Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Koobface and MPC Safe Navigation

Started by izzykins17 , Jun 16 2016 07:49 PM

Please log in to reply

#1
izzykins17

Posted 16 June 2016 - 07:49 PM

Member

Member
11 posts

So I recently found out through calling Microsoft that my 2001 Dell PC is infected with the Koobface virus. Sadly, my family doesn't have the money to fix it. Is there anyway to fix it for free? Also I've been researching how to get rid of the MPC Safe Search from Firefox but nothing is working. Please help.

#2
RKinner

Posted 16 June 2016 - 10:48 PM

Malware Expert

Expert
24,625 posts

That's what we are here for.

Download : ADWCleaner to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.

Junkware-Removal-Tool

Please download Junkware Removal Tool to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site

Pause your anti-virus. Close all browsers.

Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.

Press Scan button.

It will produce a log called FRST.txt in the same directory the tool is run from.

Please copy and paste log back here.

The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

#3
izzykins17

Posted 18 June 2016 - 11:18 AM

Member

Topic Starter
Member
11 posts

That's what we are here for.

Download : ADWCleaner to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).

<script pagespeed_no_defer="" type="text/javascript">//=d.offsetWidth&&0>=d.offsetHeight)a=!1;else{c=d.getBoundingClientRect();var f=document.body;a=c.top+("pageYOffset"in window?window.pageYOffset:(document.documentElement||f.parentNode||f).scrollTop);c=c.left+("pageXOffset"in window?window.pageXOffset:(document.documentElement||f.parentNode||f).scrollLeft);f=a.toString()+","+c;b.b.hasOwnProperty(f)?a=!1:(b.b[f]=!0,a=a<=b.e.height&&c<=b.e.width)}a&&(b.a.push(e),b.d[e]=!0)};p.prototype.checkImageForCriticality=function(b){b.getBoundingClientRect&&q(this,b)};h("pagespeed.CriticalImages.checkImageForCriticality",function(b){n.checkImageForCriticality(b)});h("pagespeed.CriticalImages.checkCriticalImages",function(){r(n)});var r=function(b){b.b={};for(var d=["IMG","INPUT"],a=[],c=0;c=a.length+e.length&&(a+=e)}b.g&&(e="&rd="+encodeURIComponent(JSON.stringify(s())),131072>=a.length+e.length&&(a+=e),d=!0);t=a;if(d){c=b.f;b=b.h;var f;if(window.XMLHttpRequest)f=new XMLHttpRequest;else if(window.ActiveXObject)try{f=new ActiveXObject("Msxml2.XMLHTTP")}catch(k){try{f=new ActiveXObject("Microsoft.XMLHTTP")}catch(u){}}f&&(f.open("POST",c+(-1==c.indexOf("?")?"?":"&")+"url="+encodeURIComponent(b)),f.setRequestHeader("Content-Type","application/x-www-form-urlencoded"),f.send(a))}}},s=function(){var b={},d=document.getElementsByTagName("IMG");if(0==d.length)return{};var a=d[0];if(!("naturalWidth"in a&&"naturalHeight"in a))return{};for(var c=0;a=d[c];++c){var e=a.getAttribute("pagespeed_url_hash");e&&(!(e in b)&&0=b[e].k&&a.height>=b[e].j)&&(b[e]={rw:a.width,rh:a.height,ow:a.naturalWidth,oh:a.naturalHeight})}return b},t="";h("pagespeed.CriticalImages.getBeaconData",function(){return t});h("pagespeed.CriticalImages.Run",function(b,d,a,c,e,f){var k=new p(b,d,a,e,f);n=k;c&&m(function(){window.setTimeout(function(){r(k)},0)})});})();pagespeed.CriticalImages.Run('/mod_pagespeed_beacon','http://www.geekstogo.com/forum/index.php?s=b9539564fea596230fa6e2cc5f53e699&app=forums&module=ajax§ion=topics&do=quote&t=361746&p=2566481&md5check=f03bf1ee5ad34e0f7cce49eec3e1a179&isRte=1,zBX8hFeDQI,true,true,vrZypRt_R5Q');//]]></script> &&0

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.

Junkware-Removal-Tool

Please download Junkware Removal Tool to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site

Pause your anti-virus. Close all browsers.

Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.

Press Scan button.

It will produce a log called FRST.txt in the same directory the tool is run from.

Please copy and paste log back here.

The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

adwcleaner:

# AdwCleaner v5.200 - Logfile created 18/06/2016 at 09:53:20

# Updated 14/06/2016 by ToolsLib

# Database : 2016-06-17.1 [Server]

# Operating system : Microsoft Windows XP Service Pack 3 (X86)

# Username : Isabella - DAVID-0A47797B5

# Running from : C:\Documents and Settings\Isabella\My Documents\Downloads\AdwCleaner.exe

# Option : Clean

# Support : https://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : sbmntr

[-] Service Deleted : swdumon

[+] Service Deleted : MPCProtectService

[+] Service Deleted : MPCKpt

[+] Service Deleted : MPCBase

[-] Service Deleted : CloudPrinter

[-] Service Deleted : backlh

[-] Service Deleted : DrvAgent32

***** [ Folders ] *****

[-] Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\Babylon

[-] Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\CloudPrinter

[-] Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\WindowsMsg

[-] Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\lavasoft\web companion

[-] Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\App-verifier

[-] Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\Logic Handler

[-] Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\ByteFence Anti-Malware

[-] Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\MPC

[-] Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Documents\Guid

[-] Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Documents\Downloaded Installers

[#] Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Documents\Downloaded Installers\{86B53F95-3CEB-40F1-B10B-67263619410B}

[-] Folder Deleted : C:\Program Files\DriverToolkit

[-] Folder Deleted : C:\Program Files\HiDefMedia

[-] Folder Deleted : C:\Program Files\MPC AdCleaner

[#] Folder Deleted : C:\Program Files\MPC Cleaner

[-] Folder Deleted : C:\Program Files\CleanBrowser

[-] Folder Deleted : C:\Program Files\WebUpdater

[-] Folder Deleted : C:\Program Files\PCAPDownloader

[-] Folder Deleted : C:\Program Files\browseextension

[-] Folder Deleted : C:\Program Files\Caster

[-] Folder Deleted : C:\WINDOWS\ms

[-] Folder Deleted : C:\WINDOWS\Installer\{86B53F95-3CEB-40F1-B10B-67263619410B}

[-] Folder Deleted : C:\Documents and Settings\Isabella\Application Data\MCorp

***** [ Files ] *****

[-] File Deleted : C:\appverifier.txt

[-] File Deleted : C:\Documents and Settings\All Users.WINDOWS\Desktop\MPC Cleaner.lnk

[-] File Deleted : C:\WINDOWS\Reimage.ini

[-] File Deleted : C:\WINDOWS\system32\findit.xml

[-] File Deleted : C:\WINDOWS\system32\drivers\sp_rsdrv2.sys

[-] File Deleted : C:\WINDOWS\system32\drivers\swdumon.sys

[#] File Deleted : C:\WINDOWS\system32\drivers\MPCBase.sys

[#] File Deleted : C:\WINDOWS\system32\drivers\MPCKpt.sys

[-] File Deleted : C:\WINDOWS\system32\drivers\DrvAgent32.sys

[-] File Deleted : C:\user.js

***** [ DLLs ] *****

***** [ WMI ] *****

[-] Key Deleted : \root\subscription\\ActiveScriptEventConsumer [ASEC]

***** [ Shortcuts ] *****

[-] Shortcut Disinfected : C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk

[-] Shortcut Disinfected : C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Mozilla Firefox.lnk

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL

[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SEARCHSCOPES\IELNKSRCH

[-] Value Deleted : HKLM\SOFTWARE\MICROSOFT\Windows NT\CurrentVersion\AppCompatFlags\Custom\chrome.exe [{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb]

[-] Value Deleted : HKLM\SOFTWARE\MICROSOFT\Windows NT\CurrentVersion\AppCompatFlags\Custom\firefox.exe [{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb]

[-] Value Deleted : HKLM\SOFTWARE\MICROSOFT\Windows NT\CurrentVersion\AppCompatFlags\Custom\iexplore.exe [{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb]

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledsDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}

[-] Key Deleted : HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}

[-] Value Deleted : HKCU\Environment [SNF]

[-] Value Deleted : HKCU\Environment [SNP]

[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [PCAcceleratePro.exe]

[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}

[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}

[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION [PCAcceleratePro.exe]

[-] Key Deleted : HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Application Hosting

[#] Value Deleted : HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\chrome.exe [{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb]

[#] Value Deleted : HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\firefox.exe [{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb]

[#] Value Deleted : HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\iexplore.exe [{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb]

[-] Key Deleted : HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF

[-] Key Deleted : HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg

[-] Key Deleted : HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1

[-] Key Deleted : HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2

[-] Key Deleted : HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1

[-] Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr

[-] Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1

[-] Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

[-] Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine

[-] Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{49BC4DD1-0E69-4611-9164-0009538C5E46}

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{63EDCDD3-8AFC-4358-A90F-F7FB8F5C64FF}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0757C9D8-D8A3-33F5-CEE2-11D09918BA8F}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}

[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A11A6BD-7880-49BD-92D4-6F09D0BD3250}

[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{68DE31F7-43FF-4EE2-B88B-10665016970D}

[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}

[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}

[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

[-] Key Deleted : HKCU\Software\AVG Secure Search

[-] Key Deleted : HKCU\Software\DAILYPCCLEAN

[-] Key Deleted : HKCU\Software\DriverToolkit

[-] Key Deleted : HKCU\Software\IM

[-] Key Deleted : HKCU\Software\Microsoft\Tinstalls

[-] Key Deleted : HKCU\Software\PRODUCTSETUP

[-] Key Deleted : HKCU\Software\Reimage

[-] Key Deleted : HKCU\Software\SecuredDownload

[-] Key Deleted : HKCU\Software\SlimWare Utilities Inc

[-] Key Deleted : HKCU\Software\xfin_portal

[-] Key Deleted : HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.

[-] Key Deleted : HKCU\Software\MICROSOFT\OTUT

[-] Key Deleted : HKCU\Software\Wizzlabs

[-] Key Deleted : HKCU\Software\MICROSOFT\IDSC

[-] Key Deleted : HKCU\Software\PPC-softwareLanguage

[-] Key Deleted : HKCU\Software\csastats

[-] Key Deleted : HKCU\Software\InSTab

[-] Key Deleted : HKCU\Software\ACPTab

[-] Key Deleted : HKCU\Software\AppDataLow\Software\DailyWiki

[-] Key Deleted : HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.

