Additional scan result of Farbar Recovery Scan Tool (x86) Version:10-04-2016 01 Ran by User (2016-04-11 14:34:14) Running from C:\Documents and Settings\User\Desktop Microsoft Windows XP Professional Service Pack 2 (X86) (2008-02-28 01:47:39) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-500823600-1963862842-10735164-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator Guest (S-1-5-21-500823600-1963862842-10735164-501 - Limited - Enabled) => %SystemDrive%\Documents and Settings\Guest HelpAssistant (S-1-5-21-500823600-1963862842-10735164-1004 - Limited - Disabled) SUPPORT_388945a0 (S-1-5-21-500823600-1963862842-10735164-1002 - Limited - Disabled) User (S-1-5-21-500823600-1963862842-10735164-1005 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\User ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: AVG 7.5.519 (Enabled - Out of date) {41564737-3200-1071-989B-0000E87B4FB1} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat - Reader 6.0.2 Update (HKLM\...\{AC76BA86-0000-0000-0000-6028747ADE01}) (Version: 6.0.2 - Adobe Systems) Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.12.36 - Adobe Systems Incorporated) Adobe Flash Player Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 9.0.124.0 - Adobe Systems Incorporated) Adobe Reader 6.0.1 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A00000000001}) (Version: 006.000.001 - Adobe Systems Incorporated) AIM 6 (HKLM\...\AIM_6) (Version: - ) AIM Search (HKLM\...\AIM Search) (Version: - ) AIM Toolbar 5.0 (HKLM\...\AIM Toolbar) (Version: 5.7.3.2 - AOL LLC) AIMTunes (HKLM\...\AIMTunes) (Version: - ) AOLIcon (Version: 1.00.0000 - Dell) Hidden Apple Mobile Device Support (HKLM\...\{EC4455AB-F155-4CC1-A4C5-88F3777F9886}) (Version: 2.1.2.7 - Apple Inc.) Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.) AVG 7.5 (HKLM\...\AVG7Uninstall) (Version: - ) Bonjour (HKLM\...\{07287123-B8AC-41CE-8346-3D777245C35B}) (Version: 1.0.106 - Apple Inc.) Canon Camera Access Library (HKLM\...\CAL) (Version: 8.3.0.1 - ) Canon Camera Support Core Library (HKLM\...\CSCLIB) (Version: 7.3.1.6 - ) Canon Camera Window DC_DV 5 for ZoomBrowser EX (HKLM\...\CameraWindowDVC5) (Version: 5.4.5.17 - ) Canon Camera Window DC_DV 6 for ZoomBrowser EX (HKLM\...\CameraWindowDVC6) (Version: 6.4.0.9 - ) Canon Camera Window MC 6 for ZoomBrowser EX (HKLM\...\CameraWindowMC) (Version: 6.3.0.8 - ) Canon G.726 WMP-Decoder (HKLM\...\Canon G.726 WMP-Decoder) (Version: 1.1.0.4 - ) Canon MovieEdit Task for ZoomBrowser EX (HKLM\...\MovieEditTask) (Version: 2.4.0.14 - ) Canon RAW Image Task for ZoomBrowser EX (HKLM\...\RAW Image Task) (Version: 2.6.0.13 - ) Canon RemoteCapture Task for ZoomBrowser EX (HKLM\...\RemoteCaptureTask) (Version: 1.7.0.8 - ) Canon Utilities EOS Utility (HKLM\...\EOS Utility) (Version: 1.1.0.8 - ) Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.19.43 - ) Canon Utilities ZoomBrowser EX (HKLM\...\ZoomBrowser EX) (Version: 5.8.0.74 - ) Conexant D850 56K V.9x DFVc Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1) (Version: - ) Corel Paint Shop Pro X (HKLM\...\{1A15507A-8551-4626-915D-3D5FA095CC1B}) (Version: 10.0 - Corel Inc) Corel Photo Album 6 (HKLM\...\{8A9B8148-DDD7-448F-BD6C-358386D32354}) (Version: 6.00 - Corel, Inc.) DatPiff Downloader (remove only) (HKLM\...\DatPiff Downloader) (Version: - ) Dell Digital Jukebox Driver (HKLM\...\Dell Digital Jukebox Driver) (Version: - ) Dell Driver Reset Tool (HKLM\...\{5905F42D-3F5F-4916-ADA6-94A3646AEE76}) (Version: 1.02.0000 - Dell Inc.) Dell Game Console (HKLM\...\Dell Game Console) (Version: - WildTangent) Dell System Restore (HKLM\...\{74F7662C-B1DB-489E-A8AC-07A06B24978B}) (Version: 2.00.0000 - Dell Inc.) Digital Content Portal (HKLM\...\{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}) (Version: 1.00.0000 - Dell) Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.10 - BVRP Software, Inc) EarthLink setup files (HKLM\...