - 2013-08-28 03:25 - 00014149 _____ () C:\WINDOWS\ocmsn.log
2014-03-29 02:21 - 2013-08-28 03:25 - 00012839 _____ () C:\WINDOWS\msgsocm.log
2014-03-29 02:21 - 2013-08-28 03:25 - 00001917 _____ () C:\WINDOWS\imsins.log
2014-03-29 01:54 - 2013-04-09 22:49 - 00004534 _____ () C:\Documents and Settings\Owner\Application Data\CamStudio.cfg
2014-03-29 01:54 - 2013-04-09 22:46 - 00000408 _____ () C:\Documents and Settings\Owner\Application Data\CamShapes.ini
2014-03-29 01:54 - 2013-04-09 22:46 - 00000408 _____ () C:\Documents and Settings\Owner\Application Data\CamLayout.ini
2014-03-29 01:54 - 2013-04-09 22:46 - 00000120 _____ () C:\Documents and Settings\Owner\Application Data\Camdata.ini
2014-03-29 01:52 - 2013-04-09 22:42 - 00000000 ____D () C:\Program Files\CamStudio 2.7
2014-03-29 01:49 - 2014-03-29 01:49 - 00000096 _____ () C:\Documents and Settings\Owner\Application Data\version2.xml
2014-03-29 01:43 - 2014-03-29 01:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\CheckPoint
2014-03-29 00:47 - 2013-04-11 03:28 - 00494206 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1935655697-725345543-1398031866-1003-0.dat
2014-03-29 00:47 - 2013-04-11 03:28 - 00214414 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-03-29 00:44 - 2013-02-28 05:15 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Shoes for ash
2014-03-29 00:01 - 2014-03-29 00:01 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\TechSmith
2014-03-28 23:37 - 2011-10-05 20:10 - 00007042 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-23 22:16 - 2012-11-11 19:16 - 00000309 _____ () C:\Documents and Settings\Owner\Application Data\com.crackdat.crackdatsuite.xml
2014-03-23 22:16 - 2012-11-11 19:15 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Crack the DAT
2014-03-22 18:47 - 2013-04-15 18:12 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\DAT
2014-03-21 17:12 - 2012-09-18 20:07 - 00000178 ___SH () C:\Documents and Settings\SHAK\ntuser.ini
2014-03-21 02:12 - 2014-03-21 02:12 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Windows Search
2014-03-20 01:38 - 2013-10-02 16:06 - 00000269 _____ () C:\Documents and Settings\Owner\Desktop\fax to chase.txt
2014-03-19 13:07 - 2014-03-19 00:37 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-03-19 00:36 - 2012-08-19 22:16 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-18 20:56 - 2014-03-18 20:56 - 00004870 _____ () C:\WINDOWS\KB2934207.log
2014-03-18 20:56 - 2014-03-18 20:56 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-03-18 20:56 - 2013-08-28 03:25 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2014-03-18 20:55 - 2013-07-13 03:01 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-03-18 20:51 - 2012-09-07 19:31 - 87350280 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-03-18 17:44 - 2014-03-18 17:43 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-16 23:24 - 2013-01-01 02:23 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Puters
2014-03-16 23:22 - 2013-05-22 14:45 - 00000365 _____ () C:\Documents and Settings\Owner\Desktop\LOL999.txt
2014-03-16 23:18 - 2012-03-04 04:36 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Misc
2014-03-16 16:11 - 2013-09-28 20:05 - 00001269 _____ () C:\Documents and Settings\Owner\Desktop\cool.txt
2014-03-16 16:08 - 2013-03-18 19:51 - 00001785 _____ () C:\Documents and Settings\Owner\Desktop\BOUGHT!.txt
2014-03-15 19:01 - 2011-10-05 20:08 - 00000210 ___SH () C:\boot.ini
2014-03-15 19:01 - 2002-09-03 13:11 - 00000884 _____ () C:\WINDOWS\win.ini
2014-03-15 19:01 - 2002-09-03 13:06 - 00000227 _____ () C:\WINDOWS\system.ini
2014-03-12 22:58 - 2013-03-20 02:39 - 03444184 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-11 21:46 - 2014-03-11 21:44 - 00011599 _____ () C:\WINDOWS\KB2925418-IE8.log
2014-03-11 21:45 - 2013-09-13 01:32 - 00019755 _____ () C:\WINDOWS\updspapi.log
2014-03-11 21:45 - 2012-03-05 23:16 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-03-11 21:44 - 2014-03-11 21:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-03-11 21:44 - 2014-03-11 21:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-03-11 21:44 - 2014-03-11 21:14 - 00009105 _____ () C:\WINDOWS\KB2929961.log
2014-03-11 21:44 - 2014-03-11 21:12 - 00010423 _____ () C:\WINDOWS\KB2930275.log
2014-03-11 21:29 - 2011-10-11 22:01 - 00002347 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
2014-03-11 21:28 - 2011-10-10 01:43 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-03-10 17:16 - 2014-02-13 04:24 - 00019822 _____ () C:\WINDOWS\KB2909921-IE8.log
2014-03-10 16:51 - 2012-09-18 20:07 - 00000000 ____D () C:\Documents and Settings\SHAK\Application Data\Macromedia
2014-03-09 19:16 - 2014-03-09 19:16 - 00000129 _____ () C:\Shortcut to 3½ Floppy (A).lnk
2014-03-09 19:13 - 2013-08-17 18:26 - 00000420 _____ () C:\WINDOWS\setupact.log
2014-03-07 00:46 - 2012-02-15 23:07 - 00002479 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
2014-03-06 00:55 - 2013-08-07 17:38 - 00001544 _____ () C:\Documents and Settings\Owner\Desktop\Salonnnn.txt
2014-03-05 15:23 - 2012-01-26 06:01 - 00000132 _____ () C:\Documents and Settings\Owner\Application Data\Adobe PNG Format CS5 Prefs
2014-03-05 14:47 - 2011-10-08 03:47 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Skype
2014-03-05 13:40 - 2011-10-08 03:47 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Skype
2014-03-04 21:14 - 2014-02-22 21:59 - 00024782 _____ () C:\WINDOWS\KB940157Uninst.log
Files to move or delete:
====================
C:\Documents and Settings\Owner\Application Data\CamLayout.ini
C:\Documents and Settings\Owner\Application Data\CamShapes.ini
Some content of TEMP:
====================
C:\Documents and Settings\Owner\Local Settings\Temp\ntdll_dump.dll
C:\Documents and Settings\Owner\Local Settings\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
==================== End Of Log ============================Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014 01
Ran by Owner at 2014-03-30 23:13:51
Running from C:\Documents and Settings\Owner\My Documents\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
==================== Installed Programs ======================
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.6.0.6090 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.6.0.6090 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.3.300.265 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Photoshop CS5 (HKLM\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
B57Inst (Version: 3.40 - Broadcom) Hidden
BCM V.92 56K Modem (HKLM\...\BCM V.92 56K Modem) (Version: - )
Broadcom Driver Installer (HKLM\...\InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}) (Version: 3.40 - Broadcom)
Camtasia Studio 6 (HKLM\...\{A589DA26-51BD-475D-8C32-E19E34145842}) (Version: 6.0.3 - TechSmith Corporation)
Crack the DAT 2013-2014 (HKLM\...\Crack the DAT) (Version: 2013-2014 - Crack Exam Preparation Software)
Crack the DAT 5.0.26 (HKLM\...\{DCE61563-DA83-47CD-B6E6-D25BEC21B301}_is1) (Version: - Crack DAT)
Dell ResourceCD (HKLM\...\{D78653C3-A8FF-415F-92E6-D774E634FF2D}) (Version: - )
Google Talk Plugin (HKLM\...\{43D16DA8-BF42-3C62-89D3-3AD47829DC2E}) (Version: 3.10.2.10212 - Google)
Intel® Extreme Graphics Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: - )
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 (Version: - Microsoft Corporation) Hidden
Microsoft Office 2000 Professional (HKLM\...\{00010409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 28.0 (x86 en-US) (HKLM\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: - )
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Windows XP (KB2492386) (HKLM\...\KB2492386) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
USB2.0 PC Camera (SN9C201&202) (HKLM\...\{75438C0E-9925-412E-AD85-D0E71C6CE2ED}) (Version: 5.7.3.102 - )
WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Format 11 runtime (Version: - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows Media Player 11 (Version: - Microsoft Corporation) Hidden
Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinRAR 4.11 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
==================== Restore Points =========================
14-01-2014 17:49:57 System Checkpoint
15-01-2014 05:54:45 Software Distribution Service 3.0
16-01-2014 07:09:59 Software Distribution Service 3.0
17-01-2014 21:17:33 System Checkpoint
18-01-2014 22:58:06 System Checkpoint
20-01-2014 01:13:57 System Checkpoint
21-01-2014 06:25:08 System Checkpoint
22-01-2014 06:26:14 System Checkpoint
24-01-2014 20:28:07 System Checkpoint
26-01-2014 01:13:14 System Checkpoint
27-01-2014 01:44:57 System Checkpoint
28-01-2014 15:21:36 System Checkpoint
29-01-2014 22:51:49 System Checkpoint
31-01-2014 01:33:13 System Checkpoint
01-02-2014 01:42:05 System Checkpoint
02-02-2014 01:38:00 Removed Bing Bar
02-02-2014 01:41:29 Removed HP Officejet 4620 series Basic Device Software
02-02-2014 01:47:27 Removed HP Officejet 4620 series Help
03-02-2014 02:40:44 System Checkpoint
04-02-2014 21:11:53 System Checkpoint
06-02-2014 03:04:23 System Checkpoint
06-02-2014 07:03:59 Removed I.R.I.S. OCR
06-02-2014 07:08:26 Removed HP Officejet 4620 series Product Improvement Study
06-02-2014 07:11:03 Removed HP Update.
