Jump to content

Am I infected?


Recommended Posts

Noticed that my virtual machine s running slower than usual, and sometimes I get random popups that show up on the screen. Ran a FRST scan and got these results:

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-10-2015 02

Ran by IEUser (administrator) on IE8WINXP (25-10-2015 13:51:38)
Running from Z:\Downloads
Loaded Profiles: IEUser (Available Profiles: IEUser)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\vmacthlp.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\vmtoolsd.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\vmtoolsd.exe
(Microsoft Corporation) C:\WINDOWS\system32\wpabaln.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
(Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\wmiadap.exe
(BitTorrent Inc.) C:\Documents and Settings\IEUser\Application Data\BitTorrent\BitTorrent.exe
(BitTorrent Inc.) C:\Documents and Settings\IEUser\Application Data\BitTorrent\updates\7.9.5_41203\utorrentie.exe
(BitTorrent Inc.) C:\Documents and Settings\IEUser\Application Data\BitTorrent\updates\7.9.5_41203\utorrentie.exe
() C:\Program Files\WajaIntEn\wajam.exe
() C:\Program Files\WajaIntEn\wajam.exe
Failed to access process -> setup (1).exe
() C:\DOCUME~1\IEUser\LOCALS~1\Temp\fuf33D.exe
Failed to access process -> FRST.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [bluetoothAuthenticationAgent] => rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
HKLM\...\Run: [VMware User Process] => C:\Program Files\VMware\VMware Tools\vmtoolsd.exe [64192 2015-08-11] (VMware, Inc.)
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
Winlogon\Notify\TPSvc: C:\WINDOWS\system32\TPSvc.dll [2015-08-11] (ThinPrint GmbH)
Winlogon\Notify\VMUpgradeAtShutdown: C:\WINDOWS\system32\VMUpgradeAtShutdownWXP.dll [2015-08-11] (VMware, Inc.)
HKU\S-1-5-21-776561741-308236825-1417001333-1003\...\Run: [bitTorrent] => C:\Documents and Settings\IEUser\Application Data\BitTorrent\BitTorrent.exe [1981032 2015-10-25] (BitTorrent Inc.)
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.110.2
Tcpip\..\Interfaces\{57E37332-7C88-4F1F-B880-68369ECE07CD}: [DhcpNameServer] 192.168.110.2
Tcpip\..\Interfaces\{C83D2DB0-8C89-4CFB-B526-B4E1A5B9D0F3}: [DhcpNameServer] 192.168.0.1 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{F989EB7D-5C34-4EC8-8244-9AF9E3F6CC86}: [DhcpNameServer] 192.168.0.251 192.168.0.248 192.168.0.1
 
Internet Explorer:
==================
HKU\S-1-5-21-776561741-308236825-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.yahoo.com/?type=502468&fr=spigot-yhp-ie
HKU\S-1-5-21-776561741-308236825-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-776561741-308236825-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.modern.ie/vmhome?IEVersion=8&GuestOS=XP&VirtPlatform=VMware&VirtOS=Windows&VMBuild=20141027
SearchScopes: HKU\S-1-5-21-776561741-308236825-1417001333-1003 -> DefaultScope {A0FAEC8C-6999-4447-A50B-FA6427DEA21B} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=502468&p={searchTerms}
SearchScopes: HKU\S-1-5-21-776561741-308236825-1417001333-1003 -> {A0FAEC8C-6999-4447-A50B-FA6427DEA21B} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=502468&p={searchTerms}
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_65\bin\ssv.dll [2015-10-25] (Oracle Corporation)
BHO: IE Developer Toolbar BHO -> {CC7E636D-39AA-49b6-B511-65413DA137A1} -> C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll [2010-04-27] (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-25] (Oracle Corporation)
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\IEUser\Application Data\Mozilla\Firefox\Profiles\qmp0v37i.default
FF Homepage: hxxps://search.yahoo.com/?type=502468&fr=spigot-yhp-ff
FF Plugin: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-25] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-25] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-25] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-10-25] [not signed]
 
Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=chr-yo_gc&ei=utf-8&ilc=12&type=502468&p={searchTerms}
CHR DefaultSearchKeyword: Default -> yahoo.com Search
CHR DefaultSuggestURL: Default -> hxxps://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
CHR Profile: C:\Documents and Settings\IEUser\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Documents and Settings\IEUser\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-25]
CHR Extension: (Google Docs) - C:\Documents and Settings\IEUser\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-25]
CHR Extension: (Google Drive) - C:\Documents and Settings\IEUser\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-25]
CHR Extension: (YouTube) - C:\Documents and Settings\IEUser\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-25]
CHR Extension: (Google Search) - C:\Documents and Settings\IEUser\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-25]
CHR Extension: (Google Sheets) - C:\Documents and Settings\IEUser\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-25]
CHR Extension: (Google Docs Offline) - C:\Documents and Settings\IEUser\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-10-25]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\IEUser\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-25]
CHR Extension: (Gmail) - C:\Documents and Settings\IEUser\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-25]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 spupdsvc; C:\WINDOWS\system32\spupdsvc.exe [26144 2009-01-07] (Microsoft Corporation)
S3 TPAutoConnSvc; C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe [2179800 2015-08-11] (Cortado AG)
S3 TPVCGateway; C:\Program Files\VMware\VMware Tools\TPVCGateway.exe [1875128 2015-08-11] (Cortado AG)
R2 VGAuthService; C:\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe [135168 2015-08-11] (VMware, Inc.) [File not signed]
R2 VMware Physical Disk Helper Service; C:\Program Files\VMware\VMware Tools\vmacthlp.exe [414912 2015-08-11] (VMware, Inc.)
R2 WajaIntEn Monitor; C:\Program Files\WajaIntEn\Wajam.exe [1805312 2015-10-22] () [File not signed]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ac97intc; C:\WINDOWS\System32\drivers\ac97intc.sys [96256 2001-08-17] (Intel Corporation)
R3 es1371; C:\WINDOWS\System32\drivers\es1371mp.sys [40704 2001-08-17] (Creative Technology Ltd.)
R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-14] (Microsoft Corporation)
S3 netvsc; C:\WINDOWS\System32\DRIVERS\netvsc50.sys [39040 2012-07-25] (Microsoft Corporation)
S3 SynthVid; C:\WINDOWS\System32\DRIVERS\VMBusVideoM.sys [18048 2012-07-25] (Microsoft Corporation)
R2 VMMEMCTL; C:\Program Files\Common Files\VMware\Drivers\memctl\vmmemctl.sys [18648 2015-08-11] (VMware, Inc.)
R0 vmscsi; C:\WINDOWS\System32\DRIVERS\vmscsi.sys [14232 2014-03-21] (VMware, Inc.)
R3 vmusbmouse; C:\WINDOWS\System32\DRIVERS\vmusbmouse.sys [11928 2014-03-21] (VMware, Inc.)
R3 vmxnet; C:\WINDOWS\System32\DRIVERS\vmxnet.sys [30064 2014-03-21] (VMware, Inc.)
R3 vmx_svga; C:\WINDOWS\System32\DRIVERS\vmx_svga.sys [72256 2015-08-11] (VMware, Inc.)
R0 vsock; C:\WINDOWS\System32\drivers\vsock.sys [64448 2015-08-11] (VMware, Inc.)
 
