Fixlist is the file I gave you to download. It needs to be in the same folder as FRST. Then you run FRST and click on FIX not SCAN and it should then generate a Fixlog.
Koobface and MPC Safe Navigation
Started by
izzykins17
, Jun 16 2016 07:49 PM
#17
Posted 24 August 2016 - 07:51 PM
izzykins17
- Topic Starter
-
- Member
-
- 11 posts
Member
It just takes forever and doesnt do anything. I let it run all night and it still wasnt done by morning.
#18
Posted 24 August 2016 - 10:58 PM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
OK. Run a new FRST scan with addition.txt checked and let's see where we are.
#19
Posted 24 September 2016 - 09:25 AM
izzykins17
- Topic Starter
-
- Member
-
- 11 posts
Member
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-06-2016 01 (ATTENTION: ====> FRSTversion is 96 days old and could be outdated)
Ran by Isabella (administrator) on DAVID-0A47797B5 (24-09-2016 08:22:56)
Running from C:\Documents and Settings\Isabella\My Documents\Downloads\New Folder
Loaded Profiles: Isabella (Available Profiles: Isabella & Gabriella & Sophia & Heather & Guest)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 6 (Default browser: "C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe" -- "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(BlueStack Systems, Inc.) C:\Program Files\Bluestacks\HD-LogRotatorService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(BlueStack Systems, Inc.) C:\Program Files\Bluestacks\HD-Agent.exe
(Realtek Semiconductor Corp.) C:\Program Files\RNX-MiniN1\11n USB Wireless LAN Utility\RtWLan.exe
(Kingsoft Corporation) C:\Program Files\cmcm\Clean Master\cmtray.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2006-03-23] (Intel Corporation)
HKU\S-1-5-21-1177238915-823518204-1644491937-1004\...\Run: [BlueStacks Agent] => C:\Program Files\Bluestacks\HD-Agent.exe [974360 2016-07-14] (BlueStack Systems, Inc.)
HKU\S-1-5-21-1177238915-823518204-1644491937-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssstars.scr [14336 2008-04-14] (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\RNX-MiniN1 11n USB Wireless LAN Utility.lnk [2012-04-14]
ShortcutTarget: RNX-MiniN1 11n USB Wireless LAN Utility.lnk -> C:\Program Files\RNX-MiniN1\11n USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)
Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\RNX-MiniN1 11n USB Wireless LAN Utility.lnk [2012-04-14]
ShortcutTarget: RNX-MiniN1 11n USB Wireless LAN Utility.lnk -> C:\Program Files\RNX-MiniN1\11n USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:3492;https=127.0.0.1:3492;
AutoConfigURL: [.DEFAULT] => http=127.0.0.1:3492;https=127.0.0.1:3492;
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{82E1604E-4B41-41E2-92FD-BAA899DD6B25}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-1177238915-823518204-1644491937-1004 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1177238915-823518204-1644491937-1004 -> Software URL =
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-06-2016 01
Ran by Isabella (2016-09-24 08:23:52)
Running from C:\Documents and Settings\Isabella\My Documents\Downloads\New Folder
Microsoft Windows XP Professional Service Pack 3 (X86) (2011-08-27 14:52:56)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1177238915-823518204-1644491937-500 - Administrator - Enabled)
ASPNET (S-1-5-21-1177238915-823518204-1644491937-1007 - Limited - Enabled)
Gabriella (S-1-5-21-1177238915-823518204-1644491937-1005 - Limited - Enabled) => %SystemDrive%\Documents and Settings\Gabriella
Guest (S-1-5-21-1177238915-823518204-1644491937-501 - Limited - Disabled) => %SystemDrive%\Documents and Settings\Guest
Heather (S-1-5-21-1177238915-823518204-1644491937-1009 - Limited - Enabled) => %SystemDrive%\Documents and Settings\Heather
HelpAssistant (S-1-5-21-1177238915-823518204-1644491937-1000 - Limited - Disabled)
Isabella (S-1-5-21-1177238915-823518204-1644491937-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Isabella
Sophia (S-1-5-21-1177238915-823518204-1644491937-1006 - Limited - Enabled) => %SystemDrive%\Documents and Settings\Sophia
SUPPORT_388945a0 (S-1-5-21-1177238915-823518204-1644491937-1002 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 22 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
BlueStacks App Player (HKLM\...\BlueStacks) (Version: 2.3.40.6019 - BlueStack Systems, Inc.)
Clean Master (HKLM\...\Clean Master) (Version: 1.0 - Cheetah Mobile)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.2.6793.01 - Dell)
Dell System Detect (HKU\S-1-5-21-1177238915-823518204-1644491937-1004\...\58d94f3ce2c27db0) (Version: 7.3.0.6 - Dell)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.30.3 - Google Inc.) Hidden
IMVU Avatar Chat Software (HKU\S-1-5-21-1177238915-823518204-1644491937-1004\...\IMVU Avatar chat client software BETA) (Version: - )
Intel® Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4543 - )
JSWPFCom (Version: 1.07.0000 - JumpStart World) Hidden
JSWPFGrade1 (Version: 1.07.0000 - JumpStart World) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{91E30409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft WinUsb 2.0 (HKLM\...\winusb0200) (Version: - Microsoft Corporation)
Mozilla Firefox 49.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 49.0.1 (x86 en-US)) (Version: 49.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 49.0.1.6109 - Mozilla)
Realtek AC'97 Audio (HKLM\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version: 5.33 - Realtek Semiconductor Corp.)
RNX-MiniN1 Wireless LAN Driver and Utility (HKLM\...\{9C049499-055C-4a0c-A916-1D12314F45EB}) (Version: 1.00.0179 - Rosewill Inc)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.01.5246 - Analog Devices)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1216 - SUPERAntiSpyware.com)
The Movies™ Demo (HKLM\...\InstallShield_{2E2BBF0D-EF39-42EA-9D96-F33AEE22904B}) (Version: 1.0 - Activision)
The Movies™ Demo (Version: 1.0 - Activision) Hidden
Toontown Rewritten (HKLM\...\Toontown Rewritten) (Version: 00.00.00.00 - The TTR Team)
Translate (HKU\S-1-5-21-1177238915-823518204-1644491937-1004\...\translate-65e7cca1b27e50ede238fedb48951a63) (Version: 1.2.2 - Dzexon)
Unity Web Player (HKLM\...\UnityWebPlayer) (Version: 2.1.0f5_16147 - Unity Technologies ApS)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1177238915-823518204-1644491937-1004_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Documents and Settings\Isabella\Local Settings\Application Data\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Documents and Settings\Isabella\Start Menu\Programs\Intеrnеt Ехplоrеr.lnk -> C:\Program Files\Internet Explorer\iexplore.bat (No File)
Shortcut: C:\Documents and Settings\Isabella\Application Data\Microsoft\Internet Explorer\Quick Launch\Gооglе Сhrоmе.lnk -> C:\Program Files\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\Documents and Settings\Isabella\Application Data\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnеt Ехplоrеr Вrоwsеr.lnk -> C:\Program Files\Internet Explorer\iexplore.bat (No File)
Shortcut: C:\Documents and Settings\Isabella\Application Data\Microsoft\Internet Explorer\Quick Launch\Моzillа Firеfох.lnk -> C:\Program Files\Mozilla Firefox\firefox.bat (No File)
Shortcut: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Gооglе Сhrоmе (2).lnk -> C:\Program Files\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Моzillа Firеfох.lnk -> C:\Program Files\Mozilla Firefox\firefox.bat (No File)
ShortcutWithArgument: C:\Documents and Settings\Isabella\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://navigation.iwatchavi.com/
==================== Loaded Modules (Whitelisted) ==============
