Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

For Sugartooth - Slow computer [Solved]

Started by BrownePoints , May 18 2015 07:50 PM

  • This topic is locked This topic is locked

#1
BrownePoints
Posted 18 May 2015 - 07:50 PM

BrownePoints

    New Member

  • Member
  • Pip
  • 8 posts

For my friend Sugartooth,

 

Thanks for helping me out. My kids are the ones who use this computer and they complain that it's slow.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-05-2015 02
Ran by Compaq_Owner (administrator) on YOUR-4F1261A8E5 on 18-05-2015 18:39:32
Running from C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop
Loaded Profiles: Compaq_Owner (Available profiles: Compaq_Owner)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Hewlett-Packard Company) C:\WINDOWS\system\hpsysdrv.exe
(Agere Systems) C:\WINDOWS\AGRSMMSG.exe
(Hewlett-Packard Company) C:\hp\KBD\kbd.exe
(Apple Computer, Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\ALCXMNTR.EXE
(Apple Computer, Inc.) C:\Program Files\QuickTime\qttask.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Sony Corporation) C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Mindspark) C:\PROGRA~1\MAPSGA~2\bar\1.bin\APPINTEGRATOR.EXE
(Mindspark) C:\PROGRA~1\ONLINE~3\bar\1.bin\APPINTEGRATOR.EXE
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(SlimWare Utilities, Inc.) C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
() C:\Program Files\Sony\PlayMemories Home\dfs.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Sony Corporation) C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(HP) C:\WINDOWS\system32\HPZipm12.exe
(SlimWare Utilities, Inc.) C:\Program Files\SlimCleaner Plus\SlimServiceFactory.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Apple Computer, Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(SlimWare Utilities, Inc.) C:\Program Files\SlimCleaner Plus\SlimService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Mindspark) C:\Program Files\MapsGalaxy_39\bar\1.bin\CrExtP39.exe
(Mindspark) C:\Program Files\MapsGalaxy_39\bar\1.bin\CrExtP39.exe
(Mindspark) C:\Program Files\MapsGalaxy_39\bar\1.bin\CrExtP39.exe
(Mindspark) C:\Program Files\MapsGalaxy_39\bar\1.bin\CrExtP39.exe
(Mindspark) C:\Program Files\OnlineMapFinder_9p\bar\1.bin\CrExtP9p.exe
(Mindspark) C:\Program Files\OnlineMapFinder_9p\bar\1.bin\CrExtP9p.exe
(Mindspark) C:\Program Files\OnlineMapFinder_9p\bar\1.bin\CrExtP9p.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\windows\system\hpsysdrv.exe [52736 1998-05-07] (Hewlett-Packard Company)
HKLM\...\Run: [AGRSMMSG] => C:\WINDOWS\AGRSMMSG.exe [88363 2004-06-29] (Agere Systems)
HKLM\...\Run: [KBD] => C:\HP\KBD\KBD.EXE [61440 2003-02-11] (Hewlett-Packard Company)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [278528 2004-10-14] (Apple Computer, Inc.)
HKLM\...\Run: [AlcxMonitor] => C:\WINDOWS\ALCXMNTR.EXE [57344 2004-09-07] (Realtek Semiconductor Corp.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [98304 2005-02-15] (Apple Computer, Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [TkBellExe] => C:\program files\real\realplayer\update\realsched.exe [296056 2011-12-02] (RealNetworks, Inc.)
HKLM\...\Run: [PMBVolumeWatcher] => C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe [740888 2013-04-24] (Sony Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [MapsGalaxy AppIntegrator 32-bit] => C:\Program Files\MapsGalaxy_39\bar\1.bin\AppIntegrator.exe [225864 2014-09-20] (Mindspark)
HKLM\...\Run: [MapsGalaxy Search Scope Monitor] => C:\Program Files\MapsGalaxy_39\bar\1.bin\39SrchMn.exe [55880 2014-09-20] (Mindspark)
HKLM\...\Run: [OnlineMapFinder AppIntegrator 32-bit] => C:\Program Files\OnlineMapFinder_9p\bar\1.bin\AppIntegrator.exe [225864 2014-09-20] (Mindspark)
HKLM\...\Run: [OnlineMapFinder Search Scope Monitor] => C:\Program Files\OnlineMapFinder_9p\bar\1.bin\9pSrchMn.exe [55880 2014-09-20] (Mindspark)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-3036499068-691177906-837026766-1009\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-3036499068-691177906-837026766-1009\...\Run: [SlimCleaner Plus] => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe [26163008 2014-08-04] (SlimWare Utilities, Inc.)
HKU\S-1-5-21-3036499068-691177906-837026766-1009\...\MountPoints2: {946850c5-1e27-11d9-baf0-806d6172696f} - D:\setup.exe
HKU\S-1-5-21-3036499068-691177906-837026766-1009\...\MountPoints2: {c7eaf834-7138-11d9-a02f-806d6172696f} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3036499068-691177906-837026766-1009\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
HKU\S-1-5-21-3036499068-691177906-837026766-1009\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
HKU\S-1-5-21-3036499068-691177906-837026766-1009\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...ario&pf=desktop
URLSearchHook: [S-1-5-21-3036499068-691177906-837026766-1009] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: HKU\S-1-5-21-3036499068-691177906-837026766-1009 - (No Name) - {26842a09-ffa8-4e2c-ae12-0c80f01c3295} - C:\Program Files\MapsGalaxy_39\bar\1.bin\39SrcAs.dll (Mindspark)
URLSearchHook: HKU\S-1-5-21-3036499068-691177906-837026766-1009 - (No Name) - {6d010537-9e99-400b-b652-b0d5a5757e5d} - C:\Program Files\OnlineMapFinder_9p\bar\1.bin\9pSrcAs.dll (Mindspark)
SearchScopes: HKLM -> DefaultScope {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.tb.ask...or={searchTerms}
SearchScopes: HKLM -> {274daec0-c4e8-4f30-9e5c-9424990769b9} URL = http://search.mywebs...or={searchTerms}
SearchScopes: HKLM -> {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.tb.ask...or={searchTerms}
SearchScopes: HKU\S-1-5-21-3036499068-691177906-837026766-1009 -> DefaultScope {5AD266E2-AF0D-4069-8443-5B8F21633EE8} URL = http://search.yahoo....f-8&fr=chr-yie8
SearchScopes: HKU\S-1-5-21-3036499068-691177906-837026766-1009 -> {274daec0-c4e8-4f30-9e5c-9424990769b9} URL = http://search.mywebs...or={searchTerms}
SearchScopes: HKU\S-1-5-21-3036499068-691177906-837026766-1009 -> {5AD266E2-AF0D-4069-8443-5B8F21633EE8} URL = http://search.yahoo....f-8&fr=chr-yie8
SearchScopes: HKU\S-1-5-21-3036499068-691177906-837026766-1009 -> {5B17CE5D-73D2-4EA9-9390-F90B47B4089B} URL = http://delicious.com...?p={searchTerms}
SearchScopes: HKU\S-1-5-21-3036499068-691177906-837026766-1009 -> {73198342-D752-4CDF-BB3E-27DC07C8E311} URL = http://rover.ebay.co...le={searchTerms}
SearchScopes: HKU\S-1-5-21-3036499068-691177906-837026766-1009 -> {A91EBEC7-F573-499F-9B03-FE32465A8802} URL = http://www.flickr.co...?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3036499068-691177906-837026766-1009 -> {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.tb.ask...or={searchTerms}
BHO: Toolbar BHO -> {1e91a655-bb4b-4693-a05e-2edebc4c9d89} -> C:\Program Files\MapsGalaxy_39\bar\1.bin\39bar.dll [2014-09-20] (Mindspark)
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-12-02] (RealPlayer)
BHO: Search Assistant BHO -> {6a79cdac-f710-4996-842b-fdc33b785a35} -> C:\Program Files\OnlineMapFinder_9p\bar\1.bin\9pSrcAs.dll [2014-09-20] (Mindspark)
BHO: Search Assistant BHO -> {71c1d63a-c944-428a-a5bd-ba513190e5d2} -> C:\Program Files\MapsGalaxy_39\bar\1.bin\39SrcAs.dll [2014-09-20] (Mindspark)
BHO: CNavExtBho Class -> {BDF3E430-B101-42AD-A544-FADC6B084872} -> c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll No File
BHO: Toolbar BHO -> {d9f16d8b-81b5-4667-af4d-25365bbf7fc9} -> C:\Program Files\OnlineMapFinder_9p\bar\1.bin\9pbar.dll [2014-09-20] (Mindspark)
BHO: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll [2010-03-23] (Yahoo! Inc)
Toolbar: HKLM - MapsGalaxy - {364ea597-e728-4ce4-bb4a-ed846ef47970} - C:\Program Files\MapsGalaxy_39\bar\1.bin\39bar.dll [2014-09-20] (Mindspark)
Toolbar: HKLM - OnlineMapFinder - {f41a56d2-7b52-4d16-812c-a63c6ca9d4c5} - C:\Program Files\OnlineMapFinder_9p\bar\1.bin\9pbar.dll [2014-09-20] (Mindspark)
Toolbar: HKU\S-1-5-21-3036499068-691177906-837026766-1009 -> Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll No File
Toolbar: HKU\S-1-5-21-3036499068-691177906-837026766-1009 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-3036499068-691177906-837026766-1009 -> MapsGalaxy - {364EA597-E728-4CE4-BB4A-ED846EF47970} - C:\Program Files\MapsGalaxy_39\bar\1.bin\39bar.dll [2014-09-20] (Mindspark)
Toolbar: HKU\S-1-5-21-3036499068-691177906-837026766-1009 -> OnlineMapFinder - {F41A56D2-7B52-4D16-812C-A63C6CA9D4C5} - C:\Program Files\OnlineMapFinder_9p\bar\1.bin\9pbar.dll [2014-09-20] (Mindspark)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation)
ShellExecuteHooks:  - {FA010552-4A27-4cb1-A1BB-3E2D697F1639} -  No File [ ]
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1

FireFox:
========
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=15.0.0.198 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2011-12-02] (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.0.198 -> c:\program files\real\realplayer\Netscape6\nprjplug.dll [2011-12-02] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.0.198 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2011-12-02] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.0.198 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2011-12-02] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=15.0.0.198 -> c:\program files\real\realplayer\Netscape6\nprpjplug.dll [2011-12-02] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-12-02]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-10-17]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR DefaultSearchKeyword: Default -> inbox.com
CHR DefaultSearchURL: Default -> http://www2.inbox.co...id=82116&lng=en
CHR DefaultSuggestURL: Default -> http://www.inbox.com...?q={searchTerms}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\41.0.2272.101\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\41.0.2272.101\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\41.0.2272.101\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 6.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (RealNetworks™ Chrome Background Extension Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (My Web Search Plugin Stub) - C:\Program Files\MyWebSearch\bar\3.bin\NPMyWebS.dll No File
CHR Plugin: (RealJukebox NS Plugin) - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Profile: C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2011-12-02]
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-23]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-12-02]
CHR HKLM\...\Chrome\Extension: [odbbfaealmlpnodchplhdomkgpdkeeal] - C:\Program Files\RebateInformer\Chrome\rebateinformer_c.crx [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 DeviceFinderService; C:\Program Files\Sony\PlayMemories Home\dfs.exe [149528 2013-04-24] ()
R3 iPodService; C:\Program Files\iPod\bin\iPodService.exe [327680 2004-10-14] (Apple Computer, Inc.) [File not signed]
S2 MapsGalaxy_39Service; C:\Program Files\MapsGalaxy_39\bar\1.bin\39barsvc.exe [90696 2014-09-20] (Mindspark)
S2 OnlineMapFinder_9pService; C:\Program Files\OnlineMapFinder_9p\bar\1.bin\9pbarsvc.exe [90696 2014-09-20] (Mindspark)
R2 PMBDeviceInfoProvider; C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [483864 2013-04-24] (Sony Corporation)
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [73728 2007-08-09] (HP) [File not signed]
R2 SlimService; C:\Program Files\SlimCleaner Plus\SlimServiceFactory.exe [222016 2014-08-04] (SlimWare Utilities, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [2317696 2005-04-20] (Realtek Semiconductor Corp.)
R3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51120 2004-12-14] (HP)
R3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2004-12-14] (HP)
R3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21744 2004-12-14] (HP)
R3 Iviaspi; C:\WINDOWS\System32\drivers\iviaspi.sys [21060 2003-09-11] (InterVideo, Inc.) [File not signed]
R3 Pfc; C:\WINDOWS\System32\drivers\pfc.sys [10368 2003-09-19] (Padus, Inc.) [File not signed]
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [20576 2005-02-15] (Sonic Solutions) [File not signed]
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-04] (Realtek Semiconductor Corporation)
R3 SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [247296 2005-04-12] (Silicon Integrated Systems Corporation)
R1 SiSkp; C:\WINDOWS\System32\DRIVERS\srvkp.sys [11904 2005-04-12] (Silicon Integrated Systems Corporation)
R3 SISNIC; C:\WINDOWS\System32\DRIVERS\sisnic.sys [32768 2003-07-11] (SiS Corporation)
S3 HSFHWBS2; system32\DRIVERS\HSFHWBS2.sys [X]
S3 HSF_DP; system32\DRIVERS\HSF_DP.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 smserial; system32\DRIVERS\smserial.sys [X]
S3 winachsf; system32\DRIVERS\HSF_CNXT.sys [X]
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-18 18:39 - 2015-05-18 18:39 - 00020454 _____ () C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\FRST.txt
2015-05-18 18:39 - 2015-05-18 18:39 - 00000000 ____D () C:\FRST
2015-05-18 18:36 - 2015-05-18 18:36 - 01146368 _____ (Farbar) C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\FRST.exe
2015-05-18 18:23 - 2015-05-18 18:23 - 00000000 ____D () C:\WINDOWS\LastGood
2015-05-17 17:47 - 2015-05-18 17:50 - 00013824 _____ () C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\Argumentative essay off campus eating.wps
2015-05-14 16:29 - 2015-05-14 16:29 - 00009728 _____ () C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\con hear part 2.wps
2015-05-14 15:41 - 2015-05-14 15:41 - 00009728 _____ () C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\congreesinal hear part one.wps
2015-05-07 10:53 - 2015-05-07 10:53 - 00105238 _____ () C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\adam
2015-04-28 16:06 - 2015-04-28 16:06 - 00686232 _____ () C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\debra
2015-04-21 21:10 - 2015-04-21 21:10 - 00010240 _____ () C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\mike silo bag.wps

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-18 18:39 - 2011-05-20 14:51 - 00000000 ____D () C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Local Settings\Temp
2015-05-18 18:24 - 2013-04-29 20:16 - 08320378 _____ () C:\WINDOWS\KB978542.log
2015-05-18 18:24 - 2004-10-15 10:52 - 01183870 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-18 18:17 - 2014-09-23 17:37 - 00000380 _____ () C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - Compaq_Owner).job
2015-05-18 18:17 - 2012-05-24 07:16 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-05-18 18:17 - 2004-10-15 03:33 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-05-18 18:17 - 2004-10-15 03:33 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-05-18 18:16 - 2015-02-06 19:44 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0427ffd7a7e0c.job
2015-05-18 18:16 - 2014-11-13 16:43 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cfff9bab2ab3f0.job
2015-05-18 18:16 - 2014-10-23 08:20 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cfeed4da8d847e.job
2015-05-18 18:16 - 2011-07-21 09:07 - 00000292 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-3036499068-691177906-837026766-1009.job
2015-05-18 18:16 - 2011-07-16 22:07 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cc443f6f4a153a.job
2015-05-18 18:16 - 2011-01-15 01:51 - 00000400 _____ () C:\WINDOWS\Tasks\Final Media Player Update Checker.job
2015-05-18 18:16 - 2005-07-19 14:09 - 00000248 _____ () C:\WINDOWS\system\hpsysdrv.dat
2015-05-18 18:16 - 2004-10-15 10:51 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-18 17:54 - 2004-10-15 10:51 - 00031922 _____ () C:\WINDOWS\SchedLgU.Txt
2015-05-18 17:50 - 2011-07-12 19:45 - 00015152 _____ () C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Application Data\wklnhst.dat
2015-05-18 17:43 - 2011-07-16 22:07 - 00000898 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cc443f6fa710f0.job
2015-05-18 17:29 - 2005-02-15 17:22 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2015-05-18 17:27 - 2004-10-15 10:41 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
2015-05-17 16:46 - 2014-09-08 16:51 - 00027136 _____ () C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\Agenda.Template.wps
2015-05-14 16:50 - 2013-08-19 12:55 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-05-14 16:39 - 2011-05-20 16:23 - 137310008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-05-08 15:00 - 2014-03-05 16:10 - 00000230 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job