========================== Drivers MD5 =======================
 
C:\WINDOWS\System32\drivers\ac97intc.sys 0F2D66D5F08EBE2F77BB904288DCF6F0
C:\WINDOWS\System32\DRIVERS\ACPI.sys 8FD99680A539792A30E97944FDAECF17
C:\WINDOWS\system32\Drivers\ACPIEC.sys 9859C0F6936E723E4892D7141B1327D5
C:\WINDOWS\System32\drivers\aec.sys 8BED39E3C35D6A489438B8141717A557
C:\WINDOWS\System32\drivers\afd.sys 1E44BC1E83D8FD2305F8D452DB109CF9
C:\WINDOWS\System32\DRIVERS\agp440.sys 08FD04AA961BDC77FB983F328334E3D7
C:\WINDOWS\System32\DRIVERS\asyncmac.sys B153AFFAC761E7F5FCFA822B9C4E97BC
C:\WINDOWS\System32\DRIVERS\atapi.sys 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\System32\DRIVERS\atmarpc.sys 9916C1225104BA14794209CFA8012159
C:\WINDOWS\System32\DRIVERS\audstub.sys D9F724AA26C010A217C97606B160ED68
C:\WINDOWS\system32\Drivers\Beep.sys DA1F27D85E0D1525F6621372E7B685E9
C:\WINDOWS\System32\DRIVERS\BthEnum.sys B279426E3C0C344893ED78A613A73BDE
C:\WINDOWS\System32\DRIVERS\bthpan.sys 80602B8746D3738F5886CE3D67EF06B6
C:\WINDOWS\System32\Drivers\BTHport.sys 662BFD909447DD9CC15B1A1C366583B4
C:\WINDOWS\System32\Drivers\BTHUSB.sys 61364CD71EF63B0F038B7E9DF00F1EFA
C:\WINDOWS\system32\Drivers\cbidf2k.sys 90A673FC8E12A79AFBED2576F6A7AAF9
C:\WINDOWS\system32\Drivers\Cdaudio.sys C1B486A7658353D33A10CC15211A873B
C:\WINDOWS\system32\Drivers\Cdfs.sys C885B02847F5D2FD45A24E219ED93B32
C:\WINDOWS\System32\DRIVERS\cdrom.sys 1F4260CC5B42272D71F79E570A27A4FE
C:\WINDOWS\System32\DRIVERS\CmBatt.sys 0F6C187D38D98F8DF904589A5F94D411
C:\WINDOWS\System32\DRIVERS\compbatt.sys 6E4C9F21F0FAE8940661144F41B13203
C:\WINDOWS\System32\DRIVERS\disk.sys 044452051F3E02E7963599FC8F4F3E25
C:\WINDOWS\System32\drivers\dmboot.sys D992FE1274BDE0F84AD826ACAE022A41
C:\WINDOWS\System32\drivers\dmio.sys 7C824CF7BBDE77D95C08005717A95F6F
C:\WINDOWS\System32\drivers\dmload.sys E9317282A63CA4D188C0DF5E09C6AC5F
C:\WINDOWS\System32\drivers\DMusic.sys 8A208DFCF89792A484E76C40E5F50B45
C:\WINDOWS\System32\drivers\drmkaud.sys 8F5FCFF8E8848AFAC920905FBD9D33C8
C:\WINDOWS\System32\drivers\es1371mp.sys A55DD7D8CED5D2624A9EE2DDA7BE0319
C:\WINDOWS\system32\Drivers\Fastfat.sys 38D332A6D56AF32635675F132548343E
C:\WINDOWS\System32\DRIVERS\fdc.sys 92CDD60B6730B9F50F6A1A0C1F8CDC81
C:\WINDOWS\system32\Drivers\Fips.sys D45926117EB9FA946A6AF572FBE1CAA3
C:\WINDOWS\System32\DRIVERS\flpydisk.sys 9D27E7B80BFCDF1CDD9B555862D5E7F0
C:\WINDOWS\System32\DRIVERS\fltMgr.sys B2CF4B0786F8212CB92ED2B50C6DB6B0
C:\WINDOWS\system32\Drivers\Fs_Rec.sys 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A
C:\WINDOWS\System32\DRIVERS\ftdisk.sys 6AC26732762483366C3969C9E4D2259D
C:\WINDOWS\System32\DRIVERS\gameenum.sys 065639773D8B03F33577F6CDAEA21063
C:\WINDOWS\System32\DRIVERS\msgpc.sys 0A02C63C8B144BD8C86B103DEE7C86A2
C:\WINDOWS\System32\DRIVERS\hidusb.sys CCF82C5EC8A7326C3066DE870C06DAF1
C:\WINDOWS\System32\Drivers\HTTP.sys F80A415EF82CD06FFAF0D971528EAD38
C:\WINDOWS\System32\DRIVERS\i8042prt.sys 4A0B06AA8943C1E332520F7440C0AA30
C:\WINDOWS\System32\DRIVERS\imapi.sys 083A052659F5310DD8B6A6CB05EDCF8E
C:\WINDOWS\System32\DRIVERS\intelide.sys B5466A9250342A7AA0CD1FBA13420678
C:\WINDOWS\System32\DRIVERS\intelppm.sys 8C953733D8F36EB2133F5BB58808B66B
C:\WINDOWS\System32\DRIVERS\Ip6Fw.sys 3BB22519A194418D5FEC05D800A19AD0
C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys 731F22BA402EE4B62748ADAF6363C182
C:\WINDOWS\System32\DRIVERS\ipinip.sys B87AB476DCF76E72010632B5550955F5
C:\WINDOWS\System32\DRIVERS\ipnat.sys CC748EA12C6EFFDE940EE98098BF96BB
C:\WINDOWS\System32\DRIVERS\ipsec.sys 23C74D75E36E7158768DD63D92789A91
C:\WINDOWS\System32\DRIVERS\irenum.sys C93C9FF7B04D772627A3646D89F7BF89
C:\WINDOWS\System32\DRIVERS\isapnp.sys 05A299EC56E52649B1CF2FC52D20F2D7
C:\WINDOWS\System32\DRIVERS\kbdclass.sys 463C1EC80CD17420A542B7F36A36F128
C:\WINDOWS\System32\drivers\kmixer.sys 692BCF44383D056AED41B045A323D378
C:\WINDOWS\system32\Drivers\KSecDD.sys B467646C54CC746128904E1654C750C1
C:\WINDOWS\system32\Drivers\mnmdd.sys 4AE068242760A1FB6E1A44BF4E16AFA6
C:\WINDOWS\system32\Drivers\Modem.sys DFCBAD3CEC1C5F964962AE10E0BCC8E1
C:\WINDOWS\System32\DRIVERS\mouclass.sys 35C9E97194C8CFB8430125F8DBC34D04
C:\WINDOWS\System32\DRIVERS\mouhid.sys B1C303E17FB9D46E87A98E4BA6769685
C:\WINDOWS\system32\Drivers\MountMgr.sys A80B9A0BAD1B73637DBCBBA7DF72D3FD
C:\WINDOWS\System32\DRIVERS\mrxdav.sys 11D42BB6206F33FBB3BA0288D3EF81BD
C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 7D304A5EB4344EBEEAB53A2FE3FFB9F0
C:\WINDOWS\system32\Drivers\Msfs.sys C941EA2454BA8350021D774DAF0F1027
C:\WINDOWS\System32\drivers\MSKSSRV.sys D1575E71568F4D9E14CA56B7B0453BF1
C:\WINDOWS\System32\drivers\MSPCLOCK.sys 325BB26842FC7CCC1FCCE2C457317F3E
C:\WINDOWS\System32\drivers\MSPQM.sys BAD59648BA099DA4A17680B39730CB3D
C:\WINDOWS\System32\DRIVERS\mssmbios.sys AF5F4F3F14A8EA2C26DE30F7A1E17136
C:\WINDOWS\system32\Drivers\Mup.sys DE6A75F5C270E756C5508D94B6CF68F5
C:\WINDOWS\system32\Drivers\NDIS.sys 1DF7F42665C94B825322FAE71721130D
C:\WINDOWS\System32\DRIVERS\ndistapi.sys 0109C4F3850DFBAB279542515386AE22
C:\WINDOWS\System32\DRIVERS\ndisuio.sys F927A4434C5028758A842943EF1A3849
C:\WINDOWS\System32\DRIVERS\ndiswan.sys EDC1531A49C80614B2CFDA43CA8659AB
C:\WINDOWS\system32\Drivers\NDProxy.sys 2F597BB467E05B1FE3830EABD821B8E0
C:\WINDOWS\System32\DRIVERS\netbios.sys 5D81CF9A2F1A3A756B66CF684911CDF0
C:\WINDOWS\System32\DRIVERS\netbt.sys 74B2B2F5BEA5E9A3DC021D685551BD3D
C:\WINDOWS\System32\DRIVERS\netvsc50.sys E7871E456EDC7FF519E92656E193AC71
C:\WINDOWS\system32\Drivers\Npfs.sys 3182D64AE053D6FB034F44B6DEF8034A
C:\WINDOWS\system32\Drivers\Ntfs.sys 78A08DD6A8D65E697C18E1DB01C5CDCA
C:\WINDOWS\system32\Drivers\Null.sys 73C1E1F395918BC2C6DD67AF7591A3AD
C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys B305F3FAD35083837EF46A0BBCE2FC57
C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys C99B3415198D1AAB7227F2C88FD664B9
C:\WINDOWS\System32\DRIVERS\parport.sys 5575FAF8F97CE5E713D108C2A58D7C7C
C:\WINDOWS\system32\Drivers\PartMgr.sys BEB3BA25197665D82EC7065B724171C6
C:\WINDOWS\system32\Drivers\ParVdm.sys 70E98B3FD8E963A6A46A2E6247E0BEA1
C:\WINDOWS\System32\DRIVERS\pci.sys A219903CCF74233761D92BEF471A07B1
C:\WINDOWS\system32\Drivers\Pcmcia.sys 9E89EF60E9EE05E3F2EEF2DA7397F1C1
C:\WINDOWS\System32\DRIVERS\pcntpci5.sys 7BC8027D56FAB153A987C56AE9835664
C:\WINDOWS\System32\DRIVERS\raspptp.sys EFEEC01B1D3CF84F16DDD24D9D9D8F99
C:\WINDOWS\System32\DRIVERS\psched.sys 09298EC810B07E5D582CB3A3F9255424
C:\WINDOWS\System32\DRIVERS\ptilink.sys 80D317BD1C3DBC5D4FE7B1678C60CADD
C:\WINDOWS\System32\DRIVERS\rasacd.sys FE0D99D6F31E4FAD8159F690D68DED9C
C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 11B4A627BC9614B885C4969BFA5FF8A6
C:\WINDOWS\System32\DRIVERS\raspppoe.sys 5BC962F2654137C9909C3D4603587DEE
C:\WINDOWS\System32\DRIVERS\raspti.sys FDBB1D60066FCFBB7452FD8F9829B242
C:\WINDOWS\System32\DRIVERS\rdbss.sys 7AD224AD1A1437FE28D89CF22B17780A
C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 4912D5B403614CE99C28420F75353332
C:\WINDOWS\System32\DRIVERS\rdpdr.sys 15CABD0F7C00C47C70124907916AF3F1
C:\WINDOWS\system32\Drivers\RDPWD.sys 43AF5212BD8FB5BA6EED9754358BD8F7
C:\WINDOWS\System32\DRIVERS\redbook.sys F828DD7E1419B6653894A8F97A0094C5
C:\WINDOWS\System32\DRIVERS\rfcomm.sys 851C30DF2807FCFA21E4C681A7D6440E
C:\WINDOWS\System32\DRIVERS\vms3cap.sys E21867D4A8FF3824150E56979E333610
C:\WINDOWS\System32\DRIVERS\secdrv.sys ==> MD5 is legit
C:\WINDOWS\System32\DRIVERS\serenum.sys 0F29512CCD6BEAD730039FB4BD2C85CE
C:\WINDOWS\System32\DRIVERS\serial.sys CCA207A8896D4C6A0C9CE29A4AE411A7
C:\WINDOWS\system32\Drivers\Sfloppy.sys 8E6B8C671615D126FDC553D1E2DE5562
C:\WINDOWS\System32\drivers\splitter.sys AB8B92451ECB048A4D1DE7C3FFCB4A9F
C:\WINDOWS\System32\DRIVERS\sr.sys 76BB022C2FB6902FD5BDD4F78FC13A5D
C:\WINDOWS\System32\DRIVERS\srv.sys 47DDFC2F003F7F9F0592C6874962A2E7
C:\WINDOWS\System32\DRIVERS\vmstorfl.sys B00DA575ADF228C1D33269CDE92A68EC
C:\WINDOWS\System32\DRIVERS\swenum.sys 3941D127AEF12E93ADDF6FE6EE027E0F
C:\WINDOWS\System32\drivers\swmidi.sys 8CE882BCC6CF8A62F2B2323D95CB3D01
C:\WINDOWS\System32\DRIVERS\VMBusVideoM.sys 06AEF473E7165799675BBC4E67AE3A67
C:\WINDOWS\System32\drivers\sysaudio.sys 8B83F3ED0F1688B4958F77CD6D2BF290
C:\WINDOWS\System32\DRIVERS\tcpip.sys 9AEFA14BD6B182D61E3119FA5F436D3D
C:\WINDOWS\system32\Drivers\TDPIPE.sys 6471A66807F5E104E4885F5B67349397
C:\WINDOWS\system32\Drivers\TDTCP.sys C56B6D0402371CF3700EB322EF3AAF61
C:\WINDOWS\System32\DRIVERS\termdd.sys 88155247177638048422893737429D9E
C:\WINDOWS\system32\Drivers\Udfs.sys 5787B80C2E3C5E2F56C2A233D91FA2C9
C:\WINDOWS\System32\DRIVERS\update.sys 402DDC88356B1BAC0EE3DD1580C76A31
C:\WINDOWS\System32\DRIVERS\usbccgp.sys 1B611611C28D2DF25BC057D79C6F13FC
C:\WINDOWS\System32\DRIVERS\usbehci.sys 4BAC8DF07F1D8434FC640E677A62204E
C:\WINDOWS\System32\DRIVERS\usbhub.sys 1AB3CDDE553B6E064D2E754EFE20285C
C:\WINDOWS\System32\DRIVERS\usbohci.sys 0DAECCE65366EA32B162F85F07C6753B
C:\WINDOWS\System32\DRIVERS\usbuhci.sys 26496F9DEE2D787FC3E61AD54821FFE6
C:\WINDOWS\System32\drivers\vga.sys 0D3A8FAFCEACD8B7625CD549757A7DF1
C:\WINDOWS\System32\DRIVERS\vmbus.sys 2E4777120FC246CCF76A69C7BB4AEF57