[-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

[-] Key Deleted : HKLM\SOFTWARE\Babylon

[-] Key Deleted : HKLM\SOFTWARE\ByteFence

[-] Key Deleted : HKLM\SOFTWARE\MPC

[-] Key Deleted : HKLM\SOFTWARE\MPC AdCleaner

[-] Key Deleted : HKLM\SOFTWARE\SlimWare Utilities Inc

[-] Key Deleted : HKLM\SOFTWARE\SpaceSoundPro

[-] Key Deleted : HKLM\SOFTWARE\Lavasoft\Web Companion

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86B53F95-3CEB-40F1-B10B-67263619410B}

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ByteFence

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DriverRestore

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PopupProduct

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WinZip Malware Protector_is1

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\xfin_portal

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\yahooprovidedsearch

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\YTDownloader

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{730E03E4-350E-48E5-9D3E-4329903D454D}

[-] Key Deleted : HKU\.DEFAULT\Software\AVG Secure Search

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4

[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4

[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4

[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\50D2BAFD096C90345A82B25A790BDF69

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\50D2BAFD096C90345A82B25A790BDF69

[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]

[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]

[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [SearchAssistant]

[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]

[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]

[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]

[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]

[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

[-] Data Restored : HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main [Start Page]

[-] Data Restored : HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main [Search Bar]

[-] Data Restored : HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main [Search Page]

[-] Data Restored : HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main [SearchAssistant]

[-] Data Restored : HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]

[-] Data Restored : HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchUrl [Default]

[-] Data Restored : HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main [Start Page]

[-] Data Restored : HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main [Search Bar]

[-] Data Restored : HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main [Search Page]

[-] Data Restored : HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main [SearchAssistant]

[-] Data Restored : HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]

[-] Data Restored : HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchUrl [Default]

[-] Data Restored : HKU\S-1-5-21-1177238915-823518204-1644491937-1004\Software\Microsoft\Internet Explorer\Main [Search Page]

[-] Data Restored : HKU\S-1-5-21-1177238915-823518204-1644491937-1004\Software\Microsoft\Internet Explorer\Main [Search Bar]

[-] Data Restored : HKU\S-1-5-21-1177238915-823518204-1644491937-1004\Software\Microsoft\Internet Explorer\Main [SearchAssistant]

[-] Data Restored : HKU\S-1-5-21-1177238915-823518204-1644491937-1004\Software\Microsoft\Internet Explorer\Main [Start Page]

[-] Data Restored : HKU\S-1-5-21-1177238915-823518204-1644491937-1004\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]

[-] Data Restored : HKU\S-1-5-21-1177238915-823518204-1644491937-1004\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]

[-] Data Restored : HKU\S-1-5-21-1177238915-823518204-1644491937-1004\Software\Microsoft\Internet Explorer\SearchUrl [Default]

[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]

[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0644EE93-D778-472f-A0FF-E1416B8B2E3A}

[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}

[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]

[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope]

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}

[-] Value Deleted : HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]

[-] Key Deleted : HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}

[-] Data Restored : HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]

[-] Value Deleted : HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]

[-] Key Deleted : HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}

[-] Data Restored : HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]

[-] Value Deleted : HKU\S-1-5-21-1177238915-823518204-1644491937-1004\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]

[-] Data Restored : HKU\S-1-5-21-1177238915-823518204-1644491937-1004\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]

[-] Data Restored : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs]

[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com

[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\mmotraffic.com

[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [WINCOMHDJ]

***** [ Web browsers ] *****

*************************

:: "Tracing" keys deleted

:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [17296 bytes] - [18/06/2016 09:53:20]

C:\AdwCleaner\AdwCleaner[S1].txt - [26568 bytes] - [18/06/2016 09:48:09]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [17444 bytes] ##########

junkware removal tool:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes

Version: 8.0.6 (04.25.2016)

Operating System: Microsoft Windows XP x86

Ran by Isabella (Administrator) on Sat 06/18/2016 at 9:57:21.35

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 39

Failed to delete: C:\Program Files\google\chrome\application\chrome.bat (File)

Failed to delete: C:\Program Files\internet explorer\iexplore.bat (File)

Failed to delete: C:\Program Files\mpc cleaner (Folder)

Successfully deleted: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\mpc (Folder)

Successfully deleted: C:\Documents and Settings\Isabella\Application Data\aspackage (Folder)

Successfully deleted: C:\Documents and Settings\Isabella\Application Data\babylon (Folder)

Successfully deleted: C:\Documents and Settings\Isabella\Application Data\comcasttb (Folder)

Successfully deleted: C:\Documents and Settings\Isabella\Application Data\imvuclient (Folder)

Successfully deleted: C:\Documents and Settings\Isabella\Application Data\Mozilla\Firefox\Profiles\79gk91dw.default\Invalidprefs.js (File)

Successfully deleted: C:\Documents and Settings\Isabella\Application Data\nico mak computing (Folder)

Successfully deleted: C:\Documents and Settings\Isabella\Desktop\mpc adcleaner.lnk (Shortcut)

Successfully deleted: C:\Documents and Settings\Isabella\Local Settings\Application Data\4C4C4544-1465909399-3610-8044-C4C04F444231 (Folder)

Successfully deleted: C:\Documents and Settings\Isabella\Local Settings\Application Data\4C4C4544-1465929634-3610-8044-C4C04F444231 (Folder)

Successfully deleted: C:\Documents and Settings\Isabella\Local Settings\Application Data\4C4C4544-1466005679-3610-8044-C4C04F444231 (Folder)

Successfully deleted: C:\Documents and Settings\Isabella\Local Settings\Application Data\babylon (Folder)

Successfully deleted: C:\Documents and Settings\Isabella\Local Settings\Application Data\drivertoolkit (Folder)

Successfully deleted: C:\Documents and Settings\Isabella\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_en.softonic.com_0.localstorage-journal (File)

Successfully deleted: C:\Documents and Settings\Isabella\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_en.softonic.com_0.localstorage (File)

Successfully deleted: C:\Documents and Settings\Isabella\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_search.tb.ask.com_0.localstorage-journal (File)

Successfully deleted: C:\Documents and Settings\Isabella\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_search.tb.ask.com_0.localstorage (File)

Successfully deleted: C:\Documents and Settings\Isabella\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal (File)

Successfully deleted: C:\Documents and Settings\Isabella\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage (File)

Successfully deleted: C:\Documents and Settings\Isabella\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal (File)

Successfully deleted: C:\Documents and Settings\Isabella\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage (File)

Successfully deleted: C:\Documents and Settings\Isabella\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsmode.com_0.localstorage-journal (File)

Successfully deleted: C:\Documents and Settings\Isabella\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsmode.com_0.localstorage (File)

Successfully deleted: C:\Documents and Settings\Isabella\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.metrolyrics.com_0.localstorage-journal (File)

Successfully deleted: C:\Documents and Settings\Isabella\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.metrolyrics.com_0.localstorage (File)

Successfully deleted: C:\Documents and Settings\Isabella\Local Settings\Application Data\installer (Folder)

Successfully deleted: C:\Documents and Settings\Isabella\Local Settings\Application Data\slimware utilities inc (Folder)

Successfully deleted: C:\WINDOWS\System32\ai_recyclebin (Folder)

Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0JGLM56L (Temporary Internet Files Folder)

Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\9A67LRNO (Temporary Internet Files Folder)

Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\E9K3MTSR (Temporary Internet Files Folder)

Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\MO9OHS7B (Temporary Internet Files Folder)

Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0JGLM56L (Temporary Internet Files Folder)

Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\9A67LRNO (Temporary Internet Files Folder)

Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\E9K3MTSR (Temporary Internet Files Folder)

Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\MO9OHS7B (Temporary Internet Files Folder)

Deleted the following from C:\Documents and Settings\Isabella\Application Data\Mozilla\Firefox\Profiles\79gk91dw.default\prefs.js

user_pref(browser.search.selectedEngine, Trovi);

Registry: 5

Failed to delete: HKLM\SYSTEM\CurrentControlSet\services\MPCKpt (Registry Key)

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\SearchAssistant (Registry Value)

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{71737519-E297-4569-B786-2BC3FFC70A5B} (Registry Key)

Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sat 06/18/2016 at 10:00:52.53

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

farbar:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-06-2016

Ran by Isabella (administrator) on DAVID-0A47797B5 (18-06-2016 10:01:26)

Running from C:\Documents and Settings\Isabella\My Documents\Downloads

Loaded Profiles: Isabella (Available Profiles: Isabella & Gabriella & Sophia & Heather & Guest)

Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)

Internet Explorer Version 6 (Default browser: "C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe" -- "%1")

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(DotC United Inc) C:\Program Files\MPC Cleaner\MPCProtectService.exe

(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2006-03-23] (Intel Corporation)

HKLM\...\Run: [MPC AdCleaner] => "C:\Program Files\MPC AdCleaner\AdCleaner.exe" /autostart

HKLM\...\RunOnce: [OTUTPRODUCT_9RYBE] => C:\Program Files\mpck\otutnetwork.exe [60928 2016-06-14] (B)

HKU\S-1-5-21-1177238915-823518204-1644491937-1004\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1

HKU\S-1-5-21-1177238915-823518204-1644491937-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssstars.scr [14336 2008-04-14] (Microsoft Corporation)

AppInit_DLLs: C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lamzap\BioOvefix.dll => No File

ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\RNX-MiniN1 11n USB Wireless LAN Utility.lnk [2012-04-14]

ShortcutTarget: RNX-MiniN1 11n USB Wireless LAN Utility.lnk -> C:\Program Files\RNX-MiniN1\11n USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)

Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\RNX-MiniN1 11n USB Wireless LAN Utility.lnk [2012-04-14]

ShortcutTarget: RNX-MiniN1 11n USB Wireless LAN Utility.lnk -> C:\Program Files\RNX-MiniN1\11n USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)

Startup: C:\Documents and Settings\CtShahJ\Start Menu\Programs\Startup\DeleteASHKCU.exe [2010-01-12] ()

Startup: C:\Documents and Settings\griffid.MARINGENERAL\Start Menu\Programs\Startup\DeleteASHKCU.exe [2010-01-12] ()

Startup: C:\Documents and Settings\hewittm\Start Menu\Programs\Startup\DeleteASHKCU.exe [2010-01-12] ()

Startup: C:\Documents and Settings\hillm1\Start Menu\Programs\Startup\DeleteASHKCU.exe [2010-01-12] ()

Startup: C:\Documents and Settings\jacksoem\Start Menu\Programs\Startup\DeleteASHKCU.exe [2010-01-12] ()

Startup: C:\Documents and Settings\marksl\Start Menu\Programs\Startup\DeleteASHKCU.exe [2010-01-12] ()

Startup: C:\Documents and Settings\PetrovBk\Start Menu\Programs\Startup\DeleteASHKCU.exe [2010-01-12] ()

Startup: C:\Documents and Settings\refreshh\Start Menu\Programs\Startup\DeleteASHKCU.exe [2010-01-12] ()

Startup: C:\Documents and Settings\sircusc\Start Menu\Programs\Startup\DeleteASHKCU.exe [2010-01-12] ()

Startup: C:\Documents and Settings\Sophia\Start Menu\Programs\Startup\PowerReg Scheduler.exe [2011-08-27] ()

Startup: C:\Documents and Settings\TrajanR\Start Menu\Programs\Startup\DeleteASHKCU.exe [2010-01-12] ()

Startup: C:\Documents and Settings\w2kdeploy\Start Menu\Programs\Startup\DeleteASHKCU.exe [2010-01-12] ()

CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Proxy is enabled.

ProxyServer: [.DEFAULT] => http=127.0.0.1:3492;https=127.0.0.1:3492;

AutoConfigURL: [.DEFAULT] => http=127.0.0.1:3492;https=127.0.0.1:3492;

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

Tcpip\..\Interfaces\{82E1604E-4B41-41E2-92FD-BAA899DD6B25}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:

==================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

URLSearchHook: HKU\S-1-5-21-1177238915-823518204-1644491937-1004 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "hxxp://www.google.com" <======= ATTENTION

HKU\S-1-5-21-1177238915-823518204-1644491937-1004\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_popjar_16_24_ssg08&param1=1&param2=f%3D2%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtCtAyBtB0EtCtBtByC0B0B0EyDyDtN0D0Tzu0StCyCtByDtN1L2XzutAtFtBtBtFtAtFzztN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyC0B0F0C0A0EtAyDtGtCyEzyyEtG0D0CtB0AtGtBtDtBzytGyBzzyCyCyB0EtC0CyByCtDtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0EyByD0F0F0CtCtG0FtAtC0BtGyE0D0F0FtGzytAzyyEtGtAyEzzzytAtA0FyCzztD0Bzy2QtN0A0LzuyE%26cr%3D2141437022%26a%3Dwncy_popjar_16_24_ssg08%26os_ver%3D5.1%26os%3DWindows%2BXP" <======= ATTENTION

SearchScopes: HKLM -> DefaultScope value is missing

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-1177238915-823518204-1644491937-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-1177238915-823518204-1644491937-1004 -> {FDC320A9-B4B2-491E-B140-815C11613CB6} URL = hxxp://search.yahoo.com/search?p={searchTerms}

Toolbar: HKU\S-1-5-21-1177238915-823518204-1644491937-1004 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} hxxp://launch.soe.com/plugin/web/SOEWebInstaller.cab

StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:

========

FF ProfilePath: C:\Documents and Settings\Isabella\Application Data\Mozilla\Firefox\Profiles\79gk91dw.default

FF NewTab: C:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\Lamzaps\\ff.NT

FF DefaultSearchEngine: Yahoo! Powered

FF Homepage: C:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\Lamzaps\\ff.HP

FF Keyword.URL: user_pref("keyword.URL", true);

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-16] ()

FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)

FF Plugin: @unity3d.com/UnityPlayer -> C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll [2008-07-17] (Unity Technologies ApS)

FF Plugin HKU\S-1-5-21-1177238915-823518204-1644491937-1004: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\Isabella\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll [2016-04-11] (Unity Technologies ApS)

