Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

PUP.Optional. Babylon.C [Solved]

MB found in local settings

  • This topic is locked This topic is locked

#1
joseph456

joseph456

    Member

  • Member
  • PipPipPip
  • 345 posts

After extensive cleaning looks like MB found 27 occurrences of PUP.Optional.Babylon.C after removing the program previously  - or so I thought.

 

Thanks for your help.

 

Here are the FRST Texts

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-05-2015 01
Ran by Owner (administrator) on OWNER-FE8C2F80E on 06-05-2015 19:48:49
Running from C:\Documents and Settings\Owner\Desktop
Loaded Profiles: Owner (Available profiles: Owner & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Ruiware) C:\Program Files\Ruiware\WinPatrol\WinPatrol.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2005-08-09] (ATI Technologies Inc.)
HKU\S-1-5-21-1275210071-1035525444-1606980848-1003\...\Run: [WinPatrol] => C:\Program Files\Ruiware\WinPatrol\winpatrol.exe [1238152 2015-04-23] (Ruiware)
HKU\S-1-5-21-1275210071-1035525444-1606980848-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssflwbox.scr [393216 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation)
Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Billminder.lnk [2012-06-02]
ShortcutTarget: Billminder.lnk -> C:\QUICKENW\billmind.exe (Intuit)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1275210071-1035525444-1606980848-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-1275210071-1035525444-1606980848-1003\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://www.netaddre...?Domain=usa.net
https://login.microsoftonline.com/
https://duckduckgo.com/
HKU\S-1-5-21-1275210071-1035525444-1606980848-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-1275210071-1035525444-1606980848-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-27] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-27] (Oracle Corporation)
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1318284984953
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-04-16] (Belarc, Inc.)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\z3zu8u0o.default-1407623485265
FF DefaultSearchEngine.US: Google
FF Homepage: about:home|hxxp://www.netvibes.com/privatepage/2#General|https://www.netaddre...gle.com/finance
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-25] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-27] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-02-03]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BANTExt; C:\WINDOWS\System32\Drivers\BANTExt.sys [3840 2013-09-10] () [File not signed]
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [265728 2003-07-17] (Broadcom Corporation)
R3 E1000; C:\WINDOWS\System32\DRIVERS\e1000325.sys [163840 2005-06-29] (Intel Corporation)
R0 giveio; C:\WINDOWS\System32\giveio.sys [5248 1996-04-03] () [File not signed]
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [119512 2015-05-06] (Malwarebytes Corporation)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R0 speedfan; C:\WINDOWS\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
R3 STAC97; C:\WINDOWS\System32\drivers\STAC97.sys [252144 2003-10-14] (SigmaTel, Inc.)
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-06 19:48 - 2015-05-06 19:49 - 00008418 _____ () C:\Documents and Settings\Owner\Desktop\FRST.txt
2015-05-06 19:48 - 2015-05-06 19:48 - 00000000 ____D () C:\FRST
2015-05-06 19:47 - 2015-05-06 19:47 - 01141248 _____ (Farbar) C:\Documents and Settings\Owner\Desktop\FRST.exe
2015-05-02 23:25 - 2015-05-02 23:25 - 00000682 _____ () C:\Documents and Settings\Owner\Desktop\SpeedFan.lnk
2015-05-02 23:24 - 2015-05-02 23:24 - 02218504 _____ () C:\Documents and Settings\Owner\Desktop\instspeedfan451.exe
2015-05-02 20:53 - 2015-05-02 20:53 - 00128504 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-02 08:55 - 2015-05-02 08:55 - 00020680 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-05-01 21:12 - 2015-05-01 21:12 - 00000000 ____D () C:\Qutoes
2015-05-01 21:11 - 2015-05-01 21:11 - 00001586 _____ () C:\quotes.csv
2015-04-30 22:53 - 2015-04-30 22:53 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-04-30 22:53 - 2015-04-30 22:53 - 00000000 _____ () C:\WINDOWS\setupact.log
2015-04-29 00:39 - 2015-05-03 20:41 - 00039212 _____ () C:\WINDOWS\setupapi.log
2015-04-27 23:58 - 2015-04-27 23:58 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-04-27 23:57 - 2015-04-28 00:01 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Oracle
2015-04-27 23:19 - 2015-04-27 23:19 - 00001567 _____ () C:\DelFix.txt
2015-04-27 23:19 - 2015-04-27 23:19 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-04-26 20:33 - 2015-04-27 19:40 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\vlc
2015-04-26 20:33 - 2015-04-26 20:33 - 00000719 _____ () C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
2015-04-25 20:40 - 2015-04-25 20:40 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics
2015-04-25 20:14 - 2015-04-25 20:18 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-25 20:04 - 2015-04-25 20:04 - 00001687 _____ () C:\Documents and Settings\Owner\Start Menu\Programs\FileHippo App Manager.lnk
2015-04-25 20:04 - 2015-04-25 20:04 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\IsolatedStorage