06-02-2014 07:11:45 Removed Skype™ 6.13
07-02-2014 08:00:36 Software Distribution Service 3.0
09-02-2014 05:42:28 System Checkpoint
10-02-2014 08:50:26 System Checkpoint
11-02-2014 23:23:49 System Checkpoint
13-02-2014 02:54:19 System Checkpoint
13-02-2014 08:01:12 Software Distribution Service 3.0
15-02-2014 05:33:36 System Checkpoint
18-02-2014 02:55:11 System Checkpoint
18-02-2014 05:35:50 Installed Achiever
19-02-2014 04:37:11 Removed Achiever
20-02-2014 04:53:35 System Checkpoint
21-02-2014 20:45:06 System Checkpoint
22-02-2014 22:21:19 System Checkpoint
23-02-2014 00:24:32 Installed Java 7 Update 51
23-02-2014 00:37:04 Pre Install Click 2 Fix restore point
23-02-2014 01:10:57 Software Distribution Service 3.0
23-02-2014 06:01:44 Software Distribution Service 3.0
24-02-2014 03:41:32 Software Distribution Service 3.0
25-02-2014 04:19:06 System Checkpoint
26-02-2014 04:54:36 System Checkpoint
28-02-2014 19:49:33 System Checkpoint
01-03-2014 23:21:00 System Checkpoint
03-03-2014 00:02:04 System Checkpoint
04-03-2014 02:44:31 System Checkpoint
05-03-2014 03:22:54 System Checkpoint
05-03-2014 18:48:36 Removed Skype™ 6.14
06-03-2014 21:14:35 System Checkpoint
07-03-2014 21:57:53 System Checkpoint
09-03-2014 01:47:24 System Checkpoint
10-03-2014 07:02:03 System Checkpoint
10-03-2014 21:15:08 Software Distribution Service 3.0
12-03-2014 01:43:49 Software Distribution Service 3.0
14-03-2014 18:44:02 System Checkpoint
16-03-2014 21:39:54 System Checkpoint
17-03-2014 23:51:10 System Checkpoint
19-03-2014 00:49:57 Software Distribution Service 3.0
20-03-2014 18:59:19 System Checkpoint
21-03-2014 19:24:05 System Checkpoint
22-03-2014 22:07:14 System Checkpoint
29-03-2014 03:46:25 Installed Camtasia Studio 8
29-03-2014 06:13:12 Removed Camtasia Studio 8
29-03-2014 06:38:58 Restore Operation
29-03-2014 06:51:15 Installed Camtasia Studio 6
29-03-2014 07:01:10 Software Distribution Service 3.0
30-03-2014 02:02:19 Software Distribution Service 3.0
31-03-2014 02:21:48 System Checkpoint
==================== Hosts content: ==========================
2002-09-03 12:34 - 2011-01-12 19:45 - 00000734 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-ANAM-RNFR3WMDD7-Dena.job => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
Task: C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-ANAM-RNFR3WMDD7-SHAK.job => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_MAY2013_TB_rel.job => C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_MAY2013_TB.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-725345543-1398031866-1004Core.job => C:\Documents and Settings\Dena\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-725345543-1398031866-1004UA.job => C:\Documents and Settings\Dena\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
==================== Loaded Modules (whitelisted) =============
2012-04-25 22:21 - 2012-02-17 20:55 - 00166912 _____ () C:\Program Files\WinRAR\rarext.dll
2014-03-18 17:43 - 2014-03-18 17:44 - 03642480 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\02387577.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\83409464.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\02387577.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\83409464.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "DisplayName"="Dell"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "ErrorControl"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "ImagePath"="C:\Program Files\Dell\Click 2 Fix\srvc.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "ObjectName"="LocalSystem"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "Start"="2"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "Type"="272"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix\Parameters => "Application"="C:\Program Files\Dell\Click 2 Fix\srvc.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix\Parameters => "AppParameters"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "DisplayName"="Dell"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "ErrorControl"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "ImagePath"="C:\Program Files\Dell\Click 2 Fix+\srvc.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "ObjectName"="LocalSystem"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "Start"="2"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "Type"="272"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+\Parameters => "Application"="C:\Program Files\Dell\Click 2 Fix+\srvc.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+\Parameters => "AppParameters"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk => C:\WINDOWS\pss\Windows Search.lnkCommon Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: BCMSMMSG => BCMSMMSG.exe
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: FixCamera => C:\WINDOWS\FixCamera.exe
MSCONFIG\startupreg: HotKeysCmds => C:\WINDOWS\System32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\WINDOWS\System32\igfxtray.exe
MSCONFIG\startupreg: snp2std => C:\WINDOWS\vsnp2std.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: tsnp2std => C:\WINDOWS\tsnp2std.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/30/2014 10:57:16 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\NEW FOLDER> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Error: (03/30/2014 10:57:15 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\NEW FOLDER> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Error: (03/30/2014 10:57:13 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\NEW FOLDER> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Error: (03/30/2014 10:57:13 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\NEW FOLDER> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Error: (03/30/2014 10:57:12 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\DOWNLOADS\ADWCLEANER.EXE> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Error: (03/30/2014 10:57:12 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\DOWNLOADS\ADWCLEANER.EXE> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Error: (03/30/2014 10:49:45 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\1.4 NUCLEAR CHEMISTRY RADIOACTIVITY Q1.LNK> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Error: (03/30/2014 10:49:42 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\RK_QUARANTINE\ROGUEKILLER.INI> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Error: (03/30/2014 10:25:48 PM) (Source: Application Hang) (User: )
Description: Hanging application CamRecorder.exe, version 6.0.3.928, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (03/30/2014 10:25:35 PM) (Source: Application Hang) (User: )
Description: Hanging application CamRecorder.exe, version 6.0.3.928, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
System errors:
=============
Error: (03/30/2014 10:47:50 PM) (Source: Service Control Manager) (User: )
Description: The OutfoxTvService service failed to start due to the following error:
%%2
Error: (03/30/2014 02:36:36 PM) (Source: Service Control Manager) (User: )
Description: The OutfoxTvService service failed to start due to the following error:
%%2
Error: (03/30/2014 00:29:54 AM) (Source: Service Control Manager) (User: )
Description: The OutfoxTvService service failed to start due to the following error:
%%2
Error: (03/30/2014 00:28:01 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Error: (03/30/2014 00:23:05 AM) (Source: DCOM) (User: ANAM-RNFR3WMDD7)
Description: DCOM got error "%%1084" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error: (03/30/2014 00:18:25 AM) (Source: DCOM) (User: ANAM-RNFR3WMDD7)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error: (03/30/2014 00:18:04 AM) (Source: DCOM) (User: ANAM-RNFR3WMDD7)
Description: DCOM got error "%%1084" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error: (03/30/2014 00:17:58 AM) (Source: DCOM) (User: ANAM-RNFR3WMDD7)
Description: DCOM got error "%%1084" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error: (03/30/2014 00:17:24 AM) (Source: DCOM) (User: ANAM-RNFR3WMDD7)
Description: DCOM got error "%%1084" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error: (03/30/2014 00:17:22 AM) (Source: DCOM) (User: ANAM-RNFR3WMDD7)
Description: DCOM got error "%%1084" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Microsoft Office Sessions:
=========================
Error: (03/30/2014 10:57:16 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\NEW FOLDER
Error: (03/30/2014 10:57:15 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\NEW FOLDER
Error: (03/30/2014 10:57:13 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\NEW FOLDER
Error: (03/30/2014 10:57:13 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\NEW FOLDER
Error: (03/30/2014 10:57:12 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\DOWNLOADS\ADWCLEANER.EXE
Error: (03/30/2014 10:57:12 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\DOWNLOADS\ADWCLEANER.EXE
Error: (03/30/2014 10:49:45 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\1.4 NUCLEAR CHEMISTRY RADIOACTIVITY Q1.LNK
Error: (03/30/2014 10:49:42 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\RK_QUARANTINE\ROGUEKILLER.INI
Error: (03/30/2014 10:25:48 PM) (Source: Application Hang)(User: )
Description: CamRecorder.exe6.0.3.928hungapp0.0.0.000000000
Error: (03/30/2014 10:25:35 PM) (Source: Application Hang)(User: )
Description: CamRecorder.exe6.0.3.928hungapp0.0.0.000000000
==================== Memory info ===========================
Percentage of memory in use: 27%
Total physical RAM: 2046 MB
Available physical RAM: 1481.41 MB
Total Pagefile: 4968.77 MB
Available Pagefile: 4578.3 MB
Total Virtual: 2047.88 MB
Available Virtual: 1950.31 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:74.52 GB) (Free:33.68 GB) NTFS ==>[Drive with boot components (Windows XP)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: CBF3CBF3)
Partition: GPT Partition Type.
==================== End Of Log ============================ -
Thank you so much Mr Charlie for helping me! My PC is fast again! All because of your magic. God bless you!!
# AdwCleaner v3.022 - Report created 29/03/2014 at 20:47:17
# Updated 13/03/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Owner - ANAM-RNFR3WMDD7
# Running from : C:\Documents and Settings\Owner\My Documents\Downloads\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
File Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xkw3v1z4.default-1376784065718\user.js
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Optimizer Pro v3.2
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7854F00C-DC77-477E-A10E-603F48442D3B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
-\\ Mozilla Firefox v28.0 (en-US)
[ File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xkw3v1z4.default-1376784065718\prefs.js ]
[ File : C:\Documents and Settings\Dena\Application Data\Mozilla\Firefox\Profiles\8boufv13.default\prefs.js ]
[ File : C:\Documents and Settings\SHAK\Application Data\Mozilla\Firefox\Profiles\vd8ncv3g.default\prefs.js ]
-\\ Google Chrome v
[ File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [1958 octets] - [20/02/2014 23:02:39]
AdwCleaner[R1].txt - [2886 octets] - [29/03/2014 20:43:28]
AdwCleaner[s0].txt - [2047 octets] - [20/02/2014 23:33:43]
AdwCleaner[s1].txt - [2843 octets] - [29/03/2014 20:47:17]
########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [2903 octets] ##########
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2014.03.29.03
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: ANAM-RNFR3WMDD7 [administrator]
3/29/2014 9:10:20 PM
mbam-log-2014-03-29 (21-10-20).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 263065
Time elapsed: 24 minute(s), 38 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
ROUGEKILLER LOG!
RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Scan -- Date : 03/29/2014 14:16:58
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 5 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Scheduled tasks : 0 ¤¤¤
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Browser Addons : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
[Address] EAT @firefox.exe (FREEBL_GetVector) : nssckbi.dll -> HOOKED (C:\Program Files\Mozilla Firefox\freebl3.dll @ 0x0C001000)
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST380215A +++++
--- User ---
[MBR] 73f987c631ba42764dce97e57309caf0
[bSP] 33e325a7d9768a4c0f3363561fe8019d : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 MB
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[0]_S_03292014_141658.txt >>
-
Hi Mr Charlie,
Thank you so much for your reply. I have scanned again using Malwarebytes second time, No Threats found. Also, Do I run Roguekiller now, or wait for your instructions? Thanks!
Here is my DDS LOG
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.51.2
Run by Owner at 13:03:20 on 2014-03-29
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1387 [GMT -4:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
uWinlogon: Shell = -
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mPolicies-System: EnableUIPI = dword:1
mPolicies-System: DisableCAD = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{B169077C-B8BA-4261-A7F8-0829245ABA8A} : DHCPNameServer = 192.168.1.254
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\xkw3v1z4.default-1376784065718\
FF - prefs.js: browser.search.selectedEngine - Search By ZoneAlarm
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_94.dll
.
============= SERVICES / DRIVERS ===============
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2014-3-29 40776]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2013-11-7 30976]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2002-9-3 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S4 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
.
=============== Created Last 30 ================
.
2014-03-29 16:36:59 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2014-03-29 06:53:04 -------- d-----w- c:\windows\system32\QuickTime
2014-03-29 06:51:53 -------- d-----w- c:\program files\common files\TechSmith Shared
2014-03-29 05:43:42 -------- d-----w- c:\documents and settings\all users\application data\CheckPoint
2014-03-29 04:01:11 -------- d-----w- c:\documents and settings\owner\application data\TechSmith
2014-03-21 06:12:04 -------- d-----w- c:\documents and settings\owner\application data\Windows Search
2014-03-18 19:31:10 13312 -c----w- c:\windows\system32\dllcache\xp_eos.exe
2014-03-18 19:31:10 13312 ------w- c:\windows\system32\xp_eos.exe
.
==================== Find3M ====================
.
2014-02-24 11:46:36 920064 ----a-w- c:\windows\system32\wininet.dll
2014-02-24 11:45:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2014-02-24 11:45:57 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2014-02-24 11:45:42 18944 ----a-w- c:\windows\system32\corpol.dll
2014-02-24 10:54:21 385024 ----a-w- c:\windows\system32\html.iec
2014-02-23 00:30:29 103832 ----a-w- c:\documents and settings\owner\GoToAssistDownloadHelper.exe
2014-02-18 01:18:08 867608 ----a-w- c:\windows\DellClick2Fix_DownloadManager.exe
2014-02-18 01:17:52 379315 ----a-w- c:\windows\DellClick2Fix_DownloadManager-1.bin
2014-02-18 01:17:52 12700 ----a-w- c:\windows\DellClick2Fix_DownloadManager-0.bin
2014-02-07 02:01:37 1879040 ----a-w- c:\windows\system32\win32k.sys
2014-02-05 08:55:04 562688 ----a-w- c:\windows\system32\qedit.dll
2014-01-04 03:13:05 420864 ----a-w- c:\windows\system32\vbscript.dll
.
============= FINISH: 13:04:26.10 ===============
ATTACH LOG
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 10/6/2011 5:29:00 PM
System Uptime: 3/29/2014 12:30:08 PM (1 hours ago)
.
Motherboard: Dell Computer Corp. | | 0G1548
Processor: Intel® Pentium® 4 CPU 2.20GHz | Microprocessor | 2192/400mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 4.74 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP112: 1/14/2014 12:49:57 PM - System Checkpoint
RP113: 1/15/2014 12:54:45 AM - Software Distribution Service 3.0
RP114: 1/16/2014 2:09:59 AM - Software Distribution Service 3.0
RP115: 1/17/2014 4:17:33 PM - System Checkpoint
RP116: 1/18/2014 5:58:06 PM - System Checkpoint
RP117: 1/19/2014 8:13:57 PM - System Checkpoint
RP118: 1/21/2014 1:25:08 AM - System Checkpoint
RP119: 1/22/2014 1:26:14 AM - System Checkpoint
RP120: 1/24/2014 3:28:07 PM - System Checkpoint
RP121: 1/25/2014 8:13:14 PM - System Checkpoint
RP122: 1/26/2014 8:44:57 PM - System Checkpoint
RP123: 1/28/2014 10:21:36 AM - System Checkpoint
RP124: 1/29/2014 5:51:49 PM - System Checkpoint
RP125: 1/30/2014 8:33:13 PM - System Checkpoint
RP126: 1/31/2014 8:42:05 PM - System Checkpoint
RP127: 2/1/2014 8:38:00 PM - Removed Bing Bar
RP128: 2/1/2014 8:41:29 PM - Removed HP Officejet 4620 series Basic Device Software
RP129: 2/1/2014 8:47:27 PM - Removed HP Officejet 4620 series Help
RP130: 2/2/2014 9:40:44 PM - System Checkpoint
RP131: 2/4/2014 4:11:53 PM - System Checkpoint
RP132: 2/5/2014 10:04:23 PM - System Checkpoint
RP133: 2/6/2014 2:03:59 AM - Removed I.R.I.S. OCR
RP134: 2/6/2014 2:08:26 AM - Removed HP Officejet 4620 series Product Improvement Study
RP135: 2/6/2014 2:11:03 AM - Removed HP Update.