FF SearchPlugin: C:\Documents and Settings\Isabella\Application Data\Mozilla\Firefox\Profiles\79gk91dw.default\searchplugins\findit.xml [2016-06-17]

FF Extension: YouTube Video and Audio Downloader - C:\Documents and Settings\Isabella\Application Data\Mozilla\Firefox\Profiles\79gk91dw.default\Extensions\[email protected] [2016-06-02]

FF Extension: Translate This! - C:\Documents and Settings\Isabella\Application Data\Mozilla\Firefox\Profiles\79gk91dw.default\Extensions\[email protected] [2016-04-11]

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-01-19] [not signed]

FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.4.24\coFFAddon => not found

Chrome:

=======

CHR HomePage: Default -> hxxp://taplika.com/?f=1&a=tpl_installertech_15_16&cd=2XzuyEtN2Y1L1QzutDtDtCtAyBtB0EtCtBtByC0B0B0EyDyDtN0D0Tzu0StCtBtDtBtN1L2XzutAtFtCtDtFtBtFtDtN1L1Czu2Z1E1I1V1L1G1B2Z1T1I1I1P1C2Z1P1R1MtN1L1G1B1V1N2Y1L1Qzu2SyDtD0CyD0Ezz0C0EtG0B0C0B0FtGtAtB0CyCtGyBtByC0CtGtCtCtCtB0B0D0A0C0AzytByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0EyByD0F0F0CtCtG0FtAtC0BtGyE0D0F0FtGzytAzyyEtGtAyEzzzytAtA0FyCzztD0Bzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzuyBtCtA&cr=1768884837&ir=

CHR StartupUrls: Default -> "hxxp://taplika.com/?f=7&a=tpl_installertech_15_16&cd=2XzuyEtN2Y1L1QzutDtDtCtAyBtB0EtCtBtByC0B0B0EyDyDtN0D0Tzu0StCtBtDtBtN1L2XzutAtFtCtDtFtBtFtDtN1L1Czu2Z1E1I1V1L1G1B2Z1T1I1I1P1C2Z1P1R1MtN1L1G1B1V1N2Y1L1Qzu2SyDtD0CyD0Ezz0C0EtG0B0C0B0FtGtAtB0CyCtGyBtByC0CtGtCtCtCtB0B0D0A0C0AzytByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0EyByD0F0F0CtCtG0FtAtC0BtGyE0D0F0FtGzytAzyyEtGtAyEzzzytAtA0FyCzztD0Bzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzuyBtCtA&cr=1768884837&ir=","hxxp://www.google.com/","hxxp://us.4yendex.com/?utm_source=sdks&utm_medium=us01&utm_campaign=cbcab940a9053e847c0ee861c321939e"

CHR Plugin: (Widevine Content Decryption Module) - C:\Documents and Settings\Isabella\Local Settings\Application Data\Google\Chrome\User Data\WidevineCDM\1.4.8.824\_platform_specific\win_x86\widevinecdmadapter.dll => No File

CHR Plugin: (Shockwave Flash) - C:\PROGRA~1\Google\Chrome\APPLIC~1\49.0.2623.112\PepperFlash\pepflashplayer.dll ()

CHR Profile: C:\Documents and Settings\Isabella\Local Settings\Application Data\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Documents and Settings\Isabella\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-19]

CHR Extension: (Google Drive) - C:\Documents and Settings\Isabella\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-23]

CHR Extension: (YouTube) - C:\Documents and Settings\Isabella\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-23]

CHR Extension: (Google Search) - C:\Documents and Settings\Isabella\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-23]

CHR Extension: (Google Docs Offline) - C:\Documents and Settings\Isabella\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]

CHR Extension: (Core) - C:\Documents and Settings\Isabella\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gkhcgfdghbiidgeccbldhfceleibkkpe [2016-03-26]

CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Isabella\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]

CHR Extension: (Gmail) - C:\Documents and Settings\Isabella\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-05]

CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx

CHR HKU\S-1-5-21-1177238915-823518204-1644491937-1004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx

StartMenuInternet: Google Chrome - C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)

S3 CLPSLauncher; C:\Program Files\Common Files\COMODO\launcher_service.exe [76944 2016-06-03] (Comodo Security Solutions, Inc.)

S2 cmcore; c:\program files\cmcm\Clean Master\cmcore.exe [315208 2016-04-13] (Kingsoft Corporation)

S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]

S2 Lamzap; C:\Documents and Settings\All Users.WINDOWS\Application Data\\Lamzap\\Lamzap.exe [957440 2016-06-14] () [File not signed]

S3 LPDSVC; C:\WINDOWS\system32\tcpsvcs.exe [19456 2008-04-14] (Microsoft Corporation)

R2 MPCProtectService; C:\Program Files\MPC Cleaner\MPCProtectService.exe [350688 2016-06-14] (DotC United Inc)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21361 2012-04-14] (Cisco Systems, Inc.) [File not signed]

S3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [4122368 2008-09-24] (Realtek Semiconductor Corp.) [File not signed]

S3 EsgScanner; C:\WINDOWS\System32\DRIVERS\EsgScanner.sys [19984 2016-06-14] ()

R3 ksapi; C:\WINDOWS\system32\drivers\ksapi.sys [81768 2016-04-13] (Kingsoft Corporation)

S3 Leapfrog-USBLAN; C:\WINDOWS\System32\DRIVERS\btblan.sys [33792 2011-08-23] (Belcarra Technologies) [File not signed]

R0 MPCBase; C:\WINDOWS\System32\drivers\MPCBase.sys [29032 2016-06-14] (DotC United Inc)

R1 MPCKpt; C:\WINDOWS\System32\DRIVERS\MPCKpt.sys [53992 2016-06-14] (DotC United Inc)

R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-14] (Microsoft Corporation)

R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2008-04-14] (Microsoft Corporation)

R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2008-04-14] (Microsoft Corporation)

R3 RTL8192cu; C:\WINDOWS\System32\DRIVERS\RTL8192cu.sys [987904 2011-09-02] (Realtek Semiconductor Corporation ) [File not signed]

R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

S3 XPTWOPORT; C:\WINDOWS\System32\DRIVERS\XPTWOPORT.SYS [15872 2011-09-02] (Realtek Semiconductor Corporation ) [File not signed]

S0 cerc6; no ImagePath

S3 cpuz134; \??\C:\DOCUME~1\Isabella\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]

S3 cpuz136; \??\C:\WINDOWS\TEMP\cpuz136\cpuz136_x32.sys [X]

U5 FontCache3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [46104 2008-07-29] (Microsoft Corporation)

S4 IntelIde; no ImagePath

U1 WS2IFSL; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-18 10:01 - 2016-06-18 10:01 - 00006787 _____ C:\Documents and Settings\Isabella\My Documents\JRT.txt

2016-06-18 10:01 - 2016-06-18 10:01 - 00000000 ____D C:\FRST

2016-06-18 10:00 - 2016-06-18 10:00 - 00006787 _____ C:\Documents and Settings\Isabella\Desktop\JRT.txt

2016-06-18 09:55 - 2016-06-18 09:55 - 00001476 _____ C:\Documents and Settings\All Users.WINDOWS\Desktop\MPC Cleaner.lnk

2016-06-18 09:54 - 2016-06-18 09:54 - 00213672 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2016-06-18 09:47 - 2016-06-18 09:47 - 00047016 _____ C:\Documents and Settings\Isabella\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2016-06-18 09:45 - 2016-06-18 09:53 - 00000000 ____D C:\AdwCleaner

2016-06-17 19:39 - 2016-06-14 11:38 - 00001827 ____R C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Gооglе Сhrоmе (2).lnk

2016-06-17 19:39 - 2016-06-14 11:38 - 00001827 ____R C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Gооglе Сhrоmе (2).lnk

2016-06-17 14:46 - 2016-06-17 14:46 - 00001203 _____ C:\Documents and Settings\Isabella\Desktop\Shortcut to MikuMikuDance.lnk

2016-06-16 15:57 - 2016-06-16 20:57 - 00000000 ____D C:\Program Files\Mozilla Firefox

2016-06-16 09:17 - 2016-06-18 09:54 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

2016-06-16 09:17 - 2016-06-18 09:53 - 00000730 _____ C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Mozilla Firefox.lnk

2016-06-16 09:17 - 2016-06-18 09:53 - 00000730 _____ C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Mozilla Firefox.lnk

2016-06-16 09:17 - 2016-06-18 09:53 - 00000724 _____ C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk

2016-06-16 08:45 - 2016-06-16 08:46 - 00062186 _____ C:\WINDOWS\ntbtlog.txt

2016-06-15 14:19 - 2016-06-16 08:30 - 00000000 ____D C:\Documents and Settings\Isabella\Start Menu\Programs\MPC AdCleaner

2016-06-14 16:46 - 2016-06-14 16:46 - 00019984 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys

2016-06-14 13:55 - 2016-06-14 13:55 - 00000908 _____ C:\Documents and Settings\Isabella\Desktop\Tech support.txt

2016-06-14 13:23 - 2016-06-14 13:23 - 00000000 ____D C:\WINDOWS\pss

2016-06-14 13:17 - 2016-06-14 13:17 - 00000000 ____D C:\Documents and Settings\Isabella\Local Settings\Application Data\LogMeIn Rescue Applet

2016-06-14 12:30 - 2016-06-14 12:31 - 00000000 ____D C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\WebUpdater

2016-06-14 12:30 - 2016-06-14 12:31 - 00000000 ____D C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\WebUpdater

2016-06-14 12:23 - 2016-06-14 12:26 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\Lamzaps

2016-06-14 12:23 - 2016-06-14 12:26 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\Lamzaps

2016-06-14 12:23 - 2016-06-14 12:23 - 00000000 ____D C:\Program Files\Common Files\Domity

2016-06-14 12:22 - 2016-06-18 09:55 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\Lamzap

2016-06-14 12:22 - 2016-06-18 09:55 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\Lamzap

2016-06-14 12:22 - 2016-06-14 12:22 - 02279413 _____ C:\Documents and Settings\Isabella\Application Data\Saltjob.bin

2016-06-14 12:21 - 2016-06-14 12:22 - 00000000 ____D C:\Documents and Settings\Isabella\Local Settings\Application Data\DailyWiki

2016-06-14 12:21 - 2016-06-14 12:21 - 06867968 _____ C:\Documents and Settings\Isabella\Application Data\agent.dat

2016-06-14 12:21 - 2016-06-14 12:21 - 01760384 _____ C:\Documents and Settings\Isabella\Application Data\Siljaytough.tst

2016-06-14 12:21 - 2016-06-14 12:21 - 00126464 _____ C:\Documents and Settings\Isabella\Application Data\noah.dat

2016-06-14 12:21 - 2016-06-14 12:21 - 00126464 _____ C:\Documents and Settings\Isabella\Application Data\lobby.dat

2016-06-14 12:21 - 2016-06-14 12:21 - 00072704 _____ C:\Documents and Settings\Isabella\Application Data\Med-It.tst

2016-06-14 12:21 - 2016-06-14 12:21 - 00069072 _____ C:\Documents and Settings\Isabella\Application Data\Config.xml

2016-06-14 12:21 - 2016-06-14 12:21 - 00054272 _____ C:\Documents and Settings\Isabella\Application Data\ApplicationHosting.dat

2016-06-14 12:21 - 2016-06-14 12:21 - 00018432 _____ C:\Documents and Settings\Isabella\Application Data\Main.dat

2016-06-14 12:21 - 2016-06-14 12:21 - 00005568 _____ C:\Documents and Settings\Isabella\Application Data\md.xml

2016-06-14 12:21 - 2016-06-14 12:20 - 00053992 ____N (DotC United Inc) C:\WINDOWS\system32\Drivers\MPCKpt.sys

2016-06-14 12:21 - 2016-06-14 12:20 - 00029032 ____N (DotC United Inc) C:\WINDOWS\system32\Drivers\MPCBase.sys

2016-06-14 12:21 - 2016-06-14 12:18 - 00957440 _____ C:\Documents and Settings\Isabella\Application Data\Siljaytough.exe

2016-06-14 12:21 - 2016-06-14 12:18 - 00957440 _____ C:\Documents and Settings\Isabella\Application Data\Med-It.exe