==================== Files in the root of some directories =======

2011-07-12 19:45 - 2015-05-18 17:50 - 0015152 _____ () C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Application Data\wklnhst.dat
2012-03-06 04:22 - 2014-02-19 14:51 - 0016384 _____ () C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-05-20 14:51 - 2011-05-20 15:46 - 0000151 _____ () C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Local Settings\Application Data\fusioncache.dat

Some content of TEMP:
====================
C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Local Settings\Temp\lowproc.exe
C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Local Settings\Temp\SlimCleanerPlus.x86.exe
C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Local Settings\Temp\stubhelper.dll
C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Local Settings\Temp\{0E98DF01-042F-4B6D-B8B0-5D1B5FF90BFF}-28.0.1500.95_chrome_installer.exe
C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Local Settings\Temp\{817F96D7-D4BE-483E-8A1A-28E90104474D}-33.0.1750.146_chrome_installer.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-05-2015 02
Ran by Compaq_Owner at 2015-05-18 18:40:31
Running from C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3036499068-691177906-837026766-500 - Administrator - Enabled)
ASPNET (S-1-5-21-3036499068-691177906-837026766-1010 - Limited - Enabled)
Compaq_Owner (S-1-5-21-3036499068-691177906-837026766-1009 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5
Guest (S-1-5-21-3036499068-691177906-837026766-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-3036499068-691177906-837026766-1008 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-3036499068-691177906-837026766-1002 - Limited - Disabled)
SUPPORT_fddfa904 (S-1-5-21-3036499068-691177906-837026766-1007 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1600 (Version: 47.0.1.000 - Hewlett-Packard) Hidden
1600_Help (Version: 47.0.1.000 - Hewlett-Packard) Hidden
1600Trb (Version: 47.0.1.000 - Hewlett-Packard) Hidden
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Agere Systems PCI Soft Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - )
AiO_Scan (Version: 47.0.1.000 - Hewlett-Packard) Hidden
AiOSoftware (Version: 47.0.1.000 - Hewlett-Packard) Hidden
Blackhawk Striker 2 from Compaq (remove only) (HKLM\...\BFAF1EEC-E987-415B-BCB8-80CDB0BC6CDF) (Version:  - )
Blasterball 2 from Compaq (remove only) (HKLM\...\75528D5F-DD82-402E-BA7C-045B7DC6A712) (Version:  - )
Blasterball 2 Remix from Compaq (remove only) (HKLM\...\9D7E7CDA-051E-4B0D-8CEE-58F41F449CF9) (Version:  - )
Bounce Symphony from Compaq (remove only) (HKLM\...\29FF6D07-4A15-41F1-9D5E-E0F3A58012C6) (Version:  - )
BufferChm (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Cisco Connect (HKLM\...\Cisco Connect) (Version: 1.4.11245.0 - Cisco Consumer Products LLC)
Compaq Connections (HKLM\...\BackWeb-6750491 Uninstaller) (Version:  - )
Compaq Organize (HKLM\...\{D0122362-6333-4DE4-93F6-A5A2F3CC101A}) (Version:  - )
Copy (Version: 45.4.157.000 - Hewlett-Packard) Hidden
CP_AtenaShokunin1Config (Version: 45.4.131.000 - Hewlett-Packard) Hidden
cp_dwShrek2Albums1 (Version: 45.4.157.000 - Hewlett-Packard) Hidden
cp_dwShrek2Cards1 (Version: 45.4.157.000 - Hewlett-Packard) Hidden
CreativeProjects (Version: 45.4.157.000 - Hewlett-Packard) Hidden
CreativeProjectsTemplates (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Crystal Maze from Compaq (remove only) (HKLM\...\C43D84CD-EBFC-48D3-A330-7868C8AD415A) (Version:  - )
CueTour (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Destinations (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Director (Version: 45.4.157.000 - Hewlett-Packard) Hidden
DocProc (Version: 4.5.0.0 - Hewlett-Packard) Hidden
DocumentViewer (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Easy Internet Sign-up (HKLM\...\InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}) (Version: FE UI-3.1.0.1288 - Hewlett-Packard)
Easy Internet Sign-up (Version: FE UI-3.1.0.1288 - Hewlett-Packard) Hidden
Fax (Version: 47.0.1.000 - Hewlett-Packard) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 42.0.2311.152 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Help and Support Additions (HKLM\...\Help and Support Additions) (Version:  - )
HP Image Zone 4.7 (HKLM\...\HP Photo & Imaging) (Version: 4.7 - HP)
HP PSC & OfficeJet 4.7 (HKLM\...\{342C7C88-D335-4bc2-8CF1-281857629CE2}) (Version:  - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HpSdpAppCoreApp (Version: 3.00.0000 - Hewlett-Packard) Hidden
HPSystemDiagnostics (Version: 1.6.0.0 - Your Company Name) Hidden
InstantShare (Version: 45.4.157.000 - Hewlett-Packard) Hidden
InstantShareAlert (Version: 1.00.0000 - HP) Hidden
InterVideo DiscLabel (HKLM\...\{C3F058C0-A21C-452D-8D99-95B1A45F417D}) (Version:  - )
InterVideo WinDVD Creator (HKLM\...\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}) (Version: 2.5.14.426 - InterVideo Inc.)
InterVideo WinDVD Creator (HKLM\...\{6B350CA4-0031-0002-3757-34999AD85AEC}) (Version:  - )
InterVideo WinDVD Player (HKLM\...\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}) (Version: 5.0-B11.668 - InterVideo Inc.)
iTunes (HKLM\...\InstallShield_{BE20E2F5-1903-4AAE-B1AF-2046E586C925}) (Version: 4.7.0.42 - Apple Computer, Inc.)
iTunes (Version: 4.7.0.42 - Apple Computer, Inc.) Hidden
Java 2 Runtime Environment, SE v1.4.2_03 (HKLM\...\{7148F0A8-6813-11D6-A77B-00B0D0142030}) (Version: 1.4.2_03 - Sun Microsystems, Inc.)
KBD (HKLM\...\KBD) (Version:  - )
LP_Flash (Version: 1.00.0000 - Hewlett-Packard) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MapsGalaxy Internet Explorer Toolbar (HKLM\...\MapsGalaxy_39bar Uninstall Internet Explorer) (Version:  - Mindspark Interactive Network) <==== ATTENTION
MapsGalaxy Toolbar (HKLM\...\MapsGalaxy_39bar Uninstall) (Version:  - Mindspark Interactive Network) <==== ATTENTION
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Plus! Dancer LE (HKLM\...\{1A103D70-5C9B-4E1A-B306-5106C68F9914}) (Version: 1.1.0.3522 - Microsoft Corporation)
Microsoft Plus! Digital Media Edition Installer (HKLM\...\{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}) (Version: 1.1.0.3500 - Microsoft Corporation)
Microsoft Plus! Photo Story 2 LE (HKLM\...\{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}) (Version: 1.1.0.3463 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Works (HKLM\...\{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}) (Version: 08.04.0623 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OnlineMapFinder Internet Explorer Toolbar (HKLM\...\OnlineMapFinder_9pbar Uninstall Internet Explorer) (Version:  - Mindspark Interactive Network) <==== ATTENTION
Orbital from Compaq (remove only) (HKLM\...\26DC0ED6-93A7-43C1-8DC5-EC16079580F9) (Version:  - )
Overball from Compaq (remove only) (HKLM\...\FA7F5211-C629-4711-BD82-7DFFB08CB518) (Version:  - )
PanoStandAlone (Version: 45.4.157.000 - Hewlett-Packard) Hidden
PC-Doctor for Windows (HKLM\...\InstallShield_{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA}) (Version: 1.06.002 - PC-Doctor, Inc.)
PC-Doctor for Windows (Version: 1.06.002 - PC-Doctor, Inc.) Hidden
PhotoGallery (Version: 45.4.157.000 - Hewlett-Packard) Hidden
PlayMemories Home (HKLM\...\{0657DE52-8F5C-4073-B70C-ED4F3F7FA076}) (Version: 7.0.03.04240 - Sony Corporation)
Polar Bowler from Compaq (remove only) (HKLM\...\05E21449-3BA3-42BF-BBDA-95205F4EA40A) (Version:  - )
Polar Golfer from Compaq (remove only) (HKLM\...\3330A279-CC39-4A17-AE19-DA464B26AD9A) (Version:  - )
ProductContext (Version: 47.0.1.000 - Hewlett-Packard) Hidden
PS2 (HKLM\...\PS2) (Version:  - )
Python 2.2 pywin32 extensions (build 203) (HKLM\...\pywin32-py2.2) (Version:  - )
Python 2.2.3 (HKLM\...\Python 2.2.3) (Version: 2.2.3 - PythonLabs at Zope Corporation)
QFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
QuickTime (HKLM\...\QuickTime) (Version:  - )
Readme (Version: 47.0.1.000 - Hewlett-Packard) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 15.0) (Version:  - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Road Ready Streetwise from Compaq (remove only) (HKLM\...\A2E85A38-C2D9-4EDF-AFDA-F76BCBFEBBC4) (Version:  - )
Scan (Version: 4.5.0.0 - Hewlett-Packard) Hidden
ScannerCopy (Version: 4.5.0.0 - Hewlett-Packard) Hidden
SereneScreen Marine Aquarium Lite (HKLM\...\SereneScreen Marine Aquarium Lite_is1) (Version: 3.0 - Prolific Publishing, Inc.) <==== ATTENTION
Shrek 2 Ogre Bowler from Compaq (remove only) (HKLM\...\BBCBAA5D-AC5A-4098-A53E-EC60A68F38F9) (Version:  - )
SiS VGA Utilities (HKLM\...\SiS VGA Driver) (Version:  - )
SkinsHP1 (Version: 45.4.157.000 - Hewlett-Packard) Hidden
SlimCleaner Plus (HKLM\...\{1451E1D4-6AFA-44C9-B43D-B25247321205}) (Version: 1.0.22723 - SlimWare Utilities, Inc.)
Sonic Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 1.0.0 - Sonic Solutions)
Sonic RecordNow! (HKLM\...\{9541FED0-327F-4DF0-8B96-EF57EF622F19}) (Version: 7.22 - Hewlett-Packard)
SpySubtract (HKLM\...\SpySubtract) (Version:  - interMute, Inc.)
Super Granny from Compaq (remove only) (HKLM\...\DE87FA96-7840-420C-86F9-33F3B7B3CED1) (Version:  - )
Tradewinds from Compaq (remove only) (HKLM\...\66195170-D19D-46C5-8FB7-8A4630071ADC) (Version:  - )
TrayApp (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Unload (Version: 4.5.0 - Hewlett-Packard) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3036499068-691177906-837026766-1009_Classes\CLSID\{26842a09-ffa8-4e2c-ae12-0c80f01c3295}\InprocServer32 -> C:\Program Files\MapsGalaxy_39\bar\1.bin\39SrcAs.dll (Mindspark)
CustomCLSID: HKU\S-1-5-21-3036499068-691177906-837026766-1009_Classes\CLSID\{6d010537-9e99-400b-b652-b0d5a5757e5d}\InprocServer32 -> C:\Program Files\OnlineMapFinder_9p\bar\1.bin\9pSrcAs.dll (Mindspark)

==================== Restore Points  =========================

12-02-2015 20:02:28 Software Distribution Service 3.0
16-02-2015 20:43:37 Software Distribution Service 3.0
19-02-2015 19:44:55 Software Distribution Service 3.0
20-02-2015 21:54:17 Software Distribution Service 3.0
21-02-2015 11:30:19 Software Distribution Service 3.0
22-02-2015 10:42:31 Software Distribution Service 3.0
23-02-2015 16:41:28 Software Distribution Service 3.0
23-02-2015 20:29:15 Software Distribution Service 3.0
24-02-2015 10:49:42 Software Distribution Service 3.0
24-02-2015 14:46:03 Software Distribution Service 3.0
24-02-2015 18:31:22 Software Distribution Service 3.0
27-02-2015 11:17:56 Software Distribution Service 3.0
01-03-2015 17:18:23 Software Distribution Service 3.0
02-03-2015 20:22:16 Software Distribution Service 3.0
03-03-2015 17:57:22 Software Distribution Service 3.0
05-03-2015 21:08:56 Software Distribution Service 3.0
06-03-2015 17:10:59 Software Distribution Service 3.0
06-03-2015 20:19:54 Software Distribution Service 3.0
08-03-2015 09:41:19 Software Distribution Service 3.0
08-03-2015 09:56:20 Software Distribution Service 3.0
08-03-2015 12:59:35 Software Distribution Service 3.0
08-03-2015 19:14:07 Software Distribution Service 3.0
08-03-2015 20:56:46 Software Distribution Service 3.0
11-03-2015 16:59:15 Software Distribution Service 3.0
15-03-2015 19:32:27 Software Distribution Service 3.0
16-03-2015 12:59:43 Software Distribution Service 3.0
16-03-2015 13:21:51 Software Distribution Service 3.0
16-03-2015 20:11:52 Software Distribution Service 3.0
17-03-2015 18:42:02 Software Distribution Service 3.0
18-03-2015 18:34:57 Software Distribution Service 3.0
23-03-2015 17:15:02 Software Distribution Service 3.0
24-03-2015 10:23:26 Software Distribution Service 3.0
24-03-2015 20:03:23 Software Distribution Service 3.0
02-04-2015 17:45:50 Software Distribution Service 3.0
03-04-2015 10:48:23 Software Distribution Service 3.0
06-04-2015 16:35:03 System Checkpoint
06-04-2015 16:58:15 Software Distribution Service 3.0
06-04-2015 19:41:21 Software Distribution Service 3.0
07-04-2015 17:48:14 Software Distribution Service 3.0
16-04-2015 16:45:57 System Checkpoint
16-04-2015 17:15:43 Software Distribution Service 3.0
21-04-2015 17:31:30 Software Distribution Service 3.0
21-04-2015 21:15:17 Software Distribution Service 3.0
22-04-2015 18:19:07 Software Distribution Service 3.0
23-04-2015 18:48:30 Software Distribution Service 3.0
28-04-2015 12:13:20 Software Distribution Service 3.0
28-04-2015 18:33:14 Software Distribution Service 3.0
07-05-2015 10:58:24 Software Distribution Service 3.0
08-05-2015 13:44:16 System Checkpoint
08-05-2015 16:05:11 Software Distribution Service 3.0
10-05-2015 11:45:59 System Checkpoint
10-05-2015 12:04:15 Software Distribution Service 3.0
10-05-2015 13:50:13 Software Distribution Service 3.0
10-05-2015 16:19:22 Software Distribution Service 3.0
10-05-2015 18:21:51 Software Distribution Service 3.0
14-05-2015 16:37:07 Software Distribution Service 3.0
14-05-2015 18:08:07 Software Distribution Service 3.0
17-05-2015 17:53:10 Software Distribution Service 3.0
18-05-2015 17:53:30 Software Distribution Service 3.0

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-04 18:00 - 2004-08-04 18:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Final Media Player Update Checker.job => C:\Program Files\FinalMediaPlayer\FMPCheckForUpdates.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cc443f6f4a153a.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cfeed4da8d847e.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cfff9bab2ab3f0.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0427ffd7a7e0c.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cc443f6fa710f0.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-3036499068-691177906-837026766-1009.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-3036499068-691177906-837026766-1009.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\ReclaimerResumeInstall_Compaq_Owner.job => C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Application Data\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe
Task: C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - Compaq_Owner).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe

==================== Loaded Modules (Whitelisted) ==============

2004-08-04 11:00 - 2008-04-13 17:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2004-08-04 11:00 - 2008-04-13 17:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2013-04-24 05:31 - 2013-04-24 05:31 - 00149528 _____ () C:\Program Files\Sony\PlayMemories Home\dfs.exe
2014-08-04 14:19 - 2014-08-04 14:19 - 00671040 _____ () C:\Program Files\SlimCleaner Plus\MyDefragDll.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3036499068-691177906-837026766-1009\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 75.75.75.75 - 75.75.76.76

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk => C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk => C:\WINDOWS\pss\Compaq Connections.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk => C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpySubtract.lnk => C:\WINDOWS\pss\SpySubtract.lnkCommon Startup

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

DomainProfile\AuthorizedApplications: [%ProgramFiles%\iTunes\iTunes.exe] => enabled:iTunes
StandardProfile\AuthorizedApplications: [C:\Program Files\iTunes\iTunes.exe] => Enabled:iTunes
StandardProfile\AuthorizedApplications: [C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe] => Enabled:BackWeb for Presario
StandardProfile\AuthorizedApplications: [C:\Program Files\EarthLink TotalAccess\TaskPanl.exe] => Enabled:Earthlink
StandardProfile\AuthorizedApplications: [C:\Program Files\Messenger\msmsgs.exe] => Enabled:Windows Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2014\avgmfapx.exe] => Enabled:AVG Installer

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (04/16/2015 04:19:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/01/2015 05:14:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.23588, fault address 0x00231ccc.
Processing media-specific event for [iexplore.exe!ws!]

