Additional scan result of Farbar Recovery Scan Tool (x86) Version:10-08-2014 01 Ran by Karen at 2014-08-10 18:15:40 Running from C:\Documents and Settings\Karen\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.1.102.55 - Adobe Systems Incorporated) Adobe Reader X (10.1.3) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.3 - Adobe Systems Incorporated) avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2021 - AVAST Software) Balabolka (HKLM\...\Balabolka) (Version: 2.05 - Ilya Morozov) Belarc Advisor 7.2 (HKLM\...\Belarc Advisor) (Version: - ) Broadcom Gigabit Integrated Controller (HKLM\...\{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}) (Version: 10.37.02 - Broadcom Corporation) BUFFALO HD-WIU2/R1 RAID Setup Utility (HKLM\...\UN060602) (Version: - ) EMCO Malware Destroyer 7 (HKLM\...\{0ADE8140-163D-4ED3-97D7-91ED53E76362}_is1) (Version: - EMCO Software) Free Download Manager 3.9.4 (HKLM\...\Free Download Manager_is1) (Version: - FreeDownloadManager.ORG) Google Chrome (HKLM\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.) Google Talk (remove only) (HKLM\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version: - ) Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden IBM ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.25.01 - ) IBM ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: - ) Intel PROSet Wireless (Version: - ) Hidden Intel(R) Graphics Media Accelerator Driver for Mobile (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4693 - ) Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{52A7C6A6-6B88-47D1-922E-9F8A7E089E6A}) (Version: 12.01.1000 - Intel(R) Corporation) Java Auto Updater (Version: 2.0.7.1 - Sun Microsystems, Inc.) Hidden Java(TM) 6 Update 35 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216035FF}) (Version: 6.0.350 - Oracle) MagicDisc 2.7.106 (HKLM\...\MagicDisc 2.7.106) (Version: - ) Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Mozilla Firefox 31.0 (x86 en-US) (HKLM\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) SMPlayer 0.8.5 (HKLM\...\SMPlayer) (Version: 0.8.5 - Ricardo Villalba) SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.01.5300 - Analog Devices) SUPERAntiSpyware Free Edition (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 4.26.0.1000 - SUPERAntiSpyware.com) ThinkPad Integrated 56K Modem (HKLM\...\CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_05591014) (Version: 7.34.00 - ) Trojan Killer (HKLM\...\GridinSoft Trojan Killer) (Version: 2.2.4.0 - GridinSoft LLC) Trojan Killer 2.0 (HKLM\...\{8686D4FE-62EF-46FB-B9FD-00679EB381FF}_is1) (Version: - GridinSoft, Inc.) Update for Windows Internet Explorer 8 (KB2447568) (HKLM\...\KB2447568-IE8) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB955839) (HKLM\...\KB955839) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation) VisualSniffer (HKLM\...\VisualSniffer) (Version: - ) WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation) WinPcap 3.0 (HKLM\...\WinPcapInst) (Version: - Politecnico di Torino) WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) Yahoo! Detect (HKLM\...\YTdetect) (Version: - ) 迅雷看看播放器 (HKLM\...\迅雷软件) (Version: 4.9.12.1930 - 迅雷网络技术有限公司) 迅雷看看高清播放组件 (HKLM\...\迅雷看看高清播放组件) (Version: - 迅雷网络技术有限公司) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1993962763-861567501-1606980848-1003_Classes\CLSID\{0507EEDE-3AE7-49c7-BF37-0EB4A62D8638}\localserver32 -> C:\Program Files\Google\Google Talk\googletalk.exe (Google) CustomCLSID: HKU\S-1-5-21-1993962763-861567501-1606980848-1003_Classes\CLSID\{33b07fd4-5917-43e1-968d-4c79231836bf}\localserver32 -> C:\Program Files\Google\Google Talk\googletalk.exe (Google) CustomCLSID: HKU\S-1-5-21-1993962763-861567501-1606980848-1003_Classes\CLSID\{A8F086C3-2497-4229-82FE-586F2D326F95}\localserver32 -> C:\Program Files\Google\Google Talk\googletalk.exe (Google) CustomCLSID: HKU\S-1-5-21-1993962763-861567501-1606980848-1003_Classes\CLSID\{d33f3ced-d7d5-44f1-a9fe-6927dabb1934}\localserver32 -> C:\Program Files\Google\Google Talk\googletalk.exe (Google) ==================== Restore