2012-04-14 16:53 - 2009-12-09 21:20 - 00126976 _____ () C:\Program Files\RNX-MiniN1\11n USB Wireless LAN Utility\EnumDevLib.dll
2012-04-14 16:53 - 2007-07-12 11:11 - 01163264 _____ () C:\Program Files\RNX-MiniN1\11n USB Wireless LAN Utility\acAuth.dll
2008-04-14 00:00 - 2013-01-01 23:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-1177238915-823518204-1644491937-1004\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-1177238915-823518204-1644491937-1004\...\driversupport.com -> hxxp://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-1177238915-823518204-1644491937-1004\...\driversupport.com -> hxxps://apps.driversupport.com
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2008-04-14 00:00 - 2016-06-15 14:08 - 00000914 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 www.czzsyzgm.com
127.0.0.1 www.czzsyzxl.com
127.0.0.1 union.baidu2019.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1177238915-823518204-1644491937-1004\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Isabella\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 75.75.75.75 - 75.75.76.76
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
StandardProfile\AuthorizedApplications: [C:\Program Files\RNX-MiniN1\11n USB Wireless LAN Utility\RtWLan.exe] => Enabled:RtWlan
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Isabella\Local Settings\Application Data\Akamai\netsession_win.exe] => Enabled:Akamai NetSession Client
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Isabella\Desktop\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe] => Enabled:EBook Codec Downloader
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Isabella\Desktop\FormatFactory\FormatFactory.exe] => Enabled:Format Factory
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Isabella\Desktop\FormatFactory\FFModules\Package\PTInstOnline.exe] => Enabled:Picosmos Tools Downloader
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Isabella\My Documents\Downloads\solutoinstaller.exe] => Enabled:SolutoInstaller
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\GloballyOpenPorts: [1542:UDP] => Enabled:Realtek WPS UDP Prot
StandardProfile\GloballyOpenPorts: [53:UDP] => Enabled:Realtek AP UDP Prot
StandardProfile\GloballyOpenPorts: [135:TCP] => Enabled:TCP Port 135
StandardProfile\GloballyOpenPorts: [5000:TCP] => Enabled:TCP Port 5000
StandardProfile\GloballyOpenPorts: [5001:TCP] => Enabled:TCP Port 5001
StandardProfile\GloballyOpenPorts: [5002:TCP] => Enabled:TCP Port 5002
StandardProfile\GloballyOpenPorts: [5003:TCP] => Enabled:TCP Port 5003
StandardProfile\GloballyOpenPorts: [5004:TCP] => Enabled:TCP Port 5004
StandardProfile\GloballyOpenPorts: [5005:TCP] => Enabled:TCP Port 5005
StandardProfile\GloballyOpenPorts: [5006:TCP] => Enabled:TCP Port 5006
StandardProfile\GloballyOpenPorts: [5007:TCP] => Enabled:TCP Port 5007
StandardProfile\GloballyOpenPorts: [5008:TCP] => Enabled:TCP Port 5008
StandardProfile\GloballyOpenPorts: [5009:TCP] => Enabled:TCP Port 5009
StandardProfile\GloballyOpenPorts: [5010:TCP] => Enabled:TCP Port 5010
StandardProfile\GloballyOpenPorts: [5011:TCP] => Enabled:TCP Port 5011
StandardProfile\GloballyOpenPorts: [5012:TCP] => Enabled:TCP Port 5012
StandardProfile\GloballyOpenPorts: [5013:TCP] => Enabled:TCP Port 5013
StandardProfile\GloballyOpenPorts: [5014:TCP] => Enabled:TCP Port 5014
StandardProfile\GloballyOpenPorts: [5015:TCP] => Enabled:TCP Port 5015
StandardProfile\GloballyOpenPorts: [5016:TCP] => Enabled:TCP Port 5016
StandardProfile\GloballyOpenPorts: [5017:TCP] => Enabled:TCP Port 5017
StandardProfile\GloballyOpenPorts: [5018:TCP] => Enabled:TCP Port 5018
StandardProfile\GloballyOpenPorts: [5019:TCP] => Enabled:TCP Port 5019
StandardProfile\GloballyOpenPorts: [5020:TCP] => Enabled:TCP Port 5020
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [80:TCP] => Enabled:War Thunder
StandardProfile\GloballyOpenPorts: [443:TCP] => Enabled:War Thunder
StandardProfile\GloballyOpenPorts: [20010:UDP] => Enabled:War Thunder
StandardProfile\GloballyOpenPorts: [3478:UDP] => Enabled:War Thunder
StandardProfile\GloballyOpenPorts: [7850:TCP] => Enabled:War Thunder
StandardProfile\GloballyOpenPorts: [7852:TCP] => Enabled:War Thunder
StandardProfile\GloballyOpenPorts: [7853:TCP] => Enabled:War Thunder
StandardProfile\GloballyOpenPorts: [27022:TCP] => Enabled:War Thunder
StandardProfile\GloballyOpenPorts: [6881:TCP] => Enabled:War Thunder
StandardProfile\GloballyOpenPorts: [33333:TCP] => Enabled:War Thunder
StandardProfile\GloballyOpenPorts: [20443:TCP] => Enabled:War Thunder
StandardProfile\GloballyOpenPorts: [8090:TCP] => Enabled:War Thunder
==================== Restore Points =========================
20-09-2016 19:42:08 System Checkpoint
22-09-2016 13:29:06 System Checkpoint
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Error: (09/24/2016 07:25:27 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MPC Core Protect Service service failed to start due to the following error:
%%1053 = The service did not respond to the start or control request in a timely fashion.
Error: (09/24/2016 07:25:27 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the MPC Core Protect Service service to connect.
Error: (09/23/2016 06:52:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MPC Core Protect Service service failed to start due to the following error:
%%1053 = The service did not respond to the start or control request in a timely fashion.
Error: (09/23/2016 06:52:01 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the MPC Core Protect Service service to connect.
Error: (09/23/2016 04:43:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MPC Core Protect Service service failed to start due to the following error:
%%1053 = The service did not respond to the start or control request in a timely fashion.
Error: (09/23/2016 04:43:05 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the MPC Core Protect Service service to connect.
Error: (09/22/2016 01:00:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MPC Core Protect Service service failed to start due to the following error:
%%1053 = The service did not respond to the start or control request in a timely fashion.
Error: (09/22/2016 01:00:38 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the MPC Core Protect Service service to connect.
Error: (09/21/2016 04:36:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MPC Core Protect Service service failed to start due to the following error:
%%1053 = The service did not respond to the start or control request in a timely fashion.
Error: (09/21/2016 04:36:26 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the MPC Core Protect Service service to connect.
==================== Memory info ===========================
Processor: Intel® Pentium® 4 CPU 3.00GHz
Percentage of memory in use: 33%
Total physical RAM: 2038.07 MB
Available physical RAM: 1359.95 MB
Total Virtual: 3412.69 MB
Available Virtual: 2901.4 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:74.5 GB) (Free:22.52 GB) NTFS ==>[drive with boot components (Windows XP)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: B174B174)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
#20
Posted 24 September 2016 - 10:09 AM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
Download the attached fixlist.txt to the same location as FRST
[attachment=82698:fixlist.txt]
Run FRST and press Fix
A fix log will be generated please post that
Your copy of FRST is old. Delete it then Download a new copy from
Run FRST again as before. Make sure Addition.txt is checked and hit Scan. Post both logs. (Make sure you get all of the log. Last time you missed part of the Frst log.