RP136: 2/6/2014 2:11:45 AM - Removed Skype™ 6.13
RP137: 2/7/2014 3:00:36 AM - Software Distribution Service 3.0
RP138: 2/9/2014 12:42:28 AM - System Checkpoint
RP139: 2/10/2014 3:50:26 AM - System Checkpoint
RP140: 2/11/2014 6:23:49 PM - System Checkpoint
RP141: 2/12/2014 9:54:19 PM - System Checkpoint
RP142: 2/13/2014 3:01:12 AM - Software Distribution Service 3.0
RP143: 2/15/2014 12:33:36 AM - System Checkpoint
RP144: 2/17/2014 9:55:11 PM - System Checkpoint
RP145: 2/18/2014 12:35:50 AM - Installed Achiever
RP146: 2/18/2014 11:37:11 PM - Removed Achiever
RP147: 2/19/2014 11:53:35 PM - System Checkpoint
RP148: 2/21/2014 3:45:06 PM - System Checkpoint
RP149: 2/22/2014 5:21:19 PM - System Checkpoint
RP150: 2/22/2014 7:24:32 PM - Installed Java 7 Update 51
RP151: 2/22/2014 7:37:04 PM - Pre Install Click 2 Fix restore point
RP152: 2/22/2014 8:10:57 PM - Software Distribution Service 3.0
RP153: 2/23/2014 1:01:44 AM - Software Distribution Service 3.0
RP154: 2/23/2014 10:41:32 PM - Software Distribution Service 3.0
RP155: 2/24/2014 11:19:06 PM - System Checkpoint
RP156: 2/25/2014 11:54:36 PM - System Checkpoint
RP157: 2/28/2014 2:49:33 PM - System Checkpoint
RP158: 3/1/2014 6:21:00 PM - System Checkpoint
RP159: 3/2/2014 7:02:04 PM - System Checkpoint
RP160: 3/3/2014 9:44:31 PM - System Checkpoint
RP161: 3/4/2014 10:22:54 PM - System Checkpoint
RP162: 3/5/2014 1:48:36 PM - Removed Skype™ 6.14
RP163: 3/6/2014 4:14:35 PM - System Checkpoint
RP164: 3/7/2014 4:57:53 PM - System Checkpoint
RP165: 3/8/2014 8:47:24 PM - System Checkpoint
RP166: 3/10/2014 3:02:03 AM - System Checkpoint
RP167: 3/10/2014 5:15:08 PM - Software Distribution Service 3.0
RP168: 3/11/2014 9:43:49 PM - Software Distribution Service 3.0
RP169: 3/14/2014 2:44:02 PM - System Checkpoint
RP170: 3/16/2014 5:39:54 PM - System Checkpoint
RP171: 3/17/2014 7:51:10 PM - System Checkpoint
RP172: 3/18/2014 8:49:57 PM - Software Distribution Service 3.0
RP173: 3/20/2014 2:59:19 PM - System Checkpoint
RP174: 3/21/2014 3:24:05 PM - System Checkpoint
RP175: 3/22/2014 6:07:14 PM - System Checkpoint
RP176: 3/28/2014 11:46:25 PM - Installed Camtasia Studio 8
RP177: 3/29/2014 2:13:12 AM - Removed Camtasia Studio 8
RP178: 3/29/2014 2:38:58 AM - Restore Operation
RP179: 3/29/2014 2:51:15 AM - Installed Camtasia Studio 6
RP180: 3/29/2014 3:01:10 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop CS5
Adobe Reader X (10.1.9)
B57Inst
BCM V.92 56K Modem
Broadcom Driver Installer
Camtasia Studio 6
Crack the DAT 2013-2014
Crack the DAT 5.0.26
Dell ResourceCD
Google Talk Plugin
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Intel® Extreme Graphics Driver
Java 7 Update 51
Java Auto Updater
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office 2000 Professional
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox 28.0 (x86 en-US)
Mozilla Maintenance Service
PDF Settings CS5
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2901110v2)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB2879017)
Security Update for Windows Internet Explorer 8 (KB2888505)
Security Update for Windows Internet Explorer 8 (KB2898785)
Security Update for Windows Internet Explorer 8 (KB2909210)
Security Update for Windows Internet Explorer 8 (KB2909921)
Security Update for Windows Internet Explorer 8 (KB2925418)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2559049)
Security Update for Windows XP (KB2586448)
Security Update for Windows XP (KB2618444)
Security Update for Windows XP (KB2647516)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2893984)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB2914368)
Security Update for Windows XP (KB2916036)
Security Update for Windows XP (KB2929961)
Security Update for Windows XP (KB2930275)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB975713)
SoundMAX
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2904266)
Update for Windows XP (KB2934207)
Update for Windows XP (KB951978)
USB2.0 PC Camera (SN9C201&202)
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
WinRAR 4.11 (32-bit)
.
==== End Of File ===========================
-
Hi there,
I installed Cam Studio and suddenly noticed my computer lagging and Not responding when I am surfing the internet.., so when I uninstalled and ran Malwarebytes, it detected 4 registry files of PUP.Optional.InstallCore.A & PUP.Optional.OptimzerPro.A
and I clicked removed. Can you help me to see if everything is removed and I dont have any malware/viruses, etc!! Thanks!!!!
-
Hi MrC,
Thank you so so so so soooo much for your help. Seriously meant ALOT!! Its a lot faster, but when I open up a page on Firebox, it takes a while for it to load!
Otherwise, everything else is great and better than before God bless you!!!! )))))))))))) -
Adware Log
# AdwCleaner v3.019 - Report created 20/02/2014 at 22:33:43
# Updated 17/02/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Owner - ANAM-RNFR3WMDD7
# Running from : C:\Documents and Settings\Owner\My Documents\Downloads\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Documents and Settings\All Users\Application Data\TechSmith
Folder Deleted : C:\Program Files\AVG SafeGuard toolbar
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\TechSmith
Folder Deleted : C:\Documents and Settings\Owner\Application Data\TechSmith
Folder Deleted : C:\Documents and Settings\SHAK\Application Data\AVG SafeGuard toolbar
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A8E5842E-102B-4289-9D57-3B3F5B5E15D3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
-\\ Mozilla Firefox v27.0.1 (en-US)
[ File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xkw3v1z4.default-1376784065718\prefs.js ]
[ File : C:\Documents and Settings\Dena\Application Data\Mozilla\Firefox\Profiles\8boufv13.default\prefs.js ]
[ File : C:\Documents and Settings\SHAK\Application Data\Mozilla\Firefox\Profiles\vd8ncv3g.default\prefs.js ]
-\\ Google Chrome v
[ File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [1958 octets] - [20/02/2014 22:02:39]
AdwCleaner[s0].txt - [1907 octets] - [20/02/2014 22:33:43]
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1967 octets] ##########JRT LOG
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Microsoft Windows XP x86
Ran by Owner on Thu 02/20/2014 at 22:51:06.10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 02/20/2014 at 22:57:14.62
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
Oops sorry! I just copy pasted the wrong log date (old one) ..Here is the recent one that u instructed me on to do!! sorry!!
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2014.02.19.04
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: ANAM-RNFR3WMDD7 [administrator]
2/20/2014 7:50:23 PM
mbam-log-2014-02-20 (19-50-23).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 251747
Time elapsed: 20 minute(s), 8 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.10.29.02
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: ANAM-RNFR3WMDD7 [administrator]
10/29/2013 1:42:58 AM
mbam-log-2013-10-29 (01-42-58).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 236955
Time elapsed: 26 minute(s), 1 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKLM\SOFTWARE\Wow6432Node\Updater By SweetPacks (PUP.Optional.SweetPacks.A) -> No action taken.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
Yes i did! There wasnt anything found on there when ran using the Quick scan!
-
Thank you so much for helping me !
DDS Log
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.25.2
Run by Owner at 20:27:34 on 2014-02-20
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1406 [GMT -5:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_MAY2013_TB.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
uWinlogon: Shell = -
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mPolicies-System: EnableUIPI = dword:1
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\xkw3v1z4.default-1376784065718\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_94.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2013-11-7 30976]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S4 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
.
=============== Created Last 30 ================
.
2014-02-18 05:36:17 -------- d-----w- c:\documents and settings\owner\3TQuest
2014-02-14 08:56:49 0 ----a-w- C:\LOG3C4.tmp
2014-02-06 06:43:04 -------- d-----w- c:\documents and settings\owner\local settings\application data\Skype
.
==================== Find3M ====================
.
2014-02-05 23:26:52 920064 ----a-w- c:\windows\system32\wininet.dll
2014-02-05 23:26:43 43520 ----a-w- c:\windows\system32\licmgr10.dll
2014-02-05 23:26:42 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2014-02-05 23:26:37 18944 ----a-w- c:\windows\system32\corpol.dll
2014-02-05 22:24:05 385024 ----a-w- c:\windows\system32\html.iec
2014-01-04 03:13:05 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-12-05 11:26:06 1172992 ----a-w- c:\windows\system32\msxml3.dll
2013-11-27 20:21:06 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
.
============= FINISH: 20:28:48.98 ===============
Attach Log
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 10/6/2011 5:29:00 PM
System Uptime: 2/20/2014 7:45:36 PM (1 hours ago)
.
Motherboard: Dell Computer Corp. | | 0G1548
Processor: Intel® Pentium® 4 CPU 2.20GHz | Microprocessor | 2192/400mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 6.521 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom 440x 10/100 Integrated Controller
Device ID: PCI\VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01\4&3B1CAF2B&0&48F0
Manufacturer: Broadcom
Name: Broadcom 440x 10/100 Integrated Controller
PNP Device ID: PCI\VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01\4&3B1CAF2B&0&48F0
Service: bcm4sbxp
.
==== System Restore Points ===================
.
RP82: 11/22/2013 8:39:35 PM - System Checkpoint
RP83: 11/25/2013 6:18:27 PM - System Checkpoint
RP84: 11/26/2013 10:52:18 PM - System Checkpoint
RP85: 11/29/2013 1:14:35 AM - System Checkpoint
RP86: 12/2/2013 12:19:23 AM - System Checkpoint
RP87: 12/3/2013 8:33:34 PM - System Checkpoint
RP88: 12/5/2013 12:06:44 AM - System Checkpoint
RP89: 12/6/2013 12:58:17 AM - System Checkpoint
RP90: 12/8/2013 11:37:43 PM - System Checkpoint
RP91: 12/10/2013 7:30:21 PM - System Checkpoint
RP92: 12/11/2013 1:30:23 AM - Software Distribution Service 3.0
RP93: 12/12/2013 2:17:39 AM - System Checkpoint
RP94: 12/14/2013 2:15:42 AM - Software Distribution Service 3.0
RP95: 12/16/2013 9:34:15 PM - System Checkpoint
RP96: 12/18/2013 2:26:13 AM - System Checkpoint
RP97: 12/19/2013 8:37:04 PM - System Checkpoint
RP98: 12/21/2013 11:16:45 PM - System Checkpoint
RP99: 12/22/2013 11:20:57 PM - System Checkpoint
RP100: 12/24/2013 7:31:32 PM - System Checkpoint
RP101: 12/27/2013 1:07:43 AM - System Checkpoint
RP102: 1/2/2014 12:46:39 AM - System Checkpoint
RP103: 1/5/2014 11:40:37 PM - System Checkpoint
RP104: 1/6/2014 12:47:17 AM - Removed Skype™ 6.11
RP105: 1/7/2014 4:06:06 AM - System Checkpoint
RP106: 1/8/2014 6:52:21 PM - System Checkpoint
RP107: 1/8/2014 8:27:19 PM - Removed Skype™ 6.11
RP108: 1/9/2014 8:44:30 PM - System Checkpoint
RP109: 1/10/2014 9:26:06 PM - System Checkpoint
RP110: 1/11/2014 9:40:41 PM - System Checkpoint
RP111: 1/12/2014 9:50:30 PM - System Checkpoint
RP112: 1/14/2014 12:49:57 PM - System Checkpoint
RP113: 1/15/2014 12:54:45 AM - Software Distribution Service 3.0
RP114: 1/16/2014 2:09:59 AM - Software Distribution Service 3.0
RP115: 1/17/2014 4:17:33 PM - System Checkpoint
RP116: 1/18/2014 5:58:06 PM - System Checkpoint
RP117: 1/19/2014 8:13:57 PM - System Checkpoint
RP118: 1/21/2014 1:25:08 AM - System Checkpoint
RP119: 1/22/2014 1:26:14 AM - System Checkpoint
RP120: 1/24/2014 3:28:07 PM - System Checkpoint
RP121: 1/25/2014 8:13:14 PM - System Checkpoint
RP122: 1/26/2014 8:44:57 PM - System Checkpoint
RP123: 1/28/2014 10:21:36 AM - System Checkpoint
RP124: 1/29/2014 5:51:49 PM - System Checkpoint
RP125: 1/30/2014 8:33:13 PM - System Checkpoint
RP126: 1/31/2014 8:42:05 PM - System Checkpoint
RP127: 2/1/2014 8:38:00 PM - Removed Bing Bar
RP128: 2/1/2014 8:41:29 PM - Removed HP Officejet 4620 series Basic Device Software
RP129: 2/1/2014 8:47:27 PM - Removed HP Officejet 4620 series Help
RP130: 2/2/2014 9:40:44 PM - System Checkpoint
RP131: 2/4/2014 4:11:53 PM - System Checkpoint
RP132: 2/5/2014 10:04:23 PM - System Checkpoint
RP133: 2/6/2014 2:03:59 AM - Removed I.R.I.S. OCR
RP134: 2/6/2014 2:08:26 AM - Removed HP Officejet 4620 series Product Improvement Study
RP135: 2/6/2014 2:11:03 AM - Removed HP Update.