2016-06-14 12:20 - 2016-06-14 12:30 - 00000000 ____D C:\Program Files\MPC Cleaner

2016-06-14 12:20 - 2016-06-14 12:20 - 00000000 ____D C:\Documents and Settings\Isabella\Local Settings\Application Data\tuto_monetize_120160614

2016-06-14 12:20 - 2016-06-14 12:20 - 00000000 ____D C:\Documents and Settings\Isabella\Local Settings\Application Data\SecurityApps

2016-06-14 12:18 - 2016-06-15 14:18 - 00000000 ____D C:\Documents and Settings\Isabella\Local Settings\Application Data\4C4C4544-1465906685-3610-8044-C4C04F444231

2016-06-14 12:18 - 2016-06-14 12:19 - 00018288 _____ C:\Documents and Settings\Isabella\Application Data\InstallationConfiguration.xml

2016-06-14 12:18 - 2016-06-14 12:19 - 00000000 ____D C:\Program Files\mpck

2016-06-14 12:18 - 2016-06-14 12:18 - 00128512 _____ C:\Documents and Settings\Isabella\Application Data\Installer.dat

2016-06-14 12:18 - 2016-06-14 12:18 - 00000000 _____ C:\WINDOWS\system32\Number of results

2016-06-14 12:13 - 2016-06-14 12:13 - 00000000 ____D C:\Documents and Settings\Isabella\Local Settings\Application Data\IsolatedStorage

2016-06-14 12:12 - 2016-06-16 08:22 - 00002892 _____ C:\wulog.txt

2016-06-14 12:12 - 2016-06-15 13:50 - 00000000 ____D C:\Documents and Settings\Isabella\Local Settings\Application Data\WebUpdater

2016-06-14 11:56 - 2016-06-14 11:57 - 00000000 ____D C:\Program Files\OpenSupport

2016-06-14 11:43 - 2016-06-15 13:46 - 00000000 ____D C:\Program Files\Win32_ComputerSystemProduct-1465929799---

2016-06-14 11:43 - 2016-06-14 11:39 - 00002116 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak

2016-06-14 11:25 - 2016-06-14 11:25 - 00000000 ____D C:\Documents and Settings\Isabella\Application Data\FreeDownloadManager.ORG

2016-06-14 11:25 - 2016-06-14 11:25 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\FreeDownloadManager.ORG

2016-06-14 11:25 - 2016-06-14 11:25 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\FreeDownloadManager.ORG

2016-06-14 11:25 - 2016-06-14 11:25 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\Free Download Manager

2016-06-14 11:25 - 2016-06-14 11:25 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\Free Download Manager

2016-06-13 14:57 - 2016-06-13 15:24 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\PasswordBoss

2016-06-13 14:57 - 2016-06-13 15:24 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\PasswordBoss

2016-06-13 14:56 - 2016-06-13 15:21 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\InstallMate

2016-06-13 14:56 - 2016-06-13 15:21 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\InstallMate

2016-06-13 07:13 - 2016-06-13 07:13 - 00142495 _____ C:\WINDOWS\e7cba6967fb0ecb67001f9d280002e18.exe

2016-05-30 12:38 - 2016-05-30 12:38 - 00000000 ____D C:\Documents and Settings\Isabella\Local Settings\Application Data\PPC-software

2016-05-30 12:38 - 2016-05-30 12:38 - 00000000 ____D C:\Documents and Settings\Isabella\Application Data\updates

2016-05-30 12:37 - 2016-05-30 12:37 - 00000000 ____D C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\ScreenSnapshotTool

2016-05-30 12:34 - 2016-05-30 12:34 - 00000000 ____D C:\Documents and Settings\Isabella\Application Data\efo

2016-05-30 12:34 - 2016-05-30 12:34 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\Unchecky

2016-05-30 12:34 - 2016-05-30 12:34 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\Unchecky

2016-05-30 12:24 - 2016-05-30 12:24 - 00040404 ____H C:\WINDOWS\system32\mlfcache.dat

2016-05-29 14:15 - 2016-05-29 14:15 - 00000000 ____D C:\Program Files\RobloxVersions

2016-05-21 15:16 - 2016-05-21 15:16 - 00000000 __SHD C:\found.001

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-18 10:01 - 2011-08-27 08:47 - 00000000 ___RD C:\Documents and Settings\Isabella\My Documents

2016-06-18 10:01 - 2011-08-27 08:47 - 00000000 ____D C:\Documents and Settings\Isabella\Local Settings\Temp

2016-06-18 09:55 - 2015-07-17 09:18 - 00002422 _____ C:\WINDOWS\system32\wpa.dbl

2016-06-18 09:55 - 2015-06-19 14:04 - 00000000 _____ C:\WINDOWS\RTacDbg.txt

2016-06-18 09:55 - 2015-04-17 20:47 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2016-06-18 09:55 - 2015-02-08 10:34 - 00000228 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job

2016-06-18 09:55 - 2011-08-26 19:59 - 00032642 _____ C:\WINDOWS\SchedLgU.Txt

2016-06-18 09:55 - 2011-08-26 19:59 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2016-06-18 09:54 - 2011-08-27 08:47 - 00000178 ___SH C:\Documents and Settings\Isabella\ntuser.ini

2016-06-18 09:53 - 2016-04-14 07:37 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft

2016-06-18 09:53 - 2016-04-14 07:37 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft

2016-06-18 09:16 - 2012-04-06 18:07 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2016-06-18 09:10 - 2015-04-17 20:47 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2016-06-17 12:20 - 2015-06-18 20:27 - 00001825 ____C C:\Documents and Settings\Guest\Desktop\Google Chrome.lnk

2016-06-17 12:20 - 2015-06-18 20:27 - 00000815 ____C C:\Documents and Settings\Guest\Start Menu\Programs\Internet Explorer.lnk

2016-06-17 12:20 - 2015-04-22 12:03 - 00001825 _____ C:\Documents and Settings\Heather\Desktop\Google Chrome.lnk

2016-06-17 12:20 - 2015-04-17 18:26 - 00000815 _____ C:\Documents and Settings\Heather\Start Menu\Programs\Internet Explorer.lnk

2016-06-17 12:20 - 2011-08-26 20:51 - 00000815 _____ C:\Documents and Settings\Sophia\Start Menu\Programs\Internet Explorer.lnk

2016-06-17 12:20 - 2008-08-22 13:06 - 00000779 ____C C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk

2016-06-17 03:12 - 2015-01-10 21:26 - 00000000 ____D C:\WINDOWS\system32\MRT

2016-06-17 03:00 - 2011-09-08 23:52 - 139785240 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2016-06-16 16:16 - 2012-04-06 18:07 - 00796352 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe

2016-06-16 16:16 - 2011-09-09 19:04 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

2016-06-16 09:25 - 2011-08-26 19:58 - 00000178 __SHC C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.ini

2016-06-16 08:52 - 2011-11-04 21:59 - 00000000 ____D C:\Documents and Settings\Isabella\Local Settings\Application Data\ApplicationHistory

2016-06-16 08:45 - 2008-08-22 13:06 - 00000000 __SHD C:\WINDOWS\CSC

2016-06-15 14:21 - 2015-04-15 21:11 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2909212$

2016-06-15 14:21 - 2015-04-15 21:11 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2510581$

2016-06-15 14:21 - 2015-04-15 21:10 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2964358$

2016-06-15 14:21 - 2015-04-15 21:10 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2936068$

2016-06-15 14:21 - 2015-01-10 21:44 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$

2016-06-15 14:21 - 2015-01-10 21:43 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2922229$

2016-06-15 14:21 - 2015-01-10 21:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2916036$

2016-06-15 14:21 - 2015-01-10 21:38 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2929961$

2016-06-15 14:21 - 2015-01-10 21:38 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$

2016-06-15 14:21 - 2015-01-10 21:38 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$

2016-06-15 14:21 - 2015-01-10 21:38 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$

2016-06-15 14:21 - 2015-01-10 21:37 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$

2016-06-15 14:21 - 2015-01-10 21:37 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876217$

2016-06-15 14:21 - 2015-01-10 21:37 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$

2016-06-15 14:21 - 2015-01-10 21:37 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$

2016-06-15 14:21 - 2015-01-10 21:36 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2930275$

2016-06-15 14:21 - 2015-01-10 21:36 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2864063$

2016-06-15 14:21 - 2015-01-10 21:36 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$

2016-06-15 14:21 - 2015-01-10 21:35 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$

2016-06-15 14:21 - 2015-01-10 21:35 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$

2016-06-15 14:21 - 2015-01-10 21:34 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$

2016-06-15 14:21 - 2015-01-10 21:31 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$

2016-06-15 14:21 - 2015-01-10 21:25 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$

2016-06-15 14:21 - 2015-01-10 21:25 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$

2016-06-15 14:21 - 2015-01-10 21:16 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$

2016-06-15 14:21 - 2013-04-14 13:39 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2820917$

2016-06-15 14:21 - 2013-04-14 13:39 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2808735$

2016-06-15 14:21 - 2013-04-14 13:36 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2813345$

2016-06-15 14:21 - 2013-04-14 13:36 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2813170$

2016-06-15 14:21 - 2013-03-24 09:59 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB939683$

2016-06-15 14:21 - 2013-03-24 09:59 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB929399$

2016-06-15 14:21 - 2013-03-24 09:58 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB954154_WM11$

2016-06-15 14:21 - 2013-03-17 00:58 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2807986$

2016-06-15 14:21 - 2013-03-08 12:38 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2799494$

2016-06-15 14:21 - 2013-03-08 12:38 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2778344$

2016-06-15 14:21 - 2013-03-08 12:38 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2758857$

2016-06-15 14:21 - 2013-03-08 12:37 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2802968$

2016-06-15 14:21 - 2013-03-08 12:37 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2780091$

2016-06-15 14:21 - 2013-03-08 12:37 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2779562$

2016-06-15 14:21 - 2013-03-08 12:36 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2753842-v2$

2016-06-15 14:21 - 2013-03-08 12:35 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2770660$

2016-06-15 14:21 - 2013-03-08 12:35 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2757638$

2016-06-15 14:21 - 2012-11-29 19:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2761226$

2016-06-15 14:21 - 2012-11-29 19:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2727528$

2016-06-15 14:21 - 2012-10-12 20:47 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2724197$

2016-06-15 14:21 - 2012-10-12 20:45 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2756822$

2016-06-15 14:21 - 2012-10-12 20:45 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2749655$

2016-06-15 14:21 - 2012-10-12 20:45 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2661254-v2$

2016-06-15 14:21 - 2012-09-22 09:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2736233$

2016-06-15 14:21 - 2012-08-18 03:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2731847$

2016-06-15 14:21 - 2012-08-18 03:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2712808$

2016-06-15 14:21 - 2012-08-18 03:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2705219$

2016-06-15 14:21 - 2012-08-18 03:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2723135$

2016-06-15 14:21 - 2012-07-14 03:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2719985$

2016-06-15 14:21 - 2012-07-14 03:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2718523$

2016-06-15 14:21 - 2012-07-14 03:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2691442$

2016-06-15 14:21 - 2012-07-14 03:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2655992$

2016-06-15 14:21 - 2012-07-14 03:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2698365$

2016-06-15 14:21 - 2012-06-13 20:40 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2707511$

2016-06-15 14:21 - 2012-06-13 20:35 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2685939$

2016-06-15 14:21 - 2012-06-13 20:32 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2709162$

2016-06-15 14:21 - 2012-06-09 03:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2718704$

2016-06-15 14:21 - 2012-05-11 14:39 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2695962$

2016-06-15 14:21 - 2012-05-11 14:38 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2676562$

2016-06-15 14:18 - 2016-04-10 09:26 - 00000000 ____D C:\Documents and Settings\Isabella\Start Menu\ByteFence

2016-06-15 14:15 - 2011-08-26 20:51 - 00000000 ___RD C:\Documents and Settings\Sophia\My Documents

2016-06-15 13:46 - 2016-04-14 07:34 - 00000000 ____D C:\SUPERDelete

2016-06-14 19:50 - 2015-04-20 20:28 - 00000000 ___RD C:\Documents and Settings\Isabella\My Documents\My Pictures

2016-06-14 18:12 - 2016-04-14 07:25 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2016-06-14 16:48 - 2008-08-22 05:45 - 00000000 ___HD C:\WINDOWS\inf

2016-06-14 13:17 - 2012-03-10 12:25 - 00000000 ____D C:\Documents and Settings\Isabella\Local Settings\Application Data\Deployment

2016-06-14 12:28 - 2016-04-14 04:01 - 00769698 _____ C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1177238915-823518204-1644491937-1004-0.dat

2016-06-14 12:28 - 2016-04-14 04:01 - 00207690 _____ C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\WPFFontCache_v0400-System.dat

2016-06-14 12:17 - 2016-04-03 18:35 - 00000000 ____D C:\Documents and Settings\Isabella\Application Data\translate-65e7cca1b27e50ede238fedb48951a63

2016-06-14 12:17 - 2016-04-03 18:35 - 00000000 ____D C:\Documents and Settings\Isabella\Application Data\emoticons-c6fcecc50023c7b811f3454d9d5636c0

2016-06-14 12:17 - 2016-04-03 18:28 - 00000000 ____D C:\Documents and Settings\Isabella\Application Data\instagram-65e4ac1c5edb34c0da5ebbeca821d5af

2016-06-14 12:10 - 2011-08-26 19:59 - 00000000 __SHD C:\Documents and Settings\LocalService.NT AUTHORITY

2016-06-14 11:38 - 2016-04-03 18:22 - 00001616 ____R C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Моzillа Firеfох.lnk

2016-06-14 11:38 - 2016-04-03 18:22 - 00001616 ____R C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Моzillа Firеfох.lnk

2016-06-14 11:38 - 2015-04-17 20:52 - 00001827 ____R C:\Documents and Settings\Isabella\Desktop\Gооglе Сhrоmе.lnk

2016-06-14 11:38 - 2015-04-16 07:13 - 00001659 ____R C:\Documents and Settings\Isabella\Start Menu\Programs\Intеrnеt Ехplоrеr.lnk

2016-06-13 15:28 - 2016-04-14 07:22 - 00000000 ____D C:\Program Files\SUPERAntiSpyware

2016-06-13 15:26 - 2016-04-10 09:26 - 00065536 _____ C:\WINDOWS\system32\config\Reason.evt

2016-06-13 15:21 - 2011-08-26 12:38 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS

2016-06-13 15:20 - 2010-03-23 15:00 - 00000000 ____D C:\Program Files\Auslogics

2016-06-13 14:56 - 2016-04-10 09:16 - 00000344 __RSH C:\Documents and Settings\All Users.WINDOWS\ntuser.pol

2016-06-13 14:07 - 2016-05-11 20:05 - 00000000 ____D C:\Program Files\Common Files\COMODO

2016-06-13 11:22 - 2015-04-17 17:54 - 00000000 ____D C:\Documents and Settings\Heather\Local Settings\Temp

2016-06-13 11:22 - 2011-08-26 19:59 - 00000000 ____D C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temp

2016-06-08 15:00 - 2015-02-08 10:34 - 00000222 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job

2016-06-05 16:51 - 2015-11-24 08:34 - 00000000 ____D C:\Documents and Settings\Isabella\Application Data\IMVU

2016-05-30 12:43 - 2016-05-06 20:37 - 00000000 ____D C:\Documents and Settings\Isabella\Local Settings\Application Data\RobloxVersions

2016-05-30 12:28 - 2012-04-07 21:53 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton

2016-05-30 12:28 - 2012-04-07 21:53 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton

2016-05-29 14:15 - 2016-05-06 20:37 - 00000174 _____ C:\Documents and Settings\Isabella\Local Settings\Application Data\rbxcsettings.rbx

2016-05-29 14:15 - 2016-05-06 20:37 - 00000000 ____D C:\Documents and Settings\Isabella\Local Settings\Application Data\RobloxDownloads

2016-05-23 23:25 - 2016-04-14 07:24 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware

2016-05-23 21:41 - 2011-08-26 20:51 - 00000000 ____D C:\Documents and Settings\Sophia\Local Settings\Temp

==================== Files in the root of some directories =======

2010-11-02 08:53 - 2010-11-02 08:53 - 0001470 ____C () C:\Program Files\Common Files\AllscriptsEHR Gateway.rdp

2010-06-24 11:32 - 2010-06-24 11:32 - 0022486 ____C () C:\Program Files\Common Files\DataArk.ico

2010-06-24 11:33 - 2010-06-24 11:33 - 0000091 ____C () C:\Program Files\Common Files\DataArk.url

2010-08-10 15:15 - 2010-08-10 15:15 - 0278135 ____C () C:\Program Files\Common Files\ManageAllScriptsRDP.exe

2010-06-24 13:44 - 2010-06-24 13:44 - 0078782 ____C () C:\Program Files\Common Files\MGH-logo-color.ico

2010-06-24 12:46 - 2010-06-24 12:46 - 0004286 ____C () C:\Program Files\Common Files\MGHNET-32x.ico

2010-06-28 08:50 - 2010-06-28 08:50 - 0000083 ____C () C:\Program Files\Common Files\MGHNet.url

2010-06-22 09:17 - 2011-08-03 12:38 - 0000327 ____C () C:\Program Files\Common Files\Paragon.url

2010-10-28 14:53 - 2010-10-28 14:53 - 0000161 ____C () C:\Program Files\Common Files\Physicians WebStation (WSP 9.4).url

2009-11-23 13:40 - 2009-11-23 13:40 - 0291079 ____C () C:\Program Files\Common Files\Uninstall_MSjava.exe

2010-06-24 13:46 - 2010-06-24 13:46 - 0004286 ____C () C:\Program Files\Common Files\WSP-32x.ico

2016-06-14 12:21 - 2016-06-14 12:21 - 6867968 _____ () C:\Documents and Settings\Isabella\Application Data\agent.dat

2016-06-14 12:21 - 2016-06-14 12:21 - 0054272 _____ () C:\Documents and Settings\Isabella\Application Data\ApplicationHosting.dat

2016-06-14 12:21 - 2016-06-14 12:21 - 0069072 _____ () C:\Documents and Settings\Isabella\Application Data\Config.xml

2016-06-14 12:18 - 2016-06-14 12:19 - 0018288 _____ () C:\Documents and Settings\Isabella\Application Data\InstallationConfiguration.xml

2016-06-14 12:18 - 2016-06-14 12:18 - 0128512 _____ () C:\Documents and Settings\Isabella\Application Data\Installer.dat

2016-06-14 12:21 - 2016-06-14 12:21 - 0126464 _____ () C:\Documents and Settings\Isabella\Application Data\lobby.dat

2016-06-14 12:21 - 2016-06-14 12:21 - 0018432 _____ () C:\Documents and Settings\Isabella\Application Data\Main.dat

2016-06-14 12:21 - 2016-06-14 12:21 - 0005568 _____ () C:\Documents and Settings\Isabella\Application Data\md.xml

2016-06-14 12:21 - 2016-06-14 12:18 - 0957440 _____ () C:\Documents and Settings\Isabella\Application Data\Med-It.exe

2016-06-14 12:21 - 2016-06-14 12:21 - 0072704 _____ () C:\Documents and Settings\Isabella\Application Data\Med-It.tst

2016-06-14 12:21 - 2016-06-14 12:21 - 0126464 _____ () C:\Documents and Settings\Isabella\Application Data\noah.dat

2016-06-14 12:22 - 2016-06-14 12:22 - 2279413 _____ () C:\Documents and Settings\Isabella\Application Data\Saltjob.bin

2016-06-14 12:21 - 2016-06-14 12:18 - 0957440 _____ () C:\Documents and Settings\Isabella\Application Data\Siljaytough.exe

2016-06-14 12:21 - 2016-06-14 12:21 - 1760384 _____ () C:\Documents and Settings\Isabella\Application Data\Siljaytough.tst

2016-06-14 12:23 - 2016-06-14 12:23 - 0032038 _____ () C:\Documents and Settings\Isabella\Application Data\uninstall_temp.ico

2015-04-18 17:28 - 2015-04-23 16:45 - 0000103 ____C () C:\Documents and Settings\Isabella\Application Data\WB.CFG

2016-04-13 17:28 - 2016-04-13 17:49 - 0005632 _____ () C:\Documents and Settings\Isabella\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2015-04-20 16:54 - 2015-04-20 16:54 - 0274045 _____ () C:\Documents and Settings\Isabella\Local Settings\Application Data\dsi1.dat

2015-04-20 16:54 - 2015-04-20 16:54 - 0161916 _____ () C:\Documents and Settings\Isabella\Local Settings\Application Data\dsi2.dat

2012-12-05 15:44 - 2012-12-05 15:44 - 0027520 _____ () C:\Documents and Settings\Isabella\Local Settings\Application Data\dt.dat

2016-05-06 20:37 - 2016-05-29 14:15 - 0000174 _____ () C:\Documents and Settings\Isabella\Local Settings\Application Data\rbxcsettings.rbx

2015-11-23 18:27 - 2015-11-23 18:27 - 0000000 ____C () C:\Documents and Settings\Isabella\Local Settings\Application Data\{4A471A52-863D-4FCB-AC3B-EACBCD51A55A}

2016-04-14 08:00 - 2016-04-21 21:56 - 0000193 _____ () C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft.SqlServer.Compact.351.32.bc

Files to move or delete:

====================

C:\Documents and Settings\Isabella\TempWmicBatchFile.bat

Some files in TEMP:

====================

C:\Documents and Settings\Isabella\Local Settings\Temp\libeay32.dll

C:\Documents and Settings\Isabella\Local Settings\Temp\msvcr120.dll

C:\Documents and Settings\Isabella\Local Settings\Temp\sqlite3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\dnsapi.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

addition:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 18-06-2016

Ran by Isabella (2016-06-18 10:02:33)

Running from C:\Documents and Settings\Isabella\My Documents\Downloads

Microsoft Windows XP Professional Service Pack 3 (X86) (2011-08-27 14:52:56)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1177238915-823518204-1644491937-500 - Administrator - Enabled)

ASPNET (S-1-5-21-1177238915-823518204-1644491937-1007 - Limited - Enabled)

Gabriella (S-1-5-21-1177238915-823518204-1644491937-1005 - Limited - Enabled) => %SystemDrive%\Documents and Settings\Gabriella

Guest (S-1-5-21-1177238915-823518204-1644491937-501 - Limited - Disabled) => %SystemDrive%\Documents and Settings\Guest

Heather (S-1-5-21-1177238915-823518204-1644491937-1009 - Limited - Enabled) => %SystemDrive%\Documents and Settings\Heather

HelpAssistant (S-1-5-21-1177238915-823518204-1644491937-1000 - Limited - Disabled)

Isabella (S-1-5-21-1177238915-823518204-1644491937-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Isabella

Sophia (S-1-5-21-1177238915-823518204-1644491937-1006 - Limited - Enabled) => %SystemDrive%\Documents and Settings\Sophia

SUPPORT_388945a0 (S-1-5-21-1177238915-823518204-1644491937-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Anti-Virus Free Edition 2012 (Enabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 22 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 22.0.0.192 - Adobe Systems Incorporated)

Adobe Flash Player 22 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)

Clean Master (HKLM\...\Clean Master) (Version: 1.0 - Cheetah Mobile)

Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.2.6793.01 - Dell)

Dell System Detect (HKU\S-1-5-21-1177238915-823518204-1644491937-1004\...\58d94f3ce2c27db0) (Version: 7.3.0.6 - Dell)

Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)

Google Update Helper (Version: 1.3.21.169 - Google Inc.) Hidden

Google Update Helper (Version: 1.3.30.3 - Google Inc.) Hidden

IMVU Avatar Chat Software (HKU\S-1-5-21-1177238915-823518204-1644491937-1004\...\IMVU Avatar chat client software BETA) (Version: - )

Intel® Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4543 - )

JSWPFCom (Version: 1.07.0000 - JumpStart World) Hidden

JSWPFGrade1 (Version: 1.07.0000 - JumpStart World) Hidden

Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)

Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )

Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )

Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)

Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)

Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)

Microsoft Office Professional Edition 2003 (HKLM\...\{91E30409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)

Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft WinUsb 2.0 (HKLM\...\winusb0200) (Version: - Microsoft Corporation)

Mozilla Firefox 47.0 (x86 en-US) (HKLM\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)

Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)

mpck version 1.1 (HKLM\...\mobilepcstarterkit_is1) (Version: 1.1 - mobilepcstarterkit)

Realtek AC'97 Audio (HKLM\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version: 5.33 - Realtek Semiconductor Corp.)