Error: (02/22/2015 04:29:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application svchost.exe, version 5.1.2600.5512, faulting module msi.dll, version 3.1.4001.5512, fault address 0x000ffbde.
Processing media-specific event for [svchost.exe!ws!]

Error: (02/21/2015 11:29:52 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/21/2015 11:29:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module flash32_16_0_0_305.ocx, version 16.0.0.305, fault address 0x000e7be9.
Processing media-specific event for [iexplore.exe!ws!]

Error: (02/20/2015 09:53:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/20/2015 09:52:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x1715d6d1.
Processing media-specific event for [iexplore.exe!ws!]

Error: (01/18/2015 11:33:52 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/18/2015 11:33:48 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/18/2015 11:33:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module flash32_16_0_0_257.ocx, version 16.0.0.257, fault address 0x005eec59.
Processing media-specific event for [iexplore.exe!ws!]

System errors:
=============
Error: (05/18/2015 05:54:19 PM) (Source: Windows Update Agent) (EventID: 20) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070008: Security Update for Windows XP (KB978542).

Error: (05/18/2015 05:54:17 PM) (Source: NtServicePack) (EventID: 4373) (User: NT AUTHORITY)
Description: Windows XP KB978542 installation failed.
Not enough storage is available to process this command.

Error: (05/17/2015 05:53:55 PM) (Source: Windows Update Agent) (EventID: 20) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070008: Security Update for Windows XP (KB978542).

Error: (05/17/2015 05:53:53 PM) (Source: NtServicePack) (EventID: 4373) (User: NT AUTHORITY)
Description: Windows XP KB978542 installation failed.
Not enough storage is available to process this command.

Error: (05/14/2015 06:08:56 PM) (Source: Windows Update Agent) (EventID: 20) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070008: Security Update for Windows XP (KB978542).

Error: (05/14/2015 06:08:54 PM) (Source: NtServicePack) (EventID: 4373) (User: NT AUTHORITY)
Description: Windows XP KB978542 installation failed.
Not enough storage is available to process this command.

Error: (05/14/2015 05:45:22 PM) (Source: W32Time) (EventID: 29) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Error: (05/14/2015 05:45:22 PM) (Source: W32Time) (EventID: 17) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Error: (05/14/2015 05:45:22 PM) (Source: W32Time) (EventID: 29) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Error: (05/14/2015 05:45:22 PM) (Source: W32Time) (EventID: 17) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Microsoft Office Sessions:
=========================
Error: (04/16/2015 04:19:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (03/01/2015 05:14:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe8.0.6001.18702mshtml.dll8.0.6001.2358800231ccc

Error: (02/22/2015 04:29:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe5.1.2600.5512msi.dll3.1.4001.5512000ffbde

Error: (02/21/2015 11:29:52 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (02/21/2015 11:29:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe8.0.6001.18702flash32_16_0_0_305.ocx16.0.0.305000e7be9

Error: (02/20/2015 09:53:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (02/20/2015 09:52:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe8.0.6001.18702unknown0.0.0.01715d6d1

Error: (01/18/2015 11:33:52 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (01/18/2015 11:33:48 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (01/18/2015 11:33:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe8.0.6001.18702flash32_16_0_0_257.ocx16.0.0.257005eec59

==================== Memory info ===========================

Processor: AMD Athlon™ 64 Processor 3300+
Percentage of memory in use: 46%
Total physical RAM: 1983.48 MB
Available physical RAM: 1063 MB
Total Pagefile: 2502.92 MB
Available Pagefile: 1721.3 MB
Total Virtual: 2047.88 MB
Available Virtual: 1926.64 MB

==================== Drives ================================

Drive c: (PRESARIO) (Fixed) (Total:143.79 GB) (Free:77.61 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (PRESARIO_RP) (Fixed) (Total:5.25 GB) (Free:0.55 GB) FAT32 ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149.1 GB) (Disk ID: 6B1E6B1E)
Partition 1: (Not Active) - (Size=5.3 GB) - (Type=0C)
Partition 2: (Active) - (Size=143.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

 

 

 

 


  • 0

Advertisements

#2
Sugartooth
Posted 18 May 2015 - 10:43 PM

Sugartooth

    Member

  • Member
  • PipPipPip
  • 881 posts

Hello BrownePoints and Welcome to Geeks to Go! :) 

I have a few important points to go over before we begin:

  • I highly recommend backing up any critical personal files on your machine to a safe place (not on this computer) before we start as it is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. Running other programs can interfere with the tools we use and hinder the cleaning process by producing unpredicted results.
  • Please make sure that all the programs I ask you to download are downloaded to, and run from, your Desktop.
  • This is a complicated process. It will require several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order. Just because you no longer see any symptoms, doesn't mean all the malware has been removed. I will need for you to stay with me until I tell you that your computer is clean.
  • Since I am not physically able to view your computer, I will need for you to describe as fully as possible what symptoms you are experiencing and any changes between fixes.
  • If at any time you do not understand my instructions, or something unexpected happens, DO NOT CONTINUE. STOP AND ASK. I will get back to you as soon as I can. If you do not hear from me in 48 hours, send me a PM (Private Message).
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • I recommend printing out these instructions so that you will be able to refer to them while working on your machine or save it to Notepad and place it on your Desktop. Part of the solution to your problem may involve us working in Safe Mode and you will need them to go by.
    • To access Notepad, click on the Start Menu>All Programs>Accessories>Notepad.
  • Please make sure you reply within 4 days to my responses. If there is no reply within 4 days, this topic will be closed and you will need to request that this topic be reopened. To do so, please contact me or any Moderator with the address of this thread by PM (Private Message).

 

I'm in the process of reviewing your logs. Please be patient and I will get back to you as soon as I can. :)


  • 0

#3
Sugartooth
Posted 20 May 2015 - 03:02 PM

Sugartooth

    Member

  • Member
  • PipPipPip
  • 881 posts
Hi BrownePoints,

Sorry for the delay.

Step 1
Program Uninstalls

1. Please click the Start Orb Win7Orb.gif, click Control Panel, and then double-click Add or Remove Programs.
2. In the list of programs installed, locate the following programs:

MapsGalaxy Internet Explorer Toolbar
MapsGalaxy Toolbar
OnlineMapFinder Internet Explorer Toolbar
SereneScreen Marine Aquarium Lite
SlimCleaner Plus

3. Click on each program, and then click Remove.
4. If you are prompted to confirm the removal of the program, click Yes.
5. After the programs have been uninstalled, close the Add or Remove Programs window and the Control Panel and restart your computer.



Step 2
FRST Fix

1. Open notepad (Start =>All Programs => Accessories => Notepad) and copy/paste the text present inside the code box below.
To Copy: Highlight the contents of the box, right-click on it, and choose Copy. To Paste: In the opened notepad, right-click and select Paste.

Warning: These fixes have been customized for this computer only. If you are NOT this user, DO NOT follow these directions as the tools used may damage your computer.
 
Start
CreateRestorePoint:
CloseProcesses: 
(Realtek Semiconductor Corp.) C:\WINDOWS\ALCXMNTR.EXE 
(Mindspark) C:\PROGRA~1\MAPSGA~2\bar\1.bin\APPINTEGRATOR.EXE   
(Mindspark) C:\PROGRA~1\ONLINE~3\bar\1.bin\APPINTEGRATOR.EXE   
(SlimWare Utilities, Inc.) C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe            
(SlimWare Utilities, Inc.) C:\Program Files\SlimCleaner Plus\SlimServiceFactory.exe                  
(SlimWare Utilities, Inc.) C:\Program Files\SlimCleaner Plus\SlimService.exe     
(Mindspark) C:\Program Files\MapsGalaxy_39\bar\1.bin\CrExtP39.exe      
(Mindspark) C:\Program Files\OnlineMapFinder_9p\bar\1.bin\CrExtP9p.exe      
HKLM\...\Run: [AlcxMonitor] => C:\WINDOWS\ALCXMNTR.EXE [57344 2004-09-07] (Realtek Semiconductor Corp.)   
C:\WINDOWS\ALCXMNTR.EXE   
HKLM\...\Run: [] => [X]                                       
HKLM\...\Run: [MapsGalaxy AppIntegrator 32-bit] => C:\Program Files\MapsGalaxy_39\bar\1.bin\AppIntegrator.exe [225864 2014-09-20] (Mindspark) 
C:\Program Files\MapsGalaxy_39\bar\1.bin\AppIntegrator.exe
HKLM\...\Run: [MapsGalaxy Search Scope Monitor] => C:\Program Files\MapsGalaxy_39\bar\1.bin\39SrchMn.exe [55880 2014-09-20] (Mindspark)     
C:\Program Files\MapsGalaxy_39\bar\1.bin\39SrchMn.exe                                     
HKLM\...\Run: [OnlineMapFinder AppIntegrator 32-bit] => C:\Program Files\OnlineMapFinder_9p\bar\1.bin\AppIntegrator.exe [225864 2014-09-20] (Mindspark)      
C:\Program Files\OnlineMapFinder_9p\bar\1.bin\AppIntegrator.exe                                       
HKLM\...\Run: [OnlineMapFinder Search Scope Monitor] => C:\Program Files\OnlineMapFinder_9p\bar\1.bin\9pSrchMn.exe [55880 2014-09-20] (Mindspark)   
C:\Program Files\OnlineMapFinder_9p\bar\1.bin\9pSrchMn.exe    
HKLM\...\Policies\Explorer: [NoCDBurning] 0   
HKU\S-1-5-21-3036499068-691177906-837026766-1009\...\Run: [SlimCleaner Plus] => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe [26163008 2014-08-04] (SlimWare Utilities, Inc.)                               
C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
HKU\S-1-5-21-3036499068-691177906-837026766-1009\...\MountPoints2: {946850c5-1e27-11d9-baf0-806d6172696f} - D:\setup.exe                                         
HKU\S-1-5-21-3036499068-691177906-837026766-1009\...\MountPoints2: {c7eaf834-7138-11d9-a02f-806d6172696f} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480             
URLSearchHook: [S-1-5-21-3036499068-691177906-837026766-1009] ATTENTION ==> Default URLSearchHook is missing.                                       
URLSearchHook: HKU\S-1-5-21-3036499068-691177906-837026766-1009 - (No Name) - {26842a09-ffa8-4e2c-ae12-0c80f01c3295} - C:\Program Files\MapsGalaxy_39\bar\1.bin\39SrcAs.dll (Mindspark)   
URLSearchHook: HKU\S-1-5-21-3036499068-691177906-837026766-1009 - (No Name) - {6d010537-9e99-400b-b652-b0d5a5757e5d} - C:\Program Files\OnlineMapFinder_9p\bar\1.bin\9pSrcAs.dll (Mindspark)
SearchScopes: HKLM -> DefaultScope {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.tb.ask...or={searchTerms}                
SearchScopes: HKLM -> {274daec0-c4e8-4f30-9e5c-9424990769b9} URL = http://search.mywebs...or={searchTerms}                        
SearchScopes: HKLM -> {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.tb.ask...or={searchTerms}    
SearchScopes: HKU\S-1-5-21-3036499068-691177906-837026766-1009 -> {274daec0-c4e8-4f30-9e5c-9424990769b9} URL = http://search.mywebs...or={searchTerms}          
SearchScopes: HKU\S-1-5-21-3036499068-691177906-837026766-1009 -> {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.tb.ask...or={searchTerms}                                       
BHO: Toolbar BHO -> {1e91a655-bb4b-4693-a05e-2edebc4c9d89} -> C:\Program Files\MapsGalaxy_39\bar\1.bin\39bar.dll [2014-09-20] (Mindspark)                    
BHO: Search Assistant BHO -> {6a79cdac-f710-4996-842b-fdc33b785a35} -> C:\Program Files\OnlineMapFinder_9p\bar\1.bin\9pSrcAs.dll [2014-09-20] (Mindspark)                                                        
BHO: Search Assistant BHO -> {71c1d63a-c944-428a-a5bd-ba513190e5d2} -> C:\Program Files\MapsGalaxy_39\bar\1.bin\39SrcAs.dll [2014-09-20] (Mindspark)                                                   
BHO: CNavExtBho Class -> {BDF3E430-B101-42AD-A544-FADC6B084872} -> c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll No File                                                                   
BHO: Toolbar BHO -> {d9f16d8b-81b5-4667-af4d-25365bbf7fc9} -> C:\Program Files\OnlineMapFinder_9p\bar\1.bin\9pbar.dll [2014-09-20] (Mindspark)                                                         
Toolbar: HKLM - MapsGalaxy - {364ea597-e728-4ce4-bb4a-ed846ef47970} - C:\Program Files\MapsGalaxy_39\bar\1.bin\39bar.dll [2014-09-20] (Mindspark)                                                       
Toolbar: HKLM - OnlineMapFinder - {f41a56d2-7b52-4d16-812c-a63c6ca9d4c5} - C:\Program Files\OnlineMapFinder_9p\bar\1.bin\9pbar.dll [2014-09-20] (Mindspark)                                          
Toolbar: HKU\S-1-5-21-3036499068-691177906-837026766-1009 -> Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll No File
Toolbar: HKU\S-1-5-21-3036499068-691177906-837026766-1009 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File                                          
Toolbar: HKU\S-1-5-21-3036499068-691177906-837026766-1009 -> MapsGalaxy - {364EA597-E728-4CE4-BB4A-ED846EF47970} - C:\Program Files\MapsGalaxy_39\bar\1.bin\39bar.dll [2014-09-20] (Mindspark) 
Toolbar: HKU\S-1-5-21-3036499068-691177906-837026766-1009 -> OnlineMapFinder - {F41A56D2-7B52-4D16-812C-A63C6CA9D4C5} - C:\Program Files\OnlineMapFinder_9p\bar\1.bin\9pbar.dll [2014-09-20] (Mindspark)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab                  
ShellExecuteHooks:  - {FA010552-4A27-4cb1-A1BB-3E2D697F1639} -  No File [ ]                           
S2 MapsGalaxy_39Service; C:\Program Files\MapsGalaxy_39\bar\1.bin\39barsvc.exe [90696 2014-09-20] (Mindspark)                                   
C:\Program Files\MapsGalaxy_39\bar\1.bin\39barsvc.exe
S2 OnlineMapFinder_9pService; C:\Program Files\OnlineMapFinder_9p\bar\1.bin\9pbarsvc.exe [90696 2014-09-20] (Mindspark)                                       
C:\Program Files\OnlineMapFinder_9p\bar\1.bin\9pbarsvc.exe
R2 SlimService; C:\Program Files\SlimCleaner Plus\SlimServiceFactory.exe [222016 2014-08-04] (SlimWare Utilities, Inc.)                    
C:\Program Files\SlimCleaner Plus\SlimServiceFactory.exe
U1 WS2IFSL; No ImagePath                           
2015-05-18 18:39 - 2011-05-20 14:51 - 00000000 ____D () C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Local Settings\Temp                      
2015-05-18 18:17 - 2014-09-23 17:37 - 00000380 _____ () C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - Compaq_Owner).job  
Task: C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - Compaq_Owner).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe   
CustomCLSID: HKU\S-1-5-21-3036499068-691177906-837026766-1009_Classes\CLSID\{26842a09-ffa8-4e2c-ae12-0c80f01c3295}\InprocServer32 -> C:\Program Files\MapsGalaxy_39\bar\1.bin\39SrcAs.dll (Mindspark)   
C:\Program Files\MapsGalaxy_39\bar\1.bin\39SrcAs.dll 
CustomCLSID: HKU\S-1-5-21-3036499068-691177906-837026766-1009_Classes\CLSID\{6d010537-9e99-400b-b652-b0d5a5757e5d}\InprocServer32 -> C:\Program Files\OnlineMapFinder_9p\bar\1.bin\9pSrcAs.dll (Mindspark)
C:\Program Files\OnlineMapFinder_9p\bar\1.bin\9pSrcAs.dll
CMD: bitsadmin /reset /allusers                         
EmptyTemp:
End
2. Click on File > Save as... and a Save As box will appear.
  • You will need to save this file to your Desktop. Click Desktop in the left pane of the Save As window.
  • Inside the File Name: box type fixlist.txt
  • Click the Save button and the box will close.
You can now close Notepad by clicking on the X in the top right corner.