RP136: 2/6/2014 2:11:45 AM - Removed Skype™ 6.13
RP137: 2/7/2014 3:00:36 AM - Software Distribution Service 3.0
RP138: 2/9/2014 12:42:28 AM - System Checkpoint
RP139: 2/10/2014 3:50:26 AM - System Checkpoint
RP140: 2/11/2014 6:23:49 PM - System Checkpoint
RP141: 2/12/2014 9:54:19 PM - System Checkpoint
RP142: 2/13/2014 3:01:12 AM - Software Distribution Service 3.0
RP143: 2/15/2014 12:33:36 AM - System Checkpoint
RP144: 2/17/2014 9:55:11 PM - System Checkpoint
RP145: 2/18/2014 12:35:50 AM - Installed Achiever
RP146: 2/18/2014 11:37:11 PM - Removed Achiever
RP147: 2/19/2014 11:53:35 PM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop CS5
Adobe Reader X (10.1.7)
B57Inst
BCM V.92 56K Modem
Broadcom Driver Installer
Crack the DAT 2013-2014
Crack the DAT 5.0.26
Dell ResourceCD
Google Talk Plugin
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Intel® Extreme Graphics Driver
Java 7 Update 25
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office 2000 Professional
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox 27.0.1 (x86 en-US)
Mozilla Maintenance Service
PDF Settings CS5
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB2879017)
Security Update for Windows Internet Explorer 8 (KB2888505)
Security Update for Windows Internet Explorer 8 (KB2898785)
Security Update for Windows Internet Explorer 8 (KB2909210)
Security Update for Windows Internet Explorer 8 (KB2909921)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2559049)
Security Update for Windows XP (KB2586448)
Security Update for Windows XP (KB2618444)
Security Update for Windows XP (KB2647516)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2893984)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB2914368)
Security Update for Windows XP (KB2916036)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB975713)
SoundMAX
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2904266)
Update for Windows XP (KB951978)
USB2.0 PC Camera (SN9C201&202)
WebFldrs XP
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR 4.11 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
2/14/2014 8:07:18 PM, error: Dhcp [1002] - The IP address lease 192.168.1.68 for the Network Card with network address 000BDBBF46A7 has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).
2/14/2014 4:27:51 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.
.
==== End Of File ===========================
RogueKiller Log.
RogueKiller V8.8.8 [Feb 19 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Scan -- Date : 02/20/2014 20:36:55
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 5 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Scheduled tasks : 0 ¤¤¤
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Browser Addons : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
[inline] EAT @firefox.exe (LdrLoadDll) : ntdll.dll -> HOOKED (C:\Program Files\Mozilla Firefox\mozglue.dll @ 0x10001FFD)
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
[...]
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST380215A +++++
--- User ---
[MBR] 73f987c631ba42764dce97e57309caf0
[bSP] 33e325a7d9768a4c0f3363561fe8019d : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[0]_S_02202014_203655.txt >>
-
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 10/6/2011 5:29:00 PM
System Uptime: 2/20/2014 4:21:31 PM (0 hours ago)
.
Motherboard: Dell Computer Corp. | | 0G1548
Processor: Intel® Pentium® 4 CPU 2.20GHz | Microprocessor | 2192/400mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 6.644 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP82: 11/22/2013 8:39:35 PM - System Checkpoint
RP83: 11/25/2013 6:18:27 PM - System Checkpoint
RP84: 11/26/2013 10:52:18 PM - System Checkpoint
RP85: 11/29/2013 1:14:35 AM - System Checkpoint
RP86: 12/2/2013 12:19:23 AM - System Checkpoint
RP87: 12/3/2013 8:33:34 PM - System Checkpoint
RP88: 12/5/2013 12:06:44 AM - System Checkpoint
RP89: 12/6/2013 12:58:17 AM - System Checkpoint
RP90: 12/8/2013 11:37:43 PM - System Checkpoint
RP91: 12/10/2013 7:30:21 PM - System Checkpoint
RP92: 12/11/2013 1:30:23 AM - Software Distribution Service 3.0
RP93: 12/12/2013 2:17:39 AM - System Checkpoint
RP94: 12/14/2013 2:15:42 AM - Software Distribution Service 3.0
RP95: 12/16/2013 9:34:15 PM - System Checkpoint
RP96: 12/18/2013 2:26:13 AM - System Checkpoint
RP97: 12/19/2013 8:37:04 PM - System Checkpoint
RP98: 12/21/2013 11:16:45 PM - System Checkpoint
RP99: 12/22/2013 11:20:57 PM - System Checkpoint
RP100: 12/24/2013 7:31:32 PM - System Checkpoint
RP101: 12/27/2013 1:07:43 AM - System Checkpoint
RP102: 1/2/2014 12:46:39 AM - System Checkpoint
RP103: 1/5/2014 11:40:37 PM - System Checkpoint
RP104: 1/6/2014 12:47:17 AM - Removed Skype™ 6.11
RP105: 1/7/2014 4:06:06 AM - System Checkpoint
RP106: 1/8/2014 6:52:21 PM - System Checkpoint
RP107: 1/8/2014 8:27:19 PM - Removed Skype™ 6.11
RP108: 1/9/2014 8:44:30 PM - System Checkpoint
RP109: 1/10/2014 9:26:06 PM - System Checkpoint
RP110: 1/11/2014 9:40:41 PM - System Checkpoint
RP111: 1/12/2014 9:50:30 PM - System Checkpoint
RP112: 1/14/2014 12:49:57 PM - System Checkpoint
RP113: 1/15/2014 12:54:45 AM - Software Distribution Service 3.0
RP114: 1/16/2014 2:09:59 AM - Software Distribution Service 3.0
RP115: 1/17/2014 4:17:33 PM - System Checkpoint
RP116: 1/18/2014 5:58:06 PM - System Checkpoint
RP117: 1/19/2014 8:13:57 PM - System Checkpoint
RP118: 1/21/2014 1:25:08 AM - System Checkpoint
RP119: 1/22/2014 1:26:14 AM - System Checkpoint
RP120: 1/24/2014 3:28:07 PM - System Checkpoint
RP121: 1/25/2014 8:13:14 PM - System Checkpoint
RP122: 1/26/2014 8:44:57 PM - System Checkpoint
RP123: 1/28/2014 10:21:36 AM - System Checkpoint
RP124: 1/29/2014 5:51:49 PM - System Checkpoint
RP125: 1/30/2014 8:33:13 PM - System Checkpoint
RP126: 1/31/2014 8:42:05 PM - System Checkpoint
RP127: 2/1/2014 8:38:00 PM - Removed Bing Bar
RP128: 2/1/2014 8:41:29 PM - Removed HP Officejet 4620 series Basic Device Software
RP129: 2/1/2014 8:47:27 PM - Removed HP Officejet 4620 series Help
RP130: 2/2/2014 9:40:44 PM - System Checkpoint
RP131: 2/4/2014 4:11:53 PM - System Checkpoint
RP132: 2/5/2014 10:04:23 PM - System Checkpoint
RP133: 2/6/2014 2:03:59 AM - Removed I.R.I.S. OCR
RP134: 2/6/2014 2:08:26 AM - Removed HP Officejet 4620 series Product Improvement Study
RP135: 2/6/2014 2:11:03 AM - Removed HP Update.
RP136: 2/6/2014 2:11:45 AM - Removed Skype™ 6.13
RP137: 2/7/2014 3:00:36 AM - Software Distribution Service 3.0
RP138: 2/9/2014 12:42:28 AM - System Checkpoint
RP139: 2/10/2014 3:50:26 AM - System Checkpoint
RP140: 2/11/2014 6:23:49 PM - System Checkpoint
RP141: 2/12/2014 9:54:19 PM - System Checkpoint
RP142: 2/13/2014 3:01:12 AM - Software Distribution Service 3.0
RP143: 2/15/2014 12:33:36 AM - System Checkpoint
RP144: 2/17/2014 9:55:11 PM - System Checkpoint
RP145: 2/18/2014 12:35:50 AM - Installed Achiever
RP146: 2/18/2014 11:37:11 PM - Removed Achiever
RP147: 2/19/2014 11:53:35 PM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop CS5
Adobe Reader X (10.1.7)
B57Inst
BCM V.92 56K Modem
Broadcom Driver Installer
Crack the DAT 2013-2014
Crack the DAT 5.0.26
Dell ResourceCD
Google Talk Plugin
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Intel® Extreme Graphics Driver
Java 7 Update 25
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office 2000 Professional
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox 27.0.1 (x86 en-US)
Mozilla Maintenance Service
PDF Settings CS5
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB2879017)
Security Update for Windows Internet Explorer 8 (KB2888505)
Security Update for Windows Internet Explorer 8 (KB2898785)
Security Update for Windows Internet Explorer 8 (KB2909210)
Security Update for Windows Internet Explorer 8 (KB2909921)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2559049)
Security Update for Windows XP (KB2586448)
Security Update for Windows XP (KB2618444)
Security Update for Windows XP (KB2647516)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2893984)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB2914368)
Security Update for Windows XP (KB2916036)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB975713)
SoundMAX
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2904266)
Update for Windows XP (KB951978)
USB2.0 PC Camera (SN9C201&202)
WebFldrs XP
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR 4.11 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
2/14/2014 8:07:18 PM, error: Dhcp [1002] - The IP address lease 192.168.1.68 for the Network Card with network address 000BDBBF46A7 has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).
2/13/2014 3:04:08 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.
.
==== End Of File ===========================
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.25.2
Run by Owner at 16:27:40 on 2014-02-20
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1507 [GMT -5:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_MAY2013_TB.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
uWinlogon: Shell = -
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mPolicies-System: EnableUIPI = dword:1
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{B169077C-B8BA-4261-A7F8-0829245ABA8A} : DHCPNameServer = 192.168.1.254
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\xkw3v1z4.default-1376784065718\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_94.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2013-11-7 30976]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2014-2-19 40776]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S4 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
.
=============== Created Last 30 ================
.
2014-02-20 02:39:46 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2014-02-18 05:36:17 -------- d-----w- c:\documents and settings\owner\3TQuest
2014-02-14 08:56:49 0 ----a-w- C:\LOG3C4.tmp
2014-02-06 06:43:04 -------- d-----w- c:\documents and settings\owner\local settings\application data\Skype
.
==================== Find3M ====================
.
2014-02-05 23:26:52 920064 ----a-w- c:\windows\system32\wininet.dll
2014-02-05 23:26:43 43520 ----a-w- c:\windows\system32\licmgr10.dll
2014-02-05 23:26:42 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2014-02-05 23:26:37 18944 ----a-w- c:\windows\system32\corpol.dll
2014-02-05 22:24:05 385024 ----a-w- c:\windows\system32\html.iec
2014-01-04 03:13:05 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-12-05 11:26:06 1172992 ----a-w- c:\windows\system32\msxml3.dll
2013-11-27 20:21:06 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
.