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-06 19:49 - 2011-10-10 17:05 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Temp
2015-05-06 19:44 - 2014-03-30 16:33 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2015-05-06 11:53 - 2012-06-09 17:04 - 00001774 ____H () C:\Documents and Settings\Owner\My Documents\Default.rdp
2015-05-06 10:26 - 2011-10-10 16:58 - 02034457 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-06 10:20 - 2011-10-10 17:04 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
2015-05-06 01:14 - 2014-02-25 00:13 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2015-05-06 01:14 - 2012-06-02 00:15 - 00001537 _____ () C:\WINDOWS\QUICKEN.INI
2015-05-06 01:05 - 2004-08-04 07:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2015-05-06 01:04 - 2011-10-10 17:04 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-06 01:04 - 2011-10-10 12:52 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-05-06 01:04 - 2011-10-10 12:52 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2015-05-06 01:03 - 2011-10-10 17:24 - 00000000 __HDC () C:\WINDOWS\ie7
2015-05-06 01:03 - 2011-10-10 17:05 - 00000178 ___SH () C:\Documents and Settings\Owner\ntuser.ini
2015-05-06 01:03 - 2011-10-10 17:04 - 00032626 _____ () C:\WINDOWS\SchedLgU.Txt
2015-05-05 00:26 - 2011-10-10 12:41 - 00000000 ____D () C:\WINDOWS\security
2015-05-04 23:09 - 2013-09-05 19:10 - 00000000 ____D () C:\Program Files\pdf995
2015-05-03 23:55 - 2013-08-05 09:17 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\CCleaner
2015-05-02 23:26 - 2012-09-14 03:13 - 00000000 ____D () C:\Program Files\SpeedFan
2015-05-02 23:25 - 2012-05-28 16:32 - 00000045 _____ () C:\WINDOWS\system32\initdebug.nfo
2015-05-01 21:10 - 2012-06-02 00:14 - 00000000 ____D () C:\QUICKENW
2015-04-28 01:00 - 2012-01-31 14:18 - 00000155 _____ () C:\Documents and Settings\Owner\Application Data\default.rss
2015-04-28 00:59 - 2012-05-14 21:31 - 00000000 ____D () C:\WINDOWS\ERDNT
2015-04-28 00:59 - 2012-01-26 18:46 - 00000069 _____ () C:\WINDOWS\NeroDigital.ini
2015-04-28 00:37 - 2011-10-10 17:04 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Temp
2015-04-28 00:32 - 2012-10-29 12:35 - 00002347 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2015-04-28 00:31 - 2011-10-10 17:22 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-04-27 23:57 - 2014-08-09 18:40 - 00146432 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2015-04-27 23:57 - 2014-08-09 18:40 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2015-04-27 23:57 - 2011-10-10 17:21 - 00000000 ____D () C:\Program Files\Java
2015-04-27 22:56 - 2011-10-10 17:05 - 00000000 ____D () C:\Documents and Settings\Owner
2015-04-27 19:38 - 2012-05-18 19:26 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\dvdcss
2015-04-26 20:33 - 2012-11-30 11:49 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
2015-04-25 22:43 - 2014-03-30 16:50 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-04-25 22:33 - 2013-07-14 16:37 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-25 21:16 - 2014-03-30 16:51 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-25 21:04 - 2012-07-26 00:00 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-04-25 21:04 - 2012-07-26 00:00 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-04-25 21:04 - 2011-10-13 16:59 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\Adobe
2015-04-25 20:35 - 2013-11-17 17:46 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\WinPatrol
2015-04-25 20:35 - 2012-05-22 23:10 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\InstallMate
2015-04-25 20:17 - 2013-01-25 11:35 - 00000000 ____D () C:\Program Files\CCleaner
2015-04-25 20:04 - 2012-05-14 23:19 - 00000000 ____D () C:\Program Files\FileHippo.com
2015-04-25 19:58 - 2011-10-10 12:49 - 00603684 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-14 09:37 - 2014-03-30 16:50 - 00120024 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-04-14 09:37 - 2013-01-01 20:31 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