NOTE: => It's important that both files, FRST and fixlist.txt are in the same location (on the Desktop) or the fix will not work.


3. Double click on FRST to open it. Click the Fix button just once and wait.
NOTE: => FRST may check and download an updated version.
After the completion, a log (Fixlog.txt) will be produced. Copy and Paste the contents of the log in your next reply.



Things I need to see in your next posting:

1. Did you have any problems with uninstalling the programs?
2. Fixlog.txt
3. Information on how your computer is running now.
  • 0

#4
BrownePoints
Posted 20 May 2015 - 10:16 PM

BrownePoints

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Hi Sugartooth,

 

I'm looking at the fixlist like you asked, and yes, I see the blank lines. I'm also copying and pasting new FRST/Addition logs like you asked me to.

 

Problems?

Well, when I went to uninstall Maps Galaxy Toolbar, I got the message that the module couldn't be found and then it disappeared. Then I got an uninstall survey for it which I closed. When I pressed the Fix button, I got a message that FRST.exe encountered a problem and needed to close. I tried it again and it worked.

 

Information?

The double toolbars disappeared. Appears to be running faster, but I'll let you know later.

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 19-05-2015
Ran by Compaq_Owner at 2015-05-20 20:23:34 Run:2
Running from C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop
Loaded Profiles: Compaq_Owner (Available profiles: Compaq_Owner)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
CreateRestorePoint:
CloseProcesses:
(Realtek Semiconductor Corp.) C:\WINDOWS\ALCXMNTR.EXE
(Mindspark) C:\PROGRA~1\MAPSGA~2\bar\1.bin\APPINTEGRATOR.EXE  
(Mindspark) C:\PROGRA~1\ONLINE~3\bar\1.bin\APPINTEGRATOR.EXE  
(SlimWare Utilities, Inc.) C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe           
(SlimWare Utilities, Inc.) C:\Program Files\SlimCleaner Plus\SlimServiceFactory.exe                 
(SlimWare Utilities, Inc.) C:\Program Files\SlimCleaner Plus\SlimService.exe    
(Mindspark) C:\Program Files\MapsGalaxy_39\bar\1.bin\CrExtP39.exe     
(Mindspark) C:\Program Files\OnlineMapFinder_9p\bar\1.bin\CrExtP9p.exe     
HKLM\...\Run: [AlcxMonitor] => C:\WINDOWS\ALCXMNTR.EXE [57344 2004-09-07] (Realtek Semiconductor Corp.)  
C:\WINDOWS\ALCXMNTR.EXE  
HKLM\...\Run: [] => [X]                                      
HKLM\...\Run: [MapsGalaxy AppIntegrator 32-bit] => C:\Program Files\MapsGalaxy_39\bar\1.bin\AppIntegrator.exe [225864 2014-09-20] (Mindspark)
C:\Program Files\MapsGalaxy_39\bar\1.bin\AppIntegrator.exe
HKLM\...\Run: [MapsGalaxy Search Scope Monitor] => C:\Program Files\MapsGalaxy_39\bar\1.bin\39SrchMn.exe [55880 2014-09-20] (Mindspark)    
C:\Program Files\MapsGalaxy_39\bar\1.bin\39SrchMn.exe                                    
HKLM\...\Run: [OnlineMapFinder AppIntegrator 32-bit] => C:\Program Files\OnlineMapFinder_9p\bar\1.bin\AppIntegrator.exe [225864 2014-09-20] (Mindspark)     
C:\Program Files\OnlineMapFinder_9p\bar\1.bin\AppIntegrator.exe                                      
HKLM\...\Run: [OnlineMapFinder Search Scope Monitor] => C:\Program Files\OnlineMapFinder_9p\bar\1.bin\9pSrchMn.exe [55880 2014-09-20] (Mindspark)  
C:\Program Files\OnlineMapFinder_9p\bar\1.bin\9pSrchMn.exe   
HKLM\...\Policies\Explorer: [NoCDBurning] 0  
HKU\S-1-5-21-3036499068-691177906-837026766-1009\...\Run: [SlimCleaner Plus] => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe [26163008 2014-08-04] (SlimWare Utilities, Inc.)                              
C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
HKU\S-1-5-21-3036499068-691177906-837026766-1009\...\MountPoints2: {946850c5-1e27-11d9-baf0-806d6172696f} - D:\setup.exe                                        
HKU\S-1-5-21-3036499068-691177906-837026766-1009\...\MountPoints2: {c7eaf834-7138-11d9-a02f-806d6172696f} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480            
URLSearchHook: [S-1-5-21-3036499068-691177906-837026766-1009] ATTENTION ==> Default URLSearchHook is missing.                                      
URLSearchHook: HKU\S-1-5-21-3036499068-691177906-837026766-1009 - (No Name) - {26842a09-ffa8-4e2c-ae12-0c80f01c3295} - C:\Program Files\MapsGalaxy_39\bar\1.bin\39SrcAs.dll (Mindspark)  
URLSearchHook: HKU\S-1-5-21-3036499068-691177906-837026766-1009 - (No Name) - {6d010537-9e99-400b-b652-b0d5a5757e5d} - C:\Program Files\OnlineMapFinder_9p\bar\1.bin\9pSrcAs.dll (Mindspark)
SearchScopes: HKLM -> DefaultScope {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.tb.ask...or={searchTerms}               
SearchScopes: HKLM -> {274daec0-c4e8-4f30-9e5c-9424990769b9} URL = http://search.mywebs...or={searchTerms}                       
SearchScopes: HKLM -> {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.tb.ask...or={searchTerms}   
SearchScopes: HKU\S-1-5-21-3036499068-691177906-837026766-1009 -> {274daec0-c4e8-4f30-9e5c-9424990769b9} URL = http://search.mywebs...or={searchTerms}         
SearchScopes: HKU\S-1-5-21-3036499068-691177906-837026766-1009 -> {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.tb.ask...or={searchTerms}                                      
BHO: Toolbar BHO -> {1e91a655-bb4b-4693-a05e-2edebc4c9d89} -> C:\Program Files\MapsGalaxy_39\bar\1.bin\39bar.dll [2014-09-20] (Mindspark)                   
BHO: Search Assistant BHO -> {6a79cdac-f710-4996-842b-fdc33b785a35} -> C:\Program Files\OnlineMapFinder_9p\bar\1.bin\9pSrcAs.dll [2014-09-20] (Mindspark)                                                       
BHO: Search Assistant BHO -> {71c1d63a-c944-428a-a5bd-ba513190e5d2} -> C:\Program Files\MapsGalaxy_39\bar\1.bin\39SrcAs.dll [2014-09-20] (Mindspark)                                                  
BHO: CNavExtBho Class -> {BDF3E430-B101-42AD-A544-FADC6B084872} -> c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll No File                                                                  
BHO: Toolbar BHO -> {d9f16d8b-81b5-4667-af4d-25365bbf7fc9} -> C:\Program Files\OnlineMapFinder_9p\bar\1.bin\9pbar.dll [2014-09-20] (Mindspark)                                                        
Toolbar: HKLM - MapsGalaxy - {364ea597-e728-4ce4-bb4a-ed846ef47970} - C:\Program Files\MapsGalaxy_39\bar\1.bin\39bar.dll [2014-09-20] (Mindspark)                                                      
Toolbar: HKLM - OnlineMapFinder - {f41a56d2-7b52-4d16-812c-a63c6ca9d4c5} - C:\Program Files\OnlineMapFinder_9p\bar\1.bin\9pbar.dll [2014-09-20] (Mindspark)                                         
Toolbar: HKU\S-1-5-21-3036499068-691177906-837026766-1009 -> Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll No File
Toolbar: HKU\S-1-5-21-3036499068-691177906-837026766-1009 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File                                         
Toolbar: HKU\S-1-5-21-3036499068-691177906-837026766-1009 -> MapsGalaxy - {364EA597-E728-4CE4-BB4A-ED846EF47970} - C:\Program Files\MapsGalaxy_39\bar\1.bin\39bar.dll [2014-09-20] (Mindspark)
Toolbar: HKU\S-1-5-21-3036499068-691177906-837026766-1009 -> OnlineMapFinder - {F41A56D2-7B52-4D16-812C-A63C6CA9D4C5} - C:\Program Files\OnlineMapFinder_9p\bar\1.bin\9pbar.dll [2014-09-20] (Mindspark)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab                 
ShellExecuteHooks:  - {FA010552-4A27-4cb1-A1BB-3E2D697F1639} -  No File [ ]                          
S2 MapsGalaxy_39Service; C:\Program Files\MapsGalaxy_39\bar\1.bin\39barsvc.exe [90696 2014-09-20] (Mindspark)                                  
C:\Program Files\MapsGalaxy_39\bar\1.bin\39barsvc.exe
S2 OnlineMapFinder_9pService; C:\Program Files\OnlineMapFinder_9p\bar\1.bin\9pbarsvc.exe [90696 2014-09-20] (Mindspark)                                      
C:\Program Files\OnlineMapFinder_9p\bar\1.bin\9pbarsvc.exe
R2 SlimService; C:\Program Files\SlimCleaner Plus\SlimServiceFactory.exe [222016 2014-08-04] (SlimWare Utilities, Inc.)                   
C:\Program Files\SlimCleaner Plus\SlimServiceFactory.exe
U1 WS2IFSL; No ImagePath                          
2015-05-18 18:39 - 2011-05-20 14:51 - 00000000 ____D () C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Local Settings\Temp                     
2015-05-18 18:17 - 2014-09-23 17:37 - 00000380 _____ () C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - Compaq_Owner).job 
Task: C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - Compaq_Owner).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe  
CustomCLSID: HKU\S-1-5-21-3036499068-691177906-837026766-1009_Classes\CLSID\{26842a09-ffa8-4e2c-ae12-0c80f01c3295}\InprocServer32 -> C:\Program Files\MapsGalaxy_39\bar\1.bin\39SrcAs.dll (Mindspark)  
C:\Program Files\MapsGalaxy_39\bar\1.bin\39SrcAs.dll
CustomCLSID: HKU\S-1-5-21-3036499068-691177906-837026766-1009_Classes\CLSID\{6d010537-9e99-400b-b652-b0d5a5757e5d}\InprocServer32 -> C:\Program Files\OnlineMapFinder_9p\bar\1.bin\9pSrcAs.dll (Mindspark)
C:\Program Files\OnlineMapFinder_9p\bar\1.bin\9pSrcAs.dll
CMD: bitsadmin /reset /allusers                        
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
C:\WINDOWS\ALCXMNTR.EXE => No running process found
C:\PROGRA~1\MAPSGA~2\bar\1.bin\APPINTEGRATOR.EXE => No running process found
C:\PROGRA~1\ONLINE~3\bar\1.bin\APPINTEGRATOR.EXE => No running process found
C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe => No running process found
C:\Program Files\SlimCleaner Plus\SlimServiceFactory.exe => No running process found
C:\Program Files\SlimCleaner Plus\SlimService.exe => No running process found
C:\Program Files\MapsGalaxy_39\bar\1.bin\CrExtP39.exe => No running process found
C:\Program Files\OnlineMapFinder_9p\bar\1.bin\CrExtP9p.exe => No running process found
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AlcxMonitor => Value not found.
"C:\WINDOWS\ALCXMNTR.EXE" => File/Directory not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MapsGalaxy AppIntegrator 32-bit => Value not found.
"C:\Program Files\MapsGalaxy_39\bar\1.bin\AppIntegrator.exe" => File/Directory not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MapsGalaxy Search Scope Monitor => Value not found.
"C:\Program Files\MapsGalaxy_39\bar\1.bin\39SrchMn.exe" => File/Directory not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\OnlineMapFinder AppIntegrator 32-bit => Value not found.
"C:\Program Files\OnlineMapFinder_9p\bar\1.bin\AppIntegrator.exe" => File/Directory not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\OnlineMapFinder Search Scope Monitor => Value not found.
"C:\Program Files\OnlineMapFinder_9p\bar\1.bin\9pSrchMn.exe" => File/Directory not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoCDBurning => Value not found.
HKU\S-1-5-21-3036499068-691177906-837026766-1009\Software\Microsoft\Windows\CurrentVersion\Run\\SlimCleaner Plus => Value not found.
"C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe" => File/Directory not found.
HKU\S-1-5-21-3036499068-691177906-837026766-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{946850c5-1e27-11d9-baf0-806d6172696f} => Key not found.
HKCR\CLSID\{946850c5-1e27-11d9-baf0-806d6172696f} => Key not found.
HKU\S-1-5-21-3036499068-691177906-837026766-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c7eaf834-7138-11d9-a02f-806d6172696f} => Key not found.
HKCR\CLSID\{c7eaf834-7138-11d9-a02f-806d6172696f} => Key not found.
Error setting Default URLSearchHook.
HKU\S-1-5-21-3036499068-691177906-837026766-1009\Software\Microsoft\Internet Explorer\URLSearchHooks\\{26842a09-ffa8-4e2c-ae12-0c80f01c3295} => Value not found.
HKU\S-1-5-21-3036499068-691177906-837026766-1009\Software\Microsoft\Internet Explorer\URLSearchHooks\\{6d010537-9e99-400b-b652-b0d5a5757e5d} => Value not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{274daec0-c4e8-4f30-9e5c-9424990769b9} => Key not found.
HKCR\CLSID\{274daec0-c4e8-4f30-9e5c-9424990769b9} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f} => Key not found.
HKCR\CLSID\{b0441a0e-a49a-4e16-afc1-74ecced1921f} => Key not found.
HKU\S-1-5-21-3036499068-691177906-837026766-1009\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{274daec0-c4e8-4f30-9e5c-9424990769b9} => Key not found.
HKCR\CLSID\{274daec0-c4e8-4f30-9e5c-9424990769b9} => Key not found.
HKU\S-1-5-21-3036499068-691177906-837026766-1009\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f} => Key not found.
HKCR\CLSID\{b0441a0e-a49a-4e16-afc1-74ecced1921f} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1e91a655-bb4b-4693-a05e-2edebc4c9d89} => Key not found.
HKCR\CLSID\{1e91a655-bb4b-4693-a05e-2edebc4c9d89} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6a79cdac-f710-4996-842b-fdc33b785a35} => Key not found.
HKCR\CLSID\{6a79cdac-f710-4996-842b-fdc33b785a35} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71c1d63a-c944-428a-a5bd-ba513190e5d2} => Key not found.
HKCR\CLSID\{71c1d63a-c944-428a-a5bd-ba513190e5d2} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872} => Key not found.
"HKCR\CLSID\{BDF3E430-B101-42AD-A544-FADC6B084872}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d9f16d8b-81b5-4667-af4d-25365bbf7fc9} => Key not found.
HKCR\CLSID\{d9f16d8b-81b5-4667-af4d-25365bbf7fc9} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{364ea597-e728-4ce4-bb4a-ed846ef47970} => Value not found.
HKCR\CLSID\{364ea597-e728-4ce4-bb4a-ed846ef47970} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{f41a56d2-7b52-4d16-812c-a63c6ca9d4c5} => Value not found.
HKCR\CLSID\{f41a56d2-7b52-4d16-812c-a63c6ca9d4c5} => Key not found.
HKU\S-1-5-21-3036499068-691177906-837026766-1009\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} => value deleted successfully.
"HKCR\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" => Key deleted successfully.
HKU\S-1-5-21-3036499068-691177906-837026766-1009\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
HKU\S-1-5-21-3036499068-691177906-837026766-1009\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{364EA597-E728-4CE4-BB4A-ED846EF47970} => Value not found.
HKCR\CLSID\{364EA597-E728-4CE4-BB4A-ED846EF47970} => Key not found.
HKU\S-1-5-21-3036499068-691177906-837026766-1009\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F41A56D2-7B52-4D16-812C-A63C6CA9D4C5} => Value not found.
HKCR\CLSID\{F41A56D2-7B52-4D16-812C-A63C6CA9D4C5} => Key not found.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}" => Key deleted successfully.
HKCR\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5} => Key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{FA010552-4A27-4cb1-A1BB-3E2D697F1639} => value deleted successfully.
HKCR\CLSID\{FA010552-4A27-4cb1-A1BB-3E2D697F1639} => Key not found.
MapsGalaxy_39Service => Service not found.
"C:\Program Files\MapsGalaxy_39\bar\1.bin\39barsvc.exe" => File/Directory not found.
OnlineMapFinder_9pService => Service not found.
"C:\Program Files\OnlineMapFinder_9p\bar\1.bin\9pbarsvc.exe" => File/Directory not found.
SlimService => Service not found.
"C:\Program Files\SlimCleaner Plus\SlimServiceFactory.exe" => File/Directory not found.
WS2IFSL => Service deleted successfully.
C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Local Settings\Temp => Moved successfully.
C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - Compaq_Owner).job => Moved successfully.
C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - Compaq_Owner).job not found.
HKU\S-1-5-21-3036499068-691177906-837026766-1009_Classes\CLSID\{26842a09-ffa8-4e2c-ae12-0c80f01c3295} => Key not found.
"C:\Program Files\MapsGalaxy_39\bar\1.bin\39SrcAs.dll" => File/Directory not found.
HKU\S-1-5-21-3036499068-691177906-837026766-1009_Classes\CLSID\{6d010537-9e99-400b-b652-b0d5a5757e5d} => Key not found.
"C:\Program Files\OnlineMapFinder_9p\bar\1.bin\9pSrcAs.dll" => File/Directory not found.

=========  bitsadmin /reset /allusers =========

'bitsadmin' is not recognized as an internal or external command,
operable program or batch file.

========= End of CMD: =========

EmptyTemp: => Removed 3.3 GB temporary data.

The system needed a reboot.

==== End of Fixlog 20:27:49 ====

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-05-2015
Ran by Compaq_Owner (administrator) on YOUR-4F1261A8E5 on 20-05-2015 20:50:35
Running from C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop
Loaded Profiles: Compaq_Owner (Available profiles: Compaq_Owner)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Hewlett-Packard Company) C:\WINDOWS\system\hpsysdrv.exe
(Agere Systems) C:\WINDOWS\AGRSMMSG.exe
(Hewlett-Packard Company) C:\hp\KBD\kbd.exe
(Apple Computer, Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Computer, Inc.) C:\Program Files\QuickTime\qttask.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Sony Corporation) C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
() C:\Program Files\Sony\PlayMemories Home\dfs.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Sony Corporation) C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(HP) C:\WINDOWS\system32\HPZipm12.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Apple Computer, Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\windows\system\hpsysdrv.exe [52736 1998-05-07] (Hewlett-Packard Company)
HKLM\...\Run: [AGRSMMSG] => C:\WINDOWS\AGRSMMSG.exe [88363 2004-06-29] (Agere Systems)
HKLM\...\Run: [KBD] => C:\HP\KBD\KBD.EXE [61440 2003-02-11] (Hewlett-Packard Company)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [278528 2004-10-14] (Apple Computer, Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [98304 2005-02-15] (Apple Computer, Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [TkBellExe] => C:\program files\real\realplayer\update\realsched.exe [296056 2011-12-02] (RealNetworks, Inc.)
HKLM\...\Run: [PMBVolumeWatcher] => C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe [740888 2013-04-24] (Sony Corporation)
HKU\S-1-5-21-3036499068-691177906-837026766-1009\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3036499068-691177906-837026766-1009\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
HKU\S-1-5-21-3036499068-691177906-837026766-1009\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
HKU\S-1-5-21-3036499068-691177906-837026766-1009\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...ario&pf=desktop
URLSearchHook: [S-1-5-21-3036499068-691177906-837026766-1009] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKU\S-1-5-21-3036499068-691177906-837026766-1009 -> DefaultScope {5AD266E2-AF0D-4069-8443-5B8F21633EE8} URL = http://search.yahoo....f-8&fr=chr-yie8
SearchScopes: HKU\S-1-5-21-3036499068-691177906-837026766-1009 -> {5AD266E2-AF0D-4069-8443-5B8F21633EE8} URL = http://search.yahoo....f-8&fr=chr-yie8
SearchScopes: HKU\S-1-5-21-3036499068-691177906-837026766-1009 -> {5B17CE5D-73D2-4EA9-9390-F90B47B4089B} URL = http://delicious.com...?p={searchTerms}
SearchScopes: HKU\S-1-5-21-3036499068-691177906-837026766-1009 -> {73198342-D752-4CDF-BB3E-27DC07C8E311} URL = http://rover.ebay.co...le={searchTerms}
SearchScopes: HKU\S-1-5-21-3036499068-691177906-837026766-1009 -> {A91EBEC7-F573-499F-9B03-FE32465A8802} URL = http://www.flickr.co...?q={searchTerms}
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-12-02] (RealPlayer)
BHO: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll [2010-03-23] (Yahoo! Inc)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1

FireFox:
========
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=15.0.0.198 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2011-12-02] (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.0.198 -> c:\program files\real\realplayer\Netscape6\nprjplug.dll [2011-12-02] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.0.198 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2011-12-02] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.0.198 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2011-12-02] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=15.0.0.198 -> c:\program files\real\realplayer\Netscape6\nprpjplug.dll [2011-12-02] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-12-02]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-10-17]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR DefaultSearchKeyword: Default -> inbox.com
CHR DefaultSearchURL: Default -> http://www2.inbox.co...id=82116&lng=en
CHR DefaultSuggestURL: Default -> http://www.inbox.com...?q={searchTerms}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\google\chrome\application\42.0.2311.152\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\google\chrome\application\42.0.2311.152\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\google\chrome\application\42.0.2311.152\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 6.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (RealNetworks™ Chrome Background Extension Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (My Web Search Plugin Stub) - C:\Program Files\MyWebSearch\bar\3.bin\NPMyWebS.dll No File
CHR Plugin: (RealJukebox NS Plugin) - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Profile: C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2011-12-02]
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-23]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-12-02]
CHR HKLM\...\Chrome\Extension: [odbbfaealmlpnodchplhdomkgpdkeeal] - C:\Program Files\RebateInformer\Chrome\rebateinformer_c.crx [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 DeviceFinderService; C:\Program Files\Sony\PlayMemories Home\dfs.exe [149528 2013-04-24] ()
R3 iPodService; C:\Program Files\iPod\bin\iPodService.exe [327680 2004-10-14] (Apple Computer, Inc.) [File not signed]
R2 PMBDeviceInfoProvider; C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [483864 2013-04-24] (Sony Corporation)
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [73728 2007-08-09] (HP) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [2317696 2005-04-20] (Realtek Semiconductor Corp.)
R3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51120 2004-12-14] (HP)
R3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2004-12-14] (HP)
R3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21744 2004-12-14] (HP)
R3 Iviaspi; C:\WINDOWS\System32\drivers\iviaspi.sys [21060 2003-09-11] (InterVideo, Inc.) [File not signed]
R3 Pfc; C:\WINDOWS\System32\drivers\pfc.sys [10368 2003-09-19] (Padus, Inc.) [File not signed]
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [20576 2005-02-15] (Sonic Solutions) [File not signed]
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-04] (Realtek Semiconductor Corporation)
R3 SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [247296 2005-04-12] (Silicon Integrated Systems Corporation)
R1 SiSkp; C:\WINDOWS\System32\DRIVERS\srvkp.sys [11904 2005-04-12] (Silicon Integrated Systems Corporation)
R3 SISNIC; C:\WINDOWS\System32\DRIVERS\sisnic.sys [32768 2003-07-11] (SiS Corporation)
S3 HSFHWBS2; system32\DRIVERS\HSFHWBS2.sys [X]
S3 HSF_DP; system32\DRIVERS\HSF_DP.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 smserial; system32\DRIVERS\smserial.sys [X]
S3 winachsf; system32\DRIVERS\HSF_CNXT.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-20 20:34 - 2015-05-20 20:34 - 00000000 __SHD () C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\IECompatCache
2015-05-20 20:30 - 2015-05-20 20:51 - 00000000 ____D () C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Local Settings\Temp
2015-05-20 20:21 - 2015-05-20 20:21 - 00000000 ____D () C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\FRST-OlderVersion
2015-05-19 20:59 - 2015-05-19 20:59 - 00009216 _____ () C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\cong part 3.wps
2015-05-19 20:44 - 2015-05-20 20:49 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d092af4082782e.job
2015-05-18 18:40 - 2015-05-18 18:40 - 00029307 _____ () C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\Addition.txt
2015-05-18 18:39 - 2015-05-20 20:51 - 00014249 _____ () C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\FRST.txt
2015-05-18 18:39 - 2015-05-20 20:50 - 00000000 ____D () C:\FRST
2015-05-18 18:36 - 2015-05-20 20:21 - 01146880 _____ (Farbar) C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\FRST.exe
2015-05-17 17:47 - 2015-05-19 16:57 - 00014336 _____ () C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\Argumentative essay off campus eating.wps
2015-05-14 16:29 - 2015-05-19 20:54 - 00010240 _____ () C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\con hear part 2.wps
2015-05-14 15:41 - 2015-05-14 15:41 - 00009728 _____ () C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\congreesinal hear part one.wps
2015-05-07 10:53 - 2015-05-07 10:53 - 00105238 _____ () C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\adam
2015-04-28 16:06 - 2015-04-28 16:06 - 00686232 _____ () C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\debra
2015-04-21 21:10 - 2015-04-21 21:10 - 00010240 _____ () C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\mike silo bag.wps

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-20 20:49 - 2015-02-06 19:44 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0427ffd7a7e0c.job
2015-05-20 20:45 - 2004-10-15 10:52 - 01352193 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-20 20:44 - 2011-01-15 01:51 - 00000400 _____ () C:\WINDOWS\Tasks\Final Media Player Update Checker.job
2015-05-20 20:44 - 2004-10-15 03:33 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-05-20 20:44 - 2004-10-15 03:33 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-05-20 20:43 - 2014-11-13 16:43 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cfff9bab2ab3f0.job
2015-05-20 20:43 - 2014-10-23 08:20 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cfeed4da8d847e.job
2015-05-20 20:43 - 2011-07-21 09:07 - 00000292 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-3036499068-691177906-837026766-1009.job
2015-05-20 20:43 - 2011-07-16 22:07 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cc443f6f4a153a.job
2015-05-20 20:43 - 2005-07-19 14:09 - 00000248 _____ () C:\WINDOWS\system\hpsysdrv.dat
2015-05-20 20:43 - 2004-10-15 10:51 - 00032338 _____ () C:\WINDOWS\SchedLgU.Txt
2015-05-20 20:43 - 2004-10-15 10:51 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-20 20:42 - 2011-05-20 14:51 - 00000178 ___SH () C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\ntuser.ini
2015-05-20 20:34 - 2011-05-20 14:51 - 00000000 ____D () C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5
2015-05-20 20:24 - 2005-01-28 21:28 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Temp
2015-05-20 20:24 - 2005-01-28 21:27 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
2015-05-20 20:17 - 2012-05-24 07:16 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-05-20 20:11 - 2014-09-23 17:35 - 00000000 ____D () C:\Program Files\SlimCleaner Plus
2015-05-20 20:08 - 2013-04-29 20:16 - 08361577 _____ () C:\WINDOWS\KB978542.log
2015-05-20 07:43 - 2011-07-16 22:07 - 00000898 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cc443f6fa710f0.job
2015-05-19 21:54 - 2011-07-12 19:45 - 00015320 _____ () C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Application Data\wklnhst.dat
2015-05-19 21:54 - 2005-02-15 17:22 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2015-05-18 17:27 - 2004-10-15 10:41 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
2015-05-17 16:46 - 2014-09-08 16:51 - 00027136 _____ () C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\Agenda.Template.wps
2015-05-14 16:50 - 2013-08-19 12:55 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-05-14 16:39 - 2011-05-20 16:23 - 137310008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-05-08 15:00 - 2014-03-05 16:10 - 00000230 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job

==================== Files in the root of some directories =======

2011-07-12 19:45 - 2015-05-19 21:54 - 0015320 _____ () C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Application Data\wklnhst.dat
2012-03-06 04:22 - 2014-02-19 14:51 - 0016384 _____ () C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-05-20 14:51 - 2011-05-20 15:46 - 0000151 _____ () C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Local Settings\Application Data\fusioncache.dat

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-05-2015
Ran by Compaq_Owner at 2015-05-20 20:51:44
Running from C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3036499068-691177906-837026766-500 - Administrator - Enabled)
ASPNET (S-1-5-21-3036499068-691177906-837026766-1010 - Limited - Enabled)
Compaq_Owner (S-1-5-21-3036499068-691177906-837026766-1009 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5
Guest (S-1-5-21-3036499068-691177906-837026766-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-3036499068-691177906-837026766-1008 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-3036499068-691177906-837026766-1002 - Limited - Disabled)
SUPPORT_fddfa904 (S-1-5-21-3036499068-691177906-837026766-1007 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1600 (Version: 47.0.1.000 - Hewlett-Packard) Hidden
1600_Help (Version: 47.0.1.000 - Hewlett-Packard) Hidden
1600Trb (Version: 47.0.1.000 - Hewlett-Packard) Hidden
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Agere Systems PCI Soft Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - )
AiO_Scan (Version: 47.0.1.000 - Hewlett-Packard) Hidden
AiOSoftware (Version: 47.0.1.000 - Hewlett-Packard) Hidden
Blackhawk Striker 2 from Compaq (remove only) (HKLM\...\BFAF1EEC-E987-415B-BCB8-80CDB0BC6CDF) (Version:  - )
Blasterball 2 from Compaq (remove only) (HKLM\...\75528D5F-DD82-402E-BA7C-045B7DC6A712) (Version:  - )
Blasterball 2 Remix from Compaq (remove only) (HKLM\...\9D7E7CDA-051E-4B0D-8CEE-58F41F449CF9) (Version:  - )
Bounce Symphony from Compaq (remove only) (HKLM\...\29FF6D07-4A15-41F1-9D5E-E0F3A58012C6) (Version:  - )
BufferChm (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Cisco Connect (HKLM\...\Cisco Connect) (Version: 1.4.11245.0 - Cisco Consumer Products LLC)
Compaq Connections (HKLM\...\BackWeb-6750491 Uninstaller) (Version:  - )
Compaq Organize (HKLM\...\{D0122362-6333-4DE4-93F6-A5A2F3CC101A}) (Version:  - )
Copy (Version: 45.4.157.000 - Hewlett-Packard) Hidden
CP_AtenaShokunin1Config (Version: 45.4.131.000 - Hewlett-Packard) Hidden
cp_dwShrek2Albums1 (Version: 45.4.157.000 - Hewlett-Packard) Hidden
cp_dwShrek2Cards1 (Version: 45.4.157.000 - Hewlett-Packard) Hidden
CreativeProjects (Version: 45.4.157.000 - Hewlett-Packard) Hidden
CreativeProjectsTemplates (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Crystal Maze from Compaq (remove only) (HKLM\...\C43D84CD-EBFC-48D3-A330-7868C8AD415A) (Version:  - )
CueTour (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Destinations (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Director (Version: 45.4.157.000 - Hewlett-Packard) Hidden
DocProc (Version: 4.5.0.0 - Hewlett-Packard) Hidden
DocumentViewer (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Easy Internet Sign-up (HKLM\...\InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}) (Version: FE UI-3.1.0.1288 - Hewlett-Packard)
Easy Internet Sign-up (Version: FE UI-3.1.0.1288 - Hewlett-Packard) Hidden
Fax (Version: 47.0.1.000 - Hewlett-Packard) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 42.0.2311.152 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
Help and Support Additions (HKLM\...\Help and Support Additions) (Version:  - )
HP Image Zone 4.7 (HKLM\...\HP Photo & Imaging) (Version: 4.7 - HP)
HP PSC & OfficeJet 4.7 (HKLM\...\{342C7C88-D335-4bc2-8CF1-281857629CE2}) (Version:  - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HpSdpAppCoreApp (Version: 3.00.0000 - Hewlett-Packard) Hidden
HPSystemDiagnostics (Version: 1.6.0.0 - Your Company Name) Hidden
InstantShare (Version: 45.4.157.000 - Hewlett-Packard) Hidden
InstantShareAlert (Version: 1.00.0000 - HP) Hidden
InterVideo DiscLabel (HKLM\...\{C3F058C0-A21C-452D-8D99-95B1A45F417D}) (Version:  - )
InterVideo WinDVD Creator (HKLM\...\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}) (Version: 2.5.14.426 - InterVideo Inc.)
InterVideo WinDVD Creator (HKLM\...\{6B350CA4-0031-0002-3757-34999AD85AEC}) (Version:  - )
InterVideo WinDVD Player (HKLM\...\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}) (Version: 5.0-B11.668 - InterVideo Inc.)
iTunes (HKLM\...\InstallShield_{BE20E2F5-1903-4AAE-B1AF-2046E586C925}) (Version: 4.7.0.42 - Apple Computer, Inc.)
iTunes (Version: 4.7.0.42 - Apple Computer, Inc.) Hidden
Java 2 Runtime Environment, SE v1.4.2_03 (HKLM\...\{7148F0A8-6813-11D6-A77B-00B0D0142030}) (Version: 1.4.2_03 - Sun Microsystems, Inc.)
KBD (HKLM\...\KBD) (Version:  - )
LP_Flash (Version: 1.00.0000 - Hewlett-Packard) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Plus! Dancer LE (HKLM\...\{1A103D70-5C9B-4E1A-B306-5106C68F9914}) (Version: 1.1.0.3522 - Microsoft Corporation)
Microsoft Plus! Digital Media Edition Installer (HKLM\...\{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}) (Version: 1.1.0.3500 - Microsoft Corporation)
Microsoft Plus! Photo Story 2 LE (HKLM\...\{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}) (Version: 1.1.0.3463 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Works (HKLM\...\{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}) (Version: 08.04.0623 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Orbital from Compaq (remove only) (HKLM\...\26DC0ED6-93A7-43C1-8DC5-EC16079580F9) (Version:  - )
Overball from Compaq (remove only) (HKLM\...\FA7F5211-C629-4711-BD82-7DFFB08CB518) (Version:  - )
PanoStandAlone (Version: 45.4.157.000 - Hewlett-Packard) Hidden
PC-Doctor for Windows (HKLM\...\InstallShield_{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA}) (Version: 1.06.002 - PC-Doctor, Inc.)
PC-Doctor for Windows (Version: 1.06.002 - PC-Doctor, Inc.) Hidden
PhotoGallery (Version: 45.4.157.000 - Hewlett-Packard) Hidden
PlayMemories Home (HKLM\...\{0657DE52-8F5C-4073-B70C-ED4F3F7FA076}) (Version: 7.0.03.04240 - Sony Corporation)
Polar Bowler from Compaq (remove only) (HKLM\...\05E21449-3BA3-42BF-BBDA-95205F4EA40A) (Version:  - )
Polar Golfer from Compaq (remove only) (HKLM\...\3330A279-CC39-4A17-AE19-DA464B26AD9A) (Version:  - )
ProductContext (Version: 47.0.1.000 - Hewlett-Packard) Hidden
PS2 (HKLM\...\PS2) (Version:  - )
Python 2.2 pywin32 extensions (build 203) (HKLM\...\pywin32-py2.2) (Version:  - )
Python 2.2.3 (HKLM\...\Python 2.2.3) (Version: 2.2.3 - PythonLabs at Zope Corporation)
QFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
QuickTime (HKLM\...\QuickTime) (Version:  - )
Readme (Version: 47.0.1.000 - Hewlett-Packard) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 15.0) (Version:  - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Road Ready Streetwise from Compaq (remove only) (HKLM\...\A2E85A38-C2D9-4EDF-AFDA-F76BCBFEBBC4) (Version:  - )
Scan (Version: 4.5.0.0 - Hewlett-Packard) Hidden
ScannerCopy (Version: 4.5.0.0 - Hewlett-Packard) Hidden
Shrek 2 Ogre Bowler from Compaq (remove only) (HKLM\...\BBCBAA5D-AC5A-4098-A53E-EC60A68F38F9) (Version:  - )
SiS VGA Utilities (HKLM\...\SiS VGA Driver) (Version:  - )
SkinsHP1 (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Sonic Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 1.0.0 - Sonic Solutions)
Sonic RecordNow! (HKLM\...\{9541FED0-327F-4DF0-8B96-EF57EF622F19}) (Version: 7.22 - Hewlett-Packard)
SpySubtract (HKLM\...\SpySubtract) (Version:  - interMute, Inc.)
Super Granny from Compaq (remove only) (HKLM\...\DE87FA96-7840-420C-86F9-33F3B7B3CED1) (Version:  - )
Tradewinds from Compaq (remove only) (HKLM\...\66195170-D19D-46C5-8FB7-8A4630071ADC) (Version:  - )
TrayApp (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Unload (Version: 4.5.0 - Hewlett-Packard) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

19-02-2015 19:44:55 Software Distribution Service 3.0
20-02-2015 21:54:17 Software Distribution Service 3.0
21-02-2015 11:30:19 Software Distribution Service 3.0
22-02-2015 10:42:31 Software Distribution Service 3.0
23-02-2015 16:41:28 Software Distribution Service 3.0
23-02-2015 20:29:15 Software Distribution Service 3.0
24-02-2015 10:49:42 Software Distribution Service 3.0
24-02-2015 14:46:03 Software Distribution Service 3.0
24-02-2015 18:31:22 Software Distribution Service 3.0
27-02-2015 11:17:56 Software Distribution Service 3.0
01-03-2015 17:18:23 Software Distribution Service 3.0
02-03-2015 20:22:16 Software Distribution Service 3.0
03-03-2015 17:57:22 Software Distribution Service 3.0
05-03-2015 21:08:56 Software Distribution Service 3.0
06-03-2015 17:10:59 Software Distribution Service 3.0
06-03-2015 20:19:54 Software Distribution Service 3.0
08-03-2015 09:41:19 Software Distribution Service 3.0
08-03-2015 09:56:20 Software Distribution Service 3.0
08-03-2015 12:59:35 Software Distribution Service 3.0
08-03-2015 19:14:07 Software Distribution Service 3.0
08-03-2015 20:56:46 Software Distribution Service 3.0
11-03-2015 16:59:15 Software Distribution Service 3.0
15-03-2015 19:32:27 Software Distribution Service 3.0
16-03-2015 12:59:43 Software Distribution Service 3.0
16-03-2015 13:21:51 Software Distribution Service 3.0
16-03-2015 20:11:52 Software Distribution Service 3.0
17-03-2015 18:42:02 Software Distribution Service 3.0
18-03-2015 18:34:57 Software Distribution Service 3.0
23-03-2015 17:15:02 Software Distribution Service 3.0
24-03-2015 10:23:26 Software Distribution Service 3.0
24-03-2015 20:03:23 Software Distribution Service 3.0
02-04-2015 17:45:50 Software Distribution Service 3.0
03-04-2015 10:48:23 Software Distribution Service 3.0
06-04-2015 16:35:03 System Checkpoint
06-04-2015 16:58:15 Software Distribution Service 3.0
06-04-2015 19:41:21 Software Distribution Service 3.0
07-04-2015 17:48:14 Software Distribution Service 3.0
16-04-2015 16:45:57 System Checkpoint
16-04-2015 17:15:43 Software Distribution Service 3.0
21-04-2015 17:31:30 Software Distribution Service 3.0
21-04-2015 21:15:17 Software Distribution Service 3.0
22-04-2015 18:19:07 Software Distribution Service 3.0
23-04-2015 18:48:30 Software Distribution Service 3.0
28-04-2015 12:13:20 Software Distribution Service 3.0
28-04-2015 18:33:14 Software Distribution Service 3.0
07-05-2015 10:58:24 Software Distribution Service 3.0
08-05-2015 13:44:16 System Checkpoint
08-05-2015 16:05:11 Software Distribution Service 3.0
10-05-2015 11:45:59 System Checkpoint
10-05-2015 12:04:15 Software Distribution Service 3.0
10-05-2015 13:50:13 Software Distribution Service 3.0
10-05-2015 16:19:22 Software Distribution Service 3.0
10-05-2015 18:21:51 Software Distribution Service 3.0
14-05-2015 16:37:07 Software Distribution Service 3.0
14-05-2015 18:08:07 Software Distribution Service 3.0
17-05-2015 17:53:10 Software Distribution Service 3.0
18-05-2015 17:53:30 Software Distribution Service 3.0
18-05-2015 21:18:43 Software Distribution Service 3.0
19-05-2015 17:03:53 Software Distribution Service 3.0
19-05-2015 21:57:17 Software Distribution Service 3.0
20-05-2015 08:21:12 Software Distribution Service 3.0
20-05-2015 14:12:17 Software Distribution Service 3.0
20-05-2015 20:09:16 Removed SlimCleaner Plus
20-05-2015 20:21:57 Restore Point Created by FRST
20-05-2015 20:23:46 Restore Point Created by FRST

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-04 18:00 - 2004-08-04 18:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Final Media Player Update Checker.job => C:\Program Files\FinalMediaPlayer\FMPCheckForUpdates.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cc443f6f4a153a.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cfeed4da8d847e.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cfff9bab2ab3f0.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0427ffd7a7e0c.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d092af4082782e.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cc443f6fa710f0.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-3036499068-691177906-837026766-1009.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-3036499068-691177906-837026766-1009.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\ReclaimerResumeInstall_Compaq_Owner.job => C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Application Data\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe

==================== Loaded Modules (Whitelisted) ==============

2004-08-04 11:00 - 2008-04-13 17:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2004-08-04 11:00 - 2008-04-13 17:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2013-04-24 05:31 - 2013-04-24 05:31 - 00149528 _____ () C:\Program Files\Sony\PlayMemories Home\dfs.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3036499068-691177906-837026766-1009\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 75.75.75.75 - 75.75.76.76

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk => C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk => C:\WINDOWS\pss\Compaq Connections.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk => C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpySubtract.lnk => C:\WINDOWS\pss\SpySubtract.lnkCommon Startup

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

DomainProfile\AuthorizedApplications: [%ProgramFiles%\iTunes\iTunes.exe] => enabled:iTunes
StandardProfile\AuthorizedApplications: [C:\Program Files\iTunes\iTunes.exe] => Enabled:iTunes
StandardProfile\AuthorizedApplications: [C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe] => Enabled:BackWeb for Presario
StandardProfile\AuthorizedApplications: [C:\Program Files\EarthLink TotalAccess\TaskPanl.exe] => Enabled:Earthlink
StandardProfile\AuthorizedApplications: [C:\Program Files\Messenger\msmsgs.exe] => Enabled:Windows Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2014\avgmfapx.exe] => Enabled:AVG Installer

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/20/2015 08:22:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application frst.exe, version 19.5.2015.0, faulting module frst.exe, version 19.5.2015.0, fault address 0x0001f405.
Processing media-specific event for [frst.exe!ws!]

Error: (05/19/2015 08:21:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (05/19/2015 08:21:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (05/18/2015 09:04:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (04/16/2015 04:19:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/01/2015 05:14:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.23588, fault address 0x00231ccc.
Processing media-specific event for [iexplore.exe!ws!]

Error: (02/22/2015 04:29:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application svchost.exe, version 5.1.2600.5512, faulting module msi.dll, version 3.1.4001.5512, fault address 0x000ffbde.
Processing media-specific event for [svchost.exe!ws!]

Error: (02/21/2015 11:29:52 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/21/2015 11:29:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module flash32_16_0_0_305.ocx, version 16.0.0.305, fault address 0x000e7be9.
Processing media-specific event for [iexplore.exe!ws!]

Error: (02/20/2015 09:53:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

System errors:
=============
Error: (05/20/2015 08:23:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (05/20/2015 08:21:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Yahoo! Updater service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/20/2015 08:21:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (05/20/2015 08:21:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/20/2015 08:21:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Pml Driver HPZ12 service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/20/2015 08:21:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The PMBDeviceInfoProvider service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/20/2015 08:21:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Machine Debug Manager service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/20/2015 08:21:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The DeviceFinderService service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/20/2015 08:09:42 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (05/20/2015 08:09:42 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Application Management service terminated with the following error:
%%126

Microsoft Office Sessions:
=========================
Error: (05/20/2015 08:22:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: frst.exe19.5.2015.0frst.exe19.5.2015.00001f405

Error: (05/19/2015 08:21:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (05/19/2015 08:21:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (05/18/2015 09:04:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (04/16/2015 04:19:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (03/01/2015 05:14:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe8.0.6001.18702mshtml.dll8.0.6001.2358800231ccc

Error: (02/22/2015 04:29:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe5.1.2600.5512msi.dll3.1.4001.5512000ffbde

Error: (02/21/2015 11:29:52 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (02/21/2015 11:29:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe8.0.6001.18702flash32_16_0_0_305.ocx16.0.0.305000e7be9

Error: (02/20/2015 09:53:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

==================== Memory info ===========================

Processor: AMD Athlon™ 64 Processor 3300+
Percentage of memory in use: 25%
Total physical RAM: 1983.48 MB
Available physical RAM: 1480.99 MB
Total Pagefile: 2502.92 MB
Available Pagefile: 2179.93 MB
Total Virtual: 2047.88 MB
Available Virtual: 1938.23 MB

==================== Drives ================================

Drive c: (PRESARIO) (Fixed) (Total:143.79 GB) (Free:80.96 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (PRESARIO_RP) (Fixed) (Total:5.25 GB) (Free:0.55 GB) FAT32 ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149.1 GB) (Disk ID: 6B1E6B1E)
Partition 1: (Not Active) - (Size=5.3 GB) - (Type=0C)
Partition 2: (Active) - (Size=143.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

 

 

 

 

 

 

 


  • 0

#5
Sugartooth
Posted 21 May 2015 - 06:33 PM

Sugartooth

    Member

  • Member
  • PipPipPip
  • 881 posts
Hi BrownePoints,

Step 1
FRST Fix

1. Open notepad (Start =>All Programs => Accessories => Notepad) and copy/paste the text present inside the code box below.
To Copy: Highlight the contents of the box, right-click on it, and choose Copy. To Paste: In the opened notepad, right-click and select Paste.