#21
Posted 26 September 2016 - 06:03 PM
izzykins17
- Topic Starter
-
- Member
-
- 11 posts
Member
Fix result of Farbar Recovery Scan Tool (x86) Version: 20-06-2016 01
Ran by Isabella (2016-09-26 16:58:07) Run:9
Running from C:\Documents and Settings\Isabella\My Documents\Downloads\New Folder
Loaded Profiles: Isabella (Available Profiles: Isabella & Gabriella & Sophia & Heather & Guest)
Boot Mode: Normal
==============================================
fixlist content:
*****************
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:3492;https=127.0.0.1:3492;
AutoConfigURL: [.DEFAULT] => http=127.0.0.1:3492;https=127.0.0.1:3492;
Shortcut: C:\Documents and Settings\Isabella\Start Menu\Programs\Int?rn?t ??pl?r?r.lnk -> C:\Program Files\Internet Explorer\iexplore.bat (No File)
Shortcut: C:\Documents and Settings\Isabella\Application Data\Microsoft\Internet Explorer\Quick Launch\G??gl? ?hr?m?.lnk -> C:\Program Files\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\Documents and Settings\Isabella\Application Data\Microsoft\Internet Explorer\Quick Launch\L?un?h Int?rn?t ??pl?r?r ?r?ws?r.lnk -> C:\Program Files\Internet Explorer\iexplore.bat (No File)
Shortcut: C:\Documents and Settings\Isabella\Application Data\Microsoft\Internet Explorer\Quick Launch\??zill? Fir?f??.lnk -> C:\Program Files\Mozilla Firefox\firefox.bat (No File)
Shortcut: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\G??gl? ?hr?m? (2).lnk -> C:\Program Files\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\??zill? Fir?f??.lnk -> C:\Program Files\Mozilla Firefox\firefox.bat (No File)
ShortcutWithArgument: C:\Documents and Settings\Isabella\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://navigation.iwatchavi.com/
R2 MPCProtectService; C:\Program Files\MPC Cleaner\MPCProtectService.exe [350688 2016-06-14] (DotC United Inc)
R0 MPCBase; C:\WINDOWS\System32\drivers\MPCBase.sys [29032 2016-06-14] (DotC United Inc)
R1 MPCKpt; C:\WINDOWS\System32\DRIVERS\MPCKpt.sys [53992 2016-06-14] (DotC United Inc)
CMD: Del "C:\Documents and Settings\Isabella\Start Menu\Programs\G*gl*hr*m*.lnk"
CMD: Del "C:\Documents and Settings\Isabella\Start Menu\Programs\*zill*Fir*f*.lnk"
CMD: Del "C:\Documents and Settings\Isabella\Start Menu\Programs\L*un*h Int*rn*t*pl*r*r *r*ws*r.lnk"
CMD: dir /a /s "C:\Documents and Settings\Isabella\Start Menu\Programs"
CMD: Del "C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\G*gl*hr*m*.lnk"
CMD: Del "C:\Documents and Settings\All Users.WINDOWS Menu\Programs\*zill*Fir*f*.lnk"
CMD: Del "C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\L*un*h Int*rn*t*pl*r*r *r*ws*r.lnk"
CMD: dir /a /s "C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs"
CMD: sc delete MPCBase
*****************
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL => value not found.
Shortcut: C:\Documents and Settings\Isabella\Start Menu\Programs\Int?rn?t ??pl?r?r.lnk -> C:\Program Files\Internet Explorer\iexplore.bat (No File) => Error: No automatic fix found for this entry.
Shortcut: C:\Documents and Settings\Isabella\Application Data\Microsoft\Internet Explorer\Quick Launch\G??gl? ?hr?m?.lnk -> C:\Program Files\Google\Chrome\Application\chrome.bat (No File) => Error: No automatic fix found for this entry.
Shortcut: C:\Documents and Settings\Isabella\Application Data\Microsoft\Internet Explorer\Quick Launch\L?un?h Int?rn?t ??pl?r?r ?r?ws?r.lnk -> C:\Program Files\Internet Explorer\iexplore.bat (No File) => Error: No automatic fix found for this entry.
Shortcut: C:\Documents and Settings\Isabella\Application Data\Microsoft\Internet Explorer\Quick Launch\??zill? Fir?f??.lnk -> C:\Program Files\Mozilla Firefox\firefox.bat (No File) => Error: No automatic fix found for this entry.
Shortcut: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\G??gl? ?hr?m? (2).lnk -> C:\Program Files\Google\Chrome\Application\chrome.bat (No File) => Error: No automatic fix found for this entry.
Shortcut: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\??zill? Fir?f??.lnk -> C:\Program Files\Mozilla Firefox\firefox.bat (No File) => Error: No automatic fix found for this entry.
C:\Documents and Settings\Isabella\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk => Shortcut argument removed successfully..
MPCProtectService => service could not remove
MPCBase => Unable to stop service.
MPCBase => service could not remove
MPCKpt => Unable to stop service.
MPCKpt => service could not remove
========= Del "C:\Documents and Settings\Isabella\Start Menu\Programs\G*gl*hr*m*.lnk" =========
Could Not Find C:\Documents and Settings\Isabella\Start Menu\Programs\G*gl*hr*m*.lnk
========= End of CMD: =========
========= Del "C:\Documents and Settings\Isabella\Start Menu\Programs\*zill*Fir*f*.lnk" =========
Could Not Find C:\Documents and Settings\Isabella\Start Menu\Programs\*zill*Fir*f*.lnk
========= End of CMD: =========
========= Del "C:\Documents and Settings\Isabella\Start Menu\Programs\L*un*h Int*rn*t*pl*r*r *r*ws*r.lnk" =========
Could Not Find C:\Documents and Settings\Isabella\Start Menu\Programs\L*un*h Int*rn*t*pl*r*r *r*ws*r.lnk
========= End of CMD: =========
========= dir /a /s "C:\Documents and Settings\Isabella\Start Menu\Programs" =========
Volume in drive C has no label.
Volume Serial Number is AC1D-BE55
Directory of C:\Documents and Settings\Isabella\Start Menu\Programs
06/18/2016 11:07 AM <DIR> .
06/18/2016 11:07 AM <DIR> ..
03/26/2016 09:32 AM <DIR> Accessories
04/09/2016 03:07 PM <DIR> Administrative Tools
11/25/2015 02:02 PM <DIR> AeriaGames
12/23/2015 07:44 PM <DIR> DAZ 3D
04/13/2016 12:47 PM <DIR> Dell
04/02/2016 09:32 AM 234 desktop.ini
04/10/2016 09:15 AM <DIR> FormatFactory
04/17/2015 04:30 PM <DIR> Games
11/24/2015 08:34 AM <DIR> IMVU
06/14/2016 11:38 AM 1,659 Int?rn?t ??pl?r?r.lnk
05/30/2016 12:25 PM <DIR> Startup
04/03/2016 06:35 PM 2,168 Translate.lnk
05/11/2016 08:00 PM 788 Windows Media Player.lnk
4 File(s) 4,849 bytes
Directory of C:\Documents and Settings\Isabella\Start Menu\Programs\Accessories
03/26/2016 09:32 AM <DIR> .
03/26/2016 09:32 AM <DIR> ..
08/26/2011 07:54 PM <DIR> Accessibility
04/02/2016 09:32 AM 774 Address Book.lnk
08/27/2011 07:50 AM 1,555 Command Prompt.lnk
04/02/2016 09:32 AM 542 desktop.ini
02/08/2015 10:34 AM <DIR> Entertainment
08/27/2011 07:50 AM 1,519 Notepad.lnk
08/27/2011 07:50 AM 386 Program Compatibility Wizard.lnk
08/27/2011 07:50 AM 1,519 Synchronize.lnk
08/27/2011 07:50 AM 1,527 Tour Windows XP.lnk
08/27/2011 07:48 AM 1,487 Windows Explorer.lnk
8 File(s) 9,309 bytes
Directory of C:\Documents and Settings\Isabella\Start Menu\Programs\Accessories\Accessibility
08/26/2011 07:54 PM <DIR> .
08/26/2011 07:54 PM <DIR> ..
08/27/2011 07:50 AM 348 desktop.ini
08/27/2011 07:50 AM 1,525 Magnifier.lnk
08/27/2011 07:50 AM 1,532 Narrator.lnk
08/27/2011 07:50 AM 1,501 On-Screen Keyboard.lnk
08/27/2011 07:50 AM 1,539 Utility Manager.lnk
5 File(s) 6,445 bytes
Directory of C:\Documents and Settings\Isabella\Start Menu\Programs\Accessories\Entertainment
02/08/2015 10:34 AM <DIR> .
02/08/2015 10:34 AM <DIR> ..
08/27/2011 07:50 AM 84 desktop.ini
1 File(s) 84 bytes
Directory of C:\Documents and Settings\Isabella\Start Menu\Programs\Administrative Tools
04/09/2016 03:07 PM <DIR> .
04/09/2016 03:07 PM <DIR> ..
04/09/2016 03:07 PM 62 desktop.ini
1 File(s) 62 bytes
Directory of C:\Documents and Settings\Isabella\Start Menu\Programs\AeriaGames
11/25/2015 02:02 PM <DIR> .