\{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}) (Version: 2005.1.47.0 - EarthLink) ELIcon (Version: 1.00.0000 - Dell) Hidden GemMaster Mystic (HKLM\...\12133444-BF36-4d4e-B7FB-A3424C645DE4) (Version: - ) Get High Speed Internet! (HKLM\...\{7A3F0566-5E05-4919-9C98-456F6B5CF831}) (Version: 1.00.0000 - Dell) Google (Version: 1.00.0000 - Dell) Hidden Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.110 - Google Inc.) Google Gears (HKLM\...\{961D35E8-D426-3E2E-8222-F4FFD9E104FD}) (Version: 0.5.3200 - Google) Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.) Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (Version: 1.2.183.13 - Google Inc.) Hidden Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation) iDump (Backing up your iPod) (HKLM\...\iDump) (Version: - Escsoft.com) Intel(R) Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4410 - ) Intel(R) PRO Network Connections Drivers (HKLM\...\PROSet) (Version: - ) Intel(R) PROSet for Wired Connections (HKLM\...\{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}) (Version: 9.20.0000 - Dell) iPod Copy Expert 3.1.2 (HKLM\...\iPod Copy Expert_is1) (Version: - iPod-computer.com) iTunes (HKLM\...\{318AB667-3230-41B5-A617-CB3BF748D371}) (Version: 8.0.2.20 - Apple Inc.) Java 2 Runtime Environment, SE v1.4.2_03 (HKLM\...\{7148F0A8-6813-11D6-A77B-00B0D0142030}) (Version: 1.4.2_03 - Sun Microsystems, Inc.) Java(TM) 6 Update 7 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.) Learn2 Player (Uninstall Only) (HKLM\...\StreetPlugin) (Version: - ) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) MCU (Version: 1.00.0000 - Dell) Hidden Microsoft .NET Framework 1.0 Hotfix (KB930494) (HKLM\...\KB930494) (Version: - Microsoft Corporation) Microsoft .NET Framework 1.0 Hotfix (KB953295) (HKLM\...\KB953295) (Version: - Microsoft Corporation) Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB953297) (HKLM\...\M953297) (Version: - ) Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft Plus! Digital Media Edition Installer (HKLM\...\{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}) (Version: 1.1.0.3514 - Microsoft Corporation) Microsoft Plus! Photo Story 2 LE (HKLM\...\{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}) (Version: 1.1.0.3463 - Microsoft Corporation) Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation) Modem Helper (HKLM\...\{7F142D56-3326-11D5-B229-002078017FBF}) (Version: 2.40 - BVRP Software) Move Media Player (HKU\S-1-5-21-500823600-1963862842-10735164-1005\...\Move Media Player) (Version: - Move Networks) Mozilla Firefox (2.0.0.20) (HKLM\...\Mozilla Firefox (2.0.0.20)) (Version: 2.0.0.20 (en-US) - Mozilla) MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 6 Service Pack 2 (KB954459) (HKLM\...\{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}) (Version: 6.20.1099.0 - Microsoft Corporation) Musicmatch for Windows Media Player (HKLM\...\{E93E5EF6-D361-481E-849D-F16EF5C78EBC}) (Version: 0.00.000 - ) Musicmatch® Jukebox (HKLM\...\{85D3CC30-8859-481A-9654-FD9B74310BEF}) (Version: 10.10.0097 - ) NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.12 - BVRP Software, Inc) Performance Dashboard Snappyads (HKLM\...\hpfitfgudvwoqmrdv) (Version: 2.6.0.9 - ) Pinnacle Studio 12 (HKLM\...\{D041EB9E-890A-4098-8F94-51DA194AC72A}) (Version: 12.0.0.6163 - Pinnacle Systems) PowerDVD 5.5 (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: - ) QuickTime (HKLM\...\{F958CA02-BB40-4007-894B-258729456EE4}) (Version: 7.55.90.70 - Apple Inc.) RealPlayer (HKLM\...\RealPlayer 6.0) (Version: - RealNetworks) Riva FLV Player (HKLM\...\Riva FLV Player_is1) (Version: 1.0.0000 - Rothenberger & Partner) Safari (HKLM\...\{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08}) (Version: 3.525.28.1 - Apple Inc.) SecondLife (remove only) (HKLM\...\SecondLife) (Version: - ) Snappyads Games Collection (HKLM\...\SnappyadsGames) (Version: - ) Sonic DLA (HKLM\...