Here are the logs
FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-04-2015 01
Ran by Administrator (administrator) on ANTONY-3054D97E on 15-04-2015 17:34:06
Running from C:\Documents and Settings\Administrator\My Documents\Downloads\Programs
Loaded Profiles: Administrator (Available profiles: Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Opera)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IObit) C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 8\Monitor.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Zbshareware Lab) C:\Program Files\USB Disk Security\USBGuard.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(LG Electronics) C:\Documents and Settings\Administrator\Bluebirds\BlueBirds.exe
(Tonec Inc.) D:\idm\Internet Download Manager\IDMan.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
() C:\Program Files\Garena Plus\ggdllhost.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Tonec Inc.) D:\idm\Internet Download Manager\IEMonitor.exe
(IObit) C:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe
() C:\Program Files\IObit\Advanced SystemCare 8\RealTimeProtector.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
() C:\Program Files\Garena Plus\GarenaMessenger.exe
(BitTorrent Inc.) C:\Documents and Settings\Administrator\Application Data\BitTorrent\BitTorrent.exe
(Opera Software) C:\Program Files\Opera\28.0.1750.51\opera.exe
() C:\Program Files\Opera\28.0.1750.51\opera_crashreporter.exe
(Opera Software) C:\Program Files\Opera\28.0.1750.51\opera.exe
(Opera Software) C:\Program Files\Opera\28.0.1750.51\opera.exe
(Opera Software) C:\Program Files\Opera\28.0.1750.51\opera.exe
(Opera Software) C:\Program Files\Opera\28.0.1750.51\opera.exe
(Opera Software) C:\Program Files\Opera\28.0.1750.51\opera.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [17567744 2009-03-27] (Realtek Semiconductor Corp.)
HKLM\...\Run: [USB Security] => C:\Program Files\USB Disk Security\USBGuard.exe [623520 2011-01-31] (Zbshareware Lab)
HKLM\...\Run: [ApnTBMon] => C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [2005896 2015-03-26] (APN)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS6ServiceManager] => C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKU\S-1-5-21-299502267-1935655697-1417001333-500\...\Run: [bluebirds] => C:\Documents and Settings\Administrator\Bluebirds\BlueBirds.exe [270336 2009-04-29] (LG Electronics)
HKU\S-1-5-21-299502267-1935655697-1417001333-500\...\Run: [GarenaPlus] => C:\Program Files\Garena Plus\GarenaMessenger.exe [9981528 2015-01-20] ()
HKU\S-1-5-21-299502267-1935655697-1417001333-500\...\Run: [IDMan] => D:\idm\Internet Download Manager\IDMan.exe [3604048 2013-06-20] (Tonec Inc.)
HKU\S-1-5-21-299502267-1935655697-1417001333-500\...\Run: [AlcoholAutomount] => C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
HKU\S-1-5-21-299502267-1935655697-1417001333-500\...\Run: [Advanced SystemCare 8] => C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe [2429728 2015-04-08] (IObit)
HKU\S-1-5-21-299502267-1935655697-1417001333-500\...\MountPoints2: {561a9b10-dc1e-11e2-9771-806d6172696f} - G:\BlueBirds.exe
HKU\S-1-5-21-299502267-1935655697-1417001333-500\...\MountPoints2: {855889d6-6cac-11e3-9712-002618bd9288} - H:\.\StartModem.exe
HKU\S-1-5-21-299502267-1935655697-1417001333-500\...\MountPoints2: {e2419e63-e178-11e2-95ee-002618bd9288} - I:\setup.exe
HKU\S-1-5-21-299502267-1935655697-1417001333-500\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\SNOWYDSK.SCR
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => D:\idm\Internet Download Manager\IDMShellExt.dll (Tonec Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-299502267-1935655697-1417001333-500\Software\Microsoft\Internet Explorer\Main,Start Page =
https://www.google.com
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> D:\idm\Internet Download Manager\IDMIECC.dll [2013-06-20] (Internet Download Manager, Tonec Inc.)
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll [2015-04-14] (IObit)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-12-22] (Oracle Corporation)
BHO: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2015-04-01] (IObit)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-12-22] (Oracle Corporation)
Toolbar: HKLM - ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll [2015-04-14] (IObit)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 5.104.175.150 8.8.8.8
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a1zf5h3p.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com/
FF DefaultSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll [2013-06-27] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-07] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-12-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-12-22] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2007-11-07] (Microsoft Corporation)
FF Plugin: @t.garena.com/garenatalk -> C:\Program Files\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2015-01-16] ( Garena)
FF Plugin: @videolan.org/vlc,version=1.1.0-rc -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2010-05-21] (the VideoLAN Team)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-09-26] (Adobe Systems Inc.)
FF user.js: detected! => C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a1zf5h3p.default\user.js [2015-04-14]
FF Extension: Weather Now - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a1zf5h3p.default\Extensions\
[email protected] [2013-06-27]
FF Extension: Advanced SystemCare Surfing Protection - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a1zf5h3p.default\Extensions\
[email protected] [2015-04-14]
FF Extension: Firebug - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a1zf5h3p.default\Extensions\
[email protected] [2013-07-06]
FF HKU\S-1-5-21-299502267-1935655697-1417001333-500\...\Firefox\Extensions: [
[email protected]] - C:\Documents and Settings\Administrator\Application Data\IDM\idmmzcc5
FF Extension: IDM CC - C:\Documents and Settings\Administrator\Application Data\IDM\idmmzcc5 [2014-04-15]
FF HKU\S-1-5-21-299502267-1935655697-1417001333-500\...\SeaMonkey\Extensions: [
[email protected]] - C:\Documents and Settings\Administrator\Application Data\IDM\idmmzcc5
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [dchmpbaclbiioedakpcldenooikekokm] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [dgadkdfaoaaboghcnjmbcppkalapgkmb] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [jmolcgpienlcieaajfkkdamlngancncm] - D:\idm\Internet Download Manager\IDMGCExt.crx [2013-06-20]
CHR HKLM\...\Chrome\Extension: [kllhllgiijehpamgcmeciagegjecoaod] - No Path Or update_url value
CHR HKU\S-1-5-21-299502267-1935655697-1417001333-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - No Path Or update_url value
CHR HKU\S-1-5-21-299502267-1935655697-1417001333-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dchmpbaclbiioedakpcldenooikekokm] - No Path Or update_url value
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdvancedSystemCareService8; C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe [814880 2015-04-03] (IObit)
S4 Apache2.2; C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe [20549 2012-01-28] (Apache Software Foundation) [File not signed]
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [180632 2015-03-26] (APN LLC.)
S4 AxAutoMntSrv; C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
S4 idsvc; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [864256 2007-10-11] (Microsoft Corporation) [File not signed]
S4 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-22] (Oracle Corporation)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2585376 2015-03-26] (IObit)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S4 NetTcpPortSharing; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [122880 2007-10-11] (Microsoft Corporation) [File not signed]
S4 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
S4 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-24] (StarWind Software) [File not signed]
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
R1 IDMTDI; C:\WINDOWS\System32\DRIVERS\idmtdi.sys [115912 2013-05-25] (Tonec Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [119512 2015-04-15] (Malwarebytes Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
S3 mtkmbim; C:\WINDOWS\System32\DRIVERS\mtkmbimx.sys [176896 2012-12-13] (MediaTek Inc.)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-14] ()
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [320120 2014-08-04] (Duplex Secure Ltd.)