Points ========================= 13-07-2014 20:09:22 System Checkpoint 15-07-2014 03:57:30 System Checkpoint 17-07-2014 04:18:20 System Checkpoint 19-07-2014 18:17:32 System Checkpoint 20-07-2014 21:53:36 System Checkpoint 22-07-2014 04:59:53 System Checkpoint 23-07-2014 05:00:32 System Checkpoint 24-07-2014 06:02:42 System Checkpoint 25-07-2014 07:47:31 System Checkpoint 26-07-2014 20:22:31 System Checkpoint 27-07-2014 20:36:25 System Checkpoint 29-07-2014 01:58:02 System Checkpoint 30-07-2014 06:14:06 System Checkpoint 01-08-2014 04:09:30 System Checkpoint 03-08-2014 04:19:48 System Checkpoint 03-08-2014 18:53:03 Removed Google Drive 03-08-2014 20:39:34 Checkpoint by HitmanPro 05-08-2014 03:11:46 System Checkpoint 06-08-2014 03:36:50 System Checkpoint 07-08-2014 04:31:43 System Checkpoint 10-08-2014 01:44:09 System Checkpoint 10-08-2014 21:46:48 Software Distribution Service 3.0 ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2008-04-14 05:00 - 2014-08-10 10:56 - 00000768 ____N C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe Task: C:\WINDOWS\Tasks\FSPlatform.job => C:\Program Files\Common Files\FunshionLauncher\FSLauncher.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe Task: C:\WINDOWS\Tasks\WGASetup.job => C:\WINDOWS\system32\KB905474\wgasetup.exe ==================== Loaded Modules (whitelisted) ============= 2003-07-03 01:25 - 2003-07-03 01:25 - 00057344 _____ () C:\WINDOWS\system32\ibmpmsvc.exe 2008-08-20 17:10 - 2008-08-20 17:10 - 00200704 _____ () C:\Program Files\Intel\WiFi\bin\IWMSPROV.DLL 2011-06-26 13:43 - 2014-07-06 20:14 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll 2014-08-10 13:04 - 2014-08-10 13:04 - 02795520 _____ () C:\Program Files\AVAST Software\Avast\defs\14081001\algo.dll 2014-03-10 19:42 - 2014-03-10 19:41 - 00021504 _____ () c:\program files\common files\thunder network\serviceplatform\minizip.dll 2014-03-10 19:42 - 2014-03-10 19:41 - 00684032 _____ () c:\program files\common files\thunder network\serviceplatform\libexpat.dll 2013-02-22 00:23 - 2013-02-22 00:23 - 02307408 _____ () C:\WINDOWS\system32\kindling.dll 2013-11-24 20:41 - 2014-07-06 20:14 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\24924033.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\24924033.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ==================== Faulty Device Manager Devices ============= Name: Biometric Coprocessor Description: Biometric Coprocessor Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318} Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Intel(R) PRO/Wireless 2200BG Network Connection Description: Intel(R) PRO/Wireless 2200BG Network Connection Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318} Manufacturer: Intel Corporation Service: w29n51 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Description: Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318} Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (08/10/2014 02:59:19 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: ) Description: HRESULT:0x8004FF06 Description:. 0x8004FF06. Error: (08/10/2014 11:23:27 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (08/10/2014 10:57:55 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application rundll32.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x1003ea12. Processing media-specific event for [rundll32.exe!ws!] Error: (08/10/2014 02:32:58 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x014ec050. Processing media-specific event for [explorer.exe!ws!] Error: (08/10/2014 02:29:05 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x015342f0. Processing media-specific event for [explorer.exe!ws!] Error: (08/09/2014 09:02:48 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (08/06/2014 00:35:45 AM) (Source: MPSampleSubmission) (EventID: 5000) (User: ) Description: EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 4.0.1526.0, P3 timeout, P4 1.1.10802.0, P5 fixed, P6 1 _ 1024, P7 5 _ not boot, P8 NIL, P9 mptelemetry0, P10 mptelemetry1. Error: (08/05/2014 10:11:30 