==================== Files in the root of some directories =======

2012-01-30 15:41 - 2012-01-31 14:10 - 0000007 ___SH () C:\Documents and Settings\Owner\Application Data\date
2012-01-31 14:18 - 2015-04-28 01:00 - 0000155 _____ () C:\Documents and Settings\Owner\Application Data\default.rss
2012-06-04 08:39 - 2012-06-04 08:39 - 0000000 _____ () C:\Documents and Settings\Owner\Application Data\downloads.m3u
2012-01-30 15:40 - 2012-05-31 23:15 - 0000002 ___SH () C:\Documents and Settings\Owner\Application Data\evf6
2012-01-30 16:08 - 2012-06-09 21:03 - 0005632 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-11-26 14:01 - 2012-03-01 15:18 - 0037632 _____ () C:\Documents and Settings\All Users\dlea.log
2011-11-25 14:06 - 2012-05-14 22:45 - 0053650 _____ () C:\Documents and Settings\All Users\dleaJSW.log
2011-11-25 13:35 - 2012-05-14 22:48 - 0029259 _____ () C:\Documents and Settings\All Users\dleascan.log
2011-11-25 21:11 - 2011-11-25 21:11 - 0000252 ____C () C:\Documents and Settings\All Users\FastPics.log
2011-12-24 20:00 - 2011-12-24 20:00 - 0000000 ____C () C:\Documents and Settings\All Users\LxWbGwLog.log
2011-11-25 13:30 - 2011-11-25 13:30 - 0000000 ____C () C:\Documents and Settings\All Users\UpdaterLog.txt

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 06-05-2015 01
Ran by Owner at 2015-05-06 19:49:48
Running from C:\Documents and Settings\Owner\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1275210071-1035525444-1606980848-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-1275210071-1035525444-1606980848-1004 - Limited - Enabled)
Guest (S-1-5-21-1275210071-1035525444-1606980848-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-1275210071-1035525444-1606980848-1000 - Limited - Disabled)
Owner (S-1-5-21-1275210071-1035525444-1606980848-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Owner
SUPPORT_388945a0 (S-1-5-21-1275210071-1035525444-1606980848-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM\...\7-zip) (Version: v9.20 - TUGUU SL) <==== ATTENTION
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advertising Center (Version: 0.0.0.2 - Nero AG) Hidden
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.163-050809a1-026378C-Gateway - )
Auslogics DiskDefrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 5.4.0.0 - Auslogics Labs Pty Ltd)
Belarc Advisor 8.4 (HKLM\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
Canon MP Navigator EX 3.0 (HKLM\...\MP Navigator EX 3.0) (Version:  - )
Canon MP490 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP490_series) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
CleanUp! (HKLM\...\CleanUp!) (Version:  - )
ClearType Tuning Control Panel Applet (HKLM\...\{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}) (Version: 1.01.0000 - Microsoft Corporation)
C-Major Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version:  - )
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version:  - Lars Hederer)
FileHippo App Manager (HKLM\...\FileHippo.com) (Version:  - FileHippo.com)
Google Update Helper (Version: 1.3.21.111 - Google Inc.) Hidden
HD Tune 2.55 (HKLM\...\HD Tune_is1) (Version:  - EFD Software)
ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Intel® PRO Network Connections Drivers (HKLM\...\PROSet) (Version:  - )
Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
K-Lite Codec Pack 8.2.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 8.2.0 - )
Leawo DVD Ripper version  4.3.0.0 (HKLM\...\{1FE417E2-6B8F-44CA-A7DF-A4BD072E8ED8}_is1) (Version: 4.3.0.0 - Leawo Software Co., Ltd.)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Menu Templates - Starter Kit (Version: 9.6.0.0 - Nero AG) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Calculator Plus (HKLM\...\{83073C45-3003-4671-9A86-243AAADD915A}) (Version: 1.0.0 - Microsoft)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office Excel Viewer (HKLM\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Motorola SM56 Data Fax Modem (HKLM\...\SMSERIAL) (Version:  - )
Movie Templates - Starter Kit (Version: 9.6.0.0 - Nero AG) Hidden
Mozilla Firefox 37.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB925673) (HKLM\...\{FE9126DB-5F84-495A-BB46-3C724F1C2D08}) (Version: 6.00.3888.0 - Microsoft Corporation)
Nero 9 Essentials (HKLM\...\{6eb90063-f7c5-42f8-b197-571607c158d9}) (Version:  - Nero AG)
Pdf995 (HKLM\...\Pdf995) (Version:  - )
PdfEdit995 (HKLM\...\PdfEdit995) (Version:  - )
Quicken Deluxe 98 (HKLM\...\Quicken Deluxe 98) (Version:  - )
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Signature995 (HKLM\...\Signature995) (Version:  - )
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version:  - )
Toolbar Cleaner 1.1 (HKLM\...\Toolbar Cleaner) (Version:  - Visicom Media Inc.)
TurboTax 2011 (HKLM\...\TurboTax 2011) (Version:  - Intuit, Inc)
TurboTax 2012 (HKLM\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.5.2015.7 - Ruiware)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