============= FINISH: 16:29:48.26 ===============
-
Hi! I ran a full scan on MalwareBytes for 4 hours last night, and this morning, found 1 threat which turned out to be Trojan.Refroso. Can someone please kindly help me remove it. My computer lags, and says no responding, etc. Please please help me remove this virus!
Thank you and God blesss!
-
Hi Can you guys please help me, My computer is extremely slow and infected, and I was wondering if you guys can please help me remove these dreadful viruses
Here is the log for Malwarebytes scanned. Approximately 250 threats found! =(
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
Database version: v2013.09.30.09
Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Haidery :: HAIDERY-PC [administrator]
Protection: Enabled
9/30/2013 9:08:20 PM
mbam-log-2013-09-30 (21-08-20).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 195723
Time elapsed: 13 minute(s), 16 second(s)
Memory Processes Detected: 3
C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Trojan.Sefnit) -> 1500 -> Delete on reboot.
C:\ProgramData\BitGuard\2.6.1673.238\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\BitGuard.exe (PUP.Optional.PerformerSoft.A) -> 1564 -> Delete on reboot.
C:\ProgramData\BitGuard\2.6.1673.238\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\BitGuard.exe (PUP.Optional.PerformerSoft.A) -> 2624 -> Delete on reboot.
Memory Modules Detected: 1
C:\ProgramData\BitGuard\2.6.1673.238\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\BitGuard.dll (PUP.Optional.PerformerSoft.A) -> Delete on reboot.
Registry Keys Detected: 39
HKLM\SYSTEM\CurrentControlSet\Services\AdobeFlashPlayerUpdateSvc (Trojan.Sefnit) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FLASHPLAYERUPDATESERVICE.EXE (Trojan.Sefnit) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\BitGuard (PUP.Optional.PerformerSoft.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{01F2D720-ECFC-47BF-8302-14D4AE13419b} (Trojan.Tracur.XGen) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01F2D720-ECFC-47BF-8302-14D4AE13419B} (Trojan.Tracur.XGen) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{01F2D720-ECFC-47BF-8302-14D4AE13419B} (Trojan.Tracur.XGen) -> Delete on reboot.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{01F2D720-ECFC-47BF-8302-14D4AE13419B} (Trojan.Tracur.XGen) -> Quarantined and deleted successfully.
HKCR\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB} (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKCR\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{1D4DB7D0-6EC9-47a3-BD87-1E41684E07BB} (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\Interface\{1D4DB7D1-6EC9-47A3-BD87-1E41684E07BB} (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\FunWebProductsInstaller.Start.1 (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\FunWebProductsInstaller.Start (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{70C6E9DE-F30E-4A40-8A6F-9572C2328320} (PUP.FCTPlugin) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{70C6E9DE-F30E-4A40-8A6F-9572C2328320} (PUP.FCTPlugin) -> Delete on reboot.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{70C6E9DE-F30E-4A40-8A6F-9572C2328320} (PUP.FCTPlugin) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} (PUP.Optional.QuickShare.A) -> Delete on reboot.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} (PUP.Optional.QuickShare.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam) -> Delete on reboot.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014} (PUP.Datamngr) -> Delete on reboot.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014} (PUP.Datamngr) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F34C9277-6577-4DFF-B2D7-7D58092F272F} (PUP.Datamngr) -> Delete on reboot.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F34C9277-6577-4DFF-B2D7-7D58092F272F} (PUP.Datamngr) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F34C9277-6577-4DFF-B2D7-7D58092F272F} (PUP.Datamngr) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} (PUP.Optional.PricePeep.A) -> Delete on reboot.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} (PUP.Optional.PricePeep.A) -> Quarantined and deleted successfully.
HKCR\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Quarantined and deleted successfully.
HKCU\Software\Datamngr (PUP.Optional.DataMngr.A) -> Quarantined and deleted successfully.
HKCU\Software\BabSolution\Updater (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings (PUP.Optional.BProtector.A) -> Delete on reboot.
HKLM\SOFTWARE\FunWebProducts\Installer (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\RpcLocator32 (Trojan.Tracur) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SSDPSRV32 (Trojan.Tracur) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} (PUP.Optional.BitGuard.A) -> Quarantined and deleted successfully.
Registry Values Detected: 3
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|bProtector Start Page (PUP.BProtector) -> Data: -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|bProtectorDefaultScope (PUP.BProtector) -> Data: {6A1806CD-94D4-4689-BA73-E35EA1EA9990} -> Delete on reboot.
HKLM\SYSTEM\CurrentControlSet\Services\BitGuard|ImagePath (PUP.Optional.BitGuard.A) -> Data: C:\ProgramData\BitGuard\2.6.1673.238\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\BitGuard.exe -> Quarantined and deleted successfully.
Registry Data Items Detected: 2
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.PerformerSoft.A) -> Bad: (c:\progra~2\bitguard\261673~1.238\{eab34~1\bitguard.dll) Good: () -> Delete on reboot.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Conduit) -> Bad: (http://search.conduit.com?SearchSource=10&CUI=UN38106534801900495&UM=2&ctid=CT3300237) Good: (http://www.google.com) -> Quarantined and repaired successfully.
Folders Detected: 15
C:\Program Files\Object (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\ProgramData\IBUpdaterService (Adware.InstallBrain) -> Quarantined and deleted successfully.
C:\Users\Haidery\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\ProgramData\1078565601 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1843161113 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Users\Haidery\AppData\Roaming\SysWin (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Haidery\AppData\Roaming\File Scout (PUP.Optional.FileScout.A) -> Quarantined and deleted successfully.
C:\ProgramData\BitGuard\2.6.1673.238 (PUP.Optional.BitGuard.A) -> Delete on reboot.
C:\ProgramData\BitGuard\2.6.1673.238\{eab34bca-99d8-4192-8f3b-58b53f6d08e7} (PUP.Optional.BitGuard.A) -> Delete on reboot.
C:\ProgramData\BitGuard\2.6.1673.238\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\traking_settings (PUP.Optional.BitGuard.A) -> Delete on reboot.
C:\Users\Haidery\AppData\Local\Temp\ct3287307 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Haidery\AppData\Local\Temp\CT3300237 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Haidery\AppData\Local\Temp\CT3300237\plugins (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\1.bin (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
Files Detected: 189
C:\ProgramData\BitGuard\2.6.1673.238\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\BitGuard.dll (PUP.Optional.PerformerSoft.A) -> Delete on reboot.
C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Trojan.Sefnit) -> Delete on reboot.
C:\ProgramData\BitGuard\2.6.1673.238\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\BitGuard.exe (PUP.Optional.PerformerSoft.A) -> Delete on reboot.
C:\Windows\System32\api-ms-win-core-heap-l1-1-032.dll (Trojan.Tracur.XGen) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\1.bin\F3EZSETP.DLL (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
C:\ProgramData\api-ms-win-core-heap-l1-1-032.dll (Trojan.Tracur.XGen) -> Quarantined and deleted successfully.
C:\ProgramData\AF71E23D9BC987D2A5B7293E05E2D9C5\b\binm1 (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
C:\ProgramData\Codecv\bhoclass.dll (PUP.DownloadnSave) -> Quarantined and deleted successfully.
C:\ProgramData\SysWoW32\@u673294300v1 (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
C:\ProgramData\SysWoW32\@u673294300v10 (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
C:\ProgramData\SysWoW32\@u673294300v11 (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
C:\ProgramData\SysWoW32\@u673294300v2 (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
C:\ProgramData\SysWoW32\@u673294300v3 (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
C:\ProgramData\SysWoW32\wu673294300v1 (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
C:\ProgramData\SysWoW32\wu673294300v10 (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
C:\ProgramData\SysWoW32\wu673294300v11 (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
C:\ProgramData\SysWoW32\wu673294300v2 (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
C:\ProgramData\SysWoW32\wu673294300v3 (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
C:\ProgramData\SysWoW32\wu673294300v9 (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
C:\ProgramData\SysWoW32\_u673294300v1 (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
C:\ProgramData\SysWoW32\_u673294300v10 (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
C:\ProgramData\SysWoW32\_u673294300v11 (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
C:\ProgramData\SysWoW32\_u673294300v2 (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
C:\ProgramData\SysWoW32\_u673294300v3 (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
C:\ProgramData\SysWoW32\_u673294300v9 (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
C:\ProgramData\SysWoW32\@u673294300v9 (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
C:\Users\Haidery\AppData\Roaming\File Scout\filescout.exe (PUP.Optional.FileScout.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\7213.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\7473.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\751F.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\8381.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Windows\System32\FlashPlayerUpdateService.exe (Trojan.Sefnit) -> Quarantined and deleted successfully.
C:\Users\Haidery\AppData\Local\Temp\E86C.tmp (PUP.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\Haidery\AppData\Local\Temp\setup_fsu_cid.exe (Trojan.Sefnit) -> Quarantined and deleted successfully.
C:\Users\Haidery\AppData\Local\Temp\ToolbarHelper.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Haidery\AppData\Local\Temp\Installer.exe (PUP.Optional.SmartBar.A) -> Quarantined and deleted successfully.
C:\Users\Haidery\AppData\Local\Temp\nsf942C.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Haidery\AppData\Local\Temp\nsiFC24.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Haidery\AppData\Local\Temp\nsnA480.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Haidery\AppData\Local\Temp\nsx181.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Haidery\AppData\Local\Temp\8E35.tmp (PUP.Optional.PerformerSoft.A) -> Quarantined and deleted successfully.
C:\Users\Haidery\AppData\Local\Temp\SPStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Haidery\AppData\Local\Temp\A12F.tmp (PUP.Optional.PerformerSoft.A) -> Quarantined and deleted successfully.
C:\Users\Haidery\AppData\Local\Temp\nsc4EC3.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Haidery\AppData\Local\Temp\ct3287307\chLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Haidery\AppData\Local\Temp\ct3287307\ctbe.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Haidery\AppData\Local\Temp\ct3287307\ieLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Haidery\AppData\Local\Temp\ct3287307\statisticsStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Haidery\AppData\Local\Temp\ct3287307\stub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Haidery\AppData\Local\Temp\CT3300237\spch.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\FlashPlayer_V.115078011c.exe (PUP.FakeFlash.Domaiq) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\gimp_31.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\PluginInstall (1).exe (MSIL.Solimba) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\PluginInstall (2).exe (MSIL.Solimba) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\PluginInstall.exe (MSIL.Solimba) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\downloadmanager_Setup.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\mplayer_Setup (1).exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\iLividSetup (1).exe (PUP.Optional.Bandoo) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\iLividSetup (2).exe (PUP.Optional.Bandoo) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\iLividSetup (3).exe (PUP.Optional.Bandoo) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\iLividSetup.exe (PUP.Optional.Bandoo) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\setup (1).exe (PUP.BundleInstaller.VG) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\Setup (2).exe (PUP.Optional.Solimba) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\Setup (3).exe (PUP.Optional.Solimba) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\Setup (4).exe (PUP.Optional.Solimba) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\Setup (5).exe (PUP.Optional.Solimba) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\Setup (7).exe (PUP.Optional.Solimba) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\setup.exe (Trojan.FakeVLC) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\SetupRG (1).exe (Adware.GameVance) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\SetupRG (2).exe (Adware.GameVance) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\SetupRG.exe (Adware.GameVance) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\TVSetup.exe (PUP.Optional.Inbox) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\VeohWebPlayerSetup_us.exe (Adware.InstallBrain) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\video-media-download_setup.exe (PUP.Downware) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\WhiteSmokeInstaller_9147.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\JewelQuest3SDM.exe (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\MahjonggMysteriesSDM.exe (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\movie_player_1280 (1).exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\movie_player_1280 (2).exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\movie_player_1280.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\mplayer_1193.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\mplayer_Setup (2).exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\mplayer_Setup (3).exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\mplayer_Setup (4).exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\mplayer_Setup (5).exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\mplayer_Setup (6).exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\mplayer_Setup (7).exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\mplayer_Setup.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.
C:\Users\Haidery\Downloads\Babylon8_setup.exe (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Windows Internet Name Service\wins.exe (Trojan.Downloader.WI) -> Quarantined and deleted successfully.