S3 wdf_usb; C:\WINDOWS\System32\DRIVERS\usb2ser.sys [68480 2013-02-21] (MediaTek Inc.)
R3 cpuz137; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cpuz137\cpuz137_x32.sys [X]
S3 GGSAFERDriver; No ImagePath
S4 IntelIde; No ImagePath
U1 WS2IFSL; No ImagePath
U3 acqdwj3n; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-15 17:34 - 2015-04-15 17:34 - 00000000 ____D () C:\FRST
2015-04-14 20:43 - 2015-04-15 10:41 - 00000414 _____ () C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1429024374.job
2015-04-14 20:43 - 2015-04-14 20:43 - 00000675 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk
2015-04-14 20:43 - 2015-04-14 20:43 - 00000675 _____ () C:\Documents and Settings\All Users\Desktop\Opera.lnk
2015-04-14 20:33 - 2015-04-14 20:43 - 00000000 ____D () C:\Program Files\Opera
2015-04-14 19:57 - 2015-04-15 13:23 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-04-14 19:56 - 2015-04-14 19:56 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-14 19:56 - 2015-04-14 19:56 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-04-14 19:56 - 2015-04-14 19:56 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-14 19:56 - 2015-04-14 19:56 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2015-04-14 19:56 - 2015-03-17 06:15 - 00120024 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-04-14 19:56 - 2015-03-17 06:15 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-04-14 19:44 - 2015-04-14 19:44 - 00000104 _____ () C:\Documents and Settings\Administrator\Desktop\Internet.lnk
2015-04-14 19:30 - 2015-04-15 10:41 - 00000236 _____ () C:\WINDOWS\wiadebug.log
2015-04-14 19:30 - 2015-04-15 10:41 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-04-14 19:30 - 2015-04-14 19:30 - 00000000 _____ () C:\WINDOWS\Sti_Trace.log
2015-04-14 17:24 - 2015-04-14 19:23 - 28872704 _____ () C:\WINDOWS\system32\config\software.iobit
2015-04-14 17:24 - 2015-04-14 19:23 - 00286720 _____ () C:\WINDOWS\system32\config\default.iobit
2015-04-14 17:24 - 2015-04-14 19:23 - 00053248 _____ () C:\WINDOWS\system32\config\SECURITY.iobit
2015-04-14 17:24 - 2015-04-14 19:23 - 00028672 _____ () C:\WINDOWS\system32\config\SAM.iobit
2015-04-14 16:37 - 2015-04-15 10:41 - 00000296 _____ () C:\WINDOWS\Tasks\ASC8_PerformanceMonitor.job
2015-04-14 16:37 - 2015-04-14 16:38 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\ProductData
2015-04-14 16:36 - 2015-04-14 18:32 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\IObit
2015-04-14 16:36 - 2015-04-14 18:30 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ProductData
2015-04-14 16:36 - 2015-04-14 18:06 - 00001822 _____ () C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 8.lnk
2015-04-14 16:36 - 2015-04-14 16:36 - 00000000 ____D () C:\WINDOWS\Tasks\ImCleanDisabled
2015-04-14 16:36 - 2015-04-14 16:36 - 00000000 ____D () C:\Program Files\Common Files\IObit
2015-04-14 16:36 - 2015-04-14 16:36 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Advanced SystemCare 8
2015-04-14 16:36 - 2015-04-14 16:36 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-04-14 16:36 - 2015-04-14 16:36 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Apple Computer
2015-04-14 16:35 - 2015-04-14 19:29 - 00000000 ____D () C:\Program Files\IObit
2015-04-14 15:50 - 2015-04-14 15:50 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-04-14 14:48 - 2015-04-14 20:24 - 00000000 ____D () C:\Program Files\RichMediaViewV1
2015-04-14 14:48 - 2015-04-14 20:24 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\FoxTab
2015-04-14 14:48 - 2015-04-14 14:48 - 00000000 ____D () C:\Program Files\Conduit
2015-04-14 14:48 - 2015-04-14 14:48 - 00000000 ____D () C:\Program Files\AskPartnerNetwork
2015-04-14 14:48 - 2015-04-14 14:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Babylon
2015-04-14 14:48 - 2015-04-14 14:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork
2015-04-14 14:48 - 2015-04-14 14:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\APN
2015-04-14 14:48 - 2015-04-14 14:48 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\VNT
2015-04-14 14:48 - 2015-04-14 14:48 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit
2015-04-14 14:48 - 2015-04-14 14:48 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\AskPartnerNetwork
2015-04-14 14:48 - 2015-04-14 14:48 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Babylon
2015-04-14 14:34 - 2015-04-14 14:34 - 00081920 _____ () C:\WINDOWS\Minidump\Mini041415-01.dmp
2015-04-14 14:19 - 2015-04-14 14:50 - 00000000 ____D () C:\Program Files\SystemConserve
2015-04-14 14:18 - 2015-04-14 14:48 - 00000000 ____D () C:\Program Files\Play
2015-04-14 14:17 - 2015-04-14 14:48 - 00000000 ____D () C:\Program Files\bestadblocker
2015-04-14 14:15 - 2015-04-14 14:15 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\cncaklookhiljnimkipmolldampgfcmf
2015-04-14 13:50 - 2015-04-14 14:01 - 00000000 ____D () C:\AdwCleaner
2015-04-14 13:40 - 2015-04-14 13:43 - 00000000 ____D () C:\sh4ldr(2)
2015-04-14 11:52 - 2015-04-14 11:52 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-04-06 15:56 - 2015-04-06 15:56 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\Tor Browser
2015-03-22 15:14 - 2015-03-22 15:14 - 00081920 _____ () C:\WINDOWS\Minidump\Mini032215-01.dmp
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-15 17:34 - 2013-06-23 16:22 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
2015-04-15 17:32 - 2013-06-30 00:00 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\BitTorrent
2015-04-15 17:30 - 2014-01-30 10:30 - 00000416 _____ () C:\WINDOWS\Tasks\At2.job
2015-04-15 17:30 - 2013-11-03 22:30 - 00000416 _____ () C:\WINDOWS\Tasks\At1.job
2015-04-15 14:54 - 2013-06-27 11:32 - 00000000 ____D () C:\Program Files\The KMPlayer
2015-04-15 14:25 - 2013-06-27 16:25 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
2015-04-15 14:09 - 2014-04-15 18:59 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\IDM
2015-04-15 13:25 - 2013-06-24 08:53 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\GarenaPlus
2015-04-15 13:25 - 2013-06-23 16:45 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\GarenaMessenger
2015-04-15 11:56 - 2013-06-23 16:45 - 00000000 ____D () C:\Program Files\Garena Plus
2015-04-15 10:42 - 2013-06-23 16:18 - 01532801 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-15 10:41 - 2013-06-23 16:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-15 10:40 - 2013-06-23 21:33 - 00000000 ____D () C:\WINDOWS\system
2015-04-14 21:41 - 2013-06-23 16:22 - 00012618 _____ () C:\WINDOWS\SchedLgU.Txt