28-04-2015 09:21:38 Software Distribution Service 3.0
29-04-2015 22:31:18 Software Distribution Service 3.0
30-04-2015 23:04:23 Software Distribution Service 3.0
06-05-2015 01:17:16 System Checkpoint
02-05-2015 08:58:14 Software Distribution Service 3.0
03-05-2015 09:27:03 Software Distribution Service 3.0
04-05-2015 21:59:44 Software Distribution Service 3.0
05-05-2015 23:53:38 Software Distribution Service 3.0
06-05-2015 10:19:09 Software Distribution Service 3.0

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-04 07:00 - 2004-08-04 07:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe

==================== Loaded Modules (whitelisted) ==============

2012-05-14 21:58 - 2013-09-05 19:11 - 00049852 _____ () C:\WINDOWS\system32\pdf995mon.dll
2011-10-10 17:12 - 2008-09-16 20:18 - 00132608 _____ () C:\Program Files\WinRAR\rarext.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1275210071-1035525444-1606980848-1003\...\ebay.com -> hxxp://www.ebay.com

IE restricted site: HKU\S-1-5-21-1275210071-1035525444-1606980848-1003\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1275210071-1035525444-1606980848-1003\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1275210071-1035525444-1606980848-1003\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1275210071-1035525444-1606980848-1003\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1275210071-1035525444-1606980848-1003\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1275210071-1035525444-1606980848-1003\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1275210071-1035525444-1606980848-1003\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1275210071-1035525444-1606980848-1003\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1275210071-1035525444-1606980848-1003\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1275210071-1035525444-1606980848-1003\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1275210071-1035525444-1606980848-1003\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1275210071-1035525444-1606980848-1003\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1275210071-1035525444-1606980848-1003\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1275210071-1035525444-1606980848-1003\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1275210071-1035525444-1606980848-1003\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1275210071-1035525444-1606980848-1003\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1275210071-1035525444-1606980848-1003\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-1275210071-1035525444-1606980848-1003\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-1275210071-1035525444-1606980848-1003\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-1275210071-1035525444-1606980848-1003\...\100sexlinks.com -> 100sexlinks.com

There are 5146 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1275210071-1035525444-1606980848-1003\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk => C:\WINDOWS\pss\Windows Search.lnkCommon Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
MSCONFIG\startupreg: StacSysTray => C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\StacSysTray.exe