C:\Windows\apisetschemawow.exe (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
C:\Windows\chkwudrvwow.exe (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
C:\Windows\inetcommwow.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Windows\KBDARMWwow.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\KBDHU1wow.exe (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
C:\Windows\QSVRMGMTwow.exe (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
C:\Windows\slwgawow.exe (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
C:\Windows\termsrvwow.exe (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
C:\Windows\WsmReswow.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Windows\WWanHCwow.exe (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
C:\Windows\wwansvcwow.exe (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
C:\Windows\msvidc32wow.exe (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
C:\Windows\odfox32wow.exe (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
C:\Windows\dxppswow.exe (Trojan.Tracur.SGen) -> Quarantined and deleted successfully.
C:\Windows\System32\02000000f05f51ec1259C.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\System32\02000000f05f51ec1259O.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\System32\02000000f05f51ec1259P.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\System32\02000000f05f51ec1259S.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\Program Files\Object\status.txt (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files\Object\config.ini (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files\Object\status2.txt (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\ProgramData\IBUpdaterService\repository.xml (Adware.InstallBrain) -> Quarantined and deleted successfully.
C:\Users\Haidery\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Windows\System32\roboot.exe (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.
C:\Users\Haidery\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data (PUP.Optional.BProtector.A) -> Quarantined and deleted successfully.
C:\Users\Haidery\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences (PUP.Optional.BProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\1078565601\new.i0.kwd (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1078565601\new.i1.kwd (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1078565601\new.i10.kwd (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1078565601\new.i11.kwd (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1078565601\new.i12.kwd (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1078565601\new.i13.kwd (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1078565601\new.i14.kwd (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1078565601\new.i15.kwd (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1078565601\new.i2.kwd (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1078565601\new.i3.kwd (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1078565601\new.i4.kwd (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1078565601\new.i5.kwd (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1078565601\new.i6.kwd (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1078565601\new.i7.kwd (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1078565601\new.i8.kwd (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1078565601\new.i9.kwd (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1843161113\frt0.rar (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1843161113\frt0.rar.ver (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1843161113\frt1.rar (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1843161113\frt1.rar.ver (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1843161113\frt10.rar (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1843161113\frt10.rar.ver (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1843161113\frt11.rar (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1843161113\frt11.rar.ver (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1843161113\frt12.rar (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1843161113\frt12.rar.ver (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1843161113\frt13.rar (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1843161113\frt13.rar.ver (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1843161113\frt14.rar (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1843161113\frt14.rar.ver (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1843161113\frt15.rar (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1843161113\frt15.rar.ver (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1843161113\frt2.rar (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1843161113\frt2.rar.ver (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1843161113\frt3.rar (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1843161113\frt3.rar.ver (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1843161113\frt4.rar (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1843161113\frt4.rar.ver (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1843161113\frt5.rar (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1843161113\frt5.rar.ver (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1843161113\frt6.rar (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1843161113\frt6.rar.ver (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1843161113\frt7.rar (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1843161113\frt7.rar.ver (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1843161113\frt8.rar (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1843161113\frt8.rar.ver (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1843161113\frt9.rar (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\1843161113\frt9.rar.ver (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Users\Haidery\AppData\Roaming\File Scout\uninst.exe (PUP.Optional.FileScout.A) -> Quarantined and deleted successfully.
C:\ProgramData\BitGuard\2.6.1673.238\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\BitGuard.settings (PUP.Optional.BitGuard.A) -> Delete on reboot.
C:\ProgramData\BitGuard\2.6.1673.238\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\bl (PUP.Optional.BitGuard.A) -> Delete on reboot.
C:\ProgramData\BitGuard\2.6.1673.238\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\dm (PUP.Optional.BitGuard.A) -> Delete on reboot.
C:\ProgramData\BitGuard\2.6.1673.238\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\uninstall.exe (PUP.Optional.BitGuard.A) -> Delete on reboot.
C:\ProgramData\BitGuard\2.6.1673.238\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\traking_settings\00 (PUP.Optional.BitGuard.A) -> Delete on reboot.
C:\ProgramData\BitGuard\2.6.1673.238\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\traking_settings\01 (PUP.Optional.BitGuard.A) -> Delete on reboot.
C:\ProgramData\BitGuard\2.6.1673.238\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\traking_settings\02 (PUP.Optional.BitGuard.A) -> Delete on reboot.
C:\ProgramData\BitGuard\2.6.1673.238\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\traking_settings\03 (PUP.Optional.BitGuard.A) -> Delete on reboot.
C:\ProgramData\BitGuard\2.6.1673.238\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\traking_settings\10 (PUP.Optional.BitGuard.A) -> Delete on reboot.
C:\ProgramData\BitGuard\2.6.1673.238\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\traking_settings\11 (PUP.Optional.BitGuard.A) -> Delete on reboot.
C:\ProgramData\BitGuard\2.6.1673.238\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\traking_settings\12 (PUP.Optional.BitGuard.A) -> Delete on reboot.
C:\ProgramData\BitGuard\2.6.1673.238\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\traking_settings\13 (PUP.Optional.BitGuard.A) -> Delete on reboot.
C:\ProgramData\BitGuard\2.6.1673.238\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\traking_settings\20 (PUP.Optional.BitGuard.A) -> Delete on reboot.
C:\ProgramData\BitGuard\2.6.1673.238\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\traking_settings\21 (PUP.Optional.BitGuard.A) -> Delete on reboot.
C:\ProgramData\BitGuard\2.6.1673.238\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\traking_settings\22 (PUP.Optional.BitGuard.A) -> Delete on reboot.
C:\ProgramData\BitGuard\2.6.1673.238\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\traking_settings\23 (PUP.Optional.BitGuard.A) -> Delete on reboot.
C:\Users\Haidery\AppData\Local\Temp\ct3287307\chromeid.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Haidery\AppData\Local\Temp\ct3287307\setup.ini.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Haidery\AppData\Local\Temp\CT3300237\CT3300237.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Haidery\AppData\Local\Temp\CT3300237\initData.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Haidery\AppData\Local\Temp\CT3300237\manifest.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Haidery\AppData\Local\Temp\CT3300237\plugins\TBVerifier.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\1.bin\F3PLUGIN.DLL (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\1.bin\NPFUNWEB.DLL (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
(end)
-
Thank you so much for your quick reply. Here are the Zoek Results
Zoek.exe Version 4.0.0.4 Updated 27-September-2013
Tool run by Anam on Fri 09/27/2013 at 16:29:13.19.
Microsoft® Windows Vista™ Home Basic 6.0.6002 Service Pack 2 x86
Running in: Safe Mode NETWORK Internet Access Detected
Launched: C:\Users\Anam\Desktop\zoek\zoek.exe [Quick Scan] [Auto Clean]
==== System Restore Info ======================
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-587149693-440183245-2185910456-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0D6F20C2-AB73-4D9A-9D6C-F87E769B5A69} deleted successfully
HKEY_USERS\S-1-5-21-587149693-440183245-2185910456-1000\Software\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
ProfilePath: C:\Users\Anam\AppData\Roaming\Mozilla\Firefox\Profiles\me0sl4d0.default
user.js not found
---- Lines CT3298566 removed from prefs.js ----
---- Lines CT3298566 modified from prefs.js ----
---- Lines C:\Users\Anam\AppData\Roaming\Mozilla\Firefox\Profiles\me0sl4d0.default\CT3298566 removed from prefs.js ----
---- Lines C:\Users\Anam\AppData\Roaming\Mozilla\Firefox\Profiles\me0sl4d0.default\CT3298566 modified from prefs.js ----
---- FireFox user.js and prefs.js backups ----
prefs_20130927_0434_.backup
ProfilePath: C:\Users\Nadia\AppData\Roaming\Mozilla\Firefox\Profiles\djofqw49.default
prefs.js not found
user.js not found
---- Lines CT3298566 removed from prefs.js ----
---- Lines CT3298566 modified from prefs.js ----
---- Lines C:\Users\Anam\AppData\Roaming\Mozilla\Firefox\Profiles\me0sl4d0.default\CT3298566 removed from prefs.js ----
---- Lines C:\Users\Anam\AppData\Roaming\Mozilla\Firefox\Profiles\me0sl4d0.default\CT3298566 modified from prefs.js ----
---- FireFox user.js and prefs.js backups ----
==== Deleting Files \ Folders ======================
"C:\Users\Anam\AppData\Local\{000F5AEB-7E31-4277-9312-1F3881F16513}" deleted
"C:\Users\Anam\Downloads\avg_free_stb_all_2012_1808_cnet.exe" deleted
"C:\found.000" deleted
"C:\found.001" deleted
"C:\found.003" deleted
"C:\found.005" deleted
"C:\found.006" deleted
"C:\Users\Nadia\AppData\LocalLow\AskToolbar" deleted
"C:\Users\Anam\AppData\Roaming\Mozilla\Firefox\Profiles\me0sl4d0.default\CT3298566" deleted
"C:\Users\Anam\AppData\Roaming\Mozilla\Firefox\Profiles\me0sl4d0.default\CT3298566" deleted
==== Files Recently Created / Modified ======================
====== C:\Windows ====
====== C:\Users\Anam\AppData\Local\Temp ====
2013-09-24 22:31:06 14D8444746CF6F5EB038E49874D538F6 5165344 ----a-w- C:\Users\Anam\AppData\Local\Temp\tbMixi.dll
2013-09-24 04:10:09 E0347CFB68DA6E23F52FE39A198D7B12 492164 ----a-w- C:\Users\Anam\AppData\Local\Temp\{397914D6-8227-4063-8A4C-BE85C53886C1}\ISSetup.dll
2013-09-24 04:10:09 A205551E7BA8580D2C0FF896A4D79FA9 460248 ----a-w- C:\Users\Anam\AppData\Local\Temp\_is73C8.exe
2013-09-24 04:10:09 30EBD4E80B1DDA05EAC709A1DC5965B4 164784 ----a-w- C:\Users\Anam\AppData\Local\Temp\{397914D6-8227-4063-8A4C-BE85C53886C1}\_Setup.dll
2013-09-24 04:08:49 F798F61B3B5642D7086B96A891B129D2 37664 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03876\CommonFiles\AVG SafeGuard toolbar\avgtpx86.sys
2013-09-24 04:08:49 EE0631F44A03290D8508A12ED3B73D87 145072 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03876\CommonFiles\AVG SafeGuard toolbar\SiteSafety.dll
2013-09-24 04:08:49 A56B06DEAEC7750B453BAA32D959CC16 43184 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03876\CommonFiles\AVG SafeGuard toolbar\helper.dll