C:\WINDOWS\System32\DRIVERS\VMBusHID.sys FA7B57977E55B60409FD9E36FC57395C
C:\WINDOWS\System32\DRIVERS\vmci.sys D644FFEA14778DDA59BDA8492BCED4B6
C:\WINDOWS\System32\drivers\vmhgfs.sys 70601EEDA8FB7D0FEE37E85120E94259
C:\Program Files\Common Files\VMware\Drivers\memctl\vmmemctl.sys AB438ECEE3802022E11CDC5C6D1C11F3
C:\WINDOWS\System32\DRIVERS\vmmouse.sys B6983C9957C2F613BF1C392EF934EB18
C:\WINDOWS\System32\DRIVERS\vmscsi.sys 57351998FEF624E0192673AB7F59B624
C:\WINDOWS\System32\DRIVERS\vmusbmouse.sys 484CBCC4CCD0144E8410C17899441856
C:\WINDOWS\System32\DRIVERS\vmxnet.sys 1777CFEFB32BA77A444A0D1F0F733E6D
C:\WINDOWS\System32\DRIVERS\vmx_svga.sys 2D8FDAD302FF44BB1DC0460CBA7E1241
C:\WINDOWS\system32\Drivers\VolSnap.sys 4C8FCB5CC53AAB716D810740FE59D025
C:\WINDOWS\System32\drivers\vsock.sys E322652785D6DCA8FACC28EF45972367
C:\WINDOWS\System32\DRIVERS\wanarp.sys E20B95BAEDB550F32DD489265C1DA1F6
C:\WINDOWS\System32\Drivers\wdf01000.sys D918617B46457B9AC28027722E30F647
C:\WINDOWS\System32\drivers\wdmaud.sys 6768ACF64B18196494413695F0C3A00F
C:\WINDOWS\System32\drivers\ws2ifsl.sys 6ABE6E225ADB5A751622A9CC3BC19CE8
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Three Months Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-25 13:51 - 2015-10-25 13:51 - 00001538 _____ C:\Documents and Settings\IEUser\Desktop\MPC-HC.lnk
2015-10-25 13:51 - 2015-10-25 13:51 - 00000000 ____D C:\Program Files\MPC-HC
2015-10-25 13:51 - 2015-10-25 13:51 - 00000000 ____D C:\Documents and Settings\IEUser\Application Data\MPC-HC
2015-10-25 13:51 - 2015-10-25 13:51 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\MPC-HC
2015-10-25 13:49 - 2015-10-25 13:49 - 00000000 ____D C:\Documents and Settings\IEUser\Local Settings\Application Data\Mozilla
2015-10-25 13:49 - 2015-10-25 13:49 - 00000000 ____D C:\Documents and Settings\IEUser\Application Data\Mozilla
2015-10-25 13:48 - 2015-10-25 13:48 - 00002691 _____ C:\Documents and Settings\IEUser\Start Menu\BitTorrent.lnk
2015-10-25 13:48 - 2015-10-25 13:48 - 00002691 _____ C:\Documents and Settings\IEUser\Desktop\BitTorrent.lnk
2015-10-25 13:48 - 2015-10-25 13:48 - 00000000 ____D C:\Documents and Settings\IEUser\Application Data\RPEng
2015-10-25 13:48 - 2015-10-25 13:48 - 00000000 ____D C:\Documents and Settings\IEUser\Application Data\Macromedia
2015-10-25 13:48 - 2015-10-25 13:48 - 00000000 ____D C:\Documents and Settings\IEUser\Application Data\BitTorrent
2015-10-25 13:48 - 2015-10-25 13:48 - 00000000 ____D C:\Documents and Settings\IEUser\Application Data\Adobe
2015-10-25 13:47 - 2015-10-25 13:47 - 00064896 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2015-10-25 13:47 - 2015-10-25 13:47 - 00000000 ____D C:\WINDOWS\system32\XPSViewer
2015-10-25 13:47 - 2015-10-25 13:47 - 00000000 ____D C:\WINDOWS\ShellNew
2015-10-25 13:47 - 2015-10-25 13:47 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-10-25 13:47 - 2015-10-25 13:47 - 00000000 ____D C:\Program Files\MSBuild
2015-10-25 13:47 - 2015-10-25 13:47 - 00000000 ____D C:\Program Files\AutoHotkey
2015-10-25 13:47 - 2015-10-25 13:47 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AutoHotkey
2015-10-25 13:46 - 2015-10-25 13:49 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2015-10-25 13:46 - 2015-10-25 13:47 - 00000000 ____D C:\40894a330b7d484fb9
2015-10-25 13:46 - 2015-10-25 13:46 - 00000000 ____D C:\WINDOWS\LastGood
2015-10-25 13:46 - 2008-07-06 05:06 - 01676288 ____N (Microsoft Corporation) C:\WINDOWS\system32\xpssvcs.dll
2015-10-25 13:46 - 2008-07-06 05:06 - 01676288 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpssvcs.dll
2015-10-25 13:46 - 2008-07-06 05:06 - 00575488 ____N (Microsoft Corporation) C:\WINDOWS\system32\xpsshhdr.dll
2015-10-25 13:46 - 2008-07-06 05:06 - 00575488 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpsshhdr.dll
2015-10-25 13:46 - 2008-07-06 05:06 - 00117760 ____N (Microsoft Corporation) C:\WINDOWS\system32\prntvpt.dll
2015-10-25 13:46 - 2008-07-06 05:06 - 00089088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\filterpipelineprintproc.dll
2015-10-25 13:46 - 2008-07-06 03:50 - 00597504 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\printfilterpipelinesvc.exe
2015-10-25 13:45 - 2015-10-25 13:45 - 00000000 ____D C:\Program Files\GOG.com
2015-10-25 13:45 - 2015-10-25 13:45 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\GOG.com
2015-10-25 13:44 - 2015-10-25 13:44 - 00000000 ____D C:\Program Files\FreeMouseAutoClicker
2015-10-25 13:44 - 2015-10-25 13:44 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\FreeMouseAutoClicker
2015-10-25 13:40 - 2015-10-25 13:51 - 00000000 ____D C:\FRST
2015-10-25 13:40 - 2015-10-25 13:40 - 00001804 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2015-10-25 13:40 - 2015-10-25 13:40 - 00001734 _____ C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
2015-10-25 13:40 - 2015-10-25 13:40 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-10-25 13:40 - 2015-10-25 13:40 - 00000000 ____D C:\Program Files\Adobe
2015-10-25 13:36 - 2015-10-25 13:40 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe
2015-10-25 13:36 - 2015-10-25 13:36 - 00000000 ____D C:\Program Files\Common Files\Java
2015-10-25 13:31 - 2015-10-25 13:30 - 00146432 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2015-10-25 13:30 - 2015-10-25 13:49 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2015-10-25 13:30 - 2015-10-25 13:36 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Oracle
2015-10-25 13:30 - 2015-10-25 13:30 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2015-10-25 13:30 - 2015-10-25 13:30 - 00000000 ____D C:\Program Files\Java
2015-10-25 13:30 - 2015-10-25 13:30 - 00000000 ____D C:\Documents and Settings\IEUser\Local Settings\Application Data\Sun
2015-10-25 13:30 - 2015-10-25 13:30 - 00000000 ____D C:\Documents and Settings\IEUser\Application Data\Sun
2015-10-25 13:30 - 2015-10-25 13:30 - 00000000 ____D C:\Documents and Settings\IEUser\Application Data\Oracle
2015-10-25 13:30 - 2015-10-25 13:30 - 00000000 ____D C:\Documents and Settings\IEUser\.oracle_jre_usage
2015-10-25 13:30 - 2015-10-25 13:30 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java
2015-10-25 13:29 - 2015-10-25 13:29 - 00000730 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2015-10-25 13:29 - 2015-10-25 13:29 - 00000724 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2015-10-25 13:29 - 2015-10-25 13:29 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-10-25 13:29 - 2015-10-25 13:29 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-10-25 13:28 - 2015-10-25 13:34 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-25 13:28 - 2015-10-25 13:33 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-25 13:28 - 2015-10-25 13:28 - 00778440 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-10-25 13:28 - 2015-10-25 13:28 - 00142536 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-10-25 13:28 - 2015-10-25 13:28 - 00001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-10-25 13:28 - 2015-10-25 13:28 - 00000000 ____D C:\Program Files\Google
2015-10-25 13:28 - 2015-10-25 13:28 - 00000000 ____D C:\Documents and Settings\IEUser\Local Settings\Application Data\Google
2015-10-25 13:28 - 2015-10-25 13:28 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
2015-10-25 13:25 - 2015-10-25 13:25 - 00000000 ____D C:\Program Files\VMware
2015-10-25 13:25 - 2015-10-25 13:25 - 00000000 ____D C:\Program Files\Common Files\VMware
2015-10-25 13:25 - 2015-08-11 19:49 - 00017408 _____ (VMware, Inc.) C:\WINDOWS\system32\VMWSU_V1_0.DLL
2015-10-25 13:25 - 2015-08-11 17:14 - 00064448 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vsock.sys
2015-10-25 13:25 - 2015-08-11 17:14 - 00064192 _____ (VMware, Inc.) C:\WINDOWS\system32\vsocklib.dll
2015-08-11 19:54 - 2015-08-11 19:54 - 00286912 _____ (VMware, Inc.) C:\WINDOWS\system32\vmGuestLib.dll
2015-08-11 19:54 - 2015-08-11 19:54 - 00105664 _____ (VMware, Inc.) C:\WINDOWS\system32\VMUpgradeAtShutdownWXP.dll
2015-08-11 19:54 - 2015-08-11 19:54 - 00036544 _____ (VMware, Inc.) C:\WINDOWS\system32\vmGuestLibJava.dll
2015-08-11 19:17 - 2015-08-11 19:17 - 02042584 _____ (ThinPrint GmbH) C:\WINDOWS\system32\TPSvc.dll
2015-08-11 19:17 - 2015-08-11 19:17 - 01752280 _____ (Cortado AG) C:\WINDOWS\system32\TPVMMon.dll
2015-08-11 19:17 - 2015-08-11 19:17 - 00174296 _____ (ThinPrint GmbH) C:\WINDOWS\system32\tprdpw32.dll
2015-08-11 19:17 - 2015-08-11 19:17 - 00117976 _____ (Cortado AG) C:\WINDOWS\system32\TPVMW32.dll
2015-08-11 19:17 - 2015-08-11 19:17 - 00062168 _____ (Cortado AG) C:\WINDOWS\system32\TPVMMonUI.dll
2015-08-11 19:17 - 2015-08-11 19:17 - 00024792 _____ (Cortado AG) C:\WINDOWS\system32\TPVMMondeu.dll
2015-08-11 19:17 - 2015-08-11 19:17 - 00009432 _____ (Cortado AG) C:\WINDOWS\system32\TPVMMonjpn.dll
2015-08-11 19:17 - 2015-08-11 19:17 - 00008920 _____ (Cortado AG) C:\WINDOWS\system32\TPVMMonUIjpn.dll
2015-08-11 19:17 - 2015-08-11 19:17 - 00008920 _____ (Cortado AG) C:\WINDOWS\system32\TPVMMonUIdeu.dll
2015-08-11 17:14 - 2015-08-11 17:14 - 00071888 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vmci.sys
 
==================== Three Months Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-25 13:51 - 2012-10-12 13:47 - 00000000 ____D C:\Documents and Settings\IEUser\Local Settings\Temp
2015-10-25 13:50 - 2012-10-14 18:34 - 00013144 _____ C:\Documents and Settings\IEUser\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-10-25 13:47 - 2014-11-02 04:04 - 00009545 _____ C:\WINDOWS\spupdsvc.log
2015-10-25 13:47 - 2012-10-12 06:37 - 00506964 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-25 13:47 - 2012-10-12 06:32 - 00000000 ____D C:\WINDOWS\system32\spool
2015-10-25 13:46 - 2012-10-12 06:37 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-10-25 13:46 - 2012-10-12 06:32 - 00000000 ____D C:\WINDOWS\system32\mui
2015-10-25 13:46 - 2012-10-12 06:32 - 00000000 ____D C:\WINDOWS\pchealth
2015-10-25 13:27 - 2012-10-12 13:42 - 01780782 _____ C:\WINDOWS\WindowsUpdate.log
2015-10-25 13:26 - 2014-11-05 08:31 - 00065536 _____ C:\WINDOWS\system32\config\ThinPrint.evt
2015-10-25 13:26 - 2014-11-02 04:30 - 00000224 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-10-25 13:26 - 2012-10-12 13:47 - 00000178 ___SH C:\Documents and Settings\IEUser\ntuser.ini
2015-10-25 13:26 - 2012-10-12 13:46 - 00017784 _____ C:\WINDOWS\SchedLgU.Txt
2015-10-25 13:26 - 2012-10-12 13:46 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-25 13:26 - 2008-04-14 05:00 - 00001230 _____ C:\WINDOWS\system32\wpa.dbl
2015-10-25 13:25 - 2014-11-05 08:24 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\VMware
2015-10-25 13:25 - 2012-10-12 06:36 - 00511312 _____ C:\WINDOWS\setupapi.log
 