==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

StandardProfile\AuthorizedApplications: [C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe] => Enabled:ABBYY FineReader
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Owner\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0001.tmp\lmi_rescue.exe] => Enabled:LogMeIn Rescue
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\dpvsetup.exe] => Enabled:Microsoft DirectPlay Voice Test
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\rundll32.exe] => Enabled:Run a DLL as an App
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe] => :LocalSubNet:Disabled:Intuit Update v4 Shared Downloads Server
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\GloballyOpenPorts: [5985:TCP] => Disabled:Windows Remote Management
StandardProfile\GloballyOpenPorts: [80:TCP] => Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22008

==================== Faulty Device Manager Devices =============

Name: 1394 Net Adapter
Description: 1394 Net Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: NIC1394
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/05/2015 11:54:42 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: EventType mptelemetry, P1 0x80508007, P2 mpupdateengine, P3 am bdd, P4 11.1.5020.0, P5 mpsigstub.exe, P6 4.4.304.0, P7 microsoft security essentials, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (05/05/2015 11:53:55 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp, P4 4.4.304.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (04/28/2015 09:23:12 AM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: EventType mptelemetry, P1 0x80508007, P2 mpupdateengine, P3 am delta, P4 11.1.5020.0, P5 mpsigstub.exe, P6 4.4.304.0, P7 microsoft security essentials, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (04/27/2015 07:45:15 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp, P4 4.4.304.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (04/27/2015 07:32:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application frst.exe, version 26.4.2015.0, faulting module frst.exe, version 26.4.2015.0, fault address 0x0001f09e.
Processing media-specific event for [frst.exe!ws!]

Error: (04/27/2015 07:32:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 37.0.2.5583, faulting module mozalloc.dll, version 37.0.2.5583, fault address 0x00001aa1.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (04/27/2015 08:30:06 AM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: EventType mptelemetry, P1 0x80070670, P2 patchapplication, P3 am bdd, P4 11.1.5020.0, P5 mpsigstub.exe, P6 4.4.304.0, P7 microsoft security essentials, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (04/27/2015 08:29:57 AM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: EventType mptelemetry, P1 0x80070670, P2 patchapplication, P3 am bdd, P4 11.1.5020.0, P5 mpsigstub.exe, P6 4.4.304.0, P7 microsoft security essentials, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (04/25/2015 09:34:41 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (04/25/2015 09:34:41 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


System errors:
=============
Error: (05/06/2015 10:02:12 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.197.1467.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.4.0304.00

    Source Path: 4.4.0304.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (05/06/2015 10:02:12 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.197.1467.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.4.0304.00

    Source Path: 4.4.0304.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (05/06/2015 01:16:44 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intuit Update Service v4 service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/06/2015 01:04:54 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
PCIIde

Error: (05/05/2015 11:55:53 PM) (Source: Windows Update Agent) (EventID: 20) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.197.1590.0).

Error: (05/05/2015 11:54:45 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.197.1467.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.4.0304.00

    Source Path: 4.4.0304.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (05/05/2015 11:54:42 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version: 1.197.1590.0

    Previous Signature Version: 1.197.1467.0

    Update Source: %NT AUTHORITY15

    Update Stage: 4.4.0304.00

    Source Path: 4.4.0304.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (05/05/2015 11:54:42 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version: 1.197.1590.0

    Previous Signature Version: 1.197.1467.0

    Update Source: %NT AUTHORITY15

    Update Stage: 4.4.0304.00

    Source Path: 4.4.0304.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (05/05/2015 11:41:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intuit Update Service v4 service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/05/2015 11:41:57 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intuit Update Service v4 service hung on starting.