2013-09-24 04:08:49 A4A33D48E286619CDC78DD7EBC18C740 569520 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03876\CommonFiles\AVG SafeGuard toolbar\avgdttbx.dll
2013-09-24 04:08:49 9846C6120CBCDA5E069F29600612B39A 1095344 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03876\CommonFiles\AVG SafeGuard toolbar\npsitesafety.dll
2013-09-24 04:08:49 60EF0935011E420C1E90E3EB4FE480C4 257712 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03876\ConfigFiles\avguidx.dll
2013-09-24 04:08:49 2B32843667FCE26ED229AF9D8FD989DE 581808 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03876\CommonFiles\AVG SafeGuard toolbar\AVGRewardsWorker.dll
2013-09-24 04:08:49 1720A8128CD866BBEE8C7D8206391403 3086512 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03876\ProgFiles\AVG SafeGuard toolbar\15.4.0.5\AVG SafeGuard toolbar_toolbar.dll
2013-09-24 04:08:49 0B66D02FD0C8DF346E459AFC38FE5433 596144 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03876\CommonFiles\AVG SafeGuard toolbar\ViProtocol.dll
2013-09-24 04:08:49 0B2520AA90C20971BDB45AE6F3047E0F 45856 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03876\CommonFiles\AVG SafeGuard toolbar\avgtpx64.sys
2013-09-24 04:08:48 E24B539E8B4F7FBAE1EC785809690C40 2285232 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03876\ProgFiles\AVG SafeGuard toolbar\vprot.exe
2013-09-24 04:08:48 DEB90E51DD0F6B9F087C1972CC796489 920240 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03876\ProgFiles\AVG SafeGuard toolbar\lip.exe
2013-09-24 04:08:48 D617A2BFA86001819D20ADCF0BC20719 1822896 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03876\ProgFiles\AVG SafeGuard toolbar\Uninstall.exe
2013-09-24 04:08:48 BEA34C09A21490C8BBE89167967FAC26 641200 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03876\ProgFiles\AVG SafeGuard toolbar\PostInstall.exe
2013-09-24 04:08:48 4F3A274E95A94E196AC224E1646E8013 147120 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03876\CommonFiles\AVG SafeGuard toolbar\DriverInstaller_64.exe
2013-09-24 04:08:48 308598FF177676648E043CE28E09FCCD 2267824 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03876\CommonFiles\AVG SafeGuard toolbar\ScriptHelper.exe
2013-09-24 04:08:48 2F208AD0E44992E5FF1CB7C6B699C263 1616048 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03876\CommonFiles\AVG SafeGuard toolbar\ToolbarUpdater.exe
2013-09-24 04:08:48 2F1CE0072D1FFC72048D9544452C939F 572592 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03876\ConfigFiles\MachineIdCreator.exe
2013-09-24 04:08:47 9A413B46E4035E5793FDF81EBA71EB55 2196656 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03876\avg-secure-search-installer.exe
2013-09-24 04:08:47 7BA1BAD7FD40CEAA0F0902BC0D92DFB0 640176 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03876\CommonFiles\AVG SafeGuard toolbar\DriverInstaller.exe
2013-09-24 04:08:44 C4CB0D49D9146DBE7D2AC76B5BE015BA 4540440 ----a-w- C:\Users\Anam\AppData\Local\Temp\oi_{F0BA9F46-E491-420E-ACE6-67B18BCBAC6A}.exe
2013-09-24 04:08:37 D09CE61BD82E96A4F76E4C1049761BD1 494920 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03644\CommonFiles\AVG SafeGuard toolbar\ViProtocol.dll
2013-09-24 04:08:37 AAA7D53D228E76B4291AC61E987BB058 247808 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03644\ConfigFiles\avguidx.dll
2013-09-24 04:08:37 83B017935870D4ADA363EC59D3488D6B 157000 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03644\CommonFiles\AVG SafeGuard toolbar\SiteSafety.dll
2013-09-24 04:08:37 5235D84702262FC9BCF1A35B261CC1CE 37720 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03644\CommonFiles\AVG SafeGuard toolbar\avgtpx64.sys
2013-09-24 04:08:37 2F55CAAC94D302C5373FF317DB644D28 568648 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03644\CommonFiles\AVG SafeGuard toolbar\avgdttbx.dll
2013-09-24 04:08:37 2F1CB7371568776FC578FEB8510148B0 562504 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03644\CommonFiles\AVG SafeGuard toolbar\AVGRewardsWorker.dll
2013-09-24 04:08:37 139723C3A6EB619CBD62ABB437E930DF 31576 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03644\CommonFiles\AVG SafeGuard toolbar\avgtpx86.sys
2013-09-24 04:08:37 0DE164BCD7ACAF98D12985CAA606B099 565576 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03644\CommonFiles\AVG SafeGuard toolbar\npsitesafety.dll
2013-09-24 04:08:36 FFA46363EC9CE2572B39F96CC8BBB7D4 146248 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03644\CommonFiles\AVG SafeGuard toolbar\DriverInstaller_64.exe
2013-09-24 04:08:36 F38DBF287B64358BD10FD002DC91C512 1175368 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03644\avg-secure-search-installer.exe
2013-09-24 04:08:36 ED1A74F529D0829CF28DB53E33A58F38 1014600 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03644\ProgFiles\AVG SafeGuard toolbar\Uninstall.exe
2013-09-24 04:08:36 BC39FCA7E32300ECBAEE98E75C4FBD0F 1883976 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03644\ProgFiles\AVG SafeGuard toolbar\14.0.0.12\AVG SafeGuard toolbar_toolbar.dll
2013-09-24 04:08:36 B6C65F3EDBD95E9B61694B86269F7D2E 652616 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03644\ProgFiles\AVG SafeGuard toolbar\lip.exe
2013-09-24 04:08:36 78F4402803F507A8EB978649CC3984E1 464200 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03644\CommonFiles\AVG SafeGuard toolbar\DriverInstaller.exe
2013-09-24 04:08:36 5E299254DE2A70D7DBCEDE30D6462052 1100616 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03644\ProgFiles\AVG SafeGuard toolbar\vprot.exe
2013-09-24 04:08:36 486D0F932FF8A272C778A1E748A61A57 1180488 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03644\CommonFiles\AVG SafeGuard toolbar\ScriptHelper.exe
2013-09-24 04:08:36 301CFD154D004E5BC5EC092D86ADC5DB 945480 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03644\CommonFiles\AVG SafeGuard toolbar\ToolbarUpdater.exe
2013-09-24 04:08:36 07DA2495C8911208579FFBBF0568E232 509256 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03644\ProgFiles\AVG SafeGuard toolbar\PostInstall.exe
2013-09-24 04:08:36 05AF2D045031BD83A5D988910F2AACF0 157000 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03644\ConfigFiles\MachineIdCreator.exe
2013-09-24 04:01:12 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\Anam\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
====== Java Cache =====
====== C:\Windows\system32 =====
2013-09-24 04:06:58 67EC459E42D3081DD8FD34356F7CAFC1 770384 ----a-w- C:\Windows\System32\msvcr100.dll
2013-09-24 04:06:58 03E9314004F504A14A61C3D364B62F66 421200 ----a-w- C:\Windows\System32\msvcp100.dll
====== C:\Windows\system32\drivers =====
2013-09-27 02:07:33 4470E3C1E0C3378E4CAB137893C12C3A 22856 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-09-24 04:08:59 F798F61B3B5642D7086B96A891B129D2 37664 ----a-w- C:\Windows\System32\drivers\avgtpx86.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C: =====
====== C:\Users\Anam\AppData\Roaming ======
2013-09-24 04:06:50 -------- d-----w- C:\Users\Anam\AppData\Locallow\Temp
2013-09-10 21:54:59 -------- d-s---w- C:\Windows\serviceprofiles\networkservice\AppData\Locallow\Microsoft
====== C:\Users\Anam ======
2013-09-27 20:23:34 17C8BF490CA207D06EF2A0EC84F47191 1042066 ----a-w- C:\Users\Anam\Downloads\adwcleaner.exe
2013-09-27 02:06:05 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\Anam\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-27 02:00:13 482CBA6D1C944A314AC9715F6754DF79 80456 ----a-w- C:\Users\Anam\Downloads\mbam-clean-1.60.2.0003(1).exe
2013-09-27 01:57:02 482CBA6D1C944A314AC9715F6754DF79 80456 ----a-w- C:\Users\Anam\Downloads\mbam-clean-1.60.2.0003.exe
2013-09-24 04:08:04 9CAEC4452CB20FD0BCF56868B94B96C9 592856 ----a-w- C:\Users\Anam\Downloads\cbsidlm-tr1_15-AdwCleaner-SEO-75851221.exe
2013-09-24 04:01:03 64C1A0E3E5B08FAFD6B4678B3A90BE1F 1030038 ----a-w- C:\Users\Anam\Downloads\JRT.exe
====== C: exe-files ==
2013-09-27 20:23:34 17C8BF490CA207D06EF2A0EC84F47191 1042066 ----a-w- C:\Users\Anam\Downloads\adwcleaner.exe
2013-09-27 20:18:45 454B3B87A9B31FD96E37A76379FE7EE9 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-587149693-440183245-2185910456-1000\$I9H3U3B.exe
2013-09-27 02:06:05 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\Anam\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-27 02:00:13 482CBA6D1C944A314AC9715F6754DF79 80456 ----a-w- C:\Users\Anam\Downloads\mbam-clean-1.60.2.0003(1).exe
2013-09-27 01:57:02 482CBA6D1C944A314AC9715F6754DF79 80456 ----a-w- C:\Users\Anam\Downloads\mbam-clean-1.60.2.0003.exe
2013-09-24 04:24:47 17C8BF490CA207D06EF2A0EC84F47191 1042066 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-587149693-440183245-2185910456-1000\$R9H3U3B.exe
2013-09-24 04:10:09 A205551E7BA8580D2C0FF896A4D79FA9 460248 ----a-w- C:\Users\Anam\AppData\Local\Temp\_is73C8.exe
2013-09-24 04:08:48 E24B539E8B4F7FBAE1EC785809690C40 2285232 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03876\ProgFiles\AVG SafeGuard toolbar\vprot.exe
2013-09-24 04:08:48 DEB90E51DD0F6B9F087C1972CC796489 920240 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03876\ProgFiles\AVG SafeGuard toolbar\lip.exe
2013-09-24 04:08:48 D617A2BFA86001819D20ADCF0BC20719 1822896 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03876\ProgFiles\AVG SafeGuard toolbar\Uninstall.exe
2013-09-24 04:08:48 BEA34C09A21490C8BBE89167967FAC26 641200 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03876\ProgFiles\AVG SafeGuard toolbar\PostInstall.exe
2013-09-24 04:08:48 4F3A274E95A94E196AC224E1646E8013 147120 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03876\CommonFiles\AVG SafeGuard toolbar\DriverInstaller_64.exe
2013-09-24 04:08:48 308598FF177676648E043CE28E09FCCD 2267824 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03876\CommonFiles\AVG SafeGuard toolbar\ScriptHelper.exe
2013-09-24 04:08:48 2F208AD0E44992E5FF1CB7C6B699C263 1616048 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03876\CommonFiles\AVG SafeGuard toolbar\ToolbarUpdater.exe
2013-09-24 04:08:48 2F1CE0072D1FFC72048D9544452C939F 572592 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03876\ConfigFiles\MachineIdCreator.exe
2013-09-24 04:08:47 9A413B46E4035E5793FDF81EBA71EB55 2196656 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03876\avg-secure-search-installer.exe
2013-09-24 04:08:47 7BA1BAD7FD40CEAA0F0902BC0D92DFB0 640176 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03876\CommonFiles\AVG SafeGuard toolbar\DriverInstaller.exe
2013-09-24 04:08:44 C4CB0D49D9146DBE7D2AC76B5BE015BA 4540440 ----a-w- C:\Users\Anam\AppData\Local\Temp\oi_{F0BA9F46-E491-420E-ACE6-67B18BCBAC6A}.exe
2013-09-24 04:08:36 FFA46363EC9CE2572B39F96CC8BBB7D4 146248 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03644\CommonFiles\AVG SafeGuard toolbar\DriverInstaller_64.exe
2013-09-24 04:08:36 F38DBF287B64358BD10FD002DC91C512 1175368 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03644\avg-secure-search-installer.exe
2013-09-24 04:08:36 ED1A74F529D0829CF28DB53E33A58F38 1014600 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03644\ProgFiles\AVG SafeGuard toolbar\Uninstall.exe
2013-09-24 04:08:36 B6C65F3EDBD95E9B61694B86269F7D2E 652616 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03644\ProgFiles\AVG SafeGuard toolbar\lip.exe
2013-09-24 04:08:36 78F4402803F507A8EB978649CC3984E1 464200 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03644\CommonFiles\AVG SafeGuard toolbar\DriverInstaller.exe
2013-09-24 04:08:36 5E299254DE2A70D7DBCEDE30D6462052 1100616 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03644\ProgFiles\AVG SafeGuard toolbar\vprot.exe
2013-09-24 04:08:36 486D0F932FF8A272C778A1E748A61A57 1180488 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03644\CommonFiles\AVG SafeGuard toolbar\ScriptHelper.exe
2013-09-24 04:08:36 301CFD154D004E5BC5EC092D86ADC5DB 945480 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03644\CommonFiles\AVG SafeGuard toolbar\ToolbarUpdater.exe
2013-09-24 04:08:36 07DA2495C8911208579FFBBF0568E232 509256 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03644\ProgFiles\AVG SafeGuard toolbar\PostInstall.exe
2013-09-24 04:08:36 05AF2D045031BD83A5D988910F2AACF0 157000 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03644\ConfigFiles\MachineIdCreator.exe
2013-09-24 04:08:04 9CAEC4452CB20FD0BCF56868B94B96C9 592856 ----a-w- C:\Users\Anam\Downloads\cbsidlm-tr1_15-AdwCleaner-SEO-75851221.exe
2013-09-24 04:01:12 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\Anam\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
2013-09-24 04:01:03 64C1A0E3E5B08FAFD6B4678B3A90BE1F 1030038 ----a-w- C:\Users\Anam\Downloads\JRT.exe
=== C: other files ==
2013-09-27 02:07:33 4470E3C1E0C3378E4CAB137893C12C3A 22856 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-09-24 04:08:59 F798F61B3B5642D7086B96A891B129D2 37664 ----a-w- C:\Windows\System32\drivers\avgtpx86.sys