RNX-MiniN1 Wireless LAN Driver and Utility (HKLM\...\{9C049499-055C-4a0c-A916-1D12314F45EB}) (Version: 1.00.0179 - Rosewill Inc)

SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.01.5246 - Analog Devices)

SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1216 - SUPERAntiSpyware.com)

Translate (HKU\S-1-5-21-1177238915-823518204-1644491937-1004\...\translate-65e7cca1b27e50ede238fedb48951a63) (Version: 1.2.2 - Dzexon)

Unity Web Player (HKLM\...\UnityWebPlayer) (Version: 2.1.0f5_16147 - Unity Technologies ApS)

WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden

Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )

Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1177238915-823518204-1644491937-1004_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Documents and Settings\Isabella\Local Settings\Application Data\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe

Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Documents and Settings\Isabella\Start Menu\Programs\Intеrnеt Ехplоrеr.lnk -> C:\Program Files\Internet Explorer\iexplore.bat ()

Shortcut: C:\Documents and Settings\Isabella\Desktop\Gооglе Сhrоmе.lnk -> C:\Program Files\Google\Chrome\Application\chrome.bat ()

Shortcut: C:\Documents and Settings\Isabella\Application Data\Microsoft\Internet Explorer\Quick Launch\Gооglе Сhrоmе.lnk -> C:\Program Files\Google\Chrome\Application\chrome.bat ()

Shortcut: C:\Documents and Settings\Isabella\Application Data\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnеt Ехplоrеr Вrоwsеr.lnk -> C:\Program Files\Internet Explorer\iexplore.bat ()

Shortcut: C:\Documents and Settings\Isabella\Application Data\Microsoft\Internet Explorer\Quick Launch\Моzillа Firеfох.lnk -> C:\Program Files\Mozilla Firefox\firefox.bat ()

Shortcut: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Gооglе Сhrоmе (2).lnk -> C:\Program Files\Google\Chrome\Application\chrome.bat ()

Shortcut: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Моzillа Firеfох.lnk -> C:\Program Files\Mozilla Firefox\firefox.bat ()

ShortcutWithArgument: C:\Documents and Settings\Isabella\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://navigation.iwatchavi.com/

==================== Loaded Modules (Whitelisted) ==============

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:0B4227B4 [268]

AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:0B4227B4 [268]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com

IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com

IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com

IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com

IE trusted site: HKU\S-1-5-21-1177238915-823518204-1644491937-1004\...\dell.com -> dell.com

IE trusted site: HKU\S-1-5-21-1177238915-823518204-1644491937-1004\...\driversupport.com -> hxxp://apps.driversupport.com

IE trusted site: HKU\S-1-5-21-1177238915-823518204-1644491937-1004\...\driversupport.com -> hxxps://apps.driversupport.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2008-04-14 00:00 - 2016-06-15 14:08 - 00000914 ____N C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

127.0.0.1 down.baidu2016.com

127.0.0.1 123.sogou.com

127.0.0.1 www.czzsyzgm.com

127.0.0.1 www.czzsyzxl.com

127.0.0.1 union.baidu2019.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1177238915-823518204-1644491937-1004\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Isabella\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

DNS Servers: 75.75.75.75 - 75.75.76.76

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Program Files\RNX-MiniN1\11n USB Wireless LAN Utility\RtWLan.exe] => Enabled:RtWlan

StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome

StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Isabella\Local Settings\Application Data\Akamai\netsession_win.exe] => Enabled:Akamai NetSession Client

StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Isabella\Desktop\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe] => Enabled:EBook Codec Downloader

StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Isabella\Desktop\FormatFactory\FormatFactory.exe] => Enabled:Format Factory

StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Isabella\Desktop\FormatFactory\FFModules\Package\PTInstOnline.exe] => Enabled:Picosmos Tools Downloader

StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Isabella\My Documents\Downloads\solutoinstaller.exe] => Enabled:SolutoInstaller

StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)

StandardProfile\GloballyOpenPorts: [1542:UDP] => Enabled:Realtek WPS UDP Prot

StandardProfile\GloballyOpenPorts: [53:UDP] => Enabled:Realtek AP UDP Prot

StandardProfile\GloballyOpenPorts: [135:TCP] => Enabled:TCP Port 135

StandardProfile\GloballyOpenPorts: [5000:TCP] => Enabled:TCP Port 5000

StandardProfile\GloballyOpenPorts: [5001:TCP] => Enabled:TCP Port 5001

StandardProfile\GloballyOpenPorts: [5002:TCP] => Enabled:TCP Port 5002

StandardProfile\GloballyOpenPorts: [5003:TCP] => Enabled:TCP Port 5003

StandardProfile\GloballyOpenPorts: [5004:TCP] => Enabled:TCP Port 5004

StandardProfile\GloballyOpenPorts: [5005:TCP] => Enabled:TCP Port 5005

StandardProfile\GloballyOpenPorts: [5006:TCP] => Enabled:TCP Port 5006

StandardProfile\GloballyOpenPorts: [5007:TCP] => Enabled:TCP Port 5007

StandardProfile\GloballyOpenPorts: [5008:TCP] => Enabled:TCP Port 5008

StandardProfile\GloballyOpenPorts: [5009:TCP] => Enabled:TCP Port 5009

StandardProfile\GloballyOpenPorts: [5010:TCP] => Enabled:TCP Port 5010

StandardProfile\GloballyOpenPorts: [5011:TCP] => Enabled:TCP Port 5011

StandardProfile\GloballyOpenPorts: [5012:TCP] => Enabled:TCP Port 5012

StandardProfile\GloballyOpenPorts: [5013:TCP] => Enabled:TCP Port 5013

StandardProfile\GloballyOpenPorts: [5014:TCP] => Enabled:TCP Port 5014

StandardProfile\GloballyOpenPorts: [5015:TCP] => Enabled:TCP Port 5015

StandardProfile\GloballyOpenPorts: [5016:TCP] => Enabled:TCP Port 5016

StandardProfile\GloballyOpenPorts: [5017:TCP] => Enabled:TCP Port 5017

StandardProfile\GloballyOpenPorts: [5018:TCP] => Enabled:TCP Port 5018

StandardProfile\GloballyOpenPorts: [5019:TCP] => Enabled:TCP Port 5019

StandardProfile\GloballyOpenPorts: [5020:TCP] => Enabled:TCP Port 5020

StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22007

StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22008

StandardProfile\GloballyOpenPorts: [80:TCP] => Enabled:War Thunder

StandardProfile\GloballyOpenPorts: [443:TCP] => Enabled:War Thunder

StandardProfile\GloballyOpenPorts: [20010:UDP] => Enabled:War Thunder

StandardProfile\GloballyOpenPorts: [3478:UDP] => Enabled:War Thunder

StandardProfile\GloballyOpenPorts: [7850:TCP] => Enabled:War Thunder

StandardProfile\GloballyOpenPorts: [7852:TCP] => Enabled:War Thunder

StandardProfile\GloballyOpenPorts: [7853:TCP] => Enabled:War Thunder

StandardProfile\GloballyOpenPorts: [27022:TCP] => Enabled:War Thunder

StandardProfile\GloballyOpenPorts: [6881:TCP] => Enabled:War Thunder

StandardProfile\GloballyOpenPorts: [33333:TCP] => Enabled:War Thunder

StandardProfile\GloballyOpenPorts: [20443:TCP] => Enabled:War Thunder

StandardProfile\GloballyOpenPorts: [8090:TCP] => Enabled:War Thunder

==================== Restore Points =========================

18-06-2016 09:57:26 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (06/18/2016 09:55:06 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)

Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (06/18/2016 09:55:06 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)

Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (06/18/2016 09:27:09 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)

Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (06/18/2016 09:27:09 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)

Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (06/18/2016 08:12:17 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)

Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (06/18/2016 08:12:17 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)

Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (06/18/2016 07:33:09 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)

Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (06/18/2016 07:33:09 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)

Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (06/18/2016 06:28:17 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)

Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (06/18/2016 06:28:17 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)

Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

System errors:

=============

Error: (06/18/2016 09:57:29 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Lamzap service terminated unexpectedly. It has done this 1 time(s).

Error: (06/18/2016 09:57:29 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (06/18/2016 09:57:28 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Clean Master Core Service service terminated unexpectedly. It has done this 1 time(s).

Error: (06/18/2016 09:53:27 AM) (Source: Service Control Manager) (EventID: 7006) (User: )

Description: The ScRegSetValueExW call failed for DeleteFlag with the following error:

%%5 = Access is denied.

Error: (06/18/2016 09:53:27 AM) (Source: Service Control Manager) (EventID: 7006) (User: )

Description: The ScRegSetValueExW call failed for Security with the following error:

%%5 = Access is denied.

Error: (06/18/2016 09:53:27 AM) (Source: Service Control Manager) (EventID: 7006) (User: )

Description: The ScRegSetValueExW call failed for Security with the following error:

%%5 = Access is denied.

Error: (06/18/2016 09:53:27 AM) (Source: Service Control Manager) (EventID: 7006) (User: )

Description: The ScRegSetValueExW call failed for Security with the following error:

%%5 = Access is denied.

Error: (06/18/2016 09:53:27 AM) (Source: Service Control Manager) (EventID: 7006) (User: )

Description: The ScRegSetValueExW call failed for Security with the following error:

%%5 = Access is denied.

Error: (06/18/2016 09:53:27 AM) (Source: Service Control Manager) (EventID: 7006) (User: )

Description: The ScRegSetValueExW call failed for Security with the following error:

%%5 = Access is denied.

Error: (06/18/2016 09:53:27 AM) (Source: Service Control Manager) (EventID: 7006) (User: )

Description: The ScRegSetValueExW call failed for Security with the following error:

%%5 = Access is denied.

==================== Memory info ===========================

Processor: Intel® Pentium® 4 CPU 3.00GHz

Percentage of memory in use: 17%

Total physical RAM: 2038.07 MB

Available physical RAM: 1671.49 MB

Total Virtual: 3412.69 MB

Available Virtual: 3236.39 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.5 GB) (Free:30.26 GB) NTFS ==>[drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: B174B174)

Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

#4
RKinner

Posted 18 June 2016 - 11:57 AM

Malware Expert

Expert
24,625 posts

Download the attached fixlist.txt to the same location as FRST

[attachment=81524:fixlist.txt]

Run FRST and press Fix

A fix log will be generated please post that

Run FRST again as before. Make sure Addition.txt is checked and hit Scan. Post both logs.

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives

# Push the Start button.

# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

# When the scan completes, push LIST OF THREATS FOUND

# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

# Push the BACK button.

# Push Finish

# Once the scan is completed, you may close the window.

# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt

# Copy and paste that log as a reply.

#5
izzykins17

Posted 22 June 2016 - 03:00 PM

Member

Topic Starter
Member
11 posts

the last thing u asked me to download and run didnt work. it would scan it but before it was even half way done scanning it would go blank. its like that every time. but here are the other logs.