Microsoft Office Sessions:
=========================
Error: (05/05/2015 11:54:42 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: mptelemetry0x80508007mpupdateengineam bdd11.1.5020.0mpsigstub.exe4.4.304.0microsoft security essentialsNILNILNIL

Error: (05/05/2015 11:53:55 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: mptelemetryunspecifiedhardeningtelemetryhardeningtelemetrydisablertp4.4.304.0unspecifiedunspecifiedunspecifiedNILNILNIL

Error: (04/28/2015 09:23:12 AM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: mptelemetry0x80508007mpupdateengineam delta11.1.5020.0mpsigstub.exe4.4.304.0microsoft security essentialsNILNILNIL

Error: (04/27/2015 07:45:15 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: mptelemetryunspecifiedhardeningtelemetryhardeningtelemetrydisablertp4.4.304.0unspecifiedunspecifiedunspecifiedNILNILNIL

Error: (04/27/2015 07:32:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: frst.exe26.4.2015.0frst.exe26.4.2015.00001f09e

Error: (04/27/2015 07:32:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe37.0.2.5583mozalloc.dll37.0.2.558300001aa1

Error: (04/27/2015 08:30:06 AM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: mptelemetry0x80070670patchapplicationam bdd11.1.5020.0mpsigstub.exe4.4.304.0microsoft security essentialsNILNILNIL

Error: (04/27/2015 08:29:57 AM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: mptelemetry0x80070670patchapplicationam bdd11.1.5020.0mpsigstub.exe4.4.304.0microsoft security essentialsNILNILNIL

Error: (04/25/2015 09:34:41 PM) (Source: crypt32) (EventID: 11) (User: )
Description: http://www.download....uthrootstl.cabArequired certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (04/25/2015 09:34:41 PM) (Source: crypt32) (EventID: 11) (User: )
Description: http://www.download....uthrootstl.cabArequired certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


==================== Memory info ===========================

Processor:  Intel® Pentium® 4 CPU 3.00GHz
Percentage of memory in use: 40%
Total physical RAM: 2046.98 MB
Available physical RAM: 1212.66 MB
Total Pagefile: 3957.09 MB
Available Pagefile: 3286.46 MB
Total Virtual: 2047.88 MB
Available Virtual: 1944.51 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:37.25 GB) (Free:18.08 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 37.3 GB) (Disk ID: FFFFFFFF)
Partition 1: (Active) - (Size=37.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Attached Thumbnails

  • MBPUP0506151222.JPG

Edited by joseph456, 06 May 2015 - 06:33 PM.

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Nothing currently visible on that log

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.

  • 0

#3
joseph456

joseph456

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 345 posts

Thanks for your help.

 

These are the results of Adware - have not cleaned yet.  Should I let it also clean registry items? 

 

2nd question: MB has currently quarantined 27 items referenced in previous post.  Should I delete those first before Adware cleaning?

 

# AdwCleaner v4.203 - Logfile created 09/05/2015 at 11:34:14
# Updated 30/04/2015 by Xplode
# Database : 2015-05-09.1 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Owner - OWNER-FE8C2F80E
# Running from : C:\Documents and Settings\Owner\Desktop\adwcleaner_4.203.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found : C:\Documents and Settings\All Users\Application Data\apn
Folder Found : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Found : C:\Documents and Settings\All Users\Application Data\Innovative Solutions
Folder Found : C:\Documents and Settings\Owner\Local Settings\Application Data\Innovative Solutions
Folder Found : C:\Documents and Settings\Owner\Start Menu\Programs\Toolbar Cleaner
Folder Found : C:\Program Files\Common Files\Innovative Solutions
Folder Found : C:\Program Files\Innovative Solutions
Folder Found : C:\Program Files\Toolbar Cleaner
Folder Found : C:\WINDOWS\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\AskToolbarInfo
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Found : HKCU\Software\Zugo
Key Found : HKLM\SOFTWARE\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Toolbar Cleaner
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Found : HKLM\SOFTWARE\Toolbar Cleaner

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v37.0.2 (x86 en-US)


*************************

AdwCleaner[R0].txt - [4279 bytes] - [09/05/2015 11:34:14]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4338 bytes] ##########
 


  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That should be the last of it, are you experiencing any problems ?
  • 0

#5
joseph456

joseph456

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 345 posts

Malwarebytes - Allowed it to delete 27 quarantined items.