11/25/2015 02:02 PM <DIR> ..
0 File(s) 0 bytes
Directory of C:\Documents and Settings\Isabella\Start Menu\Programs\DAZ 3D
12/23/2015 07:44 PM <DIR> .
12/23/2015 07:44 PM <DIR> ..
0 File(s) 0 bytes
Directory of C:\Documents and Settings\Isabella\Start Menu\Programs\Dell
04/13/2016 12:47 PM <DIR> .
04/13/2016 12:47 PM <DIR> ..
04/13/2016 12:47 PM 372 Dell System Detect.appref-ms
1 File(s) 372 bytes
Directory of C:\Documents and Settings\Isabella\Start Menu\Programs\FormatFactory
04/10/2016 09:15 AM <DIR> .
04/10/2016 09:15 AM <DIR> ..
04/10/2016 09:15 AM 673 FormatFactory.lnk
04/10/2016 09:15 AM 1,623 Help.lnk
04/10/2016 09:15 AM 721 Uninstall.lnk
3 File(s) 3,017 bytes
Directory of C:\Documents and Settings\Isabella\Start Menu\Programs\Games
04/17/2015 04:30 PM <DIR> .
04/17/2015 04:30 PM <DIR> ..
0 File(s) 0 bytes
Directory of C:\Documents and Settings\Isabella\Start Menu\Programs\IMVU
11/24/2015 08:34 AM <DIR> .
11/24/2015 08:34 AM <DIR> ..
06/20/2016 11:15 AM 67 About IMVU.url
06/20/2016 11:15 AM 77 Forgot my password.url
06/20/2016 11:15 AM 66 Help.url
06/20/2016 11:15 AM 1,961 Run IMVU.lnk
06/20/2016 11:15 AM 1,926 Uninstall.lnk
5 File(s) 4,097 bytes
Directory of C:\Documents and Settings\Isabella\Start Menu\Programs\Startup
05/30/2016 12:25 PM <DIR> .
05/30/2016 12:25 PM <DIR> ..
08/27/2011 07:50 AM 84 desktop.ini
1 File(s) 84 bytes
Total Files Listed:
29 File(s) 28,319 bytes
35 Dir(s) 24,627,838,976 bytes free
========= End of CMD: =========
========= Del "C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\G*gl*hr*m*.lnk" =========
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\G??gl? ?hr?m? (2).lnk
Access is denied.
========= End of CMD: =========
========= Del "C:\Documents and Settings\All Users.WINDOWS Menu\Programs\*zill*Fir*f*.lnk" =========
The system cannot find the path specified.
========= End of CMD: =========
========= Del "C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\L*un*h Int*rn*t*pl*r*r *r*ws*r.lnk" =========
Could Not Find C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\L*un*h Int*rn*t*pl*r*r *r*ws*r.lnk
========= End of CMD: =========
========= dir /a /s "C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs" =========
Volume in drive C has no label.
Volume Serial Number is AC1D-BE55
Directory of C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs
09/24/2016 07:00 PM <DIR> .
09/24/2016 07:00 PM <DIR> ..
04/08/2015 07:56 PM <DIR> Accessories
11/04/2011 08:53 PM <DIR> Administrative Tools
04/13/2016 10:09 AM <DIR> Clean Master
04/10/2016 12:46 PM <DIR> Creative Wonders
04/13/2016 12:07 PM <DIR> Dell
08/27/2011 07:48 AM 150 desktop.ini
09/04/2011 08:06 AM <DIR> Games
06/14/2016 11:38 AM 1,827 G??gl? ?hr?m? (2).lnk
04/18/2015 12:50 PM <DIR> JumpStart 3D Virtual World
07/23/2016 02:08 PM <DIR> KingsIsle Entertainment
04/14/2016 07:25 AM <DIR> Malwarebytes Anti-Malware
04/14/2012 08:14 PM <DIR> Microsoft Office
06/18/2016 09:53 AM 730 Mozilla Firefox.lnk
08/31/2016 06:36 PM <DIR> MPC
06/13/2016 03:24 PM <DIR> PasswordBoss
04/08/2015 04:17 PM <DIR> QuickTime for Windows
04/13/2016 11:33 AM <DIR> Realtek Sound Manager
04/14/2012 04:54 PM <DIR> RNX-MiniN1 11n USB Wireless LAN Utility
08/27/2011 07:50 AM 1,607 Set Program Access and Defaults.lnk
06/13/2016 02:07 PM <DIR> Startup
04/14/2016 07:22 AM <DIR> SUPERAntiSpyware
09/14/2016 04:15 PM <DIR> Toontown Rewritten
08/27/2011 07:47 AM 609 Windows Messenger.lnk
08/27/2011 07:48 AM 786 Windows Movie Maker.lnk
06/14/2016 11:38 AM 1,616 ??zill? Fir?f??.lnk
7 File(s) 7,325 bytes
Directory of C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Accessories
04/08/2015 07:56 PM <DIR> .
04/08/2015 07:56 PM <DIR> ..
08/26/2011 07:51 PM <DIR> Accessibility
08/26/2011 07:54 PM <DIR> Communications
04/15/2012 12:59 PM 332 desktop.ini
08/26/2011 07:51 PM <DIR> Entertainment
04/21/2012 04:22 PM 1,515 Paint.lnk
08/27/2011 07:48 AM 1,585 Remote Desktop Connection.lnk
04/15/2012 12:59 PM 710 Scanner and Camera Wizard.lnk
08/26/2011 07:54 PM <DIR> System Tools
08/27/2011 07:47 AM 879 WordPad.lnk
5 File(s) 5,021 bytes
Directory of C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Accessories\Accessibility
08/26/2011 07:51 PM <DIR> .
08/26/2011 07:51 PM <DIR> ..
08/27/2011 07:47 AM 1,520 Accessibility Wizard.lnk
08/27/2011 07:47 AM 90 desktop.ini
2 File(s) 1,610 bytes
Directory of C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Accessories\Communications
08/26/2011 07:54 PM <DIR> .
08/26/2011 07:54 PM <DIR> ..
08/27/2011 07:50 AM 448 desktop.ini
08/27/2011 07:47 AM 786 HyperTerminal.lnk
08/27/2011 07:46 AM 1,757 Network Connections.lnk
08/27/2011 07:48 AM 1,640 Network Setup Wizard.lnk
08/27/2011 07:46 AM 1,646 New Connection Wizard.lnk
08/27/2011 07:50 AM 1,700 Wireless Network Setup Wizard.lnk
6 File(s) 7,977 bytes
Directory of C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Accessories\Entertainment
08/26/2011 07:51 PM <DIR> .
08/26/2011 07:51 PM <DIR> ..
08/27/2011 07:47 AM 146 desktop.ini
08/27/2011 07:47 AM 1,528 Sound Recorder.lnk
08/27/2011 07:47 AM 1,528 Volume Control.lnk
3 File(s) 3,202 bytes
Directory of C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Accessories\System Tools
08/26/2011 07:54 PM <DIR> .
08/26/2011 07:54 PM <DIR> ..
08/27/2011 07:50 AM 1,599 Activate Windows.lnk
08/27/2011 07:50 AM 1,532 Backup.lnk
08/27/2011 07:47 AM 1,521 Character Map.lnk
08/27/2011 07:50 AM 757 desktop.ini
08/27/2011 07:48 AM 1,532 Disk Cleanup.lnk
08/27/2011 07:48 AM 1,572 Disk Defragmenter.lnk
08/27/2011 07:50 AM 1,591 Files and Settings Transfer Wizard.lnk
08/27/2011 07:48 AM 1,753 Scheduled Tasks.lnk
08/27/2011 07:50 AM 1,583 Security Center.lnk
08/27/2011 07:48 AM 1,070 System Information.lnk
08/27/2011 07:48 AM 1,616 System Restore.lnk
11 File(s) 16,126 bytes
Directory of C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Administrative Tools
11/04/2011 08:53 PM <DIR> .
11/04/2011 08:53 PM <DIR> ..