2015-04-14 21:41 - 2013-06-23 16:22 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2015-04-14 21:11 - 2014-03-22 08:50 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\vam
2015-04-14 20:43 - 2013-11-10 14:05 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Opera Software
2015-04-14 20:26 - 2013-07-21 18:32 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2723135-v2$
2015-04-14 20:24 - 2014-01-30 10:30 - 00000000 ____D () C:\Documents and Settings\NetworkService\Application Data\FoxTab
2015-04-14 20:24 - 2013-09-01 08:57 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\CRE
2015-04-14 19:36 - 2013-06-23 16:43 - 00000000 ____D () C:\Program Files\Google
2015-04-14 19:36 - 2013-06-23 16:43 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2015-04-14 19:35 - 2013-06-23 16:36 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\DMCache
2015-04-14 19:23 - 2013-06-23 16:22 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2015-04-14 19:23 - 2013-06-23 16:22 - 00000000 __SHD () C:\Documents and Settings\LocalService
2015-04-14 18:30 - 2014-09-06 17:41 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\IObit
2015-04-14 18:13 - 2013-06-23 16:22 - 00000178 ___SH () C:\Documents and Settings\LocalService\ntuser.ini
2015-04-14 17:44 - 2013-07-02 21:34 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
2015-04-14 16:36 - 2013-06-23 16:22 - 00000000 ____D () C:\Documents and Settings\Administrator
2015-04-14 16:14 - 2013-06-23 21:38 - 00000211 ___SH () C:\boot.ini
2015-04-14 16:14 - 2004-08-04 17:30 - 00000791 _____ () C:\WINDOWS\win.ini
2015-04-14 16:14 - 2004-08-04 17:30 - 00000227 _____ () C:\WINDOWS\system.ini
2015-04-14 15:30 - 2013-12-19 13:30 - 00000103 _____ () C:\Documents and Settings\NetworkService\Application Data\WB.CFG
2015-04-14 14:51 - 2004-08-04 17:30 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2015-04-14 14:49 - 2013-06-23 16:15 - 00000000 ____D () C:\WINDOWS\Registration
2015-04-14 14:46 - 2013-06-23 16:45 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\vlc
2015-04-14 13:00 - 2013-06-23 16:22 - 00001593 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2015-04-14 13:00 - 2013-06-23 16:19 - 00001593 _____ () C:\Documents and Settings\Default User\Start Menu\Programs\Remote Assistance.lnk
2015-04-14 13:00 - 2013-06-23 16:19 - 00001507 _____ () C:\Documents and Settings\All Users\Start Menu\Windows Update.lnk
2015-04-03 20:34 - 2013-06-23 16:24 - 00075776 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-01 20:30 - 2013-12-23 00:30 - 00000256 _____ () C:\Documents and Settings\Administrator\Application Data\WB.CFG
2015-03-22 15:14 - 2014-05-30 14:16 - 00000000 ____D () C:\WINDOWS\Minidump
2015-03-21 12:44 - 2013-11-27 22:29 - 00000038 _____ () C:\WINDOWS\AviSplitter.INI
2015-03-20 19:21 - 2014-05-30 15:06 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\FlowStone
2015-03-19 18:12 - 2014-09-07 18:24 - 00000499 _____ () C:\Documents and Settings\Administrator\Desktop\vargheses phone.txt
==================== Files in the root of some directories =======
2013-09-19 14:35 - 2013-09-19 14:37 - 0000364 _____ () C:\Documents and Settings\Administrator\Application Data\burnaware.ini
2013-06-24 09:25 - 2015-01-24 12:40 - 0045194 _____ () C:\Documents and Settings\Administrator\Application Data\room_v3.dat
2013-12-23 00:30 - 2015-04-01 20:30 - 0000256 _____ () C:\Documents and Settings\Administrator\Application Data\WB.CFG
2013-06-23 16:24 - 2015-04-03 20:34 - 0075776 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-05 22:37 - 2014-04-05 22:37 - 0000090 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\FASTWiz.log
Files to move or delete:
====================
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
Some content of TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\ASCSetup_1323593.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\avgnt.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-04-2015 01
Ran by Administrator (administrator) on ANTONY-3054D97E on 15-04-2015 17:34:06
Running from C:\Documents and Settings\Administrator\My Documents\Downloads\Programs
Loaded Profiles: Administrator (Available profiles: Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Opera)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IObit) C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 8\Monitor.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Zbshareware Lab) C:\Program Files\USB Disk Security\USBGuard.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(LG Electronics) C:\Documents and Settings\Administrator\Bluebirds\BlueBirds.exe
(Tonec Inc.) D:\idm\Internet Download Manager\IDMan.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
() C:\Program Files\Garena Plus\ggdllhost.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Tonec Inc.) D:\idm\Internet Download Manager\IEMonitor.exe
(IObit) C:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe
() C:\Program Files\IObit\Advanced SystemCare 8\RealTimeProtector.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
() C:\Program Files\Garena Plus\GarenaMessenger.exe
(BitTorrent Inc.) C:\Documents and Settings\Administrator\Application Data\BitTorrent\BitTorrent.exe
(Opera Software) C:\Program Files\Opera\28.0.1750.51\opera.exe
() C:\Program Files\Opera\28.0.1750.51\opera_crashreporter.exe
(Opera Software) C:\Program Files\Opera\28.0.1750.51\opera.exe
(Opera Software) C:\Program Files\Opera\28.0.1750.51\opera.exe
(Opera Software) C:\Program Files\Opera\28.0.1750.51\opera.exe
(Opera Software) C:\Program Files\Opera\28.0.1750.51\opera.exe
(Opera Software) C:\Program Files\Opera\28.0.1750.51\opera.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [17567744 2009-03-27] (Realtek Semiconductor Corp.)
HKLM\...\Run: [USB Security] => C:\Program Files\USB Disk Security\USBGuard.exe [623520 2011-01-31] (Zbshareware Lab)
HKLM\...\Run: [ApnTBMon] => C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [2005896 2015-03-26] (APN)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS6ServiceManager] => C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKU\S-1-5-21-299502267-1935655697-1417001333-500\...\Run: [bluebirds] => C:\Documents and Settings\Administrator\Bluebirds\BlueBirds.exe [270336 2009-04-29] (LG Electronics)
HKU\S-1-5-21-299502267-1935655697-1417001333-500\...\Run: [GarenaPlus] => C:\Program Files\Garena Plus\GarenaMessenger.exe [9981528 2015-01-20] ()
HKU\S-1-5-21-299502267-1935655697-1417001333-500\...\Run: [IDMan] => D:\idm\Internet Download Manager\IDMan.exe [3604048 2013-06-20] (Tonec Inc.)