Some files in TEMP:
====================
C:\Documents and Settings\IEUser\Local Settings\Temp\fuf33D.exe
C:\Documents and Settings\IEUser\Local Settings\Temp\offer-766C59FF-C5AD-4767-AADC-A2E3CB7181BE0.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End of FRST.txt ============================
 
Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version:25-10-2015 02
Ran by IEUser (2015-10-25 13:51:54)
Running from Z:\Downloads
Microsoft Windows XP Professional Service Pack 3 (X86) (2012-10-12 20:45:14)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-776561741-308236825-1417001333-500 - Administrator - Enabled)
Guest (S-1-5-21-776561741-308236825-1417001333-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-776561741-308236825-1417001333-1000 - Limited - Disabled)
IEUser (S-1-5-21-776561741-308236825-1417001333-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\IEUser
SUPPORT_388945a0 (S-1-5-21-776561741-308236825-1417001333-1002 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.255 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
AutoHotkey 1.1.22.07 (HKLM\...\AutoHotkey) (Version: 1.1.22.07 - Lexikos)
BitTorrent (HKU\S-1-5-21-776561741-308236825-1417001333-1003\...\BitTorrent) (Version: 7.9.5.41203 - BitTorrent Inc.)
FreeMouseAutoClicker 3.7 (HKLM\...\{292F00C5-25EF-4FBE-9873-13EF1F69DEED}_is1) (Version:  - Advanced Mouse Auto Clicker ltd.)
GOG.com Downloader version 3.6.0 (HKLM\...\{456A5815-604D-4D72-94DF-346D2B978A59}_is1) (Version: 3.6.0 - GOG.com)
Google Chrome (HKLM\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)
Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden
Hyper-V Integration Services (version 6.2.9200.16384) (HKLM\...\{E675F32B-3508-4658-84EC-2069EE621899}) (Version: 3.9200.16384 - Microsoft Corporation)
Internet Explorer Developer Toolbar (HKLM\...\{E7081891-BC7F-43F9-9CE6-B5DD2F497156}) (Version: 1.0.2188 - Microsoft)
Java 8 Update 65 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Mozilla Firefox 41.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 41.0.2 (x86 en-US)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 41.0.2 - Mozilla)
MPC-HC 1.7.1 (HKLM\...\{C3E0A933-0C8B-80DB-A1B0-3BD908DAE718}_is1) (Version: 1.7.1.0 - MPC-HC Team)
VMware Tools (HKLM\...\{BDB815D2-683E-47EA-BCDB-BCBBD2E15244}) (Version: 10.0.0.2977863 - VMware, Inc.)
Wajam (HKLM\...\WajaIntEn) (Version: 1.53.5.23 (i1.0) - Wajam) <==== ATTENTION
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
02-11-2014 13:25:09 Software Distribution Service 3.0
04-11-2014 07:35:16 Installed Windows Internet Explorer 8.
04-11-2014 08:49:38 Software Distribution Service 3.0
05-11-2014 08:24:14 Installed VMware Tools
25-10-2015 13:24:54 Removed VMware Tools
25-10-2015 13:25:10 Installed VMware Tools
25-10-2015 13:40:00 Installed Adobe Reader XI (11.0.08).
25-10-2015 13:47:01 Installed Windows KB954550-v5.
25-10-2015 13:47:04 Printer Driver Microsoft XPS Document Writer Installed
25-10-2015 13:47:07 Printer Driver Microsoft XPS Document Writer Installed
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2008-04-14 05:00 - 2008-04-14 05:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-22 13:46 - 2015-10-22 13:46 - 01805312 _____ () C:\Program Files\WajaIntEn\Wajam.exe
2015-10-22 13:46 - 2015-10-22 13:46 - 01805312 _____ () c:\program files\wajainten\wajam.exe
2015-10-25 13:48 - 2015-10-25 13:48 - 11726848 _____ () c:\program files\wajainten\WajaIntEnlibs\zdwtj.zxn
2015-10-25 13:50 - 2015-10-25 13:50 - 03005952 _____ () C:\Documents and Settings\IEUser\Local Settings\Temp\fuf33D.exe
 