08/27/2011 07:47 AM 1,582 Component Services.lnk
08/27/2011 07:50 AM 1,602 Computer Management.lnk
08/27/2011 07:50 AM 1,596 Data Sources (ODBC).lnk
08/27/2011 07:50 AM 545 desktop.ini
08/27/2011 07:50 AM 1,592 Event Viewer.lnk
08/27/2011 07:50 AM 1,590 Local Security Policy.lnk
11/04/2011 08:53 PM 1,107 Microsoft .NET Framework 1.1 Configuration.lnk
11/04/2011 08:53 PM 1,158 Microsoft .NET Framework 1.1 Wizards.lnk
09/04/2011 08:29 AM 1,591 Performance.lnk
08/27/2011 07:50 AM 1,602 Services.lnk
10 File(s) 13,965 bytes
Directory of C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Clean Master
04/13/2016 10:09 AM <DIR> .
04/13/2016 10:09 AM <DIR> ..
04/13/2016 10:09 AM 743 Clean Master.lnk
04/13/2016 10:09 AM 722 Uninst Clean Master.lnk
2 File(s) 1,465 bytes
Directory of C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Creative Wonders
04/10/2016 12:46 PM <DIR> .
04/10/2016 12:46 PM <DIR> ..
0 File(s) 0 bytes
Directory of C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Dell
04/13/2016 12:07 PM <DIR> .
04/13/2016 12:07 PM <DIR> ..
04/13/2016 12:07 PM <DIR> SupportAssist
0 File(s) 0 bytes
Directory of C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Dell\SupportAssist
04/13/2016 12:07 PM <DIR> .
04/13/2016 12:07 PM <DIR> ..
04/13/2016 12:07 PM 1,885 SupportAssist.lnk
1 File(s) 1,885 bytes
Directory of C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Games
09/04/2011 08:06 AM <DIR> .
09/04/2011 08:06 AM <DIR> ..
09/04/2011 08:06 AM 798 desktop.ini
08/27/2011 07:47 AM 1,522 Freecell.lnk
08/27/2011 07:47 AM 1,520 Hearts.lnk
09/04/2011 08:06 AM 913 Internet Backgammon.lnk
09/04/2011 08:06 AM 913 Internet Checkers.lnk
09/04/2011 08:06 AM 913 Internet Hearts.lnk
09/04/2011 08:06 AM 913 Internet Reversi.lnk
09/04/2011 08:06 AM 913 Internet Spades.lnk
08/27/2011 07:47 AM 1,515 Minesweeper.lnk
08/27/2011 07:47 AM 1,491 Solitaire.lnk
08/27/2011 07:47 AM 1,502 Spider Solitaire.lnk
11 File(s) 12,913 bytes
Directory of C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\JumpStart 3D Virtual World
04/18/2015 12:50 PM <DIR> .
04/18/2015 12:50 PM <DIR> ..
04/20/2012 09:59 PM 1,730 JumpStart 3D Parent Center.lnk
04/28/2012 06:59 AM <DIR> Trouble in Town
1 File(s) 1,730 bytes
Directory of C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\JumpStart 3D Virtual World\Trouble in Town
04/28/2012 06:59 AM <DIR> .
04/28/2012 06:59 AM <DIR> ..
04/20/2012 09:59 PM 1,740 JumpStart 3D Ages 5-7.lnk
04/20/2012 09:59 PM 1,856 Manual.lnk
04/20/2012 10:00 PM 1,806 QuickTime Installer.lnk
04/20/2012 09:59 PM 913 Readme.lnk
4 File(s) 6,315 bytes
Directory of C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\KingsIsle Entertainment
07/23/2016 02:08 PM <DIR> .
07/23/2016 02:08 PM <DIR> ..
07/23/2016 02:08 PM <DIR> Wizard101
0 File(s) 0 bytes
Directory of C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\KingsIsle Entertainment\Wizard101
07/23/2016 02:08 PM <DIR> .
07/23/2016 02:08 PM <DIR> ..
07/23/2016 02:08 PM 1,844 Play Wizard101.lnk
07/23/2016 02:08 PM 2,050 Report a bug.lnk
07/23/2016 02:08 PM 2,086 Uninstall Wizard101.lnk
3 File(s) 5,980 bytes
Directory of C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes Anti-Malware
04/14/2016 07:25 AM <DIR> .
04/14/2016 07:25 AM <DIR> ..
04/14/2016 07:25 AM 789 Malwarebytes Anti-Malware.lnk
04/14/2016 07:25 AM <DIR> Tools
04/14/2016 07:25 AM 813 Uninstall Malwarebytes Anti-Malware.lnk
2 File(s) 1,602 bytes
Directory of C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes Anti-Malware\Tools
04/14/2016 07:25 AM <DIR> .
04/14/2016 07:25 AM <DIR> ..
04/14/2016 07:25 AM 1,040 Malwarebytes Anti-Malware Chameleon.lnk
1 File(s) 1,040 bytes
Directory of C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Microsoft Office
04/14/2012 08:14 PM <DIR> .
04/14/2012 08:14 PM <DIR> ..
05/11/2012 02:11 PM 2,507 Microsoft Office Excel 2003.lnk
04/15/2015 11:42 AM 2,495 Microsoft Office PowerPoint 2003.lnk
04/15/2015 11:44 AM 2,455 Microsoft Office Publisher 2003.lnk
04/14/2012 08:14 PM <DIR> Microsoft Office Tools
04/03/2016 10:31 PM 2,509 Microsoft Office Word 2003.lnk
4 File(s) 9,966 bytes
Directory of C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Microsoft Office\Microsoft Office Tools
04/14/2012 08:14 PM <DIR> .
04/14/2012 08:14 PM <DIR> ..
04/14/2012 08:14 PM 2,022 Digital Certificate for VBA Projects.lnk
04/14/2012 08:14 PM 1,988 Microsoft Clip Organizer.lnk
04/14/2012 08:14 PM 1,902 Microsoft Office 2003 Language Settings.lnk
04/14/2012 08:14 PM 1,908 Microsoft Office 2003 Save My Settings Wizard.lnk
04/14/2012 08:14 PM 1,876 Microsoft Office Application Recovery.lnk
04/14/2012 08:14 PM 2,140 Microsoft Office Document Imaging.lnk
04/14/2012 08:14 PM 2,142 Microsoft Office Document Scanning.lnk
04/14/2012 08:14 PM 1,964 Microsoft Office Picture Manager.lnk
8 File(s) 15,942 bytes
Directory of C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\MPC
08/31/2016 06:36 PM <DIR> .
08/31/2016 06:36 PM <DIR> ..
08/31/2016 06:36 PM 626 MPC Cleaner.lnk
1 File(s) 626 bytes
Directory of C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\PasswordBoss
06/13/2016 03:24 PM <DIR> .
06/13/2016 03:24 PM <DIR> ..
0 File(s) 0 bytes
Directory of C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\QuickTime for Windows
04/08/2015 04:17 PM <DIR> .
04/08/2015 04:17 PM <DIR> ..
04/08/2015 04:16 PM 529 Movie Player 32-bit.lnk
04/08/2015 04:16 PM 529 Picture Viewer 32-bit.lnk
04/08/2015 04:17 PM 541 QuickTime Read Me 32-bit.lnk
04/08/2015 04:17 PM 541 Reinstall QuickTime 32-bit.lnk
04/08/2015 04:17 PM 541 Uninstall QuickTime 32-bit.lnk
5 File(s) 2,681 bytes
Directory of C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Realtek Sound Manager
04/13/2016 11:33 AM <DIR> .
04/13/2016 11:33 AM <DIR> ..
04/13/2016 11:33 AM 1,531 AvRack.lnk
1 File(s) 1,531 bytes
Directory of C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\RNX-MiniN1 11n USB Wireless LAN Utility
04/14/2012 04:54 PM <DIR> .
04/14/2012 04:54 PM <DIR> ..
04/14/2012 04:54 PM 1,829 RNX-MiniN1 11n USB Wireless LAN Utility.lnk
04/14/2012 04:54 PM 2,244 Uninstall.lnk
2 File(s) 4,073 bytes
Directory of C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
06/13/2016 02:07 PM <DIR> .
06/13/2016 02:07 PM <DIR> ..