HKU\S-1-5-21-299502267-1935655697-1417001333-500\...\Run: [AlcoholAutomount] => C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
HKU\S-1-5-21-299502267-1935655697-1417001333-500\...\Run: [Advanced SystemCare 8] => C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe [2429728 2015-04-08] (IObit)
HKU\S-1-5-21-299502267-1935655697-1417001333-500\...\MountPoints2: {561a9b10-dc1e-11e2-9771-806d6172696f} - G:\BlueBirds.exe
HKU\S-1-5-21-299502267-1935655697-1417001333-500\...\MountPoints2: {855889d6-6cac-11e3-9712-002618bd9288} - H:\.\StartModem.exe
HKU\S-1-5-21-299502267-1935655697-1417001333-500\...\MountPoints2: {e2419e63-e178-11e2-95ee-002618bd9288} - I:\setup.exe
HKU\S-1-5-21-299502267-1935655697-1417001333-500\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\SNOWYDSK.SCR
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => D:\idm\Internet Download Manager\IDMShellExt.dll (Tonec Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-299502267-1935655697-1417001333-500\Software\Microsoft\Internet Explorer\Main,Start Page =
https://www.google.com
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> D:\idm\Internet Download Manager\IDMIECC.dll [2013-06-20] (Internet Download Manager, Tonec Inc.)
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll [2015-04-14] (IObit)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-12-22] (Oracle Corporation)
BHO: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2015-04-01] (IObit)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-12-22] (Oracle Corporation)
Toolbar: HKLM - ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll [2015-04-14] (IObit)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 5.104.175.150 8.8.8.8
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a1zf5h3p.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com/
FF DefaultSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll [2013-06-27] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-07] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-12-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-12-22] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2007-11-07] (Microsoft Corporation)
FF Plugin: @t.garena.com/garenatalk -> C:\Program Files\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2015-01-16] ( Garena)
FF Plugin: @videolan.org/vlc,version=1.1.0-rc -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2010-05-21] (the VideoLAN Team)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-09-26] (Adobe Systems Inc.)
FF user.js: detected! => C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a1zf5h3p.default\user.js [2015-04-14]
FF Extension: Weather Now - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a1zf5h3p.default\Extensions\
[email protected] [2013-06-27]
FF Extension: Advanced SystemCare Surfing Protection - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a1zf5h3p.default\Extensions\
[email protected] [2015-04-14]
FF Extension: Firebug - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a1zf5h3p.default\Extensions\
[email protected] [2013-07-06]
FF HKU\S-1-5-21-299502267-1935655697-1417001333-500\...\Firefox\Extensions: [
[email protected]] - C:\Documents and Settings\Administrator\Application Data\IDM\idmmzcc5
FF Extension: IDM CC - C:\Documents and Settings\Administrator\Application Data\IDM\idmmzcc5 [2014-04-15]
FF HKU\S-1-5-21-299502267-1935655697-1417001333-500\...\SeaMonkey\Extensions: [
[email protected]] - C:\Documents and Settings\Administrator\Application Data\IDM\idmmzcc5
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [dchmpbaclbiioedakpcldenooikekokm] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [dgadkdfaoaaboghcnjmbcppkalapgkmb] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [jmolcgpienlcieaajfkkdamlngancncm] - D:\idm\Internet Download Manager\IDMGCExt.crx [2013-06-20]
CHR HKLM\...\Chrome\Extension: [kllhllgiijehpamgcmeciagegjecoaod] - No Path Or update_url value
CHR HKU\S-1-5-21-299502267-1935655697-1417001333-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - No Path Or update_url value
CHR HKU\S-1-5-21-299502267-1935655697-1417001333-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dchmpbaclbiioedakpcldenooikekokm] - No Path Or update_url value
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdvancedSystemCareService8; C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe [814880 2015-04-03] (IObit)
S4 Apache2.2; C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe [20549 2012-01-28] (Apache Software Foundation) [File not signed]
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [180632 2015-03-26] (APN LLC.)
S4 AxAutoMntSrv; C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
S4 idsvc; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [864256 2007-10-11] (Microsoft Corporation) [File not signed]
S4 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-22] (Oracle Corporation)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2585376 2015-03-26] (IObit)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S4 NetTcpPortSharing; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [122880 2007-10-11] (Microsoft Corporation) [File not signed]
S4 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
S4 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-24] (StarWind Software) [File not signed]
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
R1 IDMTDI; C:\WINDOWS\System32\DRIVERS\idmtdi.sys [115912 2013-05-25] (Tonec Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [119512 2015-04-15] (Malwarebytes Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
S3 mtkmbim; C:\WINDOWS\System32\DRIVERS\mtkmbimx.sys [176896 2012-12-13] (MediaTek Inc.)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-14] ()
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [320120 2014-08-04] (Duplex Secure Ltd.)
S3 wdf_usb; C:\WINDOWS\System32\DRIVERS\usb2ser.sys [68480 2013-02-21] (MediaTek Inc.)