\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 4.95 - Sonic Solutions) Sonic Encoders (HKLM\...\{9941F0AA-B903-4AF4-A055-83A9815CC011}) (Version: 1.00 - Sonic Solutions) Sonic MyDVD LE (HKLM\...\{21657574-BD54-48A2-9450-EB03B2C7FC29}) (Version: 6.1.1 - Sonic Solutions) Sonic RecordNow Audio (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.0 - Sonic Solutions) Sonic RecordNow Copy (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.0 - Sonic Solutions) Sonic RecordNow Data (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.0 - Sonic Solutions) Sonic Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Sonic Solutions) Sprint media manager (HKLM\...\{8912A802-1DD4-41F3-8450-B3209081BDB9}) (Version: 1.0 - Smith Micro Software, Inc.) Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.) Update Rollup 2 for Windows XP Media Center Edition 2005 (HKLM\...\KB900325) (Version: - Microsoft Corporation) URL Assistant (HKLM\...\{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}) (Version: - ) Viewpoint Media Player (HKLM\...\ViewpointMediaPlayer) (Version: - ) VLC media player 0.9.4 (HKLM\...\VLC media player) (Version: 0.9.4 - VideoLAN Team) WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden WildTangent Web Driver (HKLM\...\WildTangent CDA) (Version: - ) Winamp (HKLM\...\Winamp) (Version: 5.531 - Nullsoft, Inc) Winamp Remote (HKLM\...\Orb) (Version: 2.2008.0324.2000 - Orb Networks) Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation) Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation) Windows Installer 3.1 (KB893803) (HKLM\...\KB893803v2) (Version: - Microsoft Corporation) Windows Internet Explorer 8 Release Candidate 1 (HKLM\...\ie8) (Version: 20090115.021447 - Microsoft Corporation) Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - ) Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information] (HKLM\...\EmeraldQFE2) (Version: - Microsoft Corporation) Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) Windows XP Hotfix - KB873339 (HKLM\...\KB873339) (Version: 20041117.092459 - Microsoft Corporation) Windows XP Hotfix - KB885250 (HKLM\...\KB885250) (Version: 20050118.202711 - Microsoft Corporation) Windows XP Hotfix - KB885835 (HKLM\...\KB885835) (Version: 20041027.181713 - Microsoft Corporation) Windows XP Hotfix - KB885836 (HKLM\...\KB885836) (Version: 20041028.173203 - Microsoft Corporation) Windows XP Hotfix - KB886185 (HKLM\...\KB886185) (Version: 20041021.090540 - Microsoft Corporation) Windows XP Hotfix - KB887472 (HKLM\...\KB887472) (Version: 20041014.162858 - Microsoft Corporation) Windows XP Hotfix - KB888113 (HKLM\...\KB888113) (Version: 20041116.131036 - Microsoft Corporation) Windows XP Hotfix - KB888302 (HKLM\...\KB888302) (Version: 20041207.111426 - Microsoft Corporation) Windows XP Hotfix - KB889673 (HKLM\...\KB889673) (Version: 20041116.085848 - Microsoft Corporation) Windows XP Hotfix - KB890859 (HKLM\...\KB890859) (Version: 1 - Microsoft Corporation) Windows XP Hotfix - KB890927 (HKLM\...\KB890927) (Version: 20050111.122717 - Microsoft Corporation) Windows XP Hotfix - KB891781 (HKLM\...\KB891781) (Version: 20050110.165439 - Microsoft Corporation) Windows XP Media Center Edition 2005 KB908246 (HKLM\...\KB908246) (Version: - Microsoft Corporation) Windows XP Media Center Edition 2005 KB908250 (HKLM\...\KB908250) (Version: - Microsoft Corporation) Windows XP Media Center Edition 2005 KB973768 (HKLM\...\KB973768) (Version: - Microsoft Corporation) WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - ) WordPerfect Office 12 (HKLM\...\{AF19F291-F22F-4798-9662-525305AE9E48}) (Version: 12.01 - Corel Corporation) Yahoo! ¤u¨ã¦C (HKLM\...\Yahoo! Companion) (Version: - ) Yahoo! Browser Services (HKLM\...