Fix result of Farbar Recovery Scan Tool (x86) Version: 20-06-2016 01

Ran by Isabella (2016-06-22 11:59:01) Run:3

Running from C:\Documents and Settings\Isabella\My Documents\Downloads\New Folder

Loaded Profiles: Isabella (Available Profiles: Isabella & Gabriella & Sophia & Heather & Guest)

Boot Mode: Normal

==============================================

fixlist content:

*****************

HKLM\...\Run: [MPC AdCleaner] => "C:\Program Files\MPC AdCleaner\AdCleaner.exe" /autostart

HKLM\...\RunOnce: [OTUTPRODUCT_9RYBE] => C:\Program Files\mpck\otutnetwork.exe [60928 2016-06-14] (B)

HKU\S-1-5-21-1177238915-823518204-1644491937-1004\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1

AppInit_DLLs: C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lamzap\BioOvefix.dll => No File

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

Startup: C:\Documents and Settings\CtShahJ\Start Menu\Programs\Startup\DeleteASHKCU.exe [2010-01-12] ()

Startup: C:\Documents and Settings\griffid.MARINGENERAL\Start Menu\Programs\Startup\DeleteASHKCU.exe [2010-01-12] ()

Startup: C:\Documents and Settings\hewittm\Start Menu\Programs\Startup\DeleteASHKCU.exe [2010-01-12] ()

Startup: C:\Documents and Settings\hillm1\Start Menu\Programs\Startup\DeleteASHKCU.exe [2010-01-12] ()

Startup: C:\Documents and Settings\jacksoem\Start Menu\Programs\Startup\DeleteASHKCU.exe [2010-01-12] ()

Startup: C:\Documents and Settings\marksl\Start Menu\Programs\Startup\DeleteASHKCU.exe [2010-01-12] ()

Startup: C:\Documents and Settings\PetrovBk\Start Menu\Programs\Startup\DeleteASHKCU.exe [2010-01-12] ()

Startup: C:\Documents and Settings\refreshh\Start Menu\Programs\Startup\DeleteASHKCU.exe [2010-01-12] ()

Startup: C:\Documents and Settings\sircusc\Start Menu\Programs\Startup\DeleteASHKCU.exe [2010-01-12] ()

Startup: C:\Documents and Settings\Sophia\Start Menu\Programs\Startup\PowerReg Scheduler.exe [2011-08-27] ()

Startup: C:\Documents and Settings\TrajanR\Start Menu\Programs\Startup\DeleteASHKCU.exe [2010-01-12] ()

Startup: C:\Documents and Settings\w2kdeploy\Start Menu\Programs\Startup\DeleteASHKCU.exe [2010-01-12] ()

CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

ProxyEnable: [.DEFAULT] => Proxy is enabled.

ProxyServer: [.DEFAULT] => http=127.0.0.1:3492;https=127.0.0.1:3492;

AutoConfigURL: [.DEFAULT] => http=127.0.0.1:3492;https=127.0.0.1:3492;

HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "hxxp://www.google.com" <======= ATTENTION

HKU\S-1-5-21-1177238915-823518204-1644491937-1004\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_popjar_16_24_ssg08&param1=1&param2=f%3D2%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtCtAyBtB0EtCtBtByC0B0B0EyDyDtN0D0Tzu0StCyCtByDtN1L2XzutAtFtBtBtFtAtFzztN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyC0B0F0C0A0EtAyDtGtCyEzyyEtG0D0CtB0AtGtBtDtBzytGyBzzyCyCyB0EtC0CyByCtDtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0EyByD0F0F0CtCtG0FtAtC0BtGyE0D0F0FtGzytAzyyEtGtAyEzzzytAtA0FyCzztD0Bzy2QtN0A0LzuyE%26cr%3D2141437022%26a%3Dwncy_popjar_16_24_ssg08%26os_ver%3D5.1%26os%3DWindows%2BXP" <======= ATTENTION

SearchScopes: HKLM -> DefaultScope value is missing

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-1177238915-823518204-1644491937-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

Toolbar: HKU\S-1-5-21-1177238915-823518204-1644491937-1004 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} hxxp://launch.soe.com/plugin/web/SOEWebInstaller.cab

FF NewTab: C:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\Lamzaps\\ff.NT

FF Homepage: C:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\Lamzaps\\ff.HP

FF Extension: YouTube Video and Audio Downloader - C:\Documents and Settings\Isabella\Application Data\Mozilla\Firefox\Profiles\79gk91dw.default\Extensions\[email protected] [2016-06-02]

FF Extension: Translate This! - C:\Documents and Settings\Isabella\Application Data\Mozilla\Firefox\Profiles\79gk91dw.default\Extensions\[email protected] [2016-04-11]

FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.4.24\coFFAddon => not found

CHR HomePage: Default -> hxxp://taplika.com/?f=1&a=tpl_installertech_15_16&cd=2XzuyEtN2Y1L1QzutDtDtCtAyBtB0EtCtBtByC0B0B0EyDyDtN0D0Tzu0StCtBtDtBtN1L2XzutAtFtCtDtFtBtFtDtN1L1Czu2Z1E1I1V1L1G1B2Z1T1I1I1P1C2Z1P1R1MtN1L1G1B1V1N2Y1L1Qzu2SyDtD0CyD0Ezz0C0EtG0B0C0B0FtGtAtB0CyCtGyBtByC0CtGtCtCtCtB0B0D0A0C0AzytByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0EyByD0F0F0CtCtG0FtAtC0BtGyE0D0F0FtGzytAzyyEtGtAyEzzzytAtA0FyCzztD0Bzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzuyBtCtA&cr=1768884837&ir=

CHR StartupUrls: Default -> "hxxp://taplika.com/?f=7&a=tpl_installertech_15_16&cd=2XzuyEtN2Y1L1QzutDtDtCtAyBtB0EtCtBtByC0B0B0EyDyDtN0D0Tzu0StCtBtDtBtN1L2XzutAtFtCtDtFtBtFtDtN1L1Czu2Z1E1I1V1L1G1B2Z1T1I1I1P1C2Z1P1R1MtN1L1G1B1V1N2Y1L1Qzu2SyDtD0CyD0Ezz0C0EtG0B0C0B0FtGtAtB0CyCtGyBtByC0CtGtCtCtCtB0B0D0A0C0AzytByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0EyByD0F0F0CtCtG0FtAtC0BtGyE0D0F0FtGzytAzyyEtGtAyEzzzytAtA0FyCzztD0Bzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzuyBtCtA&cr=1768884837&ir=","hxxp://www.google.com/","hxxp://us.4yendex.com/?utm_source=sdks&utm_medium=us01&utm_campaign=cbcab940a9053e847c0ee861c321939e"

CHR Plugin: (Widevine Content Decryption Module) - C:\Documents and Settings\Isabella\Local Settings\Application Data\Google\Chrome\User Data\WidevineCDM\1.4.8.824\_platform_specific\win_x86\widevinecdmadapter.dll => No File

S3 CLPSLauncher; C:\Program Files\Common Files\COMODO\launcher_service.exe [76944 2016-06-03] (Comodo Security Solutions, Inc.)

S2 Lamzap; C:\Documents and Settings\All Users.WINDOWS\Application Data\\Lamzap\\Lamzap.exe [957440 2016-06-14] () [File not signed]

R2 MPCProtectService; C:\Program Files\MPC Cleaner\MPCProtectService.exe [350688 2016-06-14] (DotC United Inc)

S3 EsgScanner; C:\WINDOWS\System32\DRIVERS\EsgScanner.sys [19984 2016-06-14] ()

R0 MPCBase; C:\WINDOWS\System32\drivers\MPCBase.sys [29032 2016-06-14] (DotC United Inc)

R1 MPCKpt; C:\WINDOWS\System32\DRIVERS\MPCKpt.sys [53992 2016-06-14] (DotC United Inc)

S0 cerc6; no ImagePath

S3 cpuz134; \??\C:\DOCUME~1\Isabella\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]

S3 cpuz136; \??\C:\WINDOWS\TEMP\cpuz136\cpuz136_x32.sys [X]

S4 IntelIde; no ImagePath

U1 WS2IFSL; no ImagePath

2016-06-15 14:19 - 2016-06-16 08:30 - 00000000 ____D C:\Documents and Settings\Isabella\Start Menu\Programs\MPC AdCleaner

2016-06-14 16:46 - 2016-06-14 16:46 - 00019984 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys

2016-06-14 12:30 - 2016-06-14 12:31 - 00000000 ____D C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\WebUpdater

2016-06-14 12:30 - 2016-06-14 12:31 - 00000000 ____D C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\WebUpdater

2016-06-14 12:23 - 2016-06-14 12:26 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\Lamzaps

2016-06-14 12:23 - 2016-06-14 12:23 - 00000000 ____D C:\Program Files\Common Files\Domity

2016-06-14 12:22 - 2016-06-18 09:55 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\Lamzap

2016-06-14 12:22 - 2016-06-14 12:22 - 02279413 _____ C:\Documents and Settings\Isabella\Application Data\Saltjob.bin

2016-06-14 12:21 - 2016-06-14 12:22 - 00000000 ____D C:\Documents and Settings\Isabella\Local Settings\Application Data\DailyWiki

2016-06-14 12:21 - 2016-06-14 12:21 - 06867968 _____ C:\Documents and Settings\Isabella\Application Data\agent.dat

2016-06-14 12:21 - 2016-06-14 12:21 - 01760384 _____ C:\Documents and Settings\Isabella\Application Data\Siljaytough.tst

2016-06-14 12:21 - 2016-06-14 12:21 - 00126464 _____ C:\Documents and Settings\Isabella\Application Data\noah.dat

2016-06-14 12:21 - 2016-06-14 12:21 - 00126464 _____ C:\Documents and Settings\Isabella\Application Data\lobby.dat

2016-06-14 12:21 - 2016-06-14 12:21 - 00072704 _____ C:\Documents and Settings\Isabella\Application Data\Med-It.tst

2016-06-14 12:21 - 2016-06-14 12:21 - 00069072 _____ C:\Documents and Settings\Isabella\Application Data\Config.xml

2016-06-14 12:21 - 2016-06-14 12:21 - 00054272 _____ C:\Documents and Settings\Isabella\Application Data\ApplicationHosting.dat

2016-06-14 12:21 - 2016-06-14 12:21 - 00018432 _____ C:\Documents and Settings\Isabella\Application Data\Main.dat

2016-06-14 12:21 - 2016-06-14 12:21 - 00005568 _____ C:\Documents and Settings\Isabella\Application Data\md.xml

2016-06-14 12:21 - 2016-06-14 12:20 - 00053992 ____N (DotC United Inc) C:\WINDOWS\system32\Drivers\MPCKpt.sys

2016-06-14 12:21 - 2016-06-14 12:20 - 00029032 ____N (DotC United Inc) C:\WINDOWS\system32\Drivers\MPCBase.sys

2016-06-14 12:21 - 2016-06-14 12:18 - 00957440 _____ C:\Documents and Settings\Isabella\Application Data\Siljaytough.exe

2016-06-14 12:21 - 2016-06-14 12:18 - 00957440 _____ C:\Documents and Settings\Isabella\Application Data\Med-It.exe

2016-06-14 12:20 - 2016-06-14 12:30 - 00000000 ____D C:\Program Files\MPC Cleaner

2016-06-14 12:20 - 2016-06-14 12:20 - 00000000 ____D C:\Documents and Settings\Isabella\Local Settings\Application Data\tuto_monetize_120160614

2016-06-14 12:20 - 2016-06-14 12:20 - 00000000 ____D C:\Documents and Settings\Isabella\Local Settings\Application Data\SecurityApps

2016-06-14 12:18 - 2016-06-15 14:18 - 00000000 ____D C:\Documents and Settings\Isabella\Local Settings\Application Data\4C4C4544-1465906685-3610-8044-C4C04F444231

2016-06-14 12:18 - 2016-06-14 12:19 - 00018288 _____ C:\Documents and Settings\Isabella\Application Data\InstallationConfiguration.xml

2016-06-14 12:18 - 2016-06-14 12:19 - 00000000 ____D C:\Program Files\mpck

2016-06-14 12:18 - 2016-06-14 12:18 - 00128512 _____ C:\Documents and Settings\Isabella\Application Data\Installer.dat

2016-06-14 12:18 - 2016-06-14 12:18 - 00000000 _____ C:\WINDOWS\system32\Number of results

2016-06-14 12:13 - 2016-06-14 12:13 - 00000000 ____D C:\Documents and Settings\Isabella\Local Settings\Application Data\IsolatedStorage

2016-06-14 12:12 - 2016-06-16 08:22 - 00002892 _____ C:\wulog.txt

2016-06-14 12:12 - 2016-06-15 13:50 - 00000000 ____D C:\Documents and Settings\Isabella\Local Settings\Application Data\WebUpdater

2016-06-13 07:13 - 2016-06-13 07:13 - 00142495 _____ C:\WINDOWS\e7cba6967fb0ecb67001f9d280002e18.exe

2010-11-02 08:53 - 2010-11-02 08:53 - 0001470 ____C () C:\Program Files\Common Files\AllscriptsEHR Gateway.rdp

2010-06-24 11:32 - 2010-06-24 11:32 - 0022486 ____C () C:\Program Files\Common Files\DataArk.ico

2010-06-24 11:33 - 2010-06-24 11:33 - 0000091 ____C () C:\Program Files\Common Files\DataArk.url