 

Reran Adware Cleaner with this result:

 

# AdwCleaner v4.203 - Logfile created 09/05/2015 at 15:47:33
# Updated 30/04/2015 by Xplode
# Database : 2015-05-09.1 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Owner - OWNER-FE8C2F80E
# Running from : C:\Documents and Settings\Owner\Desktop\adwcleaner_4.203.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\apn
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Innovative Solutions
Folder Deleted : C:\Program Files\Toolbar Cleaner
Folder Deleted : C:\Program Files\Innovative Solutions
Folder Deleted : C:\Program Files\Common Files\Innovative Solutions
Folder Deleted : C:\WINDOWS\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Innovative Solutions
Folder Deleted : C:\Documents and Settings\Owner\Start Menu\Programs\Toolbar Cleaner

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Toolbar Cleaner
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Toolbar Cleaner

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v37.0.2 (x86 en-US)


*************************

AdwCleaner[R0].txt - [4417 bytes] - [09/05/2015 11:34:14]
AdwCleaner[R1].txt - [4476 bytes] - [09/05/2015 15:45:22]
AdwCleaner[R2].txt - [4535 bytes] - [09/05/2015 15:46:40]
AdwCleaner[S0].txt - [4544 bytes] - [09/05/2015 15:47:33]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4603  bytes] ##########

 

Question:  Were any of these important?  What are they??

 

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

 

Thanks!


  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Those are activex controls for IE, and are mainly defunct nowadays but they can still be suborned

Is MBAM still finding some elements after AdwCleaner
  • 0

#7
joseph456

joseph456

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 345 posts

Reran MBAM and came back clean

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/9/2015
Scan Time: 6:09:11 PM
Logfile:
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.05.09.04
Rootkit Database: v2015.04.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Owner

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 341430
Time Elapsed: 38 min, 24 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
This was basically just a clean up job as the system looked OK otherwise

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix
Select the options as shown
delfix.JPG


: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

If you do need to keep Java then download JavaRa
Run the programme and select Remove Java Runtime. Uninstall all versions of Java present
Once done then run it again and select Update Java runtime > Download and install Latest version
javara.JPG


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Malwarebytes.

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme ;)

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:
  • 0

#9
joseph456

joseph456

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 345 posts

Thanks for your help and excellent suggestions. 

 

 - I also have some questions regarding JAVA.  Not sure what I should do with Add ons for Firefox or IE. See attached

 

- Do you suggest to remove JAVA from the desktop entirely?  What is the best way to do that?

 

 - Should I install Malwarebytes Anti Exploit? https://www.malwareb...rg/antiexploit/

 

 

 

Ran DelFix with these results:

 

# DelFix v10.8 - Logfile created 10/05/2015 at 17:33:30
# Updated 29/07/2014 by Xplode
# Username : Owner - OWNER-FE8C2F80E
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Documents and Settings\Owner\Desktop\Addition.txt
Deleted : C:\Documents and Settings\Owner\Desktop\adwcleaner_4.203.exe
Deleted : C:\Documents and Settings\Owner\Desktop\FRST.exe
Deleted : C:\Documents and Settings\Owner\Desktop\FRST.txt
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #662 [Software Distribution Service 3.0 | 05/07/2015 15:13:51]
Deleted : RP #663 [Software Distribution Service 3.0 | 05/07/2015 18:35:27]
Deleted : RP #664 [Software Distribution Service 3.0 | 05/07/2015 20:55:50]
Deleted : RP #665 [Software Distribution Service 3.0 | 05/07/2015 23:33:30]
Deleted : RP #666 [Software Distribution Service 3.0 | 05/08/2015 14:57:55]
Deleted : RP #667 [Software Distribution Service 3.0 | 05/09/2015 19:43:28]
Deleted : RP #668 [Software Distribution Service 3.0 | 05/09/2015 22:21:28]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########

Firefox Plugins 051015.JPG IE Add ons 051015.JPG


  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
With regards to Java if you have programmes that must use it to run (generally accounting or online games) then you will need to keep it. However, if you are unsure then you probably do not need it. I have not had Java on my system for the last 4 years and never noticed the difference :) To fully uninstall then use Javara as that will kill it all

As you are using Microsoft security essentials then you will need Malwarebytes Anti Exploit as MSES is not a brilliant protector
  • 0

#11
joseph456

joseph456

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 345 posts

Will remove Java.

 

24 hours - computer is running better. 

 

Thanks for your help!


  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP