So I recently found out through calling Microsoft that my 2001 Dell PC is infected with the Koobface virus. Sadly, my family doesn't have the money to fix it. Is there anyway to fix it for free? Also I've been researching how to get rid of the MPC Safe Search from Firefox but nothing is working. Please help.
Koobface and MPC Safe Navigation
#1
Posted 16 June 2016 - 07:49 PM
#2
Posted 16 June 2016 - 10:48 PM
That's what we are here for.
- Pause your anti-virus. Close all browsers.
#3
Posted 18 June 2016 - 11:18 AM
That's what we are here for.
Download : ADWCleaner to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputerNOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.Close all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).<script pagespeed_no_defer="" type="text/javascript">//=d.offsetWidth&&0>=d.offsetHeight)a=!1;else{c=d.getBoundingClientRect();var f=document.body;a=c.top+("pageYOffset"in window?window.pageYOffset:(document.documentElement||f.parentNode||f).scrollTop);c=c.left+("pageXOffset"in window?window.pageXOffset:(document.documentElement||f.parentNode||f).scrollLeft);f=a.toString()+","+c;b.b.hasOwnProperty(f)?a=!1:(b.b[f]=!0,a=a<=b.e.height&&c<=b.e.width)}a&&(b.a.push(e),b.d[e]=!0)};p.prototype.checkImageForCriticality=function(b){b.getBoundingClientRect&&q(this,b)};h("pagespeed.CriticalImages.checkImageForCriticality",function(b){n.checkImageForCriticality(b)});h("pagespeed.CriticalImages.checkCriticalImages",function(){r(n)});var r=function(b){b.b={};for(var d=["IMG","INPUT"],a=[],c=0;c=a.length+e.length&&(a+=e)}b.g&&(e="&rd="+encodeURIComponent(JSON.stringify(s())),131072>=a.length+e.length&&(a+=e),d=!0);t=a;if(d){c=b.f;b=b.h;var f;if(window.XMLHttpRequest)f=new XMLHttpRequest;else if(window.ActiveXObject)try{f=new ActiveXObject("Msxml2.XMLHTTP")}catch(k){try{f=new ActiveXObject("Microsoft.XMLHTTP")}catch(u){}}f&&(f.open("POST",c+(-1==c.indexOf("?")?"?":"&")+"url="+encodeURIComponent(b)),f.setRequestHeader("Content-Type","application/x-www-form-urlencoded"),f.send(a))}}},s=function(){var b={},d=document.getElementsByTagName("IMG");if(0==d.length)return{};var a=d[0];if(!("naturalWidth"in a&&"naturalHeight"in a))return{};for(var c=0;a=d[c];++c){var e=a.getAttribute("pagespeed_url_hash");e&&(!(e in b)&&0=b[e].k&&a.height>=b[e].j)&&(b[e]={rw:a.width,rh:a.height,ow:a.naturalWidth,oh:a.naturalHeight})}return b},t="";h("pagespeed.CriticalImages.getBeaconData",function(){return t});h("pagespeed.CriticalImages.Run",function(b,d,a,c,e,f){var k=new p(b,d,a,e,f);n=k;c&&m(function(){window.setTimeout(function(){r(k)},0)})});})();pagespeed.CriticalImages.Run('/mod_pagespeed_beacon','http://www.geekstogo.com/forum/index.php?s=b9539564fea596230fa6e2cc5f53e699&app=forums&module=ajax§ion=topics&do=quote&t=361746&p=2566481&md5check=f03bf1ee5ad34e0f7cce49eec3e1a179&isRte=1,zBX8hFeDQI,true,true,vrZypRt_R5Q');//]]></script> &&0Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.The report will be saved in the C:\AdwCleaner folder.Junkware-Removal-ToolPlease download Junkware Removal Tool to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
- Pause your anti-virus. Close all browsers.
- Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
- The tool will open and start scanning your system.
- Please be patient as this can take a while to complete depending on your system's specifications.
- On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
- Post the contents of JRT.txt into your next message.
Please download Farbar Recovery Scan Tool and save it to your Desktop.Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
- Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
- Press Scan button.
- It will produce a log called FRST.txt in the same directory the tool is run from.
- Please copy and paste log back here.
- The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
adwcleaner:
# AdwCleaner v5.200 - Logfile created 18/06/2016 at 09:53:20# Updated 14/06/2016 by ToolsLib# Database : 2016-06-17.1 [Server]# Operating system : Microsoft Windows XP Service Pack 3 (X86)# Username : Isabella - DAVID-0A47797B5# Running from : C:\Documents and Settings\Isabella\My Documents\Downloads\AdwCleaner.exe# Option : Clean# Support : https://toolslib.net/forum***** [ Services ] *****[-] Service Deleted : sbmntr[-] Service Deleted : swdumon[+] Service Deleted : MPCProtectService[+] Service Deleted : MPCKpt[+] Service Deleted : MPCBase[-] Service Deleted : CloudPrinter[-] Service Deleted : backlh[-] Service Deleted : DrvAgent32***** [ Folders ] *****[-] Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\Babylon[-] Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\CloudPrinter[-] Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\WindowsMsg[-] Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\lavasoft\web companion[-] Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\App-verifier[-] Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\Logic Handler[-] Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\ByteFence Anti-Malware[-] Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\MPC[-] Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Documents\Guid[-] Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Documents\Downloaded Installers[#] Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Documents\Downloaded Installers\{86B53F95-3CEB-40F1-B10B-67263619410B}[-] Folder Deleted : C:\Program Files\DriverToolkit[-] Folder Deleted : C:\Program Files\HiDefMedia[-] Folder Deleted : C:\Program Files\MPC AdCleaner[#] Folder Deleted : C:\Program Files\MPC Cleaner[-] Folder Deleted : C:\Program Files\CleanBrowser[-] Folder Deleted : C:\Program Files\WebUpdater[-] Folder Deleted : C:\Program Files\PCAPDownloader[-] Folder Deleted : C:\Program Files\browseextension[-] Folder Deleted : C:\Program Files\Caster[-] Folder Deleted : C:\WINDOWS\ms[-] Folder Deleted : C:\WINDOWS\Installer\{86B53F95-3CEB-40F1-B10B-67263619410B}[-] Folder Deleted : C:\Documents and Settings\Isabella\Application Data\MCorp***** [ Files ] *****[-] File Deleted : C:\appverifier.txt[-] File Deleted : C:\Documents and Settings\All Users.WINDOWS\Desktop\MPC Cleaner.lnk[-] File Deleted : C:\WINDOWS\Reimage.ini[-] File Deleted : C:\WINDOWS\system32\findit.xml[-] File Deleted : C:\WINDOWS\system32\drivers\sp_rsdrv2.sys[-] File Deleted : C:\WINDOWS\system32\drivers\swdumon.sys[#] File Deleted : C:\WINDOWS\system32\drivers\MPCBase.sys[#] File Deleted : C:\WINDOWS\system32\drivers\MPCKpt.sys[-] File Deleted : C:\WINDOWS\system32\drivers\DrvAgent32.sys[-] File Deleted : C:\user.js***** [ DLLs ] ********** [ WMI ] *****[-] Key Deleted : \root\subscription\\ActiveScriptEventConsumer [ASEC]***** [ Shortcuts ] *****[-] Shortcut Disinfected : C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk[-] Shortcut Disinfected : C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Mozilla Firefox.lnk***** [ Scheduled tasks ] ********** [ Registry ] *****[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com][-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SEARCHSCOPES\IELNKSRCH[-] Value Deleted : HKLM\SOFTWARE\MICROSOFT\Windows NT\CurrentVersion\AppCompatFlags\Custom\chrome.exe [{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb][-] Value Deleted : HKLM\SOFTWARE\MICROSOFT\Windows NT\CurrentVersion\AppCompatFlags\Custom\firefox.exe [{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb][-] Value Deleted : HKLM\SOFTWARE\MICROSOFT\Windows NT\CurrentVersion\AppCompatFlags\Custom\iexplore.exe [{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb][-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledsDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}[-] Key Deleted : HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}[-] Value Deleted : HKCU\Environment [SNF][-] Value Deleted : HKCU\Environment [SNP][-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [PCAcceleratePro.exe][-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION [PCAcceleratePro.exe][-] Key Deleted : HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Application Hosting[#] Value Deleted : HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\chrome.exe [{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb][#] Value Deleted : HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\firefox.exe [{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb][#] Value Deleted : HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\iexplore.exe [{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb][-] Key Deleted : HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF[-] Key Deleted : HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg[-] Key Deleted : HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1[-] Key Deleted : HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2[-] Key Deleted : HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1[-] Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr[-] Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1[-] Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap[-] Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine[-] Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{49BC4DD1-0E69-4611-9164-0009538C5E46}[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{63EDCDD3-8AFC-4358-A90F-F7FB8F5C64FF}[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0757C9D8-D8A3-33F5-CEE2-11D09918BA8F}[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A11A6BD-7880-49BD-92D4-6F09D0BD3250}[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{68DE31F7-43FF-4EE2-B88B-10665016970D}[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}][-] Key Deleted : HKCU\Software\AVG Secure Search[-] Key Deleted : HKCU\Software\DAILYPCCLEAN[-] Key Deleted : HKCU\Software\DriverToolkit[-] Key Deleted : HKCU\Software\IM[-] Key Deleted : HKCU\Software\Microsoft\Tinstalls[-] Key Deleted : HKCU\Software\PRODUCTSETUP[-] Key Deleted : HKCU\Software\Reimage[-] Key Deleted : HKCU\Software\SecuredDownload[-] Key Deleted : HKCU\Software\SlimWare Utilities Inc[-] Key Deleted : HKCU\Software\xfin_portal[-] Key Deleted : HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.[-] Key Deleted : HKCU\Software\MICROSOFT\OTUT[-] Key Deleted : HKCU\Software\Wizzlabs[-] Key Deleted : HKCU\Software\MICROSOFT\IDSC[-] Key Deleted : HKCU\Software\PPC-softwareLanguage[-] Key Deleted : HKCU\Software\csastats[-] Key Deleted : HKCU\Software\InSTab[-] Key Deleted : HKCU\Software\ACPTab[-] Key Deleted : HKCU\Software\AppDataLow\Software\DailyWiki[-] Key Deleted : HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.[-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}[-] Key Deleted : HKLM\SOFTWARE\Babylon[-] Key Deleted : HKLM\SOFTWARE\ByteFence[-] Key Deleted : HKLM\SOFTWARE\MPC[-] Key Deleted : HKLM\SOFTWARE\MPC AdCleaner[-] Key Deleted : HKLM\SOFTWARE\SlimWare Utilities Inc[-] Key Deleted : HKLM\SOFTWARE\SpaceSoundPro[-] Key Deleted : HKLM\SOFTWARE\Lavasoft\Web Companion[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86B53F95-3CEB-40F1-B10B-67263619410B}[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ByteFence[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DriverRestore[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PopupProduct[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WinZip Malware Protector_is1[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\xfin_portal[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\yahooprovidedsearch[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\YTDownloader[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{730E03E4-350E-48E5-9D3E-4329903D454D}[-] Key Deleted : HKU\.DEFAULT\Software\AVG Secure Search[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\50D2BAFD096C90345A82B25A790BDF69[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\50D2BAFD096C90345A82B25A790BDF69[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page][-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar][-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [SearchAssistant][-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page][-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL][-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page][-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL][-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL][-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs][-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default][-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default][-] Data Restored : HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main [Start Page][-] Data Restored : HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main [Search Bar][-] Data Restored : HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main [Search Page][-] Data Restored : HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main [SearchAssistant][-] Data Restored : HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Search [Default_Search_URL][-] Data Restored : HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchUrl [Default][-] Data Restored : HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main [Start Page][-] Data Restored : HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main [Search Bar][-] Data Restored : HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main [Search Page][-] Data Restored : HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main [SearchAssistant][-] Data Restored : HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Search [Default_Search_URL][-] Data Restored : HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchUrl [Default][-] Data Restored : HKU\S-1-5-21-1177238915-823518204-1644491937-1004\Software\Microsoft\Internet Explorer\Main [Search Page][-] Data Restored : HKU\S-1-5-21-1177238915-823518204-1644491937-1004\Software\Microsoft\Internet Explorer\Main [Search Bar][-] Data Restored : HKU\S-1-5-21-1177238915-823518204-1644491937-1004\Software\Microsoft\Internet Explorer\Main [SearchAssistant][-] Data Restored : HKU\S-1-5-21-1177238915-823518204-1644491937-1004\Software\Microsoft\Internet Explorer\Main [Start Page][-] Data Restored : HKU\S-1-5-21-1177238915-823518204-1644491937-1004\Software\Microsoft\Internet Explorer\Main [Default_Page_URL][-] Data Restored : HKU\S-1-5-21-1177238915-823518204-1644491937-1004\Software\Microsoft\Internet Explorer\Search [Default_Search_URL][-] Data Restored : HKU\S-1-5-21-1177238915-823518204-1644491937-1004\Software\Microsoft\Internet Explorer\SearchUrl [Default][-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope][-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0644EE93-D778-472f-A0FF-E1416B8B2E3A}[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope][-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope][-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}[-] Value Deleted : HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope][-] Key Deleted : HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}[-] Data Restored : HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope][-] Value Deleted : HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope][-] Key Deleted : HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}[-] Data Restored : HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope][-] Value Deleted : HKU\S-1-5-21-1177238915-823518204-1644491937-1004\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope][-] Data Restored : HKU\S-1-5-21-1177238915-823518204-1644491937-1004\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope][-] Data Restored : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs][-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\mmotraffic.com[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [WINCOMHDJ]***** [ Web browsers ] ******************************:: "Tracing" keys deleted:: Winsock settings cleared*************************C:\AdwCleaner\AdwCleaner[C1].txt - [17296 bytes] - [18/06/2016 09:53:20]C:\AdwCleaner\AdwCleaner[S1].txt - [26568 bytes] - [18/06/2016 09:48:09]########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [17444 bytes] ##########junkware removal tool:~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by MalwarebytesVersion: 8.0.6 (04.25.2016)Operating System: Microsoft Windows XP x86Ran by Isabella (Administrator) on Sat 06/18/2016 at 9:57:21.35~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~File System: 39Failed to delete: C:\Program Files\google\chrome\application\chrome.bat (File)Failed to delete: C:\Program Files\internet explorer\iexplore.bat (File)Failed to delete: C:\Program Files\mpc cleaner (Folder)Successfully deleted: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\mpc (Folder)Successfully deleted: C:\Documents and Settings\Isabella\Application Data\aspackage (Folder)Successfully deleted: C:\Documents and Settings\Isabella\Application Data\babylon (Folder)Successfully deleted: C:\Documents and Settings\Isabella\Application Data\comcasttb (Folder)Successfully deleted: C:\Documents and Settings\Isabella\Application Data\imvuclient (Folder)Successfully deleted: C:\Documents and Settings\Isabella\Application Data\Mozilla\Firefox\Profiles\79gk91dw.default\Invalidprefs.js (File)Successfully deleted: C:\Documents and Settings\Isabella\Application Data\nico mak computing (Folder)Successfully deleted: C:\Documents and Settings\Isabella\Desktop\mpc adcleaner.lnk (Shortcut)Successfully deleted: C:\Documents and Settings\Isabella\Local Settings\Application Data\4C4C4544-1465909399-3610-8044-C4C04F444231 (Folder)Successfully deleted: C:\Documents and Settings\Isabella\Local Settings\Application Data\4C4C4544-1465929634-3610-8044-C4C04F444231 (Folder)Successfully deleted: C:\Documents and Settings\Isabella\Local Settings\Application Data\4C4C4544-1466005679-3610-8044-C4C04F444231 (Folder)Successfully deleted: C:\Documents and Settings\Isabella\Local Settings\Application Data\babylon (Folder)Successfully deleted: C:\Documents and Settings\Isabella\Local Settings\Application Data\drivertoolkit (Folder)Successfully deleted: C:\Documents and Settings\Isabella\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_en.softonic.com_0.localstorage-journal (File)Successfully deleted: C:\Documents and Settings\Isabella\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_en.softonic.com_0.localstorage (File)Successfully deleted: C:\Documents and Settings\Isabella\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_search.tb.ask.com_0.localstorage-journal (File)Successfully deleted: C:\Documents and Settings\Isabella\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_search.tb.ask.com_0.localstorage (File)Successfully deleted: C:\Documents and Settings\Isabella\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal (File)Successfully deleted: C:\Documents and Settings\Isabella\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage (File)Successfully deleted: C:\Documents and Settings\Isabella\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal (File)Successfully deleted: C:\Documents and Settings\Isabella\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage (File)Successfully deleted: C:\Documents and Settings\Isabella\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsmode.com_0.localstorage-journal (File)Successfully deleted: C:\Documents and Settings\Isabella\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsmode.com_0.localstorage (File)Successfully deleted: C:\Documents and Settings\Isabella\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.metrolyrics.com_0.localstorage-journal (File)Successfully deleted: C:\Documents and Settings\Isabella\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.metrolyrics.com_0.localstorage (File)Successfully deleted: C:\Documents and Settings\Isabella\Local Settings\Application Data\installer (Folder)Successfully deleted: C:\Documents and Settings\Isabella\Local Settings\Application Data\slimware utilities inc (Folder)Successfully deleted: C:\WINDOWS\System32\ai_recyclebin (Folder)Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0JGLM56L (Temporary Internet Files Folder)Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\9A67LRNO (Temporary Internet Files Folder)Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\E9K3MTSR (Temporary Internet Files Folder)Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\MO9OHS7B (Temporary Internet Files Folder)Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0JGLM56L (Temporary Internet Files Folder)Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\9A67LRNO (Temporary Internet Files Folder)Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\E9K3MTSR (Temporary Internet Files Folder)Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\MO9OHS7B (Temporary Internet Files Folder)Deleted the following from C:\Documents and Settings\Isabella\Application Data\Mozilla\Firefox\Profiles\79gk91dw.default\prefs.jsuser_pref(browser.search.selectedEngine, Trovi);Registry: 5Failed to delete: HKLM\SYSTEM\CurrentControlSet\services\MPCKpt (Registry Key)Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\SearchAssistant (Registry Value)Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{71737519-E297-4569-B786-2BC3FFC70A5B} (Registry Key)Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Sat 06/18/2016 at 10:00:52.53End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~farbar:Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-06-2016Ran by Isabella (administrator) on DAVID-0A47797B5 (18-06-2016 10:01:26)Running from C:\Documents and Settings\Isabella\My Documents\DownloadsLoaded Profiles: Isabella (Available Profiles: Isabella & Gabriella & Sophia & Heather & Guest)Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)Internet Explorer Version 6 (Default browser: "C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe" -- "%1")Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(DotC United Inc) C:\Program Files\MPC Cleaner\MPCProtectService.exe(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe==================== Registry (Whitelisted) ===========================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2006-03-23] (Intel Corporation)HKLM\...\Run: [MPC AdCleaner] => "C:\Program Files\MPC AdCleaner\AdCleaner.exe" /autostartHKLM\...\RunOnce: [OTUTPRODUCT_9RYBE] => C:\Program Files\mpck\otutnetwork.exe [60928 2016-06-14] (B)HKU\S-1-5-21-1177238915-823518204-1644491937-1004\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1HKU\S-1-5-21-1177238915-823518204-1644491937-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssstars.scr [14336 2008-04-14] (Microsoft Corporation)AppInit_DLLs: C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lamzap\BioOvefix.dll => No FileShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No FileStartup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\RNX-MiniN1 11n USB Wireless LAN Utility.lnk [2012-04-14]ShortcutTarget: RNX-MiniN1 11n USB Wireless LAN Utility.lnk -> C:\Program Files\RNX-MiniN1\11n USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\RNX-MiniN1 11n USB Wireless LAN Utility.lnk [2012-04-14]ShortcutTarget: RNX-MiniN1 11n USB Wireless LAN Utility.lnk -> C:\Program Files\RNX-MiniN1\11n USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)Startup: C:\Documents and Settings\CtShahJ\Start Menu\Programs\Startup\DeleteASHKCU.exe [2010-01-12] ()Startup: C:\Documents and Settings\griffid.MARINGENERAL\Start Menu\Programs\Startup\DeleteASHKCU.exe [2010-01-12] ()Startup: C:\Documents and Settings\hewittm\Start Menu\Programs\Startup\DeleteASHKCU.exe [2010-01-12] ()Startup: C:\Documents and Settings\hillm1\Start Menu\Programs\Startup\DeleteASHKCU.exe [2010-01-12] ()Startup: C:\Documents and Settings\jacksoem\Start Menu\Programs\Startup\DeleteASHKCU.exe [2010-01-12] ()Startup: C:\Documents and Settings\marksl\Start Menu\Programs\Startup\DeleteASHKCU.exe [2010-01-12] ()Startup: C:\Documents and Settings\PetrovBk\Start Menu\Programs\Startup\DeleteASHKCU.exe [2010-01-12] ()Startup: C:\Documents and Settings\refreshh\Start Menu\Programs\Startup\DeleteASHKCU.exe [2010-01-12] ()Startup: C:\Documents and Settings\sircusc\Start Menu\Programs\Startup\DeleteASHKCU.exe [2010-01-12] ()Startup: C:\Documents and Settings\Sophia\Start Menu\Programs\Startup\PowerReg Scheduler.exe [2011-08-27] ()Startup: C:\Documents and Settings\TrajanR\Start Menu\Programs\Startup\DeleteASHKCU.exe [2010-01-12] ()Startup: C:\Documents and Settings\w2kdeploy\Start Menu\Programs\Startup\DeleteASHKCU.exe [2010-01-12] ()CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)ProxyEnable: [.DEFAULT] => Proxy is enabled.ProxyServer: [.DEFAULT] => http=127.0.0.1:3492;https=127.0.0.1:3492;AutoConfigURL: [.DEFAULT] => http=127.0.0.1:3492;https=127.0.0.1:3492;Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txtTcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76Tcpip\..\Interfaces\{82E1604E-4B41-41E2-92FD-BAA899DD6B25}: [DhcpNameServer] 75.75.75.75 75.75.76.76Internet Explorer:==================HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.comHKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.comHKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htmHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhomeHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchURLSearchHook: HKU\S-1-5-21-1177238915-823518204-1644491937-1004 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "hxxp://www.google.com" <======= ATTENTIONHKU\S-1-5-21-1177238915-823518204-1644491937-1004\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_popjar_16_24_ssg08¶m1=1¶m2=f%3D2%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtCtAyBtB0EtCtBtByC0B0B0EyDyDtN0D0Tzu0StCyCtByDtN1L2XzutAtFtBtBtFtAtFzztN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyC0B0F0C0A0EtAyDtGtCyEzyyEtG0D0CtB0AtGtBtDtBzytGyBzzyCyCyB0EtC0CyByCtDtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0EyByD0F0F0CtCtG0FtAtC0BtGyE0D0F0FtGzytAzyyEtGtAyEzzzytAtA0FyCzztD0Bzy2QtN0A0LzuyE%26cr%3D2141437022%26a%3Dwncy_popjar_16_24_ssg08%26os_ver%3D5.1%26os%3DWindows%2BXP" <======= ATTENTIONSearchScopes: HKLM -> DefaultScope value is missingSearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKU\S-1-5-21-1177238915-823518204-1644491937-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKU\S-1-5-21-1177238915-823518204-1644491937-1004 -> {FDC320A9-B4B2-491E-B140-815C11613CB6} URL = hxxp://search.yahoo.com/search?p={searchTerms}Toolbar: HKU\S-1-5-21-1177238915-823518204-1644491937-1004 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileDPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} hxxp://launch.soe.com/plugin/web/SOEWebInstaller.cabStartMenuInternet: IEXPLORE.EXE - iexplore.exeFireFox:========FF ProfilePath: C:\Documents and Settings\Isabella\Application Data\Mozilla\Firefox\Profiles\79gk91dw.defaultFF NewTab: C:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\Lamzaps\\ff.NTFF DefaultSearchEngine: Yahoo! PoweredFF Homepage: C:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\Lamzaps\\ff.HPFF Keyword.URL: user_pref("keyword.URL", true);FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-16] ()FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)FF Plugin: @unity3d.com/UnityPlayer -> C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll [2008-07-17] (Unity Technologies ApS)FF Plugin HKU\S-1-5-21-1177238915-823518204-1644491937-1004: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\Isabella\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll [2016-04-11] (Unity Technologies ApS)FF SearchPlugin: C:\Documents and Settings\Isabella\Application Data\Mozilla\Firefox\Profiles\79gk91dw.default\searchplugins\findit.xml [2016-06-17]FF Extension: YouTube Video and Audio Downloader - C:\Documents and Settings\Isabella\Application Data\Mozilla\Firefox\Profiles\79gk91dw.default\Extensions\[email protected] [2016-06-02]FF Extension: Translate This! - C:\Documents and Settings\Isabella\Application Data\Mozilla\Firefox\Profiles\79gk91dw.default\Extensions\[email protected] [2016-04-11]FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtensionFF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-01-19] [not signed]FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.4.24\coFFAddon => not foundChrome:=======CHR HomePage: Default -> hxxp://taplika.com/?f=1&a=tpl_installertech_15_16&cd=2XzuyEtN2Y1L1QzutDtDtCtAyBtB0EtCtBtByC0B0B0EyDyDtN0D0Tzu0StCtBtDtBtN1L2XzutAtFtCtDtFtBtFtDtN1L1Czu2Z1E1I1V1L1G1B2Z1T1I1I1P1C2Z1P1R1MtN1L1G1B1V1N2Y1L1Qzu2SyDtD0CyD0Ezz0C0EtG0B0C0B0FtGtAtB0CyCtGyBtByC0CtGtCtCtCtB0B0D0A0C0AzytByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0EyByD0F0F0CtCtG0FtAtC0BtGyE0D0F0FtGzytAzyyEtGtAyEzzzytAtA0FyCzztD0Bzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzuyBtCtA&cr=1768884837&ir=CHR StartupUrls: Default -> "hxxp://taplika.com/?f=7&a=tpl_installertech_15_16&cd=2XzuyEtN2Y1L1QzutDtDtCtAyBtB0EtCtBtByC0B0B0EyDyDtN0D0Tzu0StCtBtDtBtN1L2XzutAtFtCtDtFtBtFtDtN1L1Czu2Z1E1I1V1L1G1B2Z1T1I1I1P1C2Z1P1R1MtN1L1G1B1V1N2Y1L1Qzu2SyDtD0CyD0Ezz0C0EtG0B0C0B0FtGtAtB0CyCtGyBtByC0CtGtCtCtCtB0B0D0A0C0AzytByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0EyByD0F0F0CtCtG0FtAtC0BtGyE0D0F0FtGzytAzyyEtGtAyEzzzytAtA0FyCzztD0Bzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzuyBtCtA&cr=1768884837&ir=","hxxp://www.google.com/","hxxp://us.4yendex.com/?utm_source=sdks&utm_medium=us01&utm_campaign=cbcab940a9053e847c0ee861c321939e"CHR Plugin: (Widevine Content Decryption Module) - C:\Documents and Settings\Isabella\Local Settings\Application Data\Google\Chrome\User Data\WidevineCDM\1.4.8.824\_platform_specific\win_x86\widevinecdmadapter.dll => No FileCHR Plugin: (Shockwave Flash) - C:\PROGRA~1\Google\Chrome\APPLIC~1\49.0.2623.112\PepperFlash\pepflashplayer.dll ()CHR Profile: C:\Documents and Settings\Isabella\Local Settings\Application Data\Google\Chrome\User Data\DefaultCHR Extension: (Google Docs) - C:\Documents and Settings\Isabella\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-19]CHR Extension: (Google Drive) - C:\Documents and Settings\Isabella\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-23]CHR Extension: (YouTube) - C:\Documents and Settings\Isabella\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-23]CHR Extension: (Google Search) - C:\Documents and Settings\Isabella\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-23]CHR Extension: (Google Docs Offline) - C:\Documents and Settings\Isabella\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]CHR Extension: (Core) - C:\Documents and Settings\Isabella\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gkhcgfdghbiidgeccbldhfceleibkkpe [2016-03-26]CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Isabella\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]CHR Extension: (Gmail) - C:\Documents and Settings\Isabella\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-05]CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crxCHR HKU\S-1-5-21-1177238915-823518204-1644491937-1004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crxStartMenuInternet: Google Chrome - C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe==================== Services (Whitelisted) ========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)S3 CLPSLauncher; C:\Program Files\Common Files\COMODO\launcher_service.exe [76944 2016-06-03] (Comodo Security Solutions, Inc.)S2 cmcore; c:\program files\cmcm\Clean Master\cmcore.exe [315208 2016-04-13] (Kingsoft Corporation)S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]S2 Lamzap; C:\Documents and Settings\All Users.WINDOWS\Application Data\\Lamzap\\Lamzap.exe [957440 2016-06-14] () [File not signed]S3 LPDSVC; C:\WINDOWS\system32\tcpsvcs.exe [19456 2008-04-14] (Microsoft Corporation)R2 MPCProtectService; C:\Program Files\MPC Cleaner\MPCProtectService.exe [350688 2016-06-14] (DotC United Inc)===================== Drivers (Whitelisted) ==========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21361 2012-04-14] (Cisco Systems, Inc.) [File not signed]S3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [4122368 2008-09-24] (Realtek Semiconductor Corp.) [File not signed]S3 EsgScanner; C:\WINDOWS\System32\DRIVERS\EsgScanner.sys [19984 2016-06-14] ()R3 ksapi; C:\WINDOWS\system32\drivers\ksapi.sys [81768 2016-04-13] (Kingsoft Corporation)S3 Leapfrog-USBLAN; C:\WINDOWS\System32\DRIVERS\btblan.sys [33792 2011-08-23] (Belcarra Technologies) [File not signed]R0 MPCBase; C:\WINDOWS\System32\drivers\MPCBase.sys [29032 2016-06-14] (DotC United Inc)R1 MPCKpt; C:\WINDOWS\System32\DRIVERS\MPCKpt.sys [53992 2016-06-14] (DotC United Inc)R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-14] (Microsoft Corporation)R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2008-04-14] (Microsoft Corporation)R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2008-04-14] (Microsoft Corporation)R3 RTL8192cu; C:\WINDOWS\System32\DRIVERS\RTL8192cu.sys [987904 2011-09-02] (Realtek Semiconductor Corporation ) [File not signed]R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)S3 XPTWOPORT; C:\WINDOWS\System32\DRIVERS\XPTWOPORT.SYS [15872 2011-09-02] (Realtek Semiconductor Corporation ) [File not signed]S0 cerc6; no ImagePathS3 cpuz134; \??\C:\DOCUME~1\Isabella\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]S3 cpuz136; \??\C:\WINDOWS\TEMP\cpuz136\cpuz136_x32.sys [X]U5 FontCache3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [46104 2008-07-29] (Microsoft Corporation)S4 IntelIde; no ImagePathU1 WS2IFSL; no ImagePath==================== NetSvcs (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)==================== One Month Created files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2016-06-18 10:01 - 2016-06-18 10:01 - 00006787 _____ C:\Documents and Settings\Isabella\My Documents\JRT.txt2016-06-18 10:01 - 2016-06-18 10:01 - 00000000 ____D C:\FRST2016-06-18 10:00 - 2016-06-18 10:00 - 00006787 _____ C:\Documents and Settings\Isabella\Desktop\JRT.txt2016-06-18 09:55 - 2016-06-18 09:55 - 00001476 _____ C:\Documents and Settings\All Users.WINDOWS\Desktop\MPC Cleaner.lnk2016-06-18 09:54 - 2016-06-18 09:54 - 00213672 _____ C:\WINDOWS\system32\FNTCACHE.DAT2016-06-18 09:47 - 2016-06-18 09:47 - 00047016 _____ C:\Documents and Settings\Isabella\Local Settings\Application Data\GDIPFONTCACHEV1.DAT2016-06-18 09:45 - 2016-06-18 09:53 - 00000000 ____D C:\AdwCleaner2016-06-17 19:39 - 2016-06-14 11:38 - 00001827 ____R C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Gооglе Сhrоmе (2).lnk2016-06-17 19:39 - 2016-06-14 11:38 - 00001827 ____R C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Gооglе Сhrоmе (2).lnk2016-06-17 14:46 - 2016-06-17 14:46 - 00001203 _____ C:\Documents and Settings\Isabella\Desktop\Shortcut to MikuMikuDance.lnk2016-06-16 15:57 - 2016-06-16 20:57 - 00000000 ____D C:\Program Files\Mozilla Firefox2016-06-16 09:17 - 2016-06-18 09:54 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service2016-06-16 09:17 - 2016-06-18 09:53 - 00000730 _____ C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Mozilla Firefox.lnk2016-06-16 09:17 - 2016-06-18 09:53 - 00000730 _____ C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Mozilla Firefox.lnk2016-06-16 09:17 - 2016-06-18 09:53 - 00000724 _____ C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk2016-06-16 08:45 - 2016-06-16 08:46 - 00062186 _____ C:\WINDOWS\ntbtlog.txt2016-06-15 14:19 - 2016-06-16 08:30 - 00000000 ____D C:\Documents and Settings\Isabella\Start Menu\Programs\MPC AdCleaner2016-06-14 16:46 - 2016-06-14 16:46 - 00019984 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys2016-06-14 13:55 - 2016-06-14 13:55 - 00000908 _____ C:\Documents and Settings\Isabella\Desktop\Tech support.txt2016-06-14 13:23 - 2016-06-14 13:23 - 00000000 ____D C:\WINDOWS\pss2016-06-14 13:17 - 2016-06-14 13:17 - 00000000 ____D C:\Documents and Settings\Isabella\Local Settings\Application Data\LogMeIn Rescue Applet2016-06-14 12:30 - 2016-06-14 12:31 - 00000000 ____D C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\WebUpdater2016-06-14 12:30 - 2016-06-14 12:31 - 00000000 ____D C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\WebUpdater2016-06-14 12:23 - 2016-06-14 12:26 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\Lamzaps2016-06-14 12:23 - 2016-06-14 12:26 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\Lamzaps2016-06-14 12:23 - 2016-06-14 12:23 - 00000000 ____D C:\Program Files\Common Files\Domity2016-06-14 12:22 - 2016-06-18 09:55 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\Lamzap2016-06-14 12:22 - 2016-06-18 09:55 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\Lamzap2016-06-14 12:22 - 2016-06-14 12:22 - 02279413 _____ C:\Documents and Settings\Isabella\Application Data\Saltjob.bin2016-06-14 12:21 - 2016-06-14 12:22 - 00000000 ____D C:\Documents and Settings\Isabella\Local Settings\Application Data\DailyWiki2016-06-14 12:21 - 2016-06-14 12:21 - 06867968 _____ C:\Documents and Settings\Isabella\Application Data\agent.dat2016-06-14 12:21 - 2016-06-14 12:21 - 01760384 _____ C:\Documents and Settings\Isabella\Application Data\Siljaytough.tst2016-06-14 12:21 - 2016-06-14 12:21 - 00126464 _____ C:\Documents and Settings\Isabella\Application Data\noah.dat2016-06-14 12:21 - 2016-06-14 12:21 - 00126464 _____ C:\Documents and Settings\Isabella\Application Data\lobby.dat2016-06-14 12:21 - 2016-06-14 12:21 - 00072704 _____ C:\Documents and Settings\Isabella\Application Data\Med-It.tst2016-06-14 12:21 - 2016-06-14 12:21 - 00069072 _____ C:\Documents and Settings\Isabella\Application Data\Config.xml2016-06-14 12:21 - 2016-06-14 12:21 - 00054272 _____ C:\Documents and Settings\Isabella\Application Data\ApplicationHosting.dat2016-06-14 12:21 - 2016-06-14 12:21 - 00018432 _____ C:\Documents and Settings\Isabella\Application Data\Main.dat2016-06-14 12:21 - 2016-06-14 12:21 - 00005568 _____ C:\Documents and Settings\Isabella\Application Data\md.xml2016-06-14 12:21 - 2016-06-14 12:20 - 00053992 ____N (DotC United Inc) C:\WINDOWS\system32\Drivers\MPCKpt.sys2016-06-14 12:21 - 2016-06-14 12:20 - 00029032 ____N (DotC United Inc) C:\WINDOWS\system32\Drivers\MPCBase.sys2016-06-14 12:21 - 2016-06-14 12:18 - 00957440 _____ C:\Documents and Settings\Isabella\Application Data\Siljaytough.exe2016-06-14 12:21 - 2016-06-14 12:18 - 00957440 _____ C:\Documents and Settings\Isabella\Application Data\Med-It.exe2016-06-14 12:20 - 2016-06-14 12:30 - 00000000 ____D C:\Program Files\MPC Cleaner2016-06-14 12:20 - 2016-06-14 12:20 - 00000000 ____D C:\Documents and Settings\Isabella\Local Settings\Application Data\tuto_monetize_1201606142016-06-14 12:20 - 2016-06-14 12:20 - 00000000 ____D C:\Documents and Settings\Isabella\Local Settings\Application Data\SecurityApps2016-06-14 12:18 - 2016-06-15 14:18 - 00000000 ____D C:\Documents and Settings\Isabella\Local Settings\Application Data\4C4C4544-1465906685-3610-8044-C4C04F4442312016-06-14 12:18 - 2016-06-14 12:19 - 00018288 _____ C:\Documents and Settings\Isabella\Application Data\InstallationConfiguration.xml2016-06-14 12:18 - 2016-06-14 12:19 - 00000000 ____D C:\Program Files\mpck2016-06-14 12:18 - 2016-06-14 12:18 - 00128512 _____ C:\Documents and Settings\Isabella\Application Data\Installer.dat2016-06-14 12:18 - 2016-06-14 12:18 - 00000000 _____ C:\WINDOWS\system32\Number of results2016-06-14 12:13 - 2016-06-14 12:13 - 00000000 ____D C:\Documents and Settings\Isabella\Local Settings\Application Data\IsolatedStorage2016-06-14 12:12 - 2016-06-16 08:22 - 00002892 _____ C:\wulog.txt2016-06-14 12:12 - 2016-06-15 13:50 - 00000000 ____D C:\Documents and Settings\Isabella\Local Settings\Application Data\WebUpdater2016-06-14 11:56 - 2016-06-14 11:57 - 00000000 ____D C:\Program Files\OpenSupport2016-06-14 11:43 - 2016-06-15 13:46 - 00000000 ____D C:\Program Files\Win32_ComputerSystemProduct-1465929799---2016-06-14 11:43 - 2016-06-14 11:39 - 00002116 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak2016-06-14 11:25 - 2016-06-14 11:25 - 00000000 ____D C:\Documents and Settings\Isabella\Application Data\FreeDownloadManager.ORG2016-06-14 11:25 - 2016-06-14 11:25 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\FreeDownloadManager.ORG2016-06-14 11:25 - 2016-06-14 11:25 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\FreeDownloadManager.ORG2016-06-14 11:25 - 2016-06-14 11:25 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\Free Download Manager2016-06-14 11:25 - 2016-06-14 11:25 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\Free Download Manager2016-06-13 14:57 - 2016-06-13 15:24 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\PasswordBoss2016-06-13 14:57 - 2016-06-13 15:24 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\PasswordBoss2016-06-13 14:56 - 2016-06-13 15:21 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\InstallMate2016-06-13 14:56 - 2016-06-13 15:21 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\InstallMate2016-06-13 07:13 - 2016-06-13 07:13 - 00142495 _____ C:\WINDOWS\e7cba6967fb0ecb67001f9d280002e18.exe2016-05-30 12:38 - 2016-05-30 12:38 - 00000000 ____D C:\Documents and Settings\Isabella\Local Settings\Application Data\PPC-software2016-05-30 12:38 - 2016-05-30 12:38 - 00000000 ____D C:\Documents and Settings\Isabella\Application Data\updates2016-05-30 12:37 - 2016-05-30 12:37 - 00000000 ____D C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\ScreenSnapshotTool2016-05-30 12:34 - 2016-05-30 12:34 - 00000000 ____D C:\Documents and Settings\Isabella\Application Data\efo2016-05-30 12:34 - 2016-05-30 12:34 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\Unchecky2016-05-30 12:34 - 2016-05-30 12:34 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\Unchecky2016-05-30 12:24 - 2016-05-30 12:24 - 00040404 ____H C:\WINDOWS\system32\mlfcache.dat2016-05-29 14:15 - 2016-05-29 14:15 - 00000000 ____D C:\Program Files\RobloxVersions2016-05-21 15:16 - 2016-05-21 15:16 - 00000000 __SHD C:\found.001==================== One Month Modified files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2016-06-18 10:01 - 2011-08-27 08:47 - 00000000 ___RD C:\Documents and Settings\Isabella\My Documents2016-06-18 10:01 - 2011-08-27 08:47 - 00000000 ____D C:\Documents and Settings\Isabella\Local Settings\Temp2016-06-18 09:55 - 2015-07-17 09:18 - 00002422 _____ C:\WINDOWS\system32\wpa.dbl2016-06-18 09:55 - 2015-06-19 14:04 - 00000000 _____ C:\WINDOWS\RTacDbg.txt2016-06-18 09:55 - 2015-04-17 20:47 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2016-06-18 09:55 - 2015-02-08 10:34 - 00000228 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job2016-06-18 09:55 - 2011-08-26 19:59 - 00032642 _____ C:\WINDOWS\SchedLgU.Txt2016-06-18 09:55 - 2011-08-26 19:59 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT2016-06-18 09:54 - 2011-08-27 08:47 - 00000178 ___SH C:\Documents and Settings\Isabella\ntuser.ini2016-06-18 09:53 - 2016-04-14 07:37 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft2016-06-18 09:53 - 2016-04-14 07:37 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft2016-06-18 09:16 - 2012-04-06 18:07 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job2016-06-18 09:10 - 2015-04-17 20:47 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2016-06-17 12:20 - 2015-06-18 20:27 - 00001825 ____C C:\Documents and Settings\Guest\Desktop\Google Chrome.lnk2016-06-17 12:20 - 2015-06-18 20:27 - 00000815 ____C C:\Documents and Settings\Guest\Start Menu\Programs\Internet Explorer.lnk2016-06-17 12:20 - 2015-04-22 12:03 - 00001825 _____ C:\Documents and Settings\Heather\Desktop\Google Chrome.lnk2016-06-17 12:20 - 2015-04-17 18:26 - 00000815 _____ C:\Documents and Settings\Heather\Start Menu\Programs\Internet Explorer.lnk2016-06-17 12:20 - 2011-08-26 20:51 - 00000815 _____ C:\Documents and Settings\Sophia\Start Menu\Programs\Internet Explorer.lnk2016-06-17 12:20 - 2008-08-22 13:06 - 00000779 ____C C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk2016-06-17 03:12 - 2015-01-10 21:26 - 00000000 ____D C:\WINDOWS\system32\MRT2016-06-17 03:00 - 2011-09-08 23:52 - 139785240 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe2016-06-16 16:16 - 2012-04-06 18:07 - 00796352 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe2016-06-16 16:16 - 2011-09-09 19:04 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl2016-06-16 09:25 - 2011-08-26 19:58 - 00000178 __SHC C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.ini2016-06-16 08:52 - 2011-11-04 21:59 - 00000000 ____D C:\Documents and Settings\Isabella\Local Settings\Application Data\ApplicationHistory2016-06-16 08:45 - 2008-08-22 13:06 - 00000000 __SHD C:\WINDOWS\CSC2016-06-15 14:21 - 2015-04-15 21:11 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2909212$2016-06-15 14:21 - 2015-04-15 21:11 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2510581$2016-06-15 14:21 - 2015-04-15 21:10 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2964358$2016-06-15 14:21 - 2015-04-15 21:10 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2936068$2016-06-15 14:21 - 2015-01-10 21:44 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$2016-06-15 14:21 - 2015-01-10 21:43 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2922229$2016-06-15 14:21 - 2015-01-10 21:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2916036$2016-06-15 14:21 - 2015-01-10 21:38 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2929961$2016-06-15 14:21 - 2015-01-10 21:38 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$2016-06-15 14:21 - 2015-01-10 21:38 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$2016-06-15 14:21 - 2015-01-10 21:38 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$2016-06-15 14:21 - 2015-01-10 21:37 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$2016-06-15 14:21 - 2015-01-10 21:37 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876217$2016-06-15 14:21 - 2015-01-10 21:37 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$2016-06-15 14:21 - 2015-01-10 21:37 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$2016-06-15 14:21 - 2015-01-10 21:36 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2930275$2016-06-15 14:21 - 2015-01-10 21:36 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2864063$2016-06-15 14:21 - 2015-01-10 21:36 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$2016-06-15 14:21 - 2015-01-10 21:35 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$2016-06-15 14:21 - 2015-01-10 21:35 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$2016-06-15 14:21 - 2015-01-10 21:34 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$2016-06-15 14:21 - 2015-01-10 21:31 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$2016-06-15 14:21 - 2015-01-10 21:25 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$2016-06-15 14:21 - 2015-01-10 21:25 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$2016-06-15 14:21 - 2015-01-10 21:16 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$2016-06-15 14:21 - 2013-04-14 13:39 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2820917$2016-06-15 14:21 - 2013-04-14 13:39 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2808735$2016-06-15 14:21 - 2013-04-14 13:36 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2813345$2016-06-15 14:21 - 2013-04-14 13:36 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2813170$2016-06-15 14:21 - 2013-03-24 09:59 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB939683$2016-06-15 14:21 - 2013-03-24 09:59 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB929399$2016-06-15 14:21 - 2013-03-24 09:58 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB954154_WM11$2016-06-15 14:21 - 2013-03-17 00:58 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2807986$2016-06-15 14:21 - 2013-03-08 12:38 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2799494$2016-06-15 14:21 - 2013-03-08 12:38 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2778344$2016-06-15 14:21 - 2013-03-08 12:38 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2758857$2016-06-15 14:21 - 2013-03-08 12:37 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2802968$2016-06-15 14:21 - 2013-03-08 12:37 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2780091$2016-06-15 14:21 - 2013-03-08 12:37 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2779562$2016-06-15 14:21 - 2013-03-08 12:36 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2753842-v2$2016-06-15 14:21 - 2013-03-08 12:35 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2770660$2016-06-15 14:21 - 2013-03-08 12:35 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2757638$2016-06-15 14:21 - 2012-11-29 19:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2761226$2016-06-15 14:21 - 2012-11-29 19:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2727528$2016-06-15 14:21 - 2012-10-12 20:47 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2724197$2016-06-15 14:21 - 2012-10-12 20:45 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2756822$2016-06-15 14:21 - 2012-10-12 20:45 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2749655$2016-06-15 14:21 - 2012-10-12 20:45 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2661254-v2$2016-06-15 14:21 - 2012-09-22 09:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2736233$2016-06-15 14:21 - 2012-08-18 03:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2731847$2016-06-15 14:21 - 2012-08-18 03:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2712808$2016-06-15 14:21 - 2012-08-18 03:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2705219$2016-06-15 14:21 - 2012-08-18 03:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2723135$2016-06-15 14:21 - 2012-07-14 03:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2719985$2016-06-15 14:21 - 2012-07-14 03:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2718523$2016-06-15 14:21 - 2012-07-14 03:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2691442$2016-06-15 14:21 - 2012-07-14 03:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2655992$2016-06-15 14:21 - 2012-07-14 03:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2698365$2016-06-15 14:21 - 2012-06-13 20:40 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2707511$2016-06-15 14:21 - 2012-06-13 20:35 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2685939$2016-06-15 14:21 - 2012-06-13 20:32 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2709162$2016-06-15 14:21 - 2012-06-09 03:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2718704$2016-06-15 14:21 - 2012-05-11 14:39 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2695962$2016-06-15 14:21 - 2012-05-11 14:38 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2676562$2016-06-15 14:18 - 2016-04-10 09:26 - 00000000 ____D C:\Documents and Settings\Isabella\Start Menu\ByteFence2016-06-15 14:15 - 2011-08-26 20:51 - 00000000 ___RD C:\Documents and Settings\Sophia\My Documents2016-06-15 13:46 - 2016-04-14 07:34 - 00000000 ____D C:\SUPERDelete2016-06-14 19:50 - 2015-04-20 20:28 - 00000000 ___RD C:\Documents and Settings\Isabella\My Documents\My Pictures2016-06-14 18:12 - 2016-04-14 07:25 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2016-06-14 16:48 - 2008-08-22 05:45 - 00000000 ___HD C:\WINDOWS\inf2016-06-14 13:17 - 2012-03-10 12:25 - 00000000 ____D C:\Documents and Settings\Isabella\Local Settings\Application Data\Deployment2016-06-14 12:28 - 2016-04-14 04:01 - 00769698 _____ C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1177238915-823518204-1644491937-1004-0.dat2016-06-14 12:28 - 2016-04-14 04:01 - 00207690 _____ C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\WPFFontCache_v0400-System.dat2016-06-14 12:17 - 2016-04-03 18:35 - 00000000 ____D C:\Documents and Settings\Isabella\Application Data\translate-65e7cca1b27e50ede238fedb48951a632016-06-14 12:17 - 2016-04-03 18:35 - 00000000 ____D C:\Documents and Settings\Isabella\Application Data\emoticons-c6fcecc50023c7b811f3454d9d5636c02016-06-14 12:17 - 2016-04-03 18:28 - 00000000 ____D C:\Documents and Settings\Isabella\Application Data\instagram-65e4ac1c5edb34c0da5ebbeca821d5af2016-06-14 12:10 - 2011-08-26 19:59 - 00000000 __SHD C:\Documents and Settings\LocalService.NT AUTHORITY2016-06-14 11:38 - 2016-04-03 18:22 - 00001616 ____R C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Моzillа Firеfох.lnk2016-06-14 11:38 - 2016-04-03 18:22 - 00001616 ____R C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Моzillа Firеfох.lnk2016-06-14 11:38 - 2015-04-17 20:52 - 00001827 ____R C:\Documents and Settings\Isabella\Desktop\Gооglе Сhrоmе.lnk2016-06-14 11:38 - 2015-04-16 07:13 - 00001659 ____R C:\Documents and Settings\Isabella\Start Menu\Programs\Intеrnеt Ехplоrеr.lnk2016-06-13 15:28 - 2016-04-14 07:22 - 00000000 ____D C:\Program Files\SUPERAntiSpyware2016-06-13 15:26 - 2016-04-10 09:26 - 00065536 _____ C:\WINDOWS\system32\config\Reason.evt2016-06-13 15:21 - 2011-08-26 12:38 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS2016-06-13 15:20 - 2010-03-23 15:00 - 00000000 ____D C:\Program Files\Auslogics2016-06-13 14:56 - 2016-04-10 09:16 - 00000344 __RSH C:\Documents and Settings\All Users.WINDOWS\ntuser.pol2016-06-13 14:07 - 2016-05-11 20:05 - 00000000 ____D C:\Program Files\Common Files\COMODO2016-06-13 11:22 - 2015-04-17 17:54 - 00000000 ____D C:\Documents and Settings\Heather\Local Settings\Temp2016-06-13 11:22 - 2011-08-26 19:59 - 00000000 ____D C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temp2016-06-08 15:00 - 2015-02-08 10:34 - 00000222 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job2016-06-05 16:51 - 2015-11-24 08:34 - 00000000 ____D C:\Documents and Settings\Isabella\Application Data\IMVU2016-05-30 12:43 - 2016-05-06 20:37 - 00000000 ____D C:\Documents and Settings\Isabella\Local Settings\Application Data\RobloxVersions2016-05-30 12:28 - 2012-04-07 21:53 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton2016-05-30 12:28 - 2012-04-07 21:53 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton2016-05-29 14:15 - 2016-05-06 20:37 - 00000174 _____ C:\Documents and Settings\Isabella\Local Settings\Application Data\rbxcsettings.rbx2016-05-29 14:15 - 2016-05-06 20:37 - 00000000 ____D C:\Documents and Settings\Isabella\Local Settings\Application Data\RobloxDownloads2016-05-23 23:25 - 2016-04-14 07:24 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware2016-05-23 21:41 - 2011-08-26 20:51 - 00000000 ____D C:\Documents and Settings\Sophia\Local Settings\Temp==================== Files in the root of some directories =======2010-11-02 08:53 - 2010-11-02 08:53 - 0001470 ____C () C:\Program Files\Common Files\AllscriptsEHR Gateway.rdp2010-06-24 11:32 - 2010-06-24 11:32 - 0022486 ____C () C:\Program Files\Common Files\DataArk.ico2010-06-24 11:33 - 2010-06-24 11:33 - 0000091 ____C () C:\Program Files\Common Files\DataArk.url2010-08-10 15:15 - 2010-08-10 15:15 - 0278135 ____C () C:\Program Files\Common Files\ManageAllScriptsRDP.exe2010-06-24 13:44 - 2010-06-24 13:44 - 0078782 ____C () C:\Program Files\Common Files\MGH-logo-color.ico2010-06-24 12:46 - 2010-06-24 12:46 - 0004286 ____C () C:\Program Files\Common Files\MGHNET-32x.ico2010-06-28 08:50 - 2010-06-28 08:50 - 0000083 ____C () C:\Program Files\Common Files\MGHNet.url2010-06-22 09:17 - 2011-08-03 12:38 - 0000327 ____C () C:\Program Files\Common Files\Paragon.url2010-10-28 14:53 - 2010-10-28 14:53 - 0000161 ____C () C:\Program Files\Common Files\Physicians WebStation (WSP 9.4).url2009-11-23 13:40 - 2009-11-23 13:40 - 0291079 ____C () C:\Program Files\Common Files\Uninstall_MSjava.exe2010-06-24 13:46 - 2010-06-24 13:46 - 0004286 ____C () C:\Program Files\Common Files\WSP-32x.ico2016-06-14 12:21 - 2016-06-14 12:21 - 6867968 _____ () C:\Documents and Settings\Isabella\Application Data\agent.dat2016-06-14 12:21 - 2016-06-14 12:21 - 0054272 _____ () C:\Documents and Settings\Isabella\Application Data\ApplicationHosting.dat2016-06-14 12:21 - 2016-06-14 12:21 - 0069072 _____ () C:\Documents and Settings\Isabella\Application Data\Config.xml2016-06-14 12:18 - 2016-06-14 12:19 - 0018288 _____ () C:\Documents and Settings\Isabella\Application Data\InstallationConfiguration.xml2016-06-14 12:18 - 2016-06-14 12:18 - 0128512 _____ () C:\Documents and Settings\Isabella\Application Data\Installer.dat2016-06-14 12:21 - 2016-06-14 12:21 - 0126464 _____ () C:\Documents and Settings\Isabella\Application Data\lobby.dat2016-06-14 12:21 - 2016-06-14 12:21 - 0018432 _____ () C:\Documents and Settings\Isabella\Application Data\Main.dat2016-06-14 12:21 - 2016-06-14 12:21 - 0005568 _____ () C:\Documents and Settings\Isabella\Application Data\md.xml2016-06-14 12:21 - 2016-06-14 12:18 - 0957440 _____ () C:\Documents and Settings\Isabella\Application Data\Med-It.exe2016-06-14 12:21 - 2016-06-14 12:21 - 0072704 _____ () C:\Documents and Settings\Isabella\Application Data\Med-It.tst2016-06-14 12:21 - 2016-06-14 12:21 - 0126464 _____ () C:\Documents and Settings\Isabella\Application Data\noah.dat2016-06-14 12:22 - 2016-06-14 12:22 - 2279413 _____ () C:\Documents and Settings\Isabella\Application Data\Saltjob.bin2016-06-14 12:21 - 2016-06-14 12:18 - 0957440 _____ () C:\Documents and Settings\Isabella\Application Data\Siljaytough.exe2016-06-14 12:21 - 2016-06-14 12:21 - 1760384 _____ () C:\Documents and Settings\Isabella\Application Data\Siljaytough.tst2016-06-14 12:23 - 2016-06-14 12:23 - 0032038 _____ () C:\Documents and Settings\Isabella\Application Data\uninstall_temp.ico2015-04-18 17:28 - 2015-04-23 16:45 - 0000103 ____C () C:\Documents and Settings\Isabella\Application Data\WB.CFG2016-04-13 17:28 - 2016-04-13 17:49 - 0005632 _____ () C:\Documents and Settings\Isabella\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2015-04-20 16:54 - 2015-04-20 16:54 - 0274045 _____ () C:\Documents and Settings\Isabella\Local Settings\Application Data\dsi1.dat2015-04-20 16:54 - 2015-04-20 16:54 - 0161916 _____ () C:\Documents and Settings\Isabella\Local Settings\Application Data\dsi2.dat2012-12-05 15:44 - 2012-12-05 15:44 - 0027520 _____ () C:\Documents and Settings\Isabella\Local Settings\Application Data\dt.dat2016-05-06 20:37 - 2016-05-29 14:15 - 0000174 _____ () C:\Documents and Settings\Isabella\Local Settings\Application Data\rbxcsettings.rbx2015-11-23 18:27 - 2015-11-23 18:27 - 0000000 ____C () C:\Documents and Settings\Isabella\Local Settings\Application Data\{4A471A52-863D-4FCB-AC3B-EACBCD51A55A}2016-04-14 08:00 - 2016-04-21 21:56 - 0000193 _____ () C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft.SqlServer.Compact.351.32.bcFiles to move or delete:====================C:\Documents and Settings\Isabella\TempWmicBatchFile.batSome files in TEMP:====================C:\Documents and Settings\Isabella\Local Settings\Temp\libeay32.dllC:\Documents and Settings\Isabella\Local Settings\Temp\msvcr120.dllC:\Documents and Settings\Isabella\Local Settings\Temp\sqlite3.dll==================== Bamital & volsnap =================(There is no automatic fix for files that do not pass verification.)C:\WINDOWS\explorer.exe => File is digitally signedC:\WINDOWS\system32\winlogon.exe => File is digitally signedC:\WINDOWS\system32\svchost.exe => File is digitally signedC:\WINDOWS\system32\services.exe => File is digitally signedC:\WINDOWS\system32\User32.dll => File is digitally signedC:\WINDOWS\system32\userinit.exe => File is digitally signedC:\WINDOWS\system32\rpcss.dll => File is digitally signedC:\WINDOWS\system32\dnsapi.dll => File is digitally signedC:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed==================== End of FRST.txt ============================addition:Additional scan result of Farbar Recovery Scan Tool (x86) Version: 18-06-2016Ran by Isabella (2016-06-18 10:02:33)Running from C:\Documents and Settings\Isabella\My Documents\DownloadsMicrosoft Windows XP Professional Service Pack 3 (X86) (2011-08-27 14:52:56)Boot Mode: Normal============================================================================== Accounts: =============================Administrator (S-1-5-21-1177238915-823518204-1644491937-500 - Administrator - Enabled)ASPNET (S-1-5-21-1177238915-823518204-1644491937-1007 - Limited - Enabled)Gabriella (S-1-5-21-1177238915-823518204-1644491937-1005 - Limited - Enabled) => %SystemDrive%\Documents and Settings\GabriellaGuest (S-1-5-21-1177238915-823518204-1644491937-501 - Limited - Disabled) => %SystemDrive%\Documents and Settings\GuestHeather (S-1-5-21-1177238915-823518204-1644491937-1009 - Limited - Enabled) => %SystemDrive%\Documents and Settings\HeatherHelpAssistant (S-1-5-21-1177238915-823518204-1644491937-1000 - Limited - Disabled)Isabella (S-1-5-21-1177238915-823518204-1644491937-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\IsabellaSophia (S-1-5-21-1177238915-823518204-1644491937-1006 - Limited - Enabled) => %SystemDrive%\Documents and Settings\SophiaSUPPORT_388945a0 (S-1-5-21-1177238915-823518204-1644491937-1002 - Limited - Disabled)==================== Security Center ========================(If an entry is included in the fixlist, it will be removed.)AV: AVG Anti-Virus Free Edition 2012 (Enabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}==================== Installed Programs ======================(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)Adobe Flash Player 22 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 22.0.0.192 - Adobe Systems Incorporated)Adobe Flash Player 22 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)Clean Master (HKLM\...\Clean Master) (Version: 1.0 - Cheetah Mobile)Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.2.6793.01 - Dell)Dell System Detect (HKU\S-1-5-21-1177238915-823518204-1644491937-1004\...\58d94f3ce2c27db0) (Version: 7.3.0.6 - Dell)Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)Google Update Helper (Version: 1.3.21.169 - Google Inc.) HiddenGoogle Update Helper (Version: 1.3.30.3 - Google Inc.) HiddenIMVU Avatar Chat Software (HKU\S-1-5-21-1177238915-823518204-1644491937-1004\...\IMVU Avatar chat client software BETA) (Version: - )Intel® Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4543 - )JSWPFCom (Version: 1.07.0000 - JumpStart World) HiddenJSWPFGrade1 (Version: 1.07.0000 - JumpStart World) HiddenMalwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)Microsoft Office Professional Edition 2003 (HKLM\...\{91E30409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)Microsoft WinUsb 2.0 (HKLM\...\winusb0200) (Version: - Microsoft Corporation)Mozilla Firefox 47.0 (x86 en-US) (HKLM\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)mpck version 1.1 (HKLM\...\mobilepcstarterkit_is1) (Version: 1.1 - mobilepcstarterkit)Realtek AC'97 Audio (HKLM\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version: 5.33 - Realtek Semiconductor Corp.)RNX-MiniN1 Wireless LAN Driver and Utility (HKLM\...\{9C049499-055C-4a0c-A916-1D12314F45EB}) (Version: 1.00.0179 - Rosewill Inc)SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.01.5246 - Analog Devices)SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1216 - SUPERAntiSpyware.com)Translate (HKU\S-1-5-21-1177238915-823518204-1644491937-1004\...\translate-65e7cca1b27e50ede238fedb48951a63) (Version: 1.2.2 - Dzexon)Unity Web Player (HKLM\...\UnityWebPlayer) (Version: 2.1.0f5_16147 - Unity Technologies ApS)WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) HiddenWindows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )==================== Custom CLSID (Whitelisted): ==========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)CustomCLSID: HKU\S-1-5-21-1177238915-823518204-1644491937-1004_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Documents and Settings\Isabella\Local Settings\Application Data\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)==================== Scheduled Tasks (Whitelisted) =============(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exeTask: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe==================== Shortcuts =============================(The entries could be listed to be restored or removed.)Shortcut: C:\Documents and Settings\Isabella\Start Menu\Programs\Intеrnеt Ехplоrеr.lnk -> C:\Program Files\Internet Explorer\iexplore.bat ()Shortcut: C:\Documents and Settings\Isabella\Desktop\Gооglе Сhrоmе.lnk -> C:\Program Files\Google\Chrome\Application\chrome.bat ()Shortcut: C:\Documents and Settings\Isabella\Application Data\Microsoft\Internet Explorer\Quick Launch\Gооglе Сhrоmе.lnk -> C:\Program Files\Google\Chrome\Application\chrome.bat ()Shortcut: C:\Documents and Settings\Isabella\Application Data\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnеt Ехplоrеr Вrоwsеr.lnk -> C:\Program Files\Internet Explorer\iexplore.bat ()Shortcut: C:\Documents and Settings\Isabella\Application Data\Microsoft\Internet Explorer\Quick Launch\Моzillа Firеfох.lnk -> C:\Program Files\Mozilla Firefox\firefox.bat ()Shortcut: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Gооglе Сhrоmе (2).lnk -> C:\Program Files\Google\Chrome\Application\chrome.bat ()Shortcut: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Моzillа Firеfох.lnk -> C:\Program Files\Mozilla Firefox\firefox.bat ()ShortcutWithArgument: C:\Documents and Settings\Isabella\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://navigation.iwatchavi.com/==================== Loaded Modules (Whitelisted) ================================== Alternate Data Streams (Whitelisted) =========(If an entry is included in the fixlist, only the ADS will be removed.)AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:0B4227B4 [268]AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:0B4227B4 [268]==================== Safe Mode (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"==================== Association (Whitelisted) ===============(If an entry is included in the fixlist, the registry item will be restored to default or removed.)==================== Internet Explorer trusted/restricted ===============(If an entry is included in the fixlist, it will be removed from the registry.)IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.comIE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.comIE trusted site: HKU\S-1-5-19\...\soe.com -> soe.comIE trusted site: HKU\S-1-5-19\...\sony.com -> sony.comIE trusted site: HKU\S-1-5-21-1177238915-823518204-1644491937-1004\...\dell.com -> dell.comIE trusted site: HKU\S-1-5-21-1177238915-823518204-1644491937-1004\...\driversupport.com -> hxxp://apps.driversupport.comIE trusted site: HKU\S-1-5-21-1177238915-823518204-1644491937-1004\...\driversupport.com -> hxxps://apps.driversupport.com==================== Hosts content: ==========================(If needed Hosts: directive could be included in the fixlist to reset Hosts.)2008-04-14 00:00 - 2016-06-15 14:08 - 00000914 ____N C:\WINDOWS\system32\Drivers\etc\hosts127.0.0.1 localhost127.0.0.1 down.baidu2016.com127.0.0.1 123.sogou.com127.0.0.1 www.czzsyzgm.com127.0.0.1 www.czzsyzxl.com127.0.0.1 union.baidu2019.com==================== Other Areas ============================(Currently there is no automatic fix for this section.)HKU\S-1-5-21-1177238915-823518204-1644491937-1004\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Isabella\Local Settings\Application Data\Microsoft\Wallpaper1.bmpDNS Servers: 75.75.75.75 - 75.75.76.76Windows Firewall is enabled.