08/27/2011 07:50 AM 84 desktop.ini
04/14/2012 04:54 PM 1,835 RNX-MiniN1 11n USB Wireless LAN Utility.lnk
2 File(s) 1,919 bytes
Directory of C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\SUPERAntiSpyware
04/14/2016 07:22 AM <DIR> .
04/14/2016 07:22 AM <DIR> ..
04/14/2016 07:22 AM 1,634 BootSafe.lnk
04/14/2016 07:22 AM 1,618 SUPERAntiSpyware Alternate Start.lnk
04/14/2016 07:22 AM 1,690 SUPERAntiSpyware Free Edition.lnk
04/14/2016 07:22 AM 1,712 SUPERAntiSpyware Registration-Activation.lnk
4 File(s) 6,654 bytes
Directory of C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Toontown Rewritten
09/14/2016 04:15 PM <DIR> .
09/14/2016 04:15 PM <DIR> ..
09/14/2016 04:15 PM <DIR> Toontown Rewritten
09/14/2016 04:14 PM 884 Toontown Rewritten Official Site.lnk
09/14/2016 04:14 PM 764 Toontown Rewritten.lnk
2 File(s) 1,648 bytes
Directory of C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Toontown Rewritten\Toontown Rewritten
09/14/2016 04:15 PM <DIR> .
09/14/2016 04:15 PM <DIR> ..
09/14/2016 04:15 PM 890 Toontown Rewritten Official Site.lnk
09/14/2016 04:15 PM 770 Toontown Rewritten.lnk
2 File(s) 1,660 bytes
Total Files Listed:
100 File(s) 134,856 bytes
86 Dir(s) 24,627,793,920 bytes free
========= End of CMD: =========
========= sc delete MPCBase =========
[SC] DeleteService SUCCESS
========= End of CMD: =========
==== End of Fixlog 16:58:22 ====
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-09-2016
Ran by Isabella (administrator) on DAVID-0A47797B5 (26-09-2016 17:00:57)
Running from C:\Documents and Settings\Isabella\My Documents\Downloads
Loaded Profiles: Isabella (Available Profiles: Isabella & Gabriella & Sophia & Heather & Guest)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 6 (Default browser: "C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe" -- "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(BlueStack Systems, Inc.) C:\Program Files\Bluestacks\HD-LogRotatorService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(BlueStack Systems, Inc.) C:\Program Files\Bluestacks\HD-Agent.exe
(Realtek Semiconductor Corp.) C:\Program Files\RNX-MiniN1\11n USB Wireless LAN Utility\RtWLan.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Kingsoft Corporation) C:\Program Files\cmcm\Clean Master\cmtray.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2006-03-23] (Intel Corporation)
HKU\S-1-5-21-1177238915-823518204-1644491937-1004\...\Run: [BlueStacks Agent] => C:\Program Files\Bluestacks\HD-Agent.exe [974360 2016-07-14] (BlueStack Systems, Inc.)
HKU\S-1-5-21-1177238915-823518204-1644491937-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssstars.scr [14336 2008-04-14] (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\RNX-MiniN1 11n USB Wireless LAN Utility.lnk [2012-04-14]
ShortcutTarget: RNX-MiniN1 11n USB Wireless LAN Utility.lnk -> C:\Program Files\RNX-MiniN1\11n USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)
Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\RNX-MiniN1 11n USB Wireless LAN Utility.lnk [2012-04-14]
ShortcutTarget: RNX-MiniN1 11n USB Wireless LAN Utility.lnk -> C:\Program Files\RNX-MiniN1\11n USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)
GroupPolicy: Restriction ? <======= ATTENTION
GroupPolicy: Restriction ? <======= ATTENTION
GroupPolicy: Restriction ? <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{82E1604E-4B41-41E2-92FD-BAA899DD6B25}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-1177238915-823518204-1644491937-1004 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1177238915-823518204-1644491937-1004 -> Software URL =
SearchScopes: HKU\S-1-5-21-1177238915-823518204-1644491937-1004 -> {FDC320A9-B4B2-491E-B140-815C11613CB6} URL = hxxp://search.yahoo.com/search?p={searchTerms}
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Isabella\Application Data\Mozilla\Firefox\Profiles\79gk91dw.default
FF DefaultSearchEngine: Yahoo! Powered
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-16] ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin: @unity3d.com/UnityPlayer -> C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll [2008-07-17] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1177238915-823518204-1644491937-1004: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\Isabella\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll [2016-04-11] (Unity Technologies ApS)
FF SearchPlugin: C:\Documents and Settings\Isabella\Application Data\Mozilla\Firefox\Profiles\79gk91dw.default\searchplugins\findit.xml [2016-06-17]
FF Extension: (Teras Games) - C:\Documents and Settings\Isabella\Application Data\Mozilla\Firefox\Profiles\79gk91dw.default\Extensions\@TerasGamesDefaultSearch.xpi [2016-08-07]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-01-19] [not signed]
Chrome:
=======
CHR HomePage: Default -> hxxp://taplika.com/?f=1&a=tpl_installertech_15_16&cd=2XzuyEtN2Y1L1QzutDtDtCtAyBtB0EtCtBtByC0B0B0EyDyDtN0D0Tzu0StCtBtDtBtN1L2XzutAtFtCtDtFtBtFtDtN1L1Czu2Z1E1I1V1L1G1B2Z1T1I1I1P1C2Z1P1R1MtN1L1G1B1V1N2Y1L1Qzu2SyDtD0CyD0Ezz0C0EtG0B0C0B0FtGtAtB0CyCtGyBtByC0CtGtCtCtCtB0B0D0A0C0AzytByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0EyByD0F0F0CtCtG0FtAtC0BtGyE0D0F0FtGzytAzyyEtGtAyEzzzytAtA0FyCzztD0Bzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzuyBtCtA&cr=1768884837&ir=
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Documents and Settings\Isabella\Local Settings\Application Data\Google\Chrome\User Data\WidevineCDM\1.4.8.824\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\PROGRA~1\Google\Chrome\APPLIC~1\49.0.2623.112\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Documents and Settings\Isabella\Local Settings\Application Data\Google\Chrome\User Data\Default [2016-09-25]
CHR Extension: (Google Docs) - C:\Documents and Settings\Isabella\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-19]
CHR Extension: (Google Drive) - C:\Documents and Settings\Isabella\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-23]
CHR Extension: (YouTube) - C:\Documents and Settings\Isabella\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-23]
CHR Extension: (Google Search) - C:\Documents and Settings\Isabella\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-23]
CHR Extension: (Google Docs Offline) - C:\Documents and Settings\Isabella\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Core) - C:\Documents and Settings\Isabella\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gkhcgfdghbiidgeccbldhfceleibkkpe [2016-03-26]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Isabella\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Gmail) - C:\Documents and Settings\Isabella\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-05]
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1177238915-823518204-1644491937-1004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
S3 BstHdAndroidSvc; C:\Program Files\Bluestacks\HD-Service.exe [445976 2016-07-14] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files\Bluestacks\HD-LogRotatorService.exe [421400 2016-07-14] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files\Bluestacks\HD-Plus-Service.exe [458264 2016-07-14] (BlueStack Systems, Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 LPDSVC; C:\WINDOWS\system32\tcpsvcs.exe [19456 2008-04-14] (Microsoft Corporation)