2013-09-24 04:08:49 F798F61B3B5642D7086B96A891B129D2 37664 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03876\CommonFiles\AVG SafeGuard toolbar\avgtpx86.sys
2013-09-24 04:08:49 0B2520AA90C20971BDB45AE6F3047E0F 45856 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03876\CommonFiles\AVG SafeGuard toolbar\avgtpx64.sys
2013-09-24 04:08:46 A18651DEEC522D0C3362266A26A8CC97 257159 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03876\ProgData\AVG SafeGuard toolbar\ChromeExt\15.4.0.5\avg.crx
2013-09-24 04:08:46 264F8E1A89771B80D9F2985A68BAA8C3 178115 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03876\ProgFiles\AVG SafeGuard toolbar\data.zip
2013-09-24 04:08:37 5235D84702262FC9BCF1A35B261CC1CE 37720 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03644\CommonFiles\AVG SafeGuard toolbar\avgtpx64.sys
2013-09-24 04:08:37 139723C3A6EB619CBD62ABB437E930DF 31576 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03644\CommonFiles\AVG SafeGuard toolbar\avgtpx86.sys
2013-09-24 04:08:36 7DD13BC2983BC384F5883F97BA0149F9 180659 ----a-w- C:\Users\Anam\AppData\Local\Temp\avg_a03644\ProgData\AVG SafeGuard toolbar\ChromeExt\14.0.0.12\avg.crx
2013-09-24 04:01:12 FDB9CF820305FE44231763042642F7A6 12733 ----a-w- C:\Users\Anam\AppData\Local\Temp\jrt\searchlnk.bat
2013-09-24 04:01:12 E0589EF14B8B620FE8754D61C1538F9D 152206 ----a-w- C:\Users\Anam\AppData\Local\Temp\jrt\firefox.bat
2013-09-24 04:01:12 D1D3FD0499CAD7C6CC982D84420C1B7C 16063 ----a-w- C:\Users\Anam\AppData\Local\Temp\jrt\get.bat
2013-09-24 04:01:12 CC6C23C02BE66014AD87F2678BBB3A1D 8117 ----a-w- C:\Users\Anam\AppData\Local\Temp\jrt\modules.bat
2013-09-24 04:01:12 B964B792D3692699CD7D4FDB63EE470E 1239 ----a-w- C:\Users\Anam\AppData\Local\Temp\jrt\FWPolicy.bat
2013-09-24 04:01:12 B45931E5313CB14CAA0F2BC3DA30E6FC 29648 ----a-w- C:\Users\Anam\AppData\Local\Temp\jrt\ask.bat
2013-09-24 04:01:12 8A5F66FA7FEC2E9BE70081BEA85CF380 10261 ----a-w- C:\Users\Anam\AppData\Local\Temp\jrt\JRT.bat
2013-09-24 04:01:12 80D02380F1AC33E459324B088392A1EC 732 ----a-w- C:\Users\Anam\AppData\Local\Temp\jrt\ev_clear.bat
2013-09-24 04:01:12 654E9FE74B930A454EE5BDE165794B65 85 ----a-w- C:\Users\Anam\AppData\Local\Temp\jrt\delorphans.bat
2013-09-24 04:01:12 603595734D290C73FA40EDA1ACADF265 14973 ----a-w- C:\Users\Anam\AppData\Local\Temp\jrt\chrome.bat
2013-09-24 04:01:12 58605DA3492FB918D3D40B1FB88046AE 39471 ----a-w- C:\Users\Anam\AppData\Local\Temp\jrt\prelim.bat
2013-09-24 04:01:12 4A6E641AAC6D55A22B86A0753C6B8667 146539 ----a-w- C:\Users\Anam\AppData\Local\Temp\jrt\misc.bat
2013-09-24 04:01:12 1FBF882AA934A741530741FC134872A3 1243 ----a-w- C:\Users\Anam\AppData\Local\Temp\jrt\TDL4.bat
2013-09-24 04:01:12 14D6EE8B672684E2232FB430D8C4A928 18668 ----a-w- C:\Users\Anam\AppData\Local\Temp\jrt\medfos.bat
2013-09-24 04:01:12 1277E771E8BF193B4C64BA5BAE6A424E 8398 ----a-w- C:\Users\Anam\AppData\Local\Temp\jrt\runvalues.bat
2013-09-24 04:01:12 0768E560CCD86C18F35FAD29DCEA7B80 1820 ----a-w- C:\Users\Anam\AppData\Local\Temp\jrt\delfolders.bat
2013-09-24 04:01:12 05B282816F9DB49C325A5D88ECF0D9A1 29932 ----a-w- C:\Users\Anam\AppData\Local\Temp\jrt\iexplore.bat
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem"
[HKEY_USERS\S-1-5-21-587149693-440183245-2185910456-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="TOSCDSPD.EXE"
"Akamai NetSession Interface"="C:\Users\Anam\AppData\Local\Akamai\netsession_win.exe"
"Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun"
[HKEY_USERS\S-1-5-21-587149693-440183245-2185910456-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"924_1930563102704"="C:\Users\Anam\AppData\Local\LogMeIn Rescue Applet\LMIR0002.tmp_r.bat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"RtHDVCpl"="RtHDVCpl.exe"
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"NDSTray.exe"="NDSTray.exe"
"cfFncEnabler.exe"="cfFncEnabler.exe"
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe -atboottime"
"snp2std"="C:\Windows\vsnp2std.exe"
"AVG_TRAY"="C:\Program Files\AVG\AVG2012\avgtray.exe"
"AdobeAAMUpdater-1.0"="C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon"
"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon"
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe"
"TPwrMain"="%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE"
"HSON"="%ProgramFiles%\TOSHIBA\TBS\HSON.exe "
"SmoothView"="%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe "
"00TCrdMain"="%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe "
"Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent"
"Malwarebytes Anti-Malware (cleanup)"="rundll32.exe C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll,ProcessCleanupScript"
"924_1930298102704"="C:\Users\Anam\AppData\Local\LogMeIn Rescue Applet\LMIR0003.tmp_r.bat"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="TOSCDSPD.EXE"
"Akamai NetSession Interface"="C:\Users\Anam\AppData\Local\Akamai\netsession_win.exe"
"Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"924_1930563102704"="C:\Users\Anam\AppData\Local\LogMeIn Rescue Applet\LMIR0002.tmp_r.bat"
==== Startup Folders ======================
2011-09-26 03:34:33 1882 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
==== Task Scheduler Jobs ======================
C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job --a------ C:\Windows\TEMP\52375223-1E16-4178-8570-64551329A3E6.exe []
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [11/19/2011 05:14 PM]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [11/19/2011 05:14 PM]
==== Firefox Extensions ======================
ProfilePath: C:\Users\Anam\AppData\Roaming\Mozilla\Firefox\Profiles\me0sl4d0.default
- BetterPrivacy - %ProfilePath%\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
ProfilePath: C:\Users\Nadia\AppData\Roaming\Mozilla\Firefox\Profiles\djofqw49.default
- Hide My Ass Proxy Extension - %ProfilePath%\extensions\extension@hidemyass.com.xpi
- BetterPrivacy - %ProfilePath%\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
AppDir: C:\Program Files\Mozilla Firefox
- Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
==== Firefox Plugins ======================
Profilepath: C:\Users\Anam\AppData\Roaming\Mozilla\Firefox\Profiles\me0sl4d0.default
101700E93EB905992B518256CB441829 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll - Google Update
AE1971EEAD01BEEE155F0EBB4B09D2D7 - C:\Program Files\QuickTime\Plugins\npqtplugin7.dll - QuickTime Plug-in 7.7
2F7E933613F278A713F45E51B9BFE954 - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 7.7
BD879D8AFBCCAB1F957904168D9CD6D8 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7
21EF01CBD2E5D126D51EF8FFDBB98390 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7
01986158921B5064631F6C47A998FD99 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7
15A10AEA93A48B82E7AF02B6F32D3564 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7
534FB04D167CE2B8DE6E180A23646074 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7
5AD4E19D583FA285F4B5CCB7784A28C2 - C:\Windows\system32\Macromed\Flash\NPSWF32.dll - Shockwave Flash
D8A3FDE47CBDC2D6DFAC14243050526B - C:\Program Files\Microsoft\Web Platform Installer\NPWPIDetector.dll - WPI Detector 1.4
CE252B04FB9F4F773A7DB5338BFEEA5B - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL - CANON iMAGE GATEWAY Album Plugin Utility
AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
6DE7BF0DADC0881F7ED82D9FCC998B89 - C:\Program Files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll - Adobe Acrobat
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Default_Page_URL"="http://www.toshibadirect.com/dpdstart"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.yahoo.com/?ilc=8"
"Default_Page_URL"="http://www.yahoo.com/?ilc=8"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{77695E20-8E65-4041-88A5-33787F75BAEA} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSHB_enUS450"
==== Empty IE Cache ======================
C:\Users\Anam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Anam\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Nadia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Nadia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Anam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
C:\Users\Anam\AppData\Local\Mozilla\Firefox\Profiles\me0sl4d0.default\Cache emptied successfully
C:\Users\Nadia\AppData\Local\Mozilla\Firefox\Profiles\djofqw49.default\Cache emptied successfully
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Anam\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\Anam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
==== EOF on Fri 09/27/2013 at 16:41:28.26 ======================
-
Please help you guys,
I have a Laptop Toshiba Sattelite L305 and I downloaded AdwCleaner and when it restarted my computer, I noticed a Light Blue blank screen upon StartUp, but If I am using Safe Mode with Networking, I can surf the internet, it runs normal, but if I am on Normal mode restarting, it just goes to a Blank light blue screen. Please help me
I ran a scan on Malwarebytes and this is what I found. A whole bunch of PUP malware. Do you think this caused my Blank light blue screen upon Startup, it wont take me to my Desktop
!!!!!!!Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.09.26.09
Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Anam :: ANAM-PC [administrator]
9/26/2013 10:09:44 PM
mbam-log-2013-09-26 (22-09-44).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 213082
Time elapsed: 8 minute(s), 4 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 4
C:\Users\Anam\AppData\Local\Temp\ct3298566 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Anam\AppData\Local\Temp\ct3298566\xpi (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Anam\AppData\Local\Temp\ct3298566\xpi\defaults (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Anam\AppData\Local\Temp\ct3298566\xpi\defaults\preferences (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
Files Detected: 20
C:\Users\Anam\AppData\Local\Temp\Installer.exe (PUP.Optional.SmartBar.A) -> Quarantined and deleted successfully.
C:\Users\Anam\AppData\Local\Temp\MixiCND_CID2_20130716.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Anam\AppData\Local\Temp\SPStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Anam\AppData\Local\Temp\checktbexist.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Anam\AppData\Local\Temp\ct3298566\CT3298566.xpi (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Anam\AppData\Local\Temp\ct3298566\chromeid.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Anam\AppData\Local\Temp\ct3298566\conduit.xml (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Anam\AppData\Local\Temp\ct3298566\ctbe.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Anam\AppData\Local\Temp\ct3298566\ffLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Anam\AppData\Local\Temp\ct3298566\ieLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Anam\AppData\Local\Temp\ct3298566\setup.ini.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Anam\AppData\Local\Temp\ct3298566\spff.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Anam\AppData\Local\Temp\ct3298566\statisticsStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Anam\AppData\Local\Temp\ct3298566\stub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Anam\AppData\Local\Temp\ct3298566\version.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Anam\AppData\Local\Temp\ct3298566\xpi\defaults\preferences\defaults.js (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Anam\AppData\Local\Temp\ct3298566\xpi\install.rdf (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Anam\AppData\Local\Temp\mconduitinstaller.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Anam\Downloads\Setup(1).exe (PUP.Optional.iBryte) -> Quarantined and deleted successfully.
C:\Users\Anam\Downloads\Setup.exe (PUP.Optional.iBryte) -> Quarantined and deleted successfully.
-
Hey Borislav!! Its gotten faster when surfing the web!!! Thank you so so much... But I noticed afew things, When I boot my system XP- it takes soooooooooooooo LONG for it to load to the desktop screen..Is there a 3rd party or something happening inside my computer??? or maybe a program??? I am confused. Can u help me out on that???
!
Here are the following logs you've requested:
VIRUS/ SLOW COMPUTER! PLZ HELP!
in Resolved Malware Removal Logs
Posted
Hi there!!!
Can someone please help me with my computer. I am having problems with how slow and long it takes to open the internet browser. I also feel like I may possibly have a virus since it redirects me to unknown websites such as Wow.com . I have programs that I haven't even heard of! I would greatly appreciate if yu could help me speed my internet and miminize any unnecessary programs. Thanks