R3 cpuz137; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cpuz137\cpuz137_x32.sys [X]
S3 GGSAFERDriver; No ImagePath
S4 IntelIde; No ImagePath
U1 WS2IFSL; No ImagePath
U3 acqdwj3n; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-15 17:34 - 2015-04-15 17:34 - 00000000 ____D () C:\FRST
2015-04-14 20:43 - 2015-04-15 10:41 - 00000414 _____ () C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1429024374.job
2015-04-14 20:43 - 2015-04-14 20:43 - 00000675 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk
2015-04-14 20:43 - 2015-04-14 20:43 - 00000675 _____ () C:\Documents and Settings\All Users\Desktop\Opera.lnk
2015-04-14 20:33 - 2015-04-14 20:43 - 00000000 ____D () C:\Program Files\Opera
2015-04-14 19:57 - 2015-04-15 13:23 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-04-14 19:56 - 2015-04-14 19:56 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-14 19:56 - 2015-04-14 19:56 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-04-14 19:56 - 2015-04-14 19:56 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-14 19:56 - 2015-04-14 19:56 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2015-04-14 19:56 - 2015-03-17 06:15 - 00120024 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-04-14 19:56 - 2015-03-17 06:15 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-04-14 19:44 - 2015-04-14 19:44 - 00000104 _____ () C:\Documents and Settings\Administrator\Desktop\Internet.lnk
2015-04-14 19:30 - 2015-04-15 10:41 - 00000236 _____ () C:\WINDOWS\wiadebug.log
2015-04-14 19:30 - 2015-04-15 10:41 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-04-14 19:30 - 2015-04-14 19:30 - 00000000 _____ () C:\WINDOWS\Sti_Trace.log
2015-04-14 17:24 - 2015-04-14 19:23 - 28872704 _____ () C:\WINDOWS\system32\config\software.iobit
2015-04-14 17:24 - 2015-04-14 19:23 - 00286720 _____ () C:\WINDOWS\system32\config\default.iobit
2015-04-14 17:24 - 2015-04-14 19:23 - 00053248 _____ () C:\WINDOWS\system32\config\SECURITY.iobit
2015-04-14 17:24 - 2015-04-14 19:23 - 00028672 _____ () C:\WINDOWS\system32\config\SAM.iobit
2015-04-14 16:37 - 2015-04-15 10:41 - 00000296 _____ () C:\WINDOWS\Tasks\ASC8_PerformanceMonitor.job
2015-04-14 16:37 - 2015-04-14 16:38 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\ProductData
2015-04-14 16:36 - 2015-04-14 18:32 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\IObit
2015-04-14 16:36 - 2015-04-14 18:30 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ProductData
2015-04-14 16:36 - 2015-04-14 18:06 - 00001822 _____ () C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 8.lnk
2015-04-14 16:36 - 2015-04-14 16:36 - 00000000 ____D () C:\WINDOWS\Tasks\ImCleanDisabled
2015-04-14 16:36 - 2015-04-14 16:36 - 00000000 ____D () C:\Program Files\Common Files\IObit
2015-04-14 16:36 - 2015-04-14 16:36 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Advanced SystemCare 8
2015-04-14 16:36 - 2015-04-14 16:36 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-04-14 16:36 - 2015-04-14 16:36 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Apple Computer
2015-04-14 16:35 - 2015-04-14 19:29 - 00000000 ____D () C:\Program Files\IObit
2015-04-14 15:50 - 2015-04-14 15:50 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-04-14 14:48 - 2015-04-14 20:24 - 00000000 ____D () C:\Program Files\RichMediaViewV1
2015-04-14 14:48 - 2015-04-14 20:24 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\FoxTab
2015-04-14 14:48 - 2015-04-14 14:48 - 00000000 ____D () C:\Program Files\Conduit
2015-04-14 14:48 - 2015-04-14 14:48 - 00000000 ____D () C:\Program Files\AskPartnerNetwork
2015-04-14 14:48 - 2015-04-14 14:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Babylon
2015-04-14 14:48 - 2015-04-14 14:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork
2015-04-14 14:48 - 2015-04-14 14:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\APN
2015-04-14 14:48 - 2015-04-14 14:48 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\VNT
2015-04-14 14:48 - 2015-04-14 14:48 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit
2015-04-14 14:48 - 2015-04-14 14:48 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\AskPartnerNetwork
2015-04-14 14:48 - 2015-04-14 14:48 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Babylon
2015-04-14 14:34 - 2015-04-14 14:34 - 00081920 _____ () C:\WINDOWS\Minidump\Mini041415-01.dmp
2015-04-14 14:19 - 2015-04-14 14:50 - 00000000 ____D () C:\Program Files\SystemConserve
2015-04-14 14:18 - 2015-04-14 14:48 - 00000000 ____D () C:\Program Files\Play
2015-04-14 14:17 - 2015-04-14 14:48 - 00000000 ____D () C:\Program Files\bestadblocker
2015-04-14 14:15 - 2015-04-14 14:15 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\cncaklookhiljnimkipmolldampgfcmf
2015-04-14 13:50 - 2015-04-14 14:01 - 00000000 ____D () C:\AdwCleaner
2015-04-14 13:40 - 2015-04-14 13:43 - 00000000 ____D () C:\sh4ldr(2)
2015-04-14 11:52 - 2015-04-14 11:52 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-04-06 15:56 - 2015-04-06 15:56 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\Tor Browser
2015-03-22 15:14 - 2015-03-22 15:14 - 00081920 _____ () C:\WINDOWS\Minidump\Mini032215-01.dmp
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-15 17:34 - 2013-06-23 16:22 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
2015-04-15 17:32 - 2013-06-30 00:00 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\BitTorrent
2015-04-15 17:30 - 2014-01-30 10:30 - 00000416 _____ () C:\WINDOWS\Tasks\At2.job
2015-04-15 17:30 - 2013-11-03 22:30 - 00000416 _____ () C:\WINDOWS\Tasks\At1.job
2015-04-15 14:54 - 2013-06-27 11:32 - 00000000 ____D () C:\Program Files\The KMPlayer
2015-04-15 14:25 - 2013-06-27 16:25 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
2015-04-15 14:09 - 2014-04-15 18:59 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\IDM
2015-04-15 13:25 - 2013-06-24 08:53 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\GarenaPlus
2015-04-15 13:25 - 2013-06-23 16:45 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\GarenaMessenger
2015-04-15 11:56 - 2013-06-23 16:45 - 00000000 ____D () C:\Program Files\Garena Plus
2015-04-15 10:42 - 2013-06-23 16:18 - 01532801 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-15 10:41 - 2013-06-23 16:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-15 10:40 - 2013-06-23 21:33 - 00000000 ____D () C:\WINDOWS\system
2015-04-14 21:41 - 2013-06-23 16:22 - 00012618 _____ () C:\WINDOWS\SchedLgU.Txt
2015-04-14 21:41 - 2013-06-23 16:22 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2015-04-14 21:11 - 2014-03-22 08:50 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\vam
2015-04-14 20:43 - 2013-11-10 14:05 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Opera Software
2015-04-14 20:26 - 2013-07-21 18:32 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2723135-v2$
2015-04-14 20:24 - 2014-01-30 10:30 - 00000000 ____D () C:\Documents and Settings\NetworkService\Application Data\FoxTab