==================== Alternate Data Streams (Whitelisted) =========
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-776561741-308236825-1417001333-1003\Control Panel\Desktop\\Wallpaper -> C:\DOCUME~1\IEUser\LOCALS~1\Temp\BGInfo.bmp
DNS Servers: 192.168.110.2
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\IEUser\Application Data\BitTorrent\BitTorrent.exe] => Enabled:BitTorrent (IEUser)
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
DomainProfile\GloballyOpenPorts: [3389:TCP] => Enabled:@xpsp2res.dll,-22009
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [3389:TCP] => Enabled:@xpsp2res.dll,-22009
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/25/2015 01:25:03 PM) (Source: VMUpgradeHelper) (EventID: 274) (User: )
Description: The VmUpgradeHelper service could not write the registry value NetConfigSaved. Network
configuration will not be restored on next system boot.
 
Error: (10/25/2015 01:00:27 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> 
 
with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (10/25/2015 01:00:27 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> 
 
with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (10/31/2014 03:14:21 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> 
 
with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (10/31/2014 03:14:21 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> 
 
with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (10/14/2012 10:31:18 PM) (Source: UserInit) (EventID: 1000) (User: )
Description: Could not execute the following script C:\Wallpaper\Bginfo.exe C:\wallpaper\bgconfig.bgi /timer:0. The system cannot find the file specified.
.
 
Error: (10/14/2012 06:44:59 PM) (Source: UserInit) (EventID: 1000) (User: )
Description: Could not execute the following script C:\Wallpaper\Bginfo.exe C:\wallpaper\bgconfig.bgi /timer:0. The system cannot find the file specified.
.
 
 
System errors:
=============
Error: (10/25/2015 12:56:02 PM) (Source: Windows Update Agent) (EventID: 16) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. 
 
Windows will continue to try to establish a connection.
 
Error: (11/05/2014 07:39:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Parallel port driver service failed to start due to the following error: 
%%1058
 
Error: (11/04/2014 09:26:10 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Parallel port driver service failed to start due to the following error: 
%%1058
 
Error: (11/04/2014 08:58:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Parallel port driver service failed to start due to the following error: 
%%1058
 
Error: (11/04/2014 07:37:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Parallel port driver service failed to start due to the following error: 
%%1058
 
Error: (11/02/2014 01:39:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Parallel port driver service failed to start due to the following error: 
%%1058
 
Error: (11/02/2014 01:26:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Parallel port driver service failed to start due to the following error: 
%%1058
 
Error: (11/02/2014 01:20:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Parallel port driver service failed to start due to the following error: 
%%1058
 
Error: (11/02/2014 04:30:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Parallel port driver service failed to start due to the following error: 
%%1058
 
Error: (10/31/2014 04:12:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Parallel port driver service failed to start due to the following error: 
%%1058
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core i7-4710MQ CPU @ 2.50GHz
Percentage of memory in use: 84%
Total physical RAM: 511.48 MB
Available physical RAM: 77.41 MB
Total Virtual: 1245.82 MB
Available Virtual: 815.99 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:126.89 GB) (Free:121.85 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive z: (Shared Folders) (Network) (Total:476.64 GB) (Free:338.18 GB) HGFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 126.9 GB) (Disk ID: BE2EBE2E)
Partition 1: (Active) - (Size=126.9 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 
Shortcut.txt
 
Users shortcut scan result (x86) Version:25-10-2015 02
Ran by IEUser (2015-10-25 13:52:05)
Running from Z:\Downloads
Boot Mode: Normal
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
 