S2 MPCProtectService; C:\Program Files\MPC Cleaner\MPCProtectService.exe [355808 2016-08-31] (DotC United Inc) <==== ATTENTION
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21361 2012-04-14] (Cisco Systems, Inc.) [File not signed]
S3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [4122368 2008-09-24] (Realtek Semiconductor Corp.) [File not signed]
S3 BstHdDrv; C:\Program Files\Bluestacks\HD-Hypervisor-x86.sys [139360 2016-07-14] (BlueStack Systems)
S3 BstkDrv; C:\Program Files\Bluestacks\BstkDrv.sys [220216 2016-07-14] (Bluestack System Inc. )
R3 ksapi; C:\WINDOWS\system32\drivers\ksapi.sys [81768 2016-04-13] (Kingsoft Corporation)
S3 Leapfrog-USBLAN; C:\WINDOWS\System32\DRIVERS\btblan.sys [33792 2011-08-23] (Belcarra Technologies) [File not signed]
R0 MPCBase; C:\WINDOWS\System32\drivers\MPCBase.sys [29032 2016-06-14] (DotC United Inc) <==== ATTENTION
R1 MPCKpt; C:\WINDOWS\System32\DRIVERS\MPCKpt.sys [53992 2016-06-14] (DotC United Inc) <==== ATTENTION
R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-14] (Microsoft Corporation)
R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2008-04-14] (Microsoft Corporation)
R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2008-04-14] (Microsoft Corporation)
R3 RTL8192cu; C:\WINDOWS\System32\DRIVERS\RTL8192cu.sys [987904 2011-09-02] (Realtek Semiconductor Corporation ) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 XPTWOPORT; C:\WINDOWS\System32\DRIVERS\XPTWOPORT.SYS [15872 2011-09-02] (Realtek Semiconductor Corporation ) [File not signed]
S3 catchme; \??\C:\DOCUME~1\Isabella\LOCALS~1\Temp\catchme.sys [X]
U5 FontCache3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [46104 2008-07-29] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-09-25 07:40 - 2016-09-25 07:41 - 00000000 ____D C:\Documents and Settings\Isabella\Desktop\Stages
2016-09-24 20:16 - 2016-09-25 07:40 - 00000000 ____D C:\Documents and Settings\Isabella\Desktop\mmd poses
2016-09-24 19:41 - 2014-12-17 20:30 - 01708032 _____ C:\Documents and Settings\Isabella\Desktop\MikuMikuDance.exe
2016-09-24 18:37 - 2016-09-24 18:37 - 06883882 _____ C:\Documents and Settings\Isabella\Desktop\MikuMikuDanceE_v926.zip
2016-09-24 18:16 - 2016-09-25 08:58 - 00000000 ____D C:\Documents and Settings\Isabella\Desktop\characters
2016-09-23 20:01 - 2016-09-24 07:25 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-09-14 15:36 - 2016-09-14 17:08 - 00000000 ____D C:\Program Files\Toontown Rewritten
2016-09-14 15:36 - 2016-09-14 16:15 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Toontown Rewritten
2016-09-14 15:36 - 2016-09-14 16:15 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Toontown Rewritten
2016-09-04 12:33 - 2016-09-24 18:58 - 00000000 ____D C:\Documents and Settings\Isabella\Application Data\Lionhead Studios
2016-08-31 18:36 - 2016-08-31 18:36 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\MPC
2016-08-31 18:36 - 2016-08-31 18:36 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\MPC
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-09-26 17:01 - 2011-08-27 08:47 - 00000000 ____D C:\Documents and Settings\Isabella\Local Settings\Temp
2016-09-26 17:00 - 2016-06-18 10:01 - 00000000 ____D C:\FRST
2016-09-26 16:53 - 2015-07-17 09:18 - 00002422 _____ C:\WINDOWS\system32\wpa.dbl
2016-09-26 16:53 - 2015-06-19 14:04 - 00000000 _____ C:\WINDOWS\RTacDbg.txt
2016-09-26 16:52 - 2011-08-26 19:59 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-09-25 21:05 - 2011-08-27 08:47 - 00000178 ___SH C:\Documents and Settings\Isabella\ntuser.ini
2016-09-25 21:05 - 2011-08-26 19:59 - 00032602 _____ C:\WINDOWS\SchedLgU.Txt
2016-09-25 09:33 - 2016-04-14 04:01 - 00769698 _____ C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1177238915-823518204-1644491937-1004-0.dat
2016-09-25 09:33 - 2016-04-14 04:01 - 00207690 _____ C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2016-09-25 08:09 - 2011-08-27 08:47 - 00000000 ___RD C:\Documents and Settings\Isabella\My Documents
2016-09-25 07:39 - 2016-04-14 07:22 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-09-24 18:33 - 2016-06-16 09:17 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-09-24 08:02 - 2015-12-03 06:31 - 00000000 ____D C:\WINDOWS\Minidump
2016-09-04 12:33 - 2011-09-08 07:39 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2016-09-03 14:26 - 2008-08-22 05:45 - 00000000 ____D C:\WINDOWS\Help
2016-08-31 18:37 - 2016-06-14 12:20 - 00000000 ____D C:\Program Files\MPC Cleaner
2016-08-31 18:36 - 2016-06-23 07:13 - 00001476 _____ C:\Documents and Settings\All Users.WINDOWS\Desktop\MPC Cleaner.lnk
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 25-09-2016
Ran by Isabella (26-09-2016 17:01:55)
Running from C:\Documents and Settings\Isabella\My Documents\Downloads
Microsoft Windows XP Professional Service Pack 3 (X86) (2011-08-27 14:52:56)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1177238915-823518204-1644491937-500 - Administrator - Enabled)
ASPNET (S-1-5-21-1177238915-823518204-1644491937-1007 - Limited - Enabled)
Gabriella (S-1-5-21-1177238915-823518204-1644491937-1005 - Limited - Enabled) => %SystemDrive%\Documents and Settings\Gabriella
Guest (S-1-5-21-1177238915-823518204-1644491937-501 - Limited - Disabled) => %SystemDrive%\Documents and Settings\Guest
Heather (S-1-5-21-1177238915-823518204-1644491937-1009 - Limited - Enabled) => %SystemDrive%\Documents and Settings\Heather
HelpAssistant (S-1-5-21-1177238915-823518204-1644491937-1000 - Limited - Disabled)
Isabella (S-1-5-21-1177238915-823518204-1644491937-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Isabella
Sophia (S-1-5-21-1177238915-823518204-1644491937-1006 - Limited - Enabled) => %SystemDrive%\Documents and Settings\Sophia
SUPPORT_388945a0 (S-1-5-21-1177238915-823518204-1644491937-1002 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 22 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
BlueStacks App Player (HKLM\...\BlueStacks) (Version: 2.3.40.6019 - BlueStack Systems, Inc.)
Clean Master (HKLM\...\Clean Master) (Version: 1.0 - Cheetah Mobile)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.2.6793.01 - Dell)
Dell System Detect (HKU\S-1-5-21-1177238915-823518204-1644491937-1004\...\58d94f3ce2c27db0) (Version: 7.3.0.6 - Dell)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.30.3 - Google Inc.) Hidden
IMVU Avatar Chat Software (HKU\S-1-5-21-1177238915-823518204-1644491937-1004\...\IMVU Avatar chat client software BETA) (Version: - )
Intel® Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4543 - )
JSWPFCom (Version: 1.07.0000 - JumpStart World) Hidden
JSWPFGrade1 (Version: 1.07.0000 - JumpStart World) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{91E30409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft WinUsb 2.0 (HKLM\...\winusb0200) (Version: - Microsoft Corporation)
Mozilla Firefox 49.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 49.0.1 (x86 en-US)) (Version: 49.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 49.0.1.6109 - Mozilla)
Realtek AC'97 Audio (HKLM\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version: 5.33 - Realtek Semiconductor Corp.)