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.19258, fault address 0x000e16ad. Processing media-specific event for [iexplore.exe!ws!] Error: (08/03/2014 07:18:20 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: ) Description: EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 4.0.1526.0, P3 timeout, P4 1.1.10802.0, P5 fixed, P6 1 _ 1024, P7 5 _ not boot, P8 NIL, P9 mptelemetry0, P10 mptelemetry1. Error: (08/02/2014 06:19:36 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. System errors: ============= Error: (08/10/2014 06:00:03 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: ) Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats. Error: (08/10/2014 05:50:19 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: PCIIde Error: (08/10/2014 05:50:06 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: ) Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats. Error: (08/10/2014 05:04:56 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: ) Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats. Error: (08/10/2014 04:54:58 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: ) Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats. Error: (08/10/2014 04:43:56 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: aswRvrt aswSnx aswSP aswTdi aswVmm BANTExt Fips intelppm MpFilter SASDIFSV SASKUTIL Error: (08/10/2014 04:43:41 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: ) Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats. Error: (08/10/2014 04:42:58 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error: (08/10/2014 04:34:21 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: aswRvrt aswSnx aswSP aswTdi aswVmm BANTExt Fips intelppm MpFilter SASDIFSV SASKUTIL Error: (08/10/2014 04:33:35 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Microsoft Office Sessions: ========================= Error: (08/10/2014 02:59:19 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: ) Description: HRESULT:0x8004FF06 Description:. 0x8004FF06. Error: (08/10/2014 11:23:27 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000 Error: (08/10/2014 10:57:55 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: rundll32.exe5.1.2600.5512unknown0.0.0.01003ea12 Error: (08/10/2014 02:32:58 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: explorer.exe6.0.2900.5512unknown0.0.0.0014ec050 Error: (08/10/2014 02:29:05 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: explorer.exe6.0.2900.5512unknown0.0.0.0015342f0 Error: (08/09/2014 09:02:48 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000 Error: (08/06/2014 00:35:45 AM) (Source: MPSampleSubmission) (EventID: 5000) (User: ) Description: mptelemetrymicrosoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)4.0.1526.0timeout1.1.10802.0fixed1 _ 10245 _ not bootNILNILNIL Error: (08/05/2014 10:11:30 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: iexplore.exe8.0.6001.18702mshtml.dll8.0.6001.19258000e16ad Error: (08/03/2014 07:18:20 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: ) Description: mptelemetrymicrosoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)4.0.1526.0timeout1.1.10802.0fixed1 _ 10245 _ not bootNILNILNIL Error: (08/02/2014 06:19:36 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000 ==================== Memory info =========================== Percentage of memory in use: 45% Total physical RAM: 1014.42 MB Available physical RAM: 550.91 MB Total Pagefile: 2441.33 MB Available Pagefile: 1890.64 MB Total Virtual: 2047.88 MB Available Virtual: 1922.04 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:55.89 GB) (Free:3.17 GB) NTFS ==>[Drive with boot components (Windows XP)] Drive g: (HP Personal Media Drive) (Fixed) (Total:931.5 GB) (Free:12.2 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows XP) (Size: 56 GB) (Disk ID: CCCDCCCD) Partition 1: (Active) - (Size=56 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: 599484DC) Partition 1: (Not Active) - (Size=932 GB) - (Type=OF Extended) ==================== End Of Log ============================