 
Shortcut: C:\Documents and Settings\All Users\Start Menu\Windows Update.lnk -> C:\WINDOWS\system32\wupdmgr.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk -> C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-AB0000000001}\SC_Reader.ico ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk -> C:\Program Files\MSN\MSNCoreFiles\Install\msnsusii.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk -> C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk -> C:\Program Files\Movie Maker\moviemk.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\WajaIntEn\Uninstall Wajam\uninstall.lnk -> C:\Program Files\WajaIntEn\WWE_uninstall.exe ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\MPC-HC\Changelog.lnk -> C:\Program Files\MPC-HC\Changelog.txt ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\MPC-HC\MPC-HC.lnk -> C:\Program Files\MPC-HC\mpc-hc.exe (MPC-HC Team)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\MPC-HC\Uninstall MPC-HC.lnk -> C:\Program Files\MPC-HC\unins000.exe ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Java\Configure Java.lnk -> C:\Program Files\Java\jre1.8.0_65\bin\javacpl.exe (Oracle Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\GOG.com\GOG.com Downloader.lnk -> C:\Program Files\GOG.com\GOG.com Downloader.exe (GOG.com)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Games\Freecell.lnk -> C:\WINDOWS\system32\freecell.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Games\Hearts.lnk -> C:\WINDOWS\system32\mshearts.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Games\Internet Backgammon.lnk -> C:\Program Files\MSN Gaming Zone\Windows\bckgzm.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Games\Internet Checkers.lnk -> C:\Program Files\MSN Gaming Zone\Windows\chkrzm.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Games\Internet Hearts.lnk -> C:\Program Files\MSN Gaming Zone\Windows\hrtzzm.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Games\Internet Reversi.lnk -> C:\Program Files\MSN Gaming Zone\Windows\Rvsezm.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Games\Internet Spades.lnk -> C:\Program Files\MSN Gaming Zone\Windows\shvlzm.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Games\Minesweeper.lnk -> C:\WINDOWS\system32\winmine.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Games\Pinball.lnk -> C:\Program Files\Windows NT\Pinball\PINBALL.EXE (Cinematronics)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Games\Solitaire.lnk -> C:\WINDOWS\system32\sol.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Games\Spider Solitaire.lnk -> C:\WINDOWS\system32\spider.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\FreeMouseAutoClicker\Free Mouse Auto Clicker.lnk -> C:\Program Files\FreeMouseAutoClicker\Free Mouse Auto Clicker.exe (http://www.Advanced-Mouse-Auto-Clicker.com)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\FreeMouseAutoClicker\Uninstall Free Mouse Auto Clicker.lnk -> C:\Program Files\FreeMouseAutoClicker\unins000.exe ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\AutoHotkey\AutoHotkey Help File.lnk -> C:\Program Files\AutoHotkey\AutoHotkey.chm ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\AutoHotkey\AutoHotkey Setup.lnk -> C:\Program Files\AutoHotkey\Installer.ahk ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\AutoHotkey\AutoHotkey.lnk -> C:\Program Files\AutoHotkey\AutoHotkey.exe ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\AutoHotkey\AutoIt3 Window Spy.lnk -> C:\Program Files\AutoHotkey\AU3_Spy.exe ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\AutoHotkey\Convert .ahk to .exe.lnk -> C:\Program Files\AutoHotkey\Compiler\Ahk2Exe.exe ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\AutoHotkey\Website.lnk -> C:\Program Files\AutoHotkey\AutoHotkey Website.url ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\WINDOWS\system32\Com\comexp.msc ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\WINDOWS\system32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Calculator.lnk -> C:\WINDOWS\system32\calc.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Paint.lnk -> C:\WINDOWS\system32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\WINDOWS\system32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\WordPad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Backup.lnk -> C:\WINDOWS\system32\ntbackup.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\WINDOWS\system32\charmap.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\WINDOWS\system32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Disk Defragmenter.lnk -> C:\WINDOWS\system32\dfrg.msc ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Files and Settings Transfer Wizard.lnk -> C:\WINDOWS\system32\usmt\migwiz.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Security Center.lnk -> C:\WINDOWS\system32\wscui.cpl (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\WINDOWS\system32\Restore\rstrui.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Entertainment\Sound Recorder.lnk -> C:\WINDOWS\system32\sndrec32.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Entertainment\Volume Control.lnk -> C:\WINDOWS\system32\sndvol32.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\Bluetooth File Transfer Wizard.lnk -> C:\WINDOWS\system32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\HyperTerminal.lnk -> C:\Program Files\Windows NT\hypertrm.exe (Hilgraeve, Inc.)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Accessibility\Accessibility Wizard.lnk -> C:\WINDOWS\system32\accwiz.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk -> C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
Shortcut: C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\WINDOWS\system32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Notepad.lnk -> C:\WINDOWS\system32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Synchronize.lnk -> C:\WINDOWS\system32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Tour Windows XP.lnk -> C:\WINDOWS\system32\tourstart.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk -> C:\WINDOWS\system32\magnify.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\WINDOWS\system32\narrator.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\WINDOWS\system32\osk.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\IEUser\Start Menu\BitTorrent.lnk -> C:\Documents and Settings\IEUser\Application Data\BitTorrent\BitTorrent.exe (BitTorrent Inc.)
Shortcut: C:\Documents and Settings\IEUser\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\IEUser\Start Menu\Programs\Outlook Express.lnk -> C:\Program Files\Outlook Express\msimn.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\IEUser\Start Menu\Programs\Oracle VM VirtualBox Guest Additions\Uninstall.lnk -> C:\Program Files\Oracle\VirtualBox Guest Additions\uninst.exe (No File)
Shortcut: C:\Documents and Settings\IEUser\Start Menu\Programs\Oracle VM VirtualBox Guest Additions\Website.lnk -> C:\Program Files\Oracle\VirtualBox Guest Additions\Oracle VM VirtualBox Guest Additions.url (No File)
Shortcut: C:\Documents and Settings\IEUser\Start Menu\Programs\Accessories\Address Book.lnk -> C:\Program Files\Outlook Express\wab.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\IEUser\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\WINDOWS\system32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\IEUser\Start Menu\Programs\Accessories\Notepad.lnk -> C:\WINDOWS\system32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\IEUser\Start Menu\Programs\Accessories\Synchronize.lnk -> C:\WINDOWS\system32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\IEUser\Start Menu\Programs\Accessories\Tour Windows XP.lnk -> C:\WINDOWS\system32\tourstart.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\IEUser\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\IEUser\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk -> C:\WINDOWS\system32\magnify.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\IEUser\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\WINDOWS\system32\narrator.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\IEUser\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\WINDOWS\system32\osk.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\IEUser\SendTo\Bluetooth File Transfer Wizard.LNK -> C:\WINDOWS\system32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\IEUser\My Documents\My Pictures\Sample Pictures.lnk -> C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures ()
Shortcut: C:\Documents and Settings\IEUser\My Documents\My Music\Sample Music.lnk -> C:\Documents and Settings\All Users\Documents\My Music\Sample Music ()
Shortcut: C:\Documents and Settings\IEUser\Desktop\BitTorrent.lnk -> C:\Documents and Settings\IEUser\Application Data\BitTorrent\BitTorrent.exe (BitTorrent Inc.)
Shortcut: C:\Documents and Settings\IEUser\Desktop\MPC-HC.lnk -> C:\Program Files\MPC-HC\mpc-hc.exe (MPC-HC Team)
Shortcut: C:\Documents and Settings\IEUser\Desktop\Shortcut to eula.lnk -> C:\WINDOWS\system32\eula.txt ()
Shortcut: C:\Documents and Settings\IEUser\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk -> C:\Documents and Settings\IEUser\Application Data\BitTorrent\BitTorrent.exe (BitTorrent Inc.)
Shortcut: C:\Documents and Settings\IEUser\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Documents and Settings\IEUser\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\IEUser\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
 
ShortcutWithArgument: C:\Documents and Settings\All Users\Application Data\Oracle\tmpinstall\javatmp.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://java.com/verify9/?src=install
 
 
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Activate Windows.lnk -> C:\WINDOWS\system32\oobe\msoobe.exe (Microsoft Corporation) -> /A
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk -> C:\WINDOWS\system32\control.exe (Microsoft Corporation) -> appwiz.cpl,,3
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Java\About Java.lnk -> C:\Program Files\Java\jre1.8.0_65\bin\javacpl.exe (Oracle Corporation) -> -tab about
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Java\Check For Updates.lnk -> C:\Program Files\Java\jre1.8.0_65\bin\javacpl.exe (Oracle Corporation) -> -tab update
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\WINDOWS\system32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\WINDOWS\system32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Local Security Policy.lnk -> C:\WINDOWS\system32\secpol.msc () -> /s
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Performance.lnk -> C:\WINDOWS\system32\perfmon.msc () -> /s
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk -> C:\WINDOWS\system32\services.msc () -> /s
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Activate Windows.lnk -> C:\WINDOWS\system32\oobe\msoobe.exe (Microsoft Corporation) -> /A
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Scheduled Tasks.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation) -> ::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\::{21EC2020-3AEA-1069-A2DD-08002B30309D}\::{D6277990-4C6A-11CF-8D87-00AA0060F5BF}
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\Network Connections.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation) -> ::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\::{21EC2020-3AEA-1069-A2DD-08002B30309D}\::{7007acc7-3202-11d1-aad2-00805fc1270e}
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\Network Setup Wizard.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> hnetwiz.dll,HomeNetWizardRunDll
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\New Connection Wizard.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> netshell.dll,StartNCW
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\Wireless Network Setup Wizard.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> shell32.dll,Control_RunDLL NetSetup.cpl,@0,WNSW
ShortcutWithArgument: C:\Documents and Settings\Default User\Start Menu\Programs\Remote Assistance.lnk -> C:\WINDOWS\system32\rcimlby.exe (Microsoft Corporation) -> -LaunchRA
ShortcutWithArgument: C:\Documents and Settings\Default User\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Entertainment\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk -> C:\WINDOWS\system32\utilman.exe (Microsoft Corporation) -> /start
ShortcutWithArgument: C:\Documents and Settings\IEUser\Start Menu\Programs\Remote Assistance.lnk -> C:\WINDOWS\system32\rcimlby.exe (Microsoft Corporation) -> -LaunchRA
ShortcutWithArgument: C:\Documents and Settings\IEUser\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Documents and Settings\IEUser\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ->  -extoff
ShortcutWithArgument: C:\Documents and Settings\IEUser\Start Menu\Programs\Accessories\Entertainment\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Documents and Settings\IEUser\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk -> C:\WINDOWS\system32\utilman.exe (Microsoft Corporation) -> /start
 