Warning: These fixes have been customized for this computer only. If you are NOT this user, DO NOT follow these directions as the tools used may damage your computer.
 
Start
CreateRestorePoint:
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
URLSearchHook: [S-1-5-21-3036499068-691177906-837026766-1009] ATTENTION ==> Default URLSearchHook is missing.
CHR HKLM\...\Chrome\Extension: [odbbfaealmlpnodchplhdomkgpdkeeal] - C:\Program Files\RebateInformer\Chrome\rebateinformer_c.crx [Not Found] 
2015-05-20 20:11 - 2014-09-23 17:35 - 00000000 ____D () C:\Program Files\SlimCleaner Plus
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2014\avgmfapx.exe] => Enabled:AVG Installer  
C:\Program Files\AVG
EmptyTemp:
End
2. Click on File > Save as... and a Save As box will appear.
  • You will need to save this file to your Desktop. Click Desktop in the left pane of the Save As window.
  • Inside the File Name: box type fixlist.txt
  • Click the Save button and the box will close.
You can now close Notepad by clicking on the X in the top right corner.

NOTE: => It's important that both files, FRST and fixlist.txt are in the same location (on the Desktop) or the fix will not work.


3. Double-click on FRST to open it. Click the Fix button just once and wait.
NOTE: => FRST may check and download an updated version.
After the completion, a log (Fixlog.txt) will be produced. Copy and Paste the contents of the log in your next reply.



Step 2
Fresh Set of Logs

1. Double-click on FRST to open it.
2. Under Optional Scan, ensure Addition.txt is checked.
3. Press the Scan button.
4. When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
5. Please copy and paste both logs in your next reply.



Step 3
Scan with AdwCleaner

1. Please download AdwCleaner by Xplode onto your desktop.
2. Close all open programs and internet browsers.
3. Double-click on adwcleaner.pngAdwCleaner to run the tool.
4. The first time the tool is opened, you will need to accept the Terms of use.

legit-adwcleaner.jpg

5. Click on Scan.
6. Once the scan has finished, it will say Waiting for action. Please uncheck elements you want to keep.
7. Click on the Logfile button. AdwCleaner[R0].txt will open. Copy and paste the log into your next reply for my review.
8. Close the program by clicking on the X located in the top right corner. Click Yes to confirm you want to close the program without cleaning.
*The log is also saved at C:\AdwCleaner\AdwCleaner[R0].txt



Step 4
Junkware Removal Tool

1. Download Junkware Removal Tool to your desktop.
2. Close all open programs and internet browsers.
3. Double-click on jrt.png to run the tool.
4. A black box will open. Press any key to continue.
5. The tool will start scanning your system.
6. Please be patient as this can take a while to complete depending on your system's specifications.
7. Upon completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
8. Close the text file and reboot your machine.
9. Please copy and paste the contents of JRT.txt into your next reply.



Things I need to see in your next posting:

1. Fixlog.txt
2. FRST.txt log
3. Addition.txt log
4. AdwCleaner[R0].txt
5. JRT.txt
6. Information on how your computer is running now.
  • 0

#6
BrownePoints
Posted 21 May 2015 - 08:36 PM

BrownePoints

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Here are the fixlog, FRST, and Addition. I will have to do the other two tomorrow.

 

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 21-05-2015
Ran by Compaq_Owner at 2015-05-21 19:06:05 Run:3
Running from C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop
Loaded Profiles: Compaq_Owner (Available profiles: Compaq_Owner)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
CreateRestorePoint:
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
URLSearchHook: [S-1-5-21-3036499068-691177906-837026766-1009] ATTENTION ==> Default URLSearchHook is missing.
CHR HKLM\...\Chrome\Extension: [odbbfaealmlpnodchplhdomkgpdkeeal] - C:\Program Files\RebateInformer\Chrome\rebateinformer_c.crx [Not Found]
2015-05-20 20:11 - 2014-09-23 17:35 - 00000000 ____D () C:\Program Files\SlimCleaner Plus
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2014\avgmfapx.exe] => Enabled:AVG Installer 
C:\Program Files\AVG
EmptyTemp:
End
*****************

Restore point was successfully created.
Chrome HomePage Deleted successfully.
Chrome StartupUrls Deleted successfully.
Error setting Default URLSearchHook.
"HKLM\SOFTWARE\Google\Chrome\Extensions\odbbfaealmlpnodchplhdomkgpdkeeal" => Key Deleted successfully.
C:\Program Files\SlimCleaner Plus => Moved successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AVG\AVG2014\avgmfapx.exe => value Deleted successfully.
"C:\Program Files\AVG" => File/Directory not found.
EmptyTemp: => Removed 21.3 MB temporary data.

The system needed a reboot.

==== End of Fixlog 19:06:46 ====

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-05-2015
Ran by Compaq_Owner (administrator) on YOUR-4F1261A8E5 on 21-05-2015 19:10:25
Running from C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop
Loaded Profiles: Compaq_Owner (Available profiles: Compaq_Owner)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Hewlett-Packard Company) C:\WINDOWS\system\hpsysdrv.exe
(Agere Systems) C:\WINDOWS\AGRSMMSG.exe
(Hewlett-Packard Company) C:\hp\KBD\kbd.exe
(Apple Computer, Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Computer, Inc.) C:\Program Files\QuickTime\qttask.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Sony Corporation) C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
() C:\Program Files\Sony\PlayMemories Home\dfs.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Sony Corporation) C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(HP) C:\WINDOWS\system32\HPZipm12.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Apple Computer, Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [hpsysdrv] => c:\windows\system\hpsysdrv.exe [52736 1998-05-07] (Hewlett-Packard Company)
HKLM-x32\...\Run: [AGRSMMSG] => C:\WINDOWS\AGRSMMSG.exe [88363 2004-06-29] (Agere Systems)
HKLM-x32\...\Run: [KBD] => C:\HP\KBD\KBD.EXE [61440 2003-02-11] (Hewlett-Packard Company)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [278528 2004-10-14] (Apple Computer, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [98304 2005-02-15] (Apple Computer, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [TkBellExe] => C:\program files\real\realplayer\update\realsched.exe [296056 2011-12-02] (RealNetworks, Inc.)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe [740888 2013-04-24] (Sony Corporation)
HKU\S-1-5-21-3036499068-691177906-837026766-1009\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3036499068-691177906-837026766-1009\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
HKU\S-1-5-21-3036499068-691177906-837026766-1009\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
HKU\S-1-5-21-3036499068-691177906-837026766-1009\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...ario&pf=desktop
URLSearchHook: [S-1-5-21-3036499068-691177906-837026766-1009] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKU\S-1-5-21-3036499068-691177906-837026766-1009 -> DefaultScope {5AD266E2-AF0D-4069-8443-5B8F21633EE8} URL = http://search.yahoo....f-8&fr=chr-yie8
SearchScopes: HKU\S-1-5-21-3036499068-691177906-837026766-1009 -> {5AD266E2-AF0D-4069-8443-5B8F21633EE8} URL = http://search.yahoo....f-8&fr=chr-yie8
SearchScopes: HKU\S-1-5-21-3036499068-691177906-837026766-1009 -> {5B17CE5D-73D2-4EA9-9390-F90B47B4089B} URL = http://delicious.com...?p={searchTerms}
SearchScopes: HKU\S-1-5-21-3036499068-691177906-837026766-1009 -> {73198342-D752-4CDF-BB3E-27DC07C8E311} URL = http://rover.ebay.co...le={searchTerms}
SearchScopes: HKU\S-1-5-21-3036499068-691177906-837026766-1009 -> {A91EBEC7-F573-499F-9B03-FE32465A8802} URL = http://www.flickr.co...?q={searchTerms}
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-12-02] (RealPlayer)
BHO: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll [2010-03-23] (Yahoo! Inc)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1

FireFox:
========
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=15.0.0.198 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2011-12-02] (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.0.198 -> c:\program files\real\realplayer\Netscape6\nprjplug.dll [2011-12-02] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.0.198 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2011-12-02] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.0.198 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2011-12-02] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=15.0.0.198 -> c:\program files\real\realplayer\Netscape6\nprpjplug.dll [2011-12-02] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-12-02]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-10-17]

Chrome:
=======
CHR DefaultSearchKeyword: Default -> inbox.com
CHR DefaultSearchURL: Default -> http://www2.inbox.co...id=82116&lng=en
CHR DefaultSuggestURL: Default -> http://www.inbox.com...?q={searchTerms}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\google\chrome\application\42.0.2311.152\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\google\chrome\application\42.0.2311.152\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\google\chrome\application\42.0.2311.152\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 6.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (RealNetworks™ Chrome Background Extension Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (My Web Search Plugin Stub) - C:\Program Files\MyWebSearch\bar\3.bin\NPMyWebS.dll No File
CHR Plugin: (RealJukebox NS Plugin) - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Profile: C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2011-12-02]
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-23]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-12-02]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 DeviceFinderService; C:\Program Files\Sony\PlayMemories Home\dfs.exe [149528 2013-04-24] ()
R3 iPodService; C:\Program Files\iPod\bin\iPodService.exe [327680 2004-10-14] (Apple Computer, Inc.) [File not signed]
R2 PMBDeviceInfoProvider; C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [483864 2013-04-24] (Sony Corporation)
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [73728 2007-08-09] (HP) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [2317696 2005-04-20] (Realtek Semiconductor Corp.)
R3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51120 2004-12-14] (HP)
R3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2004-12-14] (HP)
R3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21744 2004-12-14] (HP)
R3 Iviaspi; C:\WINDOWS\System32\drivers\iviaspi.sys [21060 2003-09-11] (InterVideo, Inc.) [File not signed]
R3 Pfc; C:\WINDOWS\System32\drivers\pfc.sys [10368 2003-09-19] (Padus, Inc.) [File not signed]
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [20576 2005-02-15] (Sonic Solutions) [File not signed]
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-04] (Realtek Semiconductor Corporation)
R3 SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [247296 2005-04-12] (Silicon Integrated Systems Corporation)
R1 SiSkp; C:\WINDOWS\System32\DRIVERS\srvkp.sys [11904 2005-04-12] (Silicon Integrated Systems Corporation)
R3 SISNIC; C:\WINDOWS\System32\DRIVERS\sisnic.sys [32768 2003-07-11] (SiS Corporation)
S3 HSFHWBS2; system32\DRIVERS\HSFHWBS2.sys [X]
S3 HSF_DP; system32\DRIVERS\HSF_DP.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 smserial; system32\DRIVERS\smserial.sys [X]
S3 winachsf; system32\DRIVERS\HSF_CNXT.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-20 20:34 - 2015-05-20 20:34 - 00000000 __SHD () C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\IECompatCache
2015-05-20 20:30 - 2015-05-21 19:11 - 00000000 ____D () C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Local Settings\Temp
2015-05-20 20:21 - 2015-05-21 19:05 - 00000000 ____D () C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\FRST-OlderVersion
2015-05-19 20:59 - 2015-05-19 20:59 - 00009216 _____ () C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\cong part 3.wps
2015-05-19 20:44 - 2015-05-21 19:09 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d092af4082782e.job
2015-05-18 18:40 - 2015-05-20 20:51 - 00027667 _____ () C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\Addition.txt
2015-05-18 18:39 - 2015-05-21 19:11 - 00013673 _____ () C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\FRST.txt
2015-05-18 18:39 - 2015-05-21 19:10 - 00000000 ____D () C:\FRST
2015-05-18 18:36 - 2015-05-21 19:05 - 01147392 _____ (Farbar) C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\FRST.exe
2015-05-17 17:47 - 2015-05-19 16:57 - 00014336 _____ () C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\Argumentative essay off campus eating.wps
2015-05-14 16:29 - 2015-05-19 20:54 - 00010240 _____ () C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\con hear part 2.wps
2015-05-14 15:41 - 2015-05-14 15:41 - 00009728 _____ () C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\congreesinal hear part one.wps
2015-05-07 10:53 - 2015-05-07 10:53 - 00105238 _____ () C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\adam
2015-04-28 16:06 - 2015-04-28 16:06 - 00686232 _____ () C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\debra
2015-04-21 21:10 - 2015-04-21 21:10 - 00010240 _____ () C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\mike silo bag.wps

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-21 19:11 - 2004-10-15 10:52 - 01385757 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-21 19:09 - 2015-02-06 19:44 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0427ffd7a7e0c.job
2015-05-21 19:09 - 2014-11-13 16:43 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cfff9bab2ab3f0.job
2015-05-21 19:09 - 2014-10-23 08:20 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cfeed4da8d847e.job
2015-05-21 19:09 - 2011-07-21 09:07 - 00000292 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-3036499068-691177906-837026766-1009.job
2015-05-21 19:09 - 2011-07-16 22:07 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cc443f6f4a153a.job
2015-05-21 19:09 - 2011-01-15 01:51 - 00000400 _____ () C:\WINDOWS\Tasks\Final Media Player Update Checker.job
2015-05-21 19:09 - 2005-07-19 14:09 - 00000248 _____ () C:\WINDOWS\system\hpsysdrv.dat
2015-05-21 19:09 - 2004-10-15 03:33 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-05-21 19:09 - 2004-10-15 03:33 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-05-21 19:08 - 2004-10-15 10:51 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-21 19:07 - 2011-05-20 14:51 - 00000178 ___SH () C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\ntuser.ini
2015-05-21 19:07 - 2004-10-15 10:51 - 00032338 _____ () C:\WINDOWS\SchedLgU.Txt
2015-05-21 19:06 - 2013-04-29 20:16 - 08367845 _____ () C:\WINDOWS\KB978542.log
2015-05-20 21:17 - 2012-05-24 07:16 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-05-20 20:34 - 2011-05-20 14:51 - 00000000 ____D () C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5
2015-05-20 20:24 - 2005-01-28 21:28 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Temp
2015-05-20 20:24 - 2005-01-28 21:27 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
2015-05-20 07:43 - 2011-07-16 22:07 - 00000898 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cc443f6fa710f0.job
2015-05-19 21:54 - 2011-07-12 19:45 - 00015320 _____ () C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Application Data\wklnhst.dat
2015-05-19 21:54 - 2005-02-15 17:22 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2015-05-18 17:27 - 2004-10-15 10:41 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
2015-05-17 16:46 - 2014-09-08 16:51 - 00027136 _____ () C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\Agenda.Template.wps
2015-05-14 16:50 - 2013-08-19 12:55 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-05-14 16:39 - 2011-05-20 16:23 - 137310008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-05-08 15:00 - 2014-03-05 16:10 - 00000230 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job

==================== Files in the root of some directories =======

2011-07-12 19:45 - 2015-05-19 21:54 - 0015320 _____ () C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Application Data\wklnhst.dat
2012-03-06 04:22 - 2014-02-19 14:51 - 0016384 _____ () C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-05-20 14:51 - 2011-05-20 15:46 - 0000151 _____ () C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Local Settings\Application Data\fusioncache.dat

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-05-2015
Ran by Compaq_Owner at 2015-05-21 19:14:36
Running from C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3036499068-691177906-837026766-500 - Administrator - Enabled)
ASPNET (S-1-5-21-3036499068-691177906-837026766-1010 - Limited - Enabled)
Compaq_Owner (S-1-5-21-3036499068-691177906-837026766-1009 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5
Guest (S-1-5-21-3036499068-691177906-837026766-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-3036499068-691177906-837026766-1008 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-3036499068-691177906-837026766-1002 - Limited - Disabled)
SUPPORT_fddfa904 (S-1-5-21-3036499068-691177906-837026766-1007 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1600 (Version: 47.0.1.000 - Hewlett-Packard) Hidden
1600_Help (Version: 47.0.1.000 - Hewlett-Packard) Hidden
1600Trb (Version: 47.0.1.000 - Hewlett-Packard) Hidden
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Agere Systems PCI Soft Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - )
AiO_Scan (Version: 47.0.1.000 - Hewlett-Packard) Hidden
AiOSoftware (Version: 47.0.1.000 - Hewlett-Packard) Hidden
Blackhawk Striker 2 from Compaq (remove only) (HKLM\...\BFAF1EEC-E987-415B-BCB8-80CDB0BC6CDF) (Version:  - )
Blasterball 2 from Compaq (remove only) (HKLM\...\75528D5F-DD82-402E-BA7C-045B7DC6A712) (Version:  - )
Blasterball 2 Remix from Compaq (remove only) (HKLM\...\9D7E7CDA-051E-4B0D-8CEE-58F41F449CF9) (Version:  - )
Bounce Symphony from Compaq (remove only) (HKLM\...\29FF6D07-4A15-41F1-9D5E-E0F3A58012C6) (Version:  - )
BufferChm (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Cisco Connect (HKLM\...\Cisco Connect) (Version: 1.4.11245.0 - Cisco Consumer Products LLC)
Compaq Connections (HKLM\...\BackWeb-6750491 Uninstaller) (Version:  - )
Compaq Organize (HKLM\...\{D0122362-6333-4DE4-93F6-A5A2F3CC101A}) (Version:  - )
Copy (Version: 45.4.157.000 - Hewlett-Packard) Hidden
CP_AtenaShokunin1Config (Version: 45.4.131.000 - Hewlett-Packard) Hidden
cp_dwShrek2Albums1 (Version: 45.4.157.000 - Hewlett-Packard) Hidden
cp_dwShrek2Cards1 (Version: 45.4.157.000 - Hewlett-Packard) Hidden
CreativeProjects (Version: 45.4.157.000 - Hewlett-Packard) Hidden
CreativeProjectsTemplates (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Crystal Maze from Compaq (remove only) (HKLM\...\C43D84CD-EBFC-48D3-A330-7868C8AD415A) (Version:  - )
CueTour (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Destinations (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Director (Version: 45.4.157.000 - Hewlett-Packard) Hidden
DocProc (Version: 4.5.0.0 - Hewlett-Packard) Hidden
DocumentViewer (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Easy Internet Sign-up (HKLM\...\InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}) (Version: FE UI-3.1.0.1288 - Hewlett-Packard)
Easy Internet Sign-up (Version: FE UI-3.1.0.1288 - Hewlett-Packard) Hidden
Fax (Version: 47.0.1.000 - Hewlett-Packard) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 42.0.2311.152 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
Help and Support Additions (HKLM\...\Help and Support Additions) (Version:  - )
HP Image Zone 4.7 (HKLM\...\HP Photo & Imaging) (Version: 4.7 - HP)
HP PSC & OfficeJet 4.7 (HKLM\...\{342C7C88-D335-4bc2-8CF1-281857629CE2}) (Version:  - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HpSdpAppCoreApp (Version: 3.00.0000 - Hewlett-Packard) Hidden
HPSystemDiagnostics (Version: 1.6.0.0 - Your Company Name) Hidden
InstantShare (Version: 45.4.157.000 - Hewlett-Packard) Hidden
InstantShareAlert (Version: 1.00.0000 - HP) Hidden
InterVideo DiscLabel (HKLM\...\{C3F058C0-A21C-452D-8D99-95B1A45F417D}) (Version:  - )
InterVideo WinDVD Creator (HKLM\...\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}) (Version: 2.5.14.426 - InterVideo Inc.)
InterVideo WinDVD Creator (HKLM\...\{6B350CA4-0031-0002-3757-34999AD85AEC}) (Version:  - )
InterVideo WinDVD Player (HKLM\...\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}) (Version: 5.0-B11.668 - InterVideo Inc.)
iTunes (HKLM\...\InstallShield_{BE20E2F5-1903-4AAE-B1AF-2046E586C925}) (Version: 4.7.0.42 - Apple Computer, Inc.)
iTunes (Version: 4.7.0.42 - Apple Computer, Inc.) Hidden
Java 2 Runtime Environment, SE v1.4.2_03 (HKLM\...\{7148F0A8-6813-11D6-A77B-00B0D0142030}) (Version: 1.4.2_03 - Sun Microsystems, Inc.)
KBD (HKLM\...\KBD) (Version:  - )
LP_Flash (Version: 1.00.0000 - Hewlett-Packard) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Plus! Dancer LE (HKLM\...\{1A103D70-5C9B-4E1A-B306-5106C68F9914}) (Version: 1.1.0.3522 - Microsoft Corporation)
Microsoft Plus! Digital Media Edition Installer (HKLM\...\{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}) (Version: 1.1.0.3500 - Microsoft Corporation)
Microsoft Plus! Photo Story 2 LE (HKLM\...\{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}) (Version: 1.1.0.3463 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Works (HKLM\...\{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}) (Version: 08.04.0623 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Orbital from Compaq (remove only) (HKLM\...\26DC0ED6-93A7-43C1-8DC5-EC16079580F9) (Version:  - )
Overball from Compaq (remove only) (HKLM\...\FA7F5211-C629-4711-BD82-7DFFB08CB518) (Version:  - )
PanoStandAlone (Version: 45.4.157.000 - Hewlett-Packard) Hidden
PC-Doctor for Windows (HKLM\...\InstallShield_{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA}) (Version: 1.06.002 - PC-Doctor, Inc.)
PC-Doctor for Windows (Version: 1.06.002 - PC-Doctor, Inc.) Hidden
PhotoGallery (Version: 45.4.157.000 - Hewlett-Packard) Hidden
PlayMemories Home (HKLM\...\{0657DE52-8F5C-4073-B70C-ED4F3F7FA076}) (Version: 7.0.03.04240 - Sony Corporation)
Polar Bowler from Compaq (remove only) (HKLM\...\05E21449-3BA3-42BF-BBDA-95205F4EA40A) (Version:  - )
Polar Golfer from Compaq (remove only) (HKLM\...\3330A279-CC39-4A17-AE19-DA464B26AD9A) (Version:  - )
ProductContext (Version: 47.0.1.000 - Hewlett-Packard) Hidden
PS2 (HKLM\...\PS2) (Version:  - )
Python 2.2 pywin32 extensions (build 203) (HKLM\...\pywin32-py2.2) (Version:  - )
Python 2.2.3 (HKLM\...\Python 2.2.3) (Version: 2.2.3 - PythonLabs at Zope Corporation)
QFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
QuickTime (HKLM\...\QuickTime) (Version:  - )
Readme (Version: 47.0.1.000 - Hewlett-Packard) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 15.0) (Version:  - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Road Ready Streetwise from Compaq (remove only) (HKLM\...\A2E85A38-C2D9-4EDF-AFDA-F76BCBFEBBC4) (Version:  - )
Scan (Version: 4.5.0.0 - Hewlett-Packard) Hidden
ScannerCopy (Version: 4.5.0.0 - Hewlett-Packard) Hidden
Shrek 2 Ogre Bowler from Compaq (remove only) (HKLM\...\BBCBAA5D-AC5A-4098-A53E-EC60A68F38F9) (Version:  - )
SiS VGA Utilities (HKLM\...\SiS VGA Driver) (Version:  - )
SkinsHP1 (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Sonic Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 1.0.0 - Sonic Solutions)
Sonic RecordNow! (HKLM\...\{9541FED0-327F-4DF0-8B96-EF57EF622F19}) (Version: 7.22 - Hewlett-Packard)
SpySubtract (HKLM\...\SpySubtract) (Version:  - interMute, Inc.)
Super Granny from Compaq (remove only) (HKLM\...\DE87FA96-7840-420C-86F9-33F3B7B3CED1) (Version:  - )
Tradewinds from Compaq (remove only) (HKLM\...\66195170-D19D-46C5-8FB7-8A4630071ADC) (Version:  - )
TrayApp (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Unload (Version: 4.5.0 - Hewlett-Packard) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

19-02-2015 19:44:55 Software Distribution Service 3.0
20-02-2015 21:54:17 Software Distribution Service 3.0
21-02-2015 11:30:19 Software Distribution Service 3.0
22-02-2015 10:42:31 Software Distribution Service 3.0
23-02-2015 16:41:28 Software Distribution Service 3.0
23-02-2015 20:29:15 Software Distribution Service 3.0
24-02-2015 10:49:42 Software Distribution Service 3.0
24-02-2015 14:46:03 Software Distribution Service 3.0
24-02-2015 18:31:22 Software Distribution Service 3.0
27-02-2015 11:17:56 Software Distribution Service 3.0
01-03-2015 17:18:23 Software Distribution Service 3.0
02-03-2015 20:22:16 Software Distribution Service 3.0
03-03-2015 17:57:22 Software Distribution Service 3.0
05-03-2015 21:08:56 Software Distribution Service 3.0
06-03-2015 17:10:59 Software Distribution Service 3.0
06-03-2015 20:19:54 Software Distribution Service 3.0
08-03-2015 09:41:19 Software Distribution Service 3.0
08-03-2015 09:56:20 Software Distribution Service 3.0
08-03-2015 12:59:35 Software Distribution Service 3.0
08-03-2015 19:14:07 Software Distribution Service 3.0
08-03-2015 20:56:46 Software Distribution Service 3.0
11-03-2015 16:59:15 Software Distribution Service 3.0
15-03-2015 19:32:27 Software Distribution Service 3.0
16-03-2015 12:59:43 Software Distribution Service 3.0
16-03-2015 13:21:51 Software Distribution Service 3.0
16-03-2015 20:11:52 Software Distribution Service 3.0
17-03-2015 18:42:02 Software Distribution Service 3.0
18-03-2015 18:34:57 Software Distribution Service 3.0
23-03-2015 17:15:02 Software Distribution Service 3.0
24-03-2015 10:23:26 Software Distribution Service 3.0
24-03-2015 20:03:23 Software Distribution Service 3.0
02-04-2015 17:45:50 Software Distribution Service 3.0
03-04-2015 10:48:23 Software Distribution Service 3.0
06-04-2015 16:35:03 System Checkpoint
06-04-2015 16:58:15 Software Distribution Service 3.0
06-04-2015 19:41:21 Software Distribution Service 3.0
07-04-2015 17:48:14 Software Distribution Service 3.0
16-04-2015 16:45:57 System Checkpoint
16-04-2015 17:15:43 Software Distribution Service 3.0
21-04-2015 17:31:30 Software Distribution Service 3.0
21-04-2015 21:15:17 Software Distribution Service 3.0
22-04-2015 18:19:07 Software Distribution Service 3.0
23-04-2015 18:48:30 Software Distribution Service 3.0
28-04-2015 12:13:20 Software Distribution Service 3.0
28-04-2015 18:33:14 Software Distribution Service 3.0
07-05-2015 10:58:24 Software Distribution Service 3.0
08-05-2015 13:44:16 System Checkpoint
08-05-2015 16:05:11 Software Distribution Service 3.0
10-05-2015 11:45:59 System Checkpoint
10-05-2015 12:04:15 Software Distribution Service 3.0
10-05-2015 13:50:13 Software Distribution Service 3.0
10-05-2015 16:19:22 Software Distribution Service 3.0
10-05-2015 18:21:51 Software Distribution Service 3.0
14-05-2015 16:37:07 Software Distribution Service 3.0
14-05-2015 18:08:07 Software Distribution Service 3.0
17-05-2015 17:53:10 Software Distribution Service 3.0
18-05-2015 17:53:30 Software Distribution Service 3.0
18-05-2015 21:18:43 Software Distribution Service 3.0
19-05-2015 17:03:53 Software Distribution Service 3.0
19-05-2015 21:57:17 Software Distribution Service 3.0
20-05-2015 08:21:12 Software Distribution Service 3.0
20-05-2015 14:12:17 Software Distribution Service 3.0
20-05-2015 20:09:16 Removed SlimCleaner Plus
20-05-2015 20:21:57 Restore Point Created by FRST
20-05-2015 20:23:46 Restore Point Created by FRST
20-05-2015 21:18:26 Software Distribution Service 3.0
21-05-2015 19:06:21 Restore Point Created by FRST

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-04 18:00 - 2004-08-04 18:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Final Media Player Update Checker.job => C:\Program Files\FinalMediaPlayer\FMPCheckForUpdates.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cc443f6f4a153a.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cfeed4da8d847e.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cfff9bab2ab3f0.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0427ffd7a7e0c.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d092af4082782e.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cc443f6fa710f0.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-3036499068-691177906-837026766-1009.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-3036499068-691177906-837026766-1009.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\ReclaimerResumeInstall_Compaq_Owner.job => C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Application Data\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe

==================== Loaded Modules (Whitelisted) ==============

2004-08-04 11:00 - 2008-04-13 17:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2004-08-04 11:00 - 2008-04-13 17:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2013-04-24 05:31 - 2013-04-24 05:31 - 00149528 _____ () C:\Program Files\Sony\PlayMemories Home\dfs.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3036499068-691177906-837026766-1009\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 75.75.75.75 - 75.75.76.76

==================== MSCONFIG/TASK MANAGER Error getting ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk => C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk => C:\WINDOWS\pss\Compaq Connections.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk => C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpySubtract.lnk => C:\WINDOWS\pss\SpySubtract.lnkCommon Startup

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [%ProgramFiles%\iTunes\iTunes.exe] => enabled:iTunes
StandardProfile\AuthorizedApplications: [C:\Program Files\iTunes\iTunes.exe] => Enabled:iTunes
StandardProfile\AuthorizedApplications: [C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe] => Enabled:BackWeb for Presario
StandardProfile\AuthorizedApplications: [C:\Program Files\EarthLink TotalAccess\TaskPanl.exe] => Enabled:Earthlink
StandardProfile\AuthorizedApplications: [C:\Program Files\Messenger\msmsgs.exe] => Enabled:Windows Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/20/2015 08:22:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application frst.exe, version 19.5.2015.0, faulting module frst.exe, version 19.5.2015.0, fault address 0x0001f405.
Processing media-specific event for [frst.exe!ws!]

Error: (05/19/2015 08:21:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (05/19/2015 08:21:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (05/18/2015 09:04:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (04/16/2015 04:19:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/01/2015 05:14:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.23588, fault address 0x00231ccc.
Processing media-specific event for [iexplore.exe!ws!]

Error: (02/22/2015 04:29:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application svchost.exe, version 5.1.2600.5512, faulting module msi.dll, version 3.1.4001.5512, fault address 0x000ffbde.
Processing media-specific event for [svchost.exe!ws!]

Error: (02/21/2015 11:29:52 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/21/2015 11:29:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module flash32_16_0_0_305.ocx, version 16.0.0.305, fault address 0x000e7be9.
Processing media-specific event for [iexplore.exe!ws!]

Error: (02/20/2015 09:53:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

System errors:
=============
Error: (05/20/2015 09:19:27 PM) (Source: Windows Update Agent) (EventID: 20) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070008: Security Update for Windows XP (KB978542).

Error: (05/20/2015 09:19:25 PM) (Source: NtServicePack) (EventID: 4373) (User: NT AUTHORITY)
Description: Windows XP KB978542 installation failed.
Not enough storage is available to process this command.

Error: (05/20/2015 08:23:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (05/20/2015 08:21:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Yahoo! Updater service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/20/2015 08:21:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (05/20/2015 08:21:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/20/2015 08:21:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Pml Driver HPZ12 service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/20/2