==================== MSCONFIG/TASK MANAGER disabled items ==(Currently there is no automatic fix for this section.)==================== FirewallRules (Whitelisted) ===============(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)StandardProfile\AuthorizedApplications: [C:\Program Files\RNX-MiniN1\11n USB Wireless LAN Utility\RtWLan.exe] => Enabled:RtWlanStandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google ChromeStandardProfile\AuthorizedApplications: [C:\Documents and Settings\Isabella\Local Settings\Application Data\Akamai\netsession_win.exe] => Enabled:Akamai NetSession ClientStandardProfile\AuthorizedApplications: [C:\Documents and Settings\Isabella\Desktop\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe] => Enabled:EBook Codec DownloaderStandardProfile\AuthorizedApplications: [C:\Documents and Settings\Isabella\Desktop\FormatFactory\FormatFactory.exe] => Enabled:Format FactoryStandardProfile\AuthorizedApplications: [C:\Documents and Settings\Isabella\Desktop\FormatFactory\FFModules\Package\PTInstOnline.exe] => Enabled:Picosmos Tools DownloaderStandardProfile\AuthorizedApplications: [C:\Documents and Settings\Isabella\My Documents\Downloads\solutoinstaller.exe] => Enabled:SolutoInstallerStandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)StandardProfile\GloballyOpenPorts: [1542:UDP] => Enabled:Realtek WPS UDP ProtStandardProfile\GloballyOpenPorts: [53:UDP] => Enabled:Realtek AP UDP ProtStandardProfile\GloballyOpenPorts: [135:TCP] => Enabled:TCP Port 135StandardProfile\GloballyOpenPorts: [5000:TCP] => Enabled:TCP Port 5000StandardProfile\GloballyOpenPorts: [5001:TCP] => Enabled:TCP Port 5001StandardProfile\GloballyOpenPorts: [5002:TCP] => Enabled:TCP Port 5002StandardProfile\GloballyOpenPorts: [5003:TCP] => Enabled:TCP Port 5003StandardProfile\GloballyOpenPorts: [5004:TCP] => Enabled:TCP Port 5004StandardProfile\GloballyOpenPorts: [5005:TCP] => Enabled:TCP Port 5005StandardProfile\GloballyOpenPorts: [5006:TCP] => Enabled:TCP Port 5006StandardProfile\GloballyOpenPorts: [5007:TCP] => Enabled:TCP Port 5007StandardProfile\GloballyOpenPorts: [5008:TCP] => Enabled:TCP Port 5008StandardProfile\GloballyOpenPorts: [5009:TCP] => Enabled:TCP Port 5009StandardProfile\GloballyOpenPorts: [5010:TCP] => Enabled:TCP Port 5010StandardProfile\GloballyOpenPorts: [5011:TCP] => Enabled:TCP Port 5011StandardProfile\GloballyOpenPorts: [5012:TCP] => Enabled:TCP Port 5012StandardProfile\GloballyOpenPorts: [5013:TCP] => Enabled:TCP Port 5013StandardProfile\GloballyOpenPorts: [5014:TCP] => Enabled:TCP Port 5014StandardProfile\GloballyOpenPorts: [5015:TCP] => Enabled:TCP Port 5015StandardProfile\GloballyOpenPorts: [5016:TCP] => Enabled:TCP Port 5016StandardProfile\GloballyOpenPorts: [5017:TCP] => Enabled:TCP Port 5017StandardProfile\GloballyOpenPorts: [5018:TCP] => Enabled:TCP Port 5018StandardProfile\GloballyOpenPorts: [5019:TCP] => Enabled:TCP Port 5019StandardProfile\GloballyOpenPorts: [5020:TCP] => Enabled:TCP Port 5020StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22007StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22008StandardProfile\GloballyOpenPorts: [80:TCP] => Enabled:War ThunderStandardProfile\GloballyOpenPorts: [443:TCP] => Enabled:War ThunderStandardProfile\GloballyOpenPorts: [20010:UDP] => Enabled:War ThunderStandardProfile\GloballyOpenPorts: [3478:UDP] => Enabled:War ThunderStandardProfile\GloballyOpenPorts: [7850:TCP] => Enabled:War ThunderStandardProfile\GloballyOpenPorts: [7852:TCP] => Enabled:War ThunderStandardProfile\GloballyOpenPorts: [7853:TCP] => Enabled:War ThunderStandardProfile\GloballyOpenPorts: [27022:TCP] => Enabled:War ThunderStandardProfile\GloballyOpenPorts: [6881:TCP] => Enabled:War ThunderStandardProfile\GloballyOpenPorts: [33333:TCP] => Enabled:War ThunderStandardProfile\GloballyOpenPorts: [20443:TCP] => Enabled:War ThunderStandardProfile\GloballyOpenPorts: [8090:TCP] => Enabled:War Thunder==================== Restore Points =========================18-06-2016 09:57:26 JRT Pre-Junkware Removal==================== Faulty Device Manager Devices ================================= Event log errors: =========================Application errors:==================Error: (06/18/2016 09:55:06 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.Error: (06/18/2016 09:55:06 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.Error: (06/18/2016 09:27:09 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.Error: (06/18/2016 09:27:09 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.Error: (06/18/2016 08:12:17 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.Error: (06/18/2016 08:12:17 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.Error: (06/18/2016 07:33:09 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.Error: (06/18/2016 07:33:09 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.Error: (06/18/2016 06:28:17 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.Error: (06/18/2016 06:28:17 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.System errors:=============Error: (06/18/2016 09:57:29 AM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The Lamzap service terminated unexpectedly. It has done this 1 time(s).Error: (06/18/2016 09:57:29 AM) (Source: Service Control Manager) (EventID: 7031) (User: )Description: The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.Error: (06/18/2016 09:57:28 AM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The Clean Master Core Service service terminated unexpectedly. It has done this 1 time(s).Error: (06/18/2016 09:53:27 AM) (Source: Service Control Manager) (EventID: 7006) (User: )Description: The ScRegSetValueExW call failed for DeleteFlag with the following error:%%5 = Access is denied.Error: (06/18/2016 09:53:27 AM) (Source: Service Control Manager) (EventID: 7006) (User: )Description: The ScRegSetValueExW call failed for Security with the following error:%%5 = Access is denied.Error: (06/18/2016 09:53:27 AM) (Source: Service Control Manager) (EventID: 7006) (User: )Description: The ScRegSetValueExW call failed for Security with the following error:%%5 = Access is denied.Error: (06/18/2016 09:53:27 AM) (Source: Service Control Manager) (EventID: 7006) (User: )Description: The ScRegSetValueExW call failed for Security with the following error:%%5 = Access is denied.Error: (06/18/2016 09:53:27 AM) (Source: Service Control Manager) (EventID: 7006) (User: )Description: The ScRegSetValueExW call failed for Security with the following error:%%5 = Access is denied.Error: (06/18/2016 09:53:27 AM) (Source: Service Control Manager) (EventID: 7006) (User: )Description: The ScRegSetValueExW call failed for Security with the following error:%%5 = Access is denied.Error: (06/18/2016 09:53:27 AM) (Source: Service Control Manager) (EventID: 7006) (User: )Description: The ScRegSetValueExW call failed for Security with the following error:%%5 = Access is denied.==================== Memory info ===========================Processor: Intel® Pentium® 4 CPU 3.00GHzPercentage of memory in use: 17%Total physical RAM: 2038.07 MBAvailable physical RAM: 1671.49 MBTotal Virtual: 3412.69 MBAvailable Virtual: 3236.39 MB==================== Drives ================================Drive c: () (Fixed) (Total:74.5 GB) (Free:30.26 GB) NTFS ==>[drive with boot components (Windows XP)]==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: B174B174)Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)==================== End of Addition.txt ============================
#4
Posted 18 June 2016 - 11:57 AM
#5
Posted 22 June 2016 - 03:00 PM
the last thing u asked me to download and run didnt work. it would scan it but before it was even half way done scanning it would go blank. its like that every time. but here are the other logs.
#6
Posted 22 June 2016 - 04:27 PM
Looks like MFC is playing hard to get. It changed the permissions on the keys and files so we weren't able to remove them last time. Let's try again:
#7
Posted 22 June 2016 - 10:06 PM
#8
Posted 22 June 2016 - 11:30 PM
We got rid of some of it but it's putting up a fight.
What happened when you ran Combofix?
Try it again and see if it will install the Recovery Console.
Let's see what Process Explorer sees:
#9
Posted 23 June 2016 - 08:34 AM
#10
Posted 23 June 2016 - 09:25 AM
Run Process Explorer again and hit the space bar. Click once on the Process Column Header. This will sort the processes by name. Find
#11
Posted 23 June 2016 - 09:40 AM
Access is denied and I cant suspend the process.
#12
Posted 23 June 2016 - 11:43 AM
OK. Try it in Safe Mode with Networking.
#13
Posted 25 June 2016 - 11:11 AM
Then the processes don't show up.
#14
Posted 25 June 2016 - 11:50 AM
That's the idea. MFC doesn't run in Safe Mode so if you run FRST and do the fixlist thing in Safe Mode then it should be able to remove MFC. If you can't get FRST to do a Fix in Safe Mode then try to get Combofix to run after renaming it to george. If that doesn't work then try running msconfig. See http://netsquirrel.c...sconfig_xp.html
Once in msconfig look under Services and see if you can uncheck anything that starts with mfc then Apply. Repeat for Startup. Reboot and then try the fix.
#15
Posted 26 June 2016 - 09:11 AM
I tried running FRST but no fixlist showed up after the scan and I still can see MPC start up everytime I turn on my computer.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users