2015-04-14 20:24 - 2013-09-01 08:57 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\CRE
2015-04-14 19:36 - 2013-06-23 16:43 - 00000000 ____D () C:\Program Files\Google
2015-04-14 19:36 - 2013-06-23 16:43 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2015-04-14 19:35 - 2013-06-23 16:36 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\DMCache
2015-04-14 19:23 - 2013-06-23 16:22 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2015-04-14 19:23 - 2013-06-23 16:22 - 00000000 __SHD () C:\Documents and Settings\LocalService
2015-04-14 18:30 - 2014-09-06 17:41 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\IObit
2015-04-14 18:13 - 2013-06-23 16:22 - 00000178 ___SH () C:\Documents and Settings\LocalService\ntuser.ini
2015-04-14 17:44 - 2013-07-02 21:34 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
2015-04-14 16:36 - 2013-06-23 16:22 - 00000000 ____D () C:\Documents and Settings\Administrator
2015-04-14 16:14 - 2013-06-23 21:38 - 00000211 ___SH () C:\boot.ini
2015-04-14 16:14 - 2004-08-04 17:30 - 00000791 _____ () C:\WINDOWS\win.ini
2015-04-14 16:14 - 2004-08-04 17:30 - 00000227 _____ () C:\WINDOWS\system.ini
2015-04-14 15:30 - 2013-12-19 13:30 - 00000103 _____ () C:\Documents and Settings\NetworkService\Application Data\WB.CFG
2015-04-14 14:51 - 2004-08-04 17:30 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2015-04-14 14:49 - 2013-06-23 16:15 - 00000000 ____D () C:\WINDOWS\Registration
2015-04-14 14:46 - 2013-06-23 16:45 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\vlc
2015-04-14 13:00 - 2013-06-23 16:22 - 00001593 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2015-04-14 13:00 - 2013-06-23 16:19 - 00001593 _____ () C:\Documents and Settings\Default User\Start Menu\Programs\Remote Assistance.lnk
2015-04-14 13:00 - 2013-06-23 16:19 - 00001507 _____ () C:\Documents and Settings\All Users\Start Menu\Windows Update.lnk
2015-04-03 20:34 - 2013-06-23 16:24 - 00075776 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-01 20:30 - 2013-12-23 00:30 - 00000256 _____ () C:\Documents and Settings\Administrator\Application Data\WB.CFG
2015-03-22 15:14 - 2014-05-30 14:16 - 00000000 ____D () C:\WINDOWS\Minidump
2015-03-21 12:44 - 2013-11-27 22:29 - 00000038 _____ () C:\WINDOWS\AviSplitter.INI
2015-03-20 19:21 - 2014-05-30 15:06 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\FlowStone
2015-03-19 18:12 - 2014-09-07 18:24 - 00000499 _____ () C:\Documents and Settings\Administrator\Desktop\vargheses phone.txt
==================== Files in the root of some directories =======
2013-09-19 14:35 - 2013-09-19 14:37 - 0000364 _____ () C:\Documents and Settings\Administrator\Application Data\burnaware.ini
2013-06-24 09:25 - 2015-01-24 12:40 - 0045194 _____ () C:\Documents and Settings\Administrator\Application Data\room_v3.dat
2013-12-23 00:30 - 2015-04-01 20:30 - 0000256 _____ () C:\Documents and Settings\Administrator\Application Data\WB.CFG
2013-06-23 16:24 - 2015-04-03 20:34 - 0075776 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-05 22:37 - 2014-04-05 22:37 - 0000090 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\FASTWiz.log
Files to move or delete:
====================
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
Some content of TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\ASCSetup_1323593.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\avgnt.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
Addition.txt
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-04-2015 01
Ran by Administrator at 2015-04-15 17:35:26
Running from C:\Documents and Settings\Administrator\My Documents\Downloads\Programs
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.7.700.202 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.05 - Adobe Systems Incorporated)
Advanced SystemCare 8 (HKLM\...\Advanced SystemCare 8_is1) (Version: 8.2.0 - IObit)
Apache HTTP Server 2.2.22 (HKLM\...\{85262A06-2D8C-4BC1-B6ED-5A705D09CFFC}) (Version: 2.2.22 - Apache Software Foundation)
ASIO4ALL (HKLM\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
BitTorrent (HKU\S-1-5-21-299502267-1935655697-1417001333-500\...\BitTorrent) (Version: 7.8.1.30016 - BitTorrent Inc.)
DefaultTab (HKLM\...\DefaultTab) (Version: 2.2.8.0 - Search Results, LLC) <==== ATTENTION
DefaultTab Chrome (HKLM\...\DefaultTab Chrome) (Version: 1.1.25 - ) <==== ATTENTION
D-Link Connection Manager v7.0.1IN (HKLM\...\Broad Mobi HSPA Modem Normal Version_is1) (Version: - )
Farm Frenzy 2 (HKLM\...\Farm Frenzy 2_is1) (Version: 1.0 - MyPlayCity, Inc.)
FL Studio 11 (HKLM\...\FL Studio 11) (Version: - Image-Line)
FlowStone FL 3.0 (HKLM\...\FlowStone) (Version: - )
FormatFactory 3.1.1 (HKLM\...\FormatFactory) (Version: 3.1.1 - Free Time)
Game Booster 3 (HKLM\...\Game Booster_is1) (Version: 3.1 - IObit)
Garena HostBot v6.0 (HKLM\...\Garena HostBot v6.06.0) (Version: 6.0 - GarenaWorld)
Garena Plus (HKLM\...\im) (Version: 2011 - Garena Online Pte Ltd.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google+ Auto Backup (HKU\.DEFAULT\...\Google+ Auto Backup) (Version: 1.0.22.105 - Google, Inc.)
IL Download Manager (HKLM\...\IL Download Manager) (Version: - Image-Line)
IL Shared Libraries (HKLM\...\IL Shared Libraries) (Version: - Image-Line)
iMeme 1.0 (HKLM\...\{66CA7D93-1FDD-4152-B241-42971934D8E0}_is1) (Version: - Michael Fogleman)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
Internet Download Manager (HKLM\...\Internet Download Manager) (Version: - Tonec Inc.)
IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 4.2.6.2 - IObit)
Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-299502267-1935655697-1417001333-500\...\Juniper_Setup_Client) (Version: 7.1.9.20595 - Juniper Networks, Inc.)
KMP Media Toolbar (HKLM\...\{4B4D5056-3700-A76A-76A7-A758B70C1B00}) (Version: 12.27.0.798 - APN, LLC)
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 1 (HKLM\...\{B508B3F1-A24A-32C0-B310-85786919EF28}) (Version: 2.1.21022 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 1 (HKLM\...\{2BA00471-0328-3743-93BD-FA813353A783}) (Version: 3.1.21022 - Microsoft Corporation)
Microsoft .NET Framework 3.5 (HKLM\...\Microsoft .NET Framework 3.5) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WinUsb 1.0 (HKLM\...\winusb0100) (Version: - Microsoft Corporation)
Notepad++ (HKLM\...\Notepad++) (Version: 6.4.1 - Notepad++ Team)
NX Client for Windows 3.4.0-5 (HKLM\...\nxclient_is1) (Version: 3.4.0-5 - NoMachine)
Opera Stable 28.0.1750.51 (HKLM\...\Opera 28.0.1750.51) (Version: 28.0.1750.51 - Opera Software ASA)
PDF Settings CS6 (Version: 11.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
RAMRush 1.0.6.917 (HKLM\...\RAMRush_is1) (Version: - FTweak, Inc.)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.23.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5821 - Realtek Semiconductor Corp.)