RNX-MiniN1 Wireless LAN Driver and Utility (HKLM\...\{9C049499-055C-4a0c-A916-1D12314F45EB}) (Version: 1.00.0179 - Rosewill Inc)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.01.5246 - Analog Devices)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1216 - SUPERAntiSpyware.com)
Toontown Rewritten (HKLM\...\Toontown Rewritten) (Version: 00.00.00.00 - The TTR Team)
Translate (HKU\S-1-5-21-1177238915-823518204-1644491937-1004\...\translate-65e7cca1b27e50ede238fedb48951a63) (Version: 1.2.2 - Dzexon)
Unity Web Player (HKLM\...\UnityWebPlayer) (Version: 2.1.0f5_16147 - Unity Technologies ApS)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1177238915-823518204-1644491937-1004_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Documents and Settings\Isabella\Local Settings\Application Data\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Documents and Settings\Isabella\Start Menu\Programs\Intеrnеt Ехplоrеr.lnk -> C:\Program Files\Internet Explorer\iexplore.bat (No File)
Shortcut: C:\Documents and Settings\Isabella\Application Data\Microsoft\Internet Explorer\Quick Launch\Gооglе Сhrоmе.lnk -> C:\Program Files\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\Documents and Settings\Isabella\Application Data\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnеt Ехplоrеr Вrоwsеr.lnk -> C:\Program Files\Internet Explorer\iexplore.bat (No File)
Shortcut: C:\Documents and Settings\Isabella\Application Data\Microsoft\Internet Explorer\Quick Launch\Моzillа Firеfох.lnk -> C:\Program Files\Mozilla Firefox\firefox.bat (No File)
Shortcut: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Gооglе Сhrоmе (2).lnk -> C:\Program Files\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Моzillа Firеfох.lnk -> C:\Program Files\Mozilla Firefox\firefox.bat (No File)
==================== Loaded Modules (Whitelisted) ==============
2012-04-14 16:53 - 2009-12-09 21:20 - 00126976 _____ () C:\Program Files\RNX-MiniN1\11n USB Wireless LAN Utility\EnumDevLib.dll
2012-04-14 16:53 - 2007-07-12 11:11 - 01163264 _____ () C:\Program Files\RNX-MiniN1\11n USB Wireless LAN Utility\acAuth.dll
2008-04-14 00:00 - 2013-01-01 23:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-1177238915-823518204-1644491937-1004\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-1177238915-823518204-1644491937-1004\...\driversupport.com -> hxxp://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-1177238915-823518204-1644491937-1004\...\driversupport.com -> hxxps://apps.driversupport.com
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2008-04-14 00:00 - 2016-06-15 14:08 - 00000914 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 www.czzsyzgm.com
127.0.0.1 www.czzsyzxl.com
127.0.0.1 union.baidu2019.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1177238915-823518204-1644491937-1004\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Isabella\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 75.75.75.75 - 75.75.76.76
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
StandardProfile\AuthorizedApplications: [C:\Program Files\RNX-MiniN1\11n USB Wireless LAN Utility\RtWLan.exe] => Enabled:RtWlan
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Isabella\Local Settings\Application Data\Akamai\netsession_win.exe] => Enabled:Akamai NetSession Client
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Isabella\Desktop\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe] => Enabled:EBook Codec Downloader
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Isabella\Desktop\FormatFactory\FormatFactory.exe] => Enabled:Format Factory
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Isabella\Desktop\FormatFactory\FFModules\Package\PTInstOnline.exe] => Enabled:Picosmos Tools Downloader
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Isabella\My Documents\Downloads\solutoinstaller.exe] => Enabled:SolutoInstaller
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\GloballyOpenPorts: [1542:UDP] => Enabled:Realtek WPS UDP Prot
StandardProfile\GloballyOpenPorts: [53:UDP] => Enabled:Realtek AP UDP Prot
StandardProfile\GloballyOpenPorts: [135:TCP] => Enabled:TCP Port 135
StandardProfile\GloballyOpenPorts: [5000:TCP] => Enabled:TCP Port 5000
StandardProfile\GloballyOpenPorts: [5001:TCP] => Enabled:TCP Port 5001
StandardProfile\GloballyOpenPorts: [5002:TCP] => Enabled:TCP Port 5002
StandardProfile\GloballyOpenPorts: [5003:TCP] => Enabled:TCP Port 5003
StandardProfile\GloballyOpenPorts: [5004:TCP] => Enabled:TCP Port 5004
StandardProfile\GloballyOpenPorts: [5005:TCP] => Enabled:TCP Port 5005
StandardProfile\GloballyOpenPorts: [5006:TCP] => Enabled:TCP Port 5006
StandardProfile\GloballyOpenPorts: [5007:TCP] => Enabled:TCP Port 5007
StandardProfile\GloballyOpenPorts: [5008:TCP] => Enabled:TCP Port 5008
StandardProfile\GloballyOpenPorts: [5009:TCP] => Enabled:TCP Port 5009
StandardProfile\GloballyOpenPorts: [5010:TCP] => Enabled:TCP Port 5010
StandardProfile\GloballyOpenPorts: [5011:TCP] => Enabled:TCP Port 5011
StandardProfile\GloballyOpenPorts: [5012:TCP] => Enabled:TCP Port 5012
StandardProfile\GloballyOpenPorts: [5013:TCP] => Enabled:TCP Port 5013
StandardProfile\GloballyOpenPorts: [5014:TCP] => Enabled:TCP Port 5014
StandardProfile\GloballyOpenPorts: [5015:TCP] => Enabled:TCP Port 5015
StandardProfile\GloballyOpenPorts: [5016:TCP] => Enabled:TCP Port 5016
StandardProfile\GloballyOpenPorts: [5017:TCP] => Enabled:TCP Port 5017
StandardProfile\GloballyOpenPorts: [5018:TCP] => Enabled:TCP Port 5018
StandardProfile\GloballyOpenPorts: [5019:TCP] => Enabled:TCP Port 5019
StandardProfile\GloballyOpenPorts: [5020:TCP] => Enabled:TCP Port 5020
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [80:TCP] => Enabled:War Thunder
StandardProfile\GloballyOpenPorts: [443:TCP] => Enabled:War Thunder
StandardProfile\GloballyOpenPorts: [20010:UDP] => Enabled:War Thunder
StandardProfile\GloballyOpenPorts: [3478:UDP] => Enabled:War Thunder
StandardProfile\GloballyOpenPorts: [7850:TCP] => Enabled:War Thunder
StandardProfile\GloballyOpenPorts: [7852:TCP] => Enabled:War Thunder
StandardProfile\GloballyOpenPorts: [7853:TCP] => Enabled:War Thunder
StandardProfile\GloballyOpenPorts: [27022:TCP] => Enabled:War Thunder
StandardProfile\GloballyOpenPorts: [6881:TCP] => Enabled:War Thunder
StandardProfile\GloballyOpenPorts: [33333:TCP] => Enabled:War Thunder
StandardProfile\GloballyOpenPorts: [20443:TCP] => Enabled:War Thunder
StandardProfile\GloballyOpenPorts: [8090:TCP] => Enabled:War Thunder
==================== Restore Points =========================
24-09-2016 08:42:41 System Checkpoint
24-09-2016 18:58:51 Removed The Movies™ Demo
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (09/25/2016 08:20:53 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: PMDEditor.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
Stack:
at PMDEditor.Program.Main()
Error: (09/25/2016 08:20:43 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: PMDEditor.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
Stack:
at PMDEditor.Program.Main()
Error: (09/25/2016 08:20:27 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: PMDEditor.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
Stack:
at PMDEditor.Program.Main()
Error: (09/25/2016 07:57:24 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: VMDView.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
Stack:
at VMDView.Program.Main()
System errors:
=============
Error: (09/26/2016 04:58:22 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for DeleteFlag with the following error:
Access is denied.
Error: (09/26/2016 04:53:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MPC Core Protect Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (09/26/2016 04:53:02 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the MPC Core Protect Service service to connect.
Error: (09/25/2016 09:46:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MPC Core Protect Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (09/25/2016 09:46:35 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the MPC Core Protect Service service to connect.
Error: (09/25/2016 07:39:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MPC Core Protect Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (09/25/2016 07:39:55 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the MPC Core Protect Service service to connect.
Error: (09/24/2016 06:33:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MPC Core Protect Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (09/24/2016 06:33:26 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the MPC Core Protect Service service to connect.
Error: (09/24/2016 07:25:27 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MPC Core Protect Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
==================== Memory info ===========================
Processor: Intel® Pentium® 4 CPU 3.00GHz
Percentage of memory in use: 35%
Total physical RAM: 2038.07 MB
Available physical RAM: 1311.8 MB
Total Virtual: 3412.69 MB
Available Virtual: 2846.87 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:74.5 GB) (Free:22.93 GB) NTFS ==>[drive with boot components (Windows XP)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: B174B174)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
#22
Posted 29 September 2016 - 10:07 AM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
Sorry for the delay. Was on a 3 day trip.
Apparently it doesn't want to go away so easily. Let's try ComboFix
:!: It must be saved to your desktop, do not run it from your browser:!:
:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html
Download and Save this file -- to your Desktop -- from either of these two sources:
Double click on ComboFix to start the program.
* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.
A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.
A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