\Yahoo! Extras) (Version: - ) Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - ) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-500823600-1963862842-10735164-1005_Classes\CLSID\{e3e02f12-2adb-478c-8742-5f0819f9f0f4}\InprocServer32 -> C:\Documents and Settings\User\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks) CustomCLSID: HKU\S-1-5-21-500823600-1963862842-10735164-1005_Classes\CLSID\{e473a65c-8087-49a3-affd-c5bc4a10669b}\InprocServer32 -> C:\Documents and Settings\User\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks) CustomCLSID: HKU\S-1-5-21-500823600-1963862842-10735164-1005_Classes\CLSID\{fc345d4c-b8f4-4674-bff7-3c37d2e535ee}\InprocServer32 -> C:\Documents and Settings\User\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks) CustomCLSID: HKU\S-1-5-21-500823600-1963862842-10735164-1005_Classes\CLSID\{fd6484ed-ebe3-4c3d-938a-8238003b41b7}\InprocServer32 -> C:\Documents and Settings\User\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2005-08-16 06:18 - 2004-08-10 07:00 - 00015360 ____C () C:\WINDOWS\system32\tsd32.dll 2008-03-13 20:21 - 2007-09-20 18:34 - 00129024 _____ () C:\Program Files\WinRAR\rarext.dll 2005-08-16 06:18 - 2005-08-05 16:01 - 00282112 _____ () C:\WINDOWS\system32\sbe.dll 2005-08-16 06:18 - 2009-06-03 15:24 - 01291264 _____ () C:\WINDOWS\system32\quartz.dll 2005-08-16 06:18 - 2004-08-10 07:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll 2005-08-16 06:18 - 2004-08-10 07:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll 2016-04-05 21:02 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2016-04-05 21:02 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl 2016-04-05 21:02 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2016-04-05 21:02 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll 2016-04-05 21:02 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll 2009-01-23 22:17 - 2009-10-01 04:06 - 00482816 _____ () C:\WINDOWS\system32\jlmjvkexubwmndts.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com There are 7887 more sites. IE restricted site: HKU\S-1-5-21-500823600-1963862842-10735164-1005\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-500823600-1963862842-10735164-1005\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-500823600-1963862842-10735164-1005\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-500823600-1963862842-10735164-1005\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-500823600-1963862842-10735164-1005\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-500823600-1963862842-10735164-1005\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-500823600-1963862842-10735164-1005\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-500823600-1963862842-10735164-1005\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-500823600-1963862842-10735164-1005\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-500823600-1963862842-10735164-1005\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-500823600-1963862842-10735164-1005\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-500823600-1963862842-10735164-1005\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-500823600-1963862842-10735164-1005\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-500823600-1963862842-10735164-1005\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-500823600-1963862842-10735164-1005\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-500823600-1963862842-10735164-1005\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-500823600-1963862842-10735164-1005\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-500823600-1963862842-10735164-1005\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-500823600-1963862842-10735164-1005\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-500823600-1963862842-10735164-1005\...\123simsen.com -> www.123simsen.com There are 7885 more sites. ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2005-08-16 06:18 - 2016-04-10 20:00 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) DNS Servers: 75.75.75.75 - 75.75.76.76 Windows Firewall is disabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) DomainProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe] => Enabled:AOL DomainProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe] => Enabled:AOL DomainProfile\AuthorizedApplications: [C:\Program Files\America Online 9.0\waol.exe] => Enabled:AOL StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe] => Enabled:AOL StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe] => Enabled:AOL StandardProfile\AuthorizedApplications: [C:\Program Files\America Online 9.0\waol.exe] => Enabled:AOL StandardProfile\AuthorizedApplications: [C:\Program Files\Grisoft\AVG7\avginet.exe] => Enabled:avginet.exe StandardProfile\AuthorizedApplications: [C:\Program Files\Grisoft\AVG7\avgamsvr.exe] => Enabled:avgamsvr.exe StandardProfile\AuthorizedApplications: [C:\Program Files\Grisoft\AVG7\avgcc.exe] => Enabled:avgcc.exe StandardProfile\AuthorizedApplications: [C:\Program Files\Grisoft\AVG7\avgemc.exe] => Enabled:avgemc.exe StandardProfile\AuthorizedApplications: [C:\Program Files\uTorrent\uTorrent.exe] => Enabled:µTorrent StandardProfile\AuthorizedApplications: [C:\Program Files\Messenger\msmsgs.exe] => Enabled:Windows Messenger StandardProfile\AuthorizedApplications: [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe] => Enabled:Yahoo! Messenger StandardProfile\AuthorizedApplications: [C:\Program Files\Yahoo!\Messenger\YServer.exe] => Enabled:Yahoo! FT Server StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\Loader\aolload.exe] => Enabled:AOL Loader StandardProfile\AuthorizedApplications: [C:\Program Files\Winamp Remote\bin\Orb.exe] => Enabled:Orb StandardProfile\AuthorizedApplications: [C:\Program Files\Winamp Remote\bin\OrbTray.exe] => Enabled:OrbTray StandardProfile\AuthorizedApplications: [C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe] => Enabled:Orb Stream Client StandardProfile\AuthorizedApplications: [C:\Program Files\AIM6\aim6.exe] => Enabled:AIM StandardProfile\AuthorizedApplications: [C:\Program Files\LimeWire\LimeWire.exe] => Enabled:LimeWire StandardProfile\AuthorizedApplications: [C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe] => Enabled:Render Manager StandardProfile\AuthorizedApplications: [C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe] => Enabled:Studio StandardProfile\AuthorizedApplications: [C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe] => Enabled:umi StandardProfile\AuthorizedApplications: [C:\Program Files\iTunes\iTunes.exe] => Enabled:iTunes StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007 ==================== Restore Points ========================= 10-04-2016 19:29:54 ComboFix created restore point 10-04-2016 20:48:12 System Checkpoint 11-04-2016 14:30:32 Software Distribution Service 3.0 ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: MyWebSearchService Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (04/09/2016 09:00:03 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application frst (2).exe, version 5.3.2016.1, faulting module frst (2).exe, version 5.3.2016.1, fault address 0x000211de. Processing media-specific event for [frst (2).exe!ws!] Error: (04/08/2016 07:47:18 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application iexplore.exe, version 8.0.6001.18372, faulting module mshtml.dll, version 8.0.6001.18372, fault address 0x00174ade. Processing media-specific event for [iexplore.exe!ws!] Error: (04/07/2016 01:43:00 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application iexplore.exe, version 8.0.6001.18372, faulting module mshtml.dll, version 8.0.6001.18372, fault address 0x00174ade. Processing media-specific event for [iexplore.exe!ws!] Error: (04/07/2016 01:36:36 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application mbam.exe, version 2.3.173.0, faulting module unknown, version 0.0.0.0, fault address 0x0ff108b6. Processing media-specific event for [mbam.exe!ws!] Error: (04/05/2016 08:16:42 PM) (Source: MsiInstaller) (EventID: 11601) (User: D5SLXJ91) Description: Product: Windows 7 Upgrade Advisor -- Disk full: Out of disk space -- Volume: 'C:'; required space: 13,516 KB; available space: 596 KB. Free some disk space and retry. Error: (04/05/2016 06:12:26 PM) (Source: Google Update) (EventID: 20) (User: NT AUTHORITY) Description: Network Request Error. Error: 0x80072ee4. Http status code: 0. Url=https://dl.google.com/update2/1.3.29.5/GoogleUpdateSetup.exe Trying config: source=IE, direct connection. trying BITS. Send request returned 0x80072ee4. Http status code 0. trying WinHTTP. Send request returned 0x80072f8f. Http status code 0. trying iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=auto, wpad=1, script=. trying BITS. Send request returned 0x80072ee4. Http status code 0. trying WinHTTP. Send request returned 0x80072f8f. Http status code 0. trying iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=IE, direct connection. trying BITS. Send request returned 0x80072ee4. Http status code 0. trying WinHTTP. Send request returned 0x80072f8f. Http status code 0. trying iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=auto, wpad=1, script=. trying BITS. Send request returned 0x80072ee4. Http status code 0. Error: (04/05/2016 06:11:02 PM) (Source: crypt32) (EventID: 11) (User: ) Description: Failed extract of third-party root list from auto update cab at: with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (04/05/2016 06:11:02 PM) (Source: crypt32) (EventID: 11) (User: ) Description: Failed extract of third-party root list from auto update cab at: with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (04/05/2016 06:05:55 PM) (Source: crypt32) (EventID: 11) (User: ) Description: Failed extract of third-party root list from auto update cab at: with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (04/05/2016 06:05:55 PM) (Source: crypt32) (EventID: 11) (User: ) Description: Failed extract of third-party root list from auto update cab at: with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. System errors: ============= Error: (04/11/2016 02:29:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error: %%1053 Error: (04/11/2016 02:29:04 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect. Error: (04/11/2016 02:28:02 PM) (Source: 0) (EventID: 49) (User: ) Description: \Device\HarddiskVolume2 Error: (04/11/2016 02:28:02 PM) (Source: 0) (EventID: 45) (User: ) Description: \Device\HarddiskVolume2 Error: (04/10/2016 09:40:45 PM) (Source: 0) (EventID: 8003) (User: ) Description: \Device\LanmanDatagramReceiverDADMAN-HPNetBT_Tcpip_{16E5C3BA-A3AE-44FF Error: (04/10/2016 08:23:28 PM) (Source: W32Time) (EventID: 29) (User: ) Description: The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 15 minutes. NtpClient has no source of accurate time. Error: (04/10/2016 08:23:28 PM) (Source: W32Time) (EventID: 17) (User: ) Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) Error: (04/10/2016 08:20:48 PM) (Source: W32Time) (EventID: 29) (User: ) Description: The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time. Error: (04/10/2016 08:20:48 PM) (Source: W32Time) (EventID: 17) (User: ) Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) Error: (04/10/2016 08:00:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error: %%1053 ==================== Memory info =========================== Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz Percentage of memory in use: 56% Total physical RAM: 1014.07 MB Available physical RAM: 441.63 MB Total Virtual: 2441.71 MB Available Virtual: 1659.58 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:69.82 GB) (Free:21.88 GB) NTFS ==>[drive with boot components (Windows XP)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 74.5 GB) (Disk ID: E686F016) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Active) - (Size=69.8 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=4.6 GB) - (Type=DB) ==================== End of Addition.txt ============================