Rich Media View (HKLM\...\RichMediaViewV1release4985) (Version: 1.1 - Rich Media View) <==== ATTENTION
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Surfing Protection (HKLM\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
The KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version: 3.6.0.87 - KMP Media co., Ltd)
Trust Media Viewer (HKLM\...\TrustMediaViewerV1alpha1683) (Version: 1.1 - Trust Media Viewer) <==== ATTENTION
USB Disk Security (HKLM\...\USB Disk Security_is1) (Version: - Zbshareware Lab)
VLC media player 1.1.0-rc (HKLM\...\VLC media player) (Version: 1.1.0-rc - VideoLAN)
Warcraft III Reign of Chaos & The Frozen Throne (HKLM\...\Warcraft III Reign of Chaos & The Frozen Throne) (Version: - )
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
Worms Forts Under Siege (HKLM\...\{917E73C2-C7DA-4C12-9774-A6A2730BCAAB}) (Version: 1.00.0001 - Team17 Software Ltd)
XML Paper Specification Shared Components Pack 1.0 (Version: - Microsoft Corporation) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
16-01-2015 21:00:29 System Checkpoint
23-01-2015 10:08:00 System Checkpoint
24-01-2015 11:56:29 System Checkpoint
25-01-2015 13:31:34 System Checkpoint
28-01-2015 21:22:45 System Checkpoint
24-02-2015 20:48:50 System Checkpoint
26-02-2015 20:25:58 System Checkpoint
27-02-2015 20:32:20 System Checkpoint
04-03-2015 20:42:37 System Checkpoint
07-03-2015 20:16:54 System Checkpoint
08-03-2015 20:47:08 System Checkpoint
10-03-2015 20:24:23 System Checkpoint
14-03-2015 21:32:47 System Checkpoint
20-03-2015 11:50:38 System Checkpoint
21-03-2015 14:00:31 System Checkpoint
01-04-2015 20:45:46 System Checkpoint
02-04-2015 22:07:50 System Checkpoint
04-04-2015 10:34:50 System Checkpoint
05-04-2015 12:27:47 System Checkpoint
06-04-2015 17:34:59 System Checkpoint
14-04-2015 09:42:42 System Checkpoint
14-04-2015 13:40:31 Installed SpyHunter
14-04-2015 13:43:57 Removed SpyHunter
14-04-2015 14:47:57 Restore Operation
15-04-2015 15:48:59 System Checkpoint
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2004-08-04 17:30 - 2004-08-04 17:30 - 00000734 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\ASC8_PerformanceMonitor.job => C:\Program Files\IObit\Advanced SystemCare 8\Monitor.exe
Task: C:\WINDOWS\Tasks\At1.job => C:\DOCUME~1\ADMINI~1\APPLIC~1\FoxTab\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\At2.job => C:\DOCUME~1\NETWOR~1\APPLIC~1\FoxTab\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1429024374.job => C:\Program Files\Opera\launcher.exe
==================== Loaded Modules (whitelisted) ==============
2015-04-14 16:36 - 2013-10-25 12:08 - 00517408 _____ () C:\Program Files\IObit\Advanced SystemCare 8\sqlite3.dll
2015-04-14 16:36 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files\IObit\Advanced SystemCare 8\madExcept_.bpl
2015-04-14 16:36 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files\IObit\Advanced SystemCare 8\madBasic_.bpl
2015-04-14 16:36 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files\IObit\Advanced SystemCare 8\madDisAsm_.bpl
2013-06-23 16:35 - 2010-02-02 17:46 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2008-04-14 18:12 - 2008-04-14 18:12 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2008-04-14 18:11 - 2008-04-14 18:11 - 00498742 _____ () C:\WINDOWS\system32\dxmasf.dll
2013-07-12 22:20 - 2015-01-20 17:50 - 00055896 _____ () C:\Program Files\Garena Plus\ggdllhost.exe
2013-03-19 14:25 - 2015-03-23 15:47 - 00797120 _____ () C:\Program Files\Garena Plus\ggspawn.dll
2015-04-14 16:36 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files\IObit\IObit Uninstaller\madExcept_.bpl
2015-04-14 16:36 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files\IObit\IObit Uninstaller\madBasic_.bpl
2015-04-14 16:36 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files\IObit\IObit Uninstaller\madDisAsm_.bpl
2015-04-14 16:36 - 2014-07-11 16:04 - 01106720 _____ () C:\Program Files\IObit\Advanced SystemCare 8\RealTimeProtector.exe
2013-03-19 14:25 - 2015-01-20 17:50 - 09981528 _____ () C:\Program Files\Garena Plus\GarenaMessenger.exe
2013-03-19 14:25 - 2015-01-20 17:50 - 00111192 _____ () C:\Program Files\Garena Plus\CommonLib.dll
2013-03-19 14:25 - 2015-01-20 17:50 - 00040024 _____ () C:\Program Files\Garena Plus\DibModule.dll
2013-03-19 14:25 - 2015-04-14 13:56 - 00034752 _____ () C:\Program Files\Garena Plus\VersionModule.dll
2013-03-19 14:25 - 2015-01-20 17:50 - 00057944 _____ () C:\Program Files\Garena Plus\FileLoader.dll
2013-03-19 14:25 - 2015-01-20 17:50 - 00093784 _____ () C:\Program Files\Garena Plus\PluginKernel.dll
2013-03-19 14:25 - 2015-01-20 17:50 - 00493656 _____ () C:\Program Files\Garena Plus\CxImage.dll
2013-03-19 14:25 - 2015-01-20 17:50 - 00031832 _____ () C:\Program Files\Garena Plus\PluginModule.dll
2013-03-19 14:26 - 2015-01-20 17:50 - 00177240 _____ () C:\Program Files\Garena Plus\lib\fs\YYFileSystem.dll
2013-03-19 14:25 - 2015-01-20 17:50 - 00380504 _____ () C:\Program Files\Garena Plus\lib\Http.dll
2013-03-19 14:25 - 2015-01-20 17:50 - 00191064 _____ () C:\Program Files\Garena Plus\lib\MP3Module.dll
2012-02-22 14:22 - 2012-02-22 14:22 - 00162304 _____ () C:\Program Files\Garena Plus\lame_enc.DLL
2013-03-19 14:25 - 2015-01-20 17:50 - 00226392 _____ () C:\Program Files\Garena Plus\lib\TaskManagerLib.dll
2013-03-19 14:25 - 2015-01-20 17:50 - 00112728 _____ () C:\Program Files\Garena Plus\lib\UILayout.dll
2013-03-19 14:25 - 2015-01-20 17:50 - 00964696 _____ () C:\Program Files\Garena Plus\lib\XLL.dll
2013-03-19 14:26 - 2015-01-20 17:50 - 00061528 _____ () C:\Program Files\Garena Plus\lib\XmlUIModule.dll
2012-02-22 14:22 - 2012-02-22 14:22 - 00573100 _____ () C:\Program Files\Garena Plus\sqlite3.dll
2013-03-19 14:25 - 2015-01-20 17:50 - 00231000 _____ () C:\Program Files\Garena Plus\Plugins\StatsPlugin.dll
2013-03-19 14:25 - 2015-04-14 13:56 - 01128384 _____ () C:\Program Files\Garena Plus\Plugins\ggplugin.dll
2013-03-19 14:25 - 2015-01-20 17:50 - 00199256 _____ () C:\Program Files\Garena Plus\ImageModule.dll
2013-06-25 13:35 - 2015-01-20 17:50 - 00161880 _____ () C:\Program Files\Garena Plus\libmpg123.dll
2013-03-19 14:25 - 2015-01-20 17:50 - 02947672 _____ () C:\Program Files\Garena Plus\ggdownloader.dll
2013-03-19 14:26 - 2015-01-20 17:50 - 00072280 _____ () C:\Program Files\Garena Plus\lib\delay_load\AudioMixerLib.dll
2013-03-19 14:26 - 2015-01-20 17:50 - 00023128 _____ () C:\Program Files\Garena Plus\lib\delay_load\ClientTcp.dll
2013-03-19 14:26 - 2015-01-20 17:50 - 01551960 _____ () C:\Program Files\Garena Plus\lib\delay_load\FileSender.dll
2013-02-01 11:12 - 2013-02-01 11:12 - 00153088 _____ () C:\Program Files\Garena Plus\libzmq.dll
2013-03-19 14:26 - 2015-01-20 17:50 - 00962648 _____ () C:\Program Files\Garena Plus\lib\delay_load\GaFileTransfer.dll
2013-03-19 14:26 - 2015-01-20 17:50 - 00251480 _____ () C:\Program Files\Garena Plus\lib\delay_load\MediaEngine.dll
2013-03-19 14:25 - 2015-01-20 17:50 - 00032856 _____ () C:\Program Files\Garena Plus\ServerMemAlloc.dll
2013-03-19 14:26 - 2015-01-20 17:50 - 00523352 _____ () C:\Program Files\Garena Plus\lib\delay_load\RSALib.dll
2013-03-19 14:26 - 2015-01-20 17:50 - 00074840 _____ () C:\Program Files\Garena Plus\lib\delay_load\UdtLib.dll
2013-03-19 14:25 - 2015-01-20 17:50 - 00153688 _____ () C:\Program Files\Garena Plus\xIM.dll