2010-08-10 15:15 - 2010-08-10 15:15 - 0278135 ____C () C:\Program Files\Common Files\ManageAllScriptsRDP.exe

2010-06-24 13:44 - 2010-06-24 13:44 - 0078782 ____C () C:\Program Files\Common Files\MGH-logo-color.ico

2010-06-24 12:46 - 2010-06-24 12:46 - 0004286 ____C () C:\Program Files\Common Files\MGHNET-32x.ico

2010-06-28 08:50 - 2010-06-28 08:50 - 0000083 ____C () C:\Program Files\Common Files\MGHNet.url

2010-06-22 09:17 - 2011-08-03 12:38 - 0000327 ____C () C:\Program Files\Common Files\Paragon.url

2010-10-28 14:53 - 2010-10-28 14:53 - 0000161 ____C () C:\Program Files\Common Files\Physicians WebStation (WSP 9.4).url

2009-11-23 13:40 - 2009-11-23 13:40 - 0291079 ____C () C:\Program Files\Common Files\Uninstall_MSjava.exe

2010-06-24 13:46 - 2010-06-24 13:46 - 0004286 ____C () C:\Program Files\Common Files\WSP-32x.ico

2016-06-14 12:21 - 2016-06-14 12:21 - 6867968 _____ () C:\Documents and Settings\Isabella\Application Data\agent.dat

2016-06-14 12:21 - 2016-06-14 12:21 - 0054272 _____ () C:\Documents and Settings\Isabella\Application Data\ApplicationHosting.dat

2016-06-14 12:21 - 2016-06-14 12:21 - 0069072 _____ () C:\Documents and Settings\Isabella\Application Data\Config.xml

2016-06-14 12:18 - 2016-06-14 12:19 - 0018288 _____ () C:\Documents and Settings\Isabella\Application Data\InstallationConfiguration.xml

2016-06-14 12:18 - 2016-06-14 12:18 - 0128512 _____ () C:\Documents and Settings\Isabella\Application Data\Installer.dat

2016-06-14 12:21 - 2016-06-14 12:21 - 0126464 _____ () C:\Documents and Settings\Isabella\Application Data\lobby.dat

2016-06-14 12:21 - 2016-06-14 12:21 - 0018432 _____ () C:\Documents and Settings\Isabella\Application Data\Main.dat

2016-06-14 12:21 - 2016-06-14 12:21 - 0005568 _____ () C:\Documents and Settings\Isabella\Application Data\md.xml

2016-06-14 12:21 - 2016-06-14 12:18 - 0957440 _____ () C:\Documents and Settings\Isabella\Application Data\Med-It.exe

2016-06-14 12:21 - 2016-06-14 12:21 - 0072704 _____ () C:\Documents and Settings\Isabella\Application Data\Med-It.tst

2016-06-14 12:21 - 2016-06-14 12:21 - 0126464 _____ () C:\Documents and Settings\Isabella\Application Data\noah.dat

2016-06-14 12:22 - 2016-06-14 12:22 - 2279413 _____ () C:\Documents and Settings\Isabella\Application Data\Saltjob.bin

2016-06-14 12:21 - 2016-06-14 12:18 - 0957440 _____ () C:\Documents and Settings\Isabella\Application Data\Siljaytough.exe

2016-06-14 12:21 - 2016-06-14 12:21 - 1760384 _____ () C:\Documents and Settings\Isabella\Application Data\Siljaytough.tst

2016-06-14 12:23 - 2016-06-14 12:23 - 0032038 _____ () C:\Documents and Settings\Isabella\Application Data\uninstall_temp.ico

2015-04-18 17:28 - 2015-04-23 16:45 - 0000103 ____C () C:\Documents and Settings\Isabella\Application Data\WB.CFG

2016-04-13 17:28 - 2016-04-13 17:49 - 0005632 _____ () C:\Documents and Settings\Isabella\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2015-04-20 16:54 - 2015-04-20 16:54 - 0274045 _____ () C:\Documents and Settings\Isabella\Local Settings\Application Data\dsi1.dat

2015-04-20 16:54 - 2015-04-20 16:54 - 0161916 _____ () C:\Documents and Settings\Isabella\Local Settings\Application Data\dsi2.dat

2012-12-05 15:44 - 2012-12-05 15:44 - 0027520 _____ () C:\Documents and Settings\Isabella\Local Settings\Application Data\dt.dat

2016-05-06 20:37 - 2016-05-29 14:15 - 0000174 _____ () C:\Documents and Settings\Isabella\Local Settings\Application Data\rbxcsettings.rbx

2015-11-23 18:27 - 2015-11-23 18:27 - 0000000 ____C () C:\Documents and Settings\Isabella\Local Settings\Application Data\{4A471A52-863D-4FCB-AC3B-EACBCD51A55A}

2016-04-14 08:00 - 2016-04-21 21:56 - 0000193 _____ () C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft.SqlServer.Compact.351.32.bc

C:\Documents and Settings\Isabella\TempWmicBatchFile.bat

C:\Program Files\MPC AdCleaner

C:\Program Files\mpck

Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe

Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

EmptyTemp:

*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MPC AdCleaner => value not found.

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\OTUTPRODUCT_9RYBE => value not found.

HKU\S-1-5-21-1177238915-823518204-1644491937-1004\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLowDiskSpaceChecks => value not found.

"C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lamzap\BioOvefix.dll" => Value data not found.

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key not found.

HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.

C:\Documents and Settings\CtShahJ\Start Menu\Programs\Startup\DeleteASHKCU.exe => not found.

C:\Documents and Settings\griffid.MARINGENERAL\Start Menu\Programs\Startup\DeleteASHKCU.exe => not found.

C:\Documents and Settings\hewittm\Start Menu\Programs\Startup\DeleteASHKCU.exe => not found.

C:\Documents and Settings\hillm1\Start Menu\Programs\Startup\DeleteASHKCU.exe => not found.

C:\Documents and Settings\jacksoem\Start Menu\Programs\Startup\DeleteASHKCU.exe => not found.

C:\Documents and Settings\marksl\Start Menu\Programs\Startup\DeleteASHKCU.exe => not found.

C:\Documents and Settings\PetrovBk\Start Menu\Programs\Startup\DeleteASHKCU.exe => not found.

C:\Documents and Settings\refreshh\Start Menu\Programs\Startup\DeleteASHKCU.exe => not found.

C:\Documents and Settings\sircusc\Start Menu\Programs\Startup\DeleteASHKCU.exe => not found.

C:\Documents and Settings\Sophia\Start Menu\Programs\Startup\PowerReg Scheduler.exe => not found.

C:\Documents and Settings\TrajanR\Start Menu\Programs\Startup\DeleteASHKCU.exe => not found.

C:\Documents and Settings\w2kdeploy\Start Menu\Programs\Startup\DeleteASHKCU.exe => not found.

HKLM\SOFTWARE\Policies\Google => key not found.

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value not found.

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value not found.

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL => value not found.

HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => value restored successfully

HKU\S-1-5-21-1177238915-823518204-1644491937-1004\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => value not found.

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully

HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.

HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.

HKU\S-1-5-21-1177238915-823518204-1644491937-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.

HKU\S-1-5-21-1177238915-823518204-1644491937-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value not found.

HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.

HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{000F1EA4-5E08-4564-A29B-29076F63A37A} => key not found.

HKCR\CLSID\{000F1EA4-5E08-4564-A29B-29076F63A37A} => key not found.

FF NewTab: C:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\Lamzaps\\ff.NT => not found

Firefox "homepage" removed successfully.

C:\Documents and Settings\Isabella\Application Data\Mozilla\Firefox\Profiles\79gk91dw.default\Extensions\[email protected] => not found.

HKLM\Software\Mozilla\Firefox\Extensions\\{C1A2A613-35F1-4FCF-B27F-2840527B6556} => value not found.

Chrome HomePage => removed successfully.

Chrome StartupUrls => removed successfully.

C:\Documents and Settings\Isabella\Local Settings\Application Data\Google\Chrome\User Data\WidevineCDM\1.4.8.824\_platform_specific\win_x86\widevinecdmadapter.dll => not found.

CLPSLauncher => service not found.

Lamzap => service not found.

MPCProtectService => Unable to stop service.

MPCProtectService => service could not remove

EsgScanner => service not found.

MPCBase => Unable to stop service.

MPCBase => service could not remove

MPCKpt => Unable to stop service.

MPCKpt => service could not remove

cerc6 => service not found.

cpuz134 => service not found.

cpuz136 => service not found.

IntelIde => service not found.

WS2IFSL => service not found.

"C:\Documents and Settings\Isabella\Start Menu\Programs\MPC AdCleaner" => not found.

"C:\WINDOWS\system32\Drivers\EsgScanner.sys" => not found.

"C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\WebUpdater" => not found.

"C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\WebUpdater" => not found.

"C:\Documents and Settings\All Users.WINDOWS\Application Data\Lamzaps" => not found.

"C:\Program Files\Common Files\Domity" => not found.

"C:\Documents and Settings\All Users.WINDOWS\Application Data\Lamzap" => not found.

"C:\Documents and Settings\Isabella\Application Data\Saltjob.bin" => not found.

"C:\Documents and Settings\Isabella\Local Settings\Application Data\DailyWiki" => not found.

"C:\Documents and Settings\Isabella\Application Data\agent.dat" => not found.

"C:\Documents and Settings\Isabella\Application Data\Siljaytough.tst" => not found.

"C:\Documents and Settings\Isabella\Application Data\noah.dat" => not found.

"C:\Documents and Settings\Isabella\Application Data\lobby.dat" => not found.

"C:\Documents and Settings\Isabella\Application Data\Med-It.tst" => not found.

"C:\Documents and Settings\Isabella\Application Data\Config.xml" => not found.

"C:\Documents and Settings\Isabella\Application Data\ApplicationHosting.dat" => not found.

"C:\Documents and Settings\Isabella\Application Data\Main.dat" => not found.

"C:\Documents and Settings\Isabella\Application Data\md.xml" => not found.

Could not move "C:\WINDOWS\system32\Drivers\MPCKpt.sys" => Scheduled to move on reboot.

Could not move "C:\WINDOWS\system32\Drivers\MPCBase.sys" => Scheduled to move on reboot.

"C:\Documents and Settings\Isabella\Application Data\Siljaytough.exe" => not found.

"C:\Documents and Settings\Isabella\Application Data\Med-It.exe" => not found.

"C:\Program Files\MPC Cleaner" folder move:

Could not move "C:\Program Files\MPC Cleaner" => Scheduled to move on reboot.

"C:\Documents and Settings\Isabella\Local Settings\Application Data\tuto_monetize_120160614" => not found.

"C:\Documents and Settings\Isabella\Local Settings\Application Data\SecurityApps" => not found.

"C:\Documents and Settings\Isabella\Local Settings\Application Data\4C4C4544-1465906685-3610-8044-C4C04F444231" => not found.

"C:\Documents and Settings\Isabella\Application Data\InstallationConfiguration.xml" => not found.

"C:\Program Files\mpck" => not found.

"C:\Documents and Settings\Isabella\Application Data\Installer.dat" => not found.

"C:\WINDOWS\system32\Number of results" => not found.

"C:\Documents and Settings\Isabella\Local Settings\Application Data\IsolatedStorage" => not found.

"C:\wulog.txt" => not found.

"C:\Documents and Settings\Isabella\Local Settings\Application Data\WebUpdater" => not found.

"C:\WINDOWS\e7cba6967fb0ecb67001f9d280002e18.exe" => not found.

"C:\Program Files\Common Files\AllscriptsEHR Gateway.rdp" => not found.

"C:\Program Files\Common Files\DataArk.ico" => not found.

"C:\Program Files\Common Files\DataArk.url" => not found.

"C:\Program Files\Common Files\ManageAllScriptsRDP.exe" => not found.

"C:\Program Files\Common Files\MGH-logo-color.ico" => not found.

"C:\Program Files\Common Files\MGHNET-32x.ico" => not found.

"C:\Program Files\Common Files\MGHNet.url" => not found.

"C:\Program Files\Common Files\Paragon.url" => not found.

"C:\Program Files\Common Files\Physicians WebStation (WSP 9.4).url" => not found.

"C:\Program Files\Common Files\Uninstall_MSjava.exe" => not found.

"C:\Program Files\Common Files\WSP-32x.ico" => not found.