 
InternetURL: C:\Documents and Settings\All Users\Start Menu\Programs\MPC-HC\MPC-HC on the Web.url -> hxxp://mpc-hc.org/
InternetURL: C:\Documents and Settings\All Users\Start Menu\Programs\Java\Get Help.url -> hxxp://java.com/help
InternetURL: C:\Documents and Settings\All Users\Start Menu\Programs\Java\Visit Java.com.url -> hxxp://java.com/
InternetURL: C:\Documents and Settings\All Users\Start Menu\Programs\FreeMouseAutoClicker\Free Mouse Auto Clicker on the Web.url -> hxxp://www.Advanced-Mouse-Auto-Clicker.com/
InternetURL: C:\Documents and Settings\IEUser\Favorites\MSN.com.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=IStart
InternetURL: C:\Documents and Settings\IEUser\Favorites\Radio Station Guide.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=windows&sbp=mediaplayer&plcid=&pver=6.1&os=&over=&olcid=&clcid=&ar=Media&sba=RadioBar&o1=&o2=&o3=
InternetURL: C:\Documents and Settings\IEUser\Favorites\Microsoft Websites\IE Add-on site.url -> hxxp://go.microsoft.com/fwlink/?LinkId=50893
InternetURL: C:\Documents and Settings\IEUser\Favorites\Microsoft Websites\IE site on Microsoft.com.url -> hxxp://go.microsoft.com/fwlink/?linkid=44661
InternetURL: C:\Documents and Settings\IEUser\Favorites\Microsoft Websites\Microsoft At Home.url -> hxxp://go.microsoft.com/fwlink/?linkid=55424
InternetURL: C:\Documents and Settings\IEUser\Favorites\Microsoft Websites\Microsoft At Work.url -> hxxp://go.microsoft.com/fwlink/?linkid=68920
InternetURL: C:\Documents and Settings\IEUser\Favorites\Microsoft Websites\Microsoft Store.url -> hxxp://go.microsoft.com/fwlink/?linkid=140813
InternetURL: C:\Documents and Settings\IEUser\Favorites\Links\Free Hotmail.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=hotmail
InternetURL: C:\Documents and Settings\IEUser\Favorites\Links\Suggested Sites.url -> hxxps://ieonline.microsoft.com/#ieslice
InternetURL: C:\Documents and Settings\IEUser\Favorites\Links\Web Slice Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315
 
==================== End of Shortcut.txt =============================
 

 

Help is appreciated. Sorry if my response is slow, don't get to go online that often due to a season of much busyness :P

 

Link to post
Share on other sites

Hello,

    

 

They call me TwinHeadedEagle around here, and I'll try to help your with your issue.

 

     

    

Before we start please read and note the following:

  • We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
  • Note that we may live in totally different time zones, what may cause some delays between answers.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
:excl: I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!

:excl: There are no silly questions. Never be afraid to ask if in doubt!

 

 

 

  warning.gif Rules and policies

 

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

 

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

 

 


51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.

  • Install the progam and select update.
  • Once updated, click the Settings tab, in the left panel choose Detection & Protection and tick Scan for rootkits.
  • In the same tab, under PUP and PUM detections make sure it is set to Treat detections as malware
  • .
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • At the bottom click Export and choose Text file.
Save the file to your desktop and include its content in your next reply.
Link to post
Share on other sites

Phew, it found a lot of stuff...

 

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 10/25/2015

Scan Time: 2:35:43 PM

Logfile: scanlog.txt

Administrator: Yes

 

Version: 2.2.0.1024

Malware Database: v2015.10.25.03

Rootkit Database: v2015.10.23.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows XP Service Pack 3

CPU: x86

File System: NTFS

User: IEUser

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 274979

Time Elapsed: 2 min, 35 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 2

PUP.Optional.Wajam, C:\Program Files\WajaIntEn\wajam.exe, 3304, Delete-on-Reboot, [042307543e4d3105d36d7414af54c53b]

PUP.Optional.Wajam, C:\Program Files\WajaIntEn\wajam.exe, 2948, Delete-on-Reboot, [042307543e4d3105d36d7414af54c53b]

 

Modules: 1

PUP.Optional.Wajam, C:\Program Files\WajaIntEn\WajaIntEnlibs\zdwtj.zxn, Delete-on-Reboot, [042307543e4d3105d36d7414af54c53b], 

 

Registry Keys: 13

PUP.Optional.Wajam, HKLM\SOFTWARE\CLASSES\APPID\3045035B-3C14-4698-8AC4-ADB18CC42C1E, Quarantined, [c95ef86324678ea889cffa2a857d8a76], 

PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, Quarantined, [4add63f84e3d5bdbc14c5399b54c31cf], 

PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\INTERFACE\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, Quarantined, [4add63f84e3d5bdbc14c5399b54c31cf], 

PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}, Quarantined, [4add63f84e3d5bdbc14c5399b54c31cf], 

PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\TYPELIB\{1112F282-7099-4624-A439-DB29D6551552}, Quarantined, [4add63f84e3d5bdbc14c5399b54c31cf], 

PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\INTERFACE\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}, Quarantined, [4add63f84e3d5bdbc14c5399b54c31cf], 

PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\OCComSDK.ComSDK.1, Quarantined, [4add63f84e3d5bdbc14c5399b54c31cf], 

PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\OCComSDK.ComSDK, Quarantined, [4add63f84e3d5bdbc14c5399b54c31cf], 

PUP.Optional.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WajaIntEn Monitor, Quarantined, [042307543e4d3105d36d7414af54c53b], 

PUP.Optional.Wajam, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WajaIntEn, Quarantined, [042307543e4d3105d36d7414af54c53b], 

PUP.Optional.Yahoo, HKLM\SOFTWARE\WajaIntEn, Quarantined, [091e74e72c5fe6502c517714f70cab55], 

PUP.Optional.Wajam, HKU\S-1-5-21-776561741-308236825-1417001333-1003\SOFTWARE\WajIEnhance, Quarantined, [5bcc3f1c602b53e38fd4107846bd02fe], 

PUP.Optional.Spigot, HKU\S-1-5-21-776561741-308236825-1417001333-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{A0FAEC8C-6999-4447-A50B-FA6427DEA21B}, Quarantined, [f1369cbf94f788ae2422c7b908fb49b7], 

 

Registry Values: 1

PUP.Optional.Spigot, HKU\S-1-5-21-776561741-308236825-1417001333-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{A0FAEC8C-6999-4447-A50B-FA6427DEA21B}|URL, "https://search.yahoo.com/?type=502468&fr=spigot-), Replaced,[84a3d388f09b67cf0fc1afaf63a17c84]

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.