2013-03-19 14:26 - 2015-01-20 17:50 - 00596568 _____ () C:\Program Files\Garena Plus\xim\plugin_msn.dll
2013-03-19 14:26 - 2015-01-20 17:50 - 00467032 _____ () C:\Program Files\Garena Plus\xim\plugin_xmpp.dll
2013-03-19 14:26 - 2015-01-20 17:50 - 00201304 _____ () C:\Program Files\Garena Plus\xim\plugin_yahoo.dll
2013-03-19 14:25 - 2015-01-20 17:50 - 00107608 _____ () C:\Program Files\Garena Plus\Plugins\PlatformPlugin.dll
2013-03-19 14:25 - 2015-01-20 17:50 - 00243288 _____ () C:\Program Files\Garena Plus\Plugins\PluginNews.dll
2013-03-19 14:25 - 2015-01-20 17:50 - 00404056 _____ () C:\Program Files\Garena Plus\Plugins\GarenaTalkPlugin.dll
2013-03-19 14:25 - 2015-01-20 17:50 - 00293464 _____ () C:\Program Files\Garena Plus\Plugins\DailyTaskPlugin.dll
2013-07-12 22:20 - 2015-01-20 17:50 - 00222808 _____ () C:\Program Files\Garena Plus\Plugins\GameSalePlugin.dll
2015-04-14 20:43 - 2015-04-07 12:43 - 00484472 _____ () C:\Program Files\Opera\28.0.1750.51\opera_crashreporter.exe
2015-04-14 20:43 - 2015-04-07 12:43 - 09625720 _____ () C:\Program Files\Opera\28.0.1750.51\pdf.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:BF3D62E7
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\22944368.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\22944368.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-299502267-1935655697-1417001333-500\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 5.104.175.150 - 8.8.8.8
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Warcraft Config.lnk => C:\WINDOWS\pss\Warcraft Config.lnkStartup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\WINDOWS\pss\McAfee Security Scan Plus.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Monitor Apache Servers.lnk => C:\WINDOWS\pss\Monitor Apache Servers.lnkCommon Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeBridge =>
MSCONFIG\startupreg: ApnTBMon => "C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: ftweak_RAMRush => C:\Program Files\RAMRush\RAMRush.exe
MSCONFIG\startupreg: GoogleDriveSync =>
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
==================== Accounts: =============================
Administrator (S-1-5-21-299502267-1935655697-1417001333-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-299502267-1935655697-1417001333-1011 - Limited - Enabled)
Guest (S-1-5-21-299502267-1935655697-1417001333-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-299502267-1935655697-1417001333-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-299502267-1935655697-1417001333-1002 - Limited - Disabled)
==================== Faulty Device Manager Devices =============
Name: A7HUOOQU IDE Controller
Description: A7HUOOQU IDE Controller
Class Guid: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard mass storage controllers)
Service: acqdwj3n
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
==================== Event log errors: =========================
Application errors:
==================
Error: (04/14/2015 03:51:54 PM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service named reported the following error:
>>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.1.100 for ServerName .
Error: (04/14/2015 02:53:25 PM) (Source: SecurityCenter) (EventID: 1802) (User: )
Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.
Error: (04/14/2015 02:51:05 PM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service named reported the following error:
>>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName .
Error: (04/14/2015 02:34:06 PM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service named reported the following error:
>>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName .
Error: (04/14/2015 02:02:54 PM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service named reported the following error:
>>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.1.100 for ServerName .
Error: (04/14/2015 01:37:34 PM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service named reported the following error:
>>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName .
Error: (04/14/2015 09:19:19 AM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service named reported the following error:
>>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.1.100 for ServerName .
Error: (04/13/2015 09:18:45 PM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service named reported the following error:
>>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName .
Error: (04/13/2015 08:42:32 PM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service named reported the following error:
>>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.1.100 for ServerName .
Error: (04/13/2015 07:55:19 PM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service named reported the following error:
>>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.1.100 for ServerName .
System errors:
=============
Error: (04/15/2015 05:30:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At2.job command failed to start due to the following error:
%%2147942403
Error: (04/15/2015 05:30:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942403
Error: (04/15/2015 04:30:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At2.job command failed to start due to the following error:
%%2147942403
Error: (04/15/2015 04:30:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942403
Error: (04/15/2015 03:30:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At2.job command failed to start due to the following error:
%%2147942403
Error: (04/15/2015 03:30:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942403
Error: (04/15/2015 02:30:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At2.job command failed to start due to the following error:
%%2147942403
Error: (04/15/2015 02:30:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942403
Error: (04/15/2015 01:30:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At2.job command failed to start due to the following error:
%%2147942403
Error: (04/15/2015 01:30:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942403
Microsoft Office Sessions:
=========================
Error: (07/26/2014 01:04:34 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Processor: Intel® Pentium® D CPU 2.80GHz
Percentage of memory in use: 80%
Total physical RAM: 1014.11 MB
Available physical RAM: 201.93 MB
Total Pagefile: 2440.86 MB
Available Pagefile: 1381.04 MB
Total Virtual: 2047.88 MB
Available Virtual: 1948.62 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:29.29 GB) (Free:9.91 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (vinod) (Fixed) (Total:39.06 GB) (Free:3.89 GB) NTFS
Drive e: () (Fixed) (Total:39.06 GB) (Free:3.71 GB) NTFS
Drive f: () (Fixed) (Total:41.63 GB) (Free:3.66 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 149.1 GB) (Disk ID: 059A0599)
Partition 1: (Active) - (Size=29.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119.7 GB) - (Type=OF Extended)
==================== End Of Log ============================
Another update on my malware problem is that now I got a new problem which causes my webpage to be redirected to this website with the domain name rdsrv. It started today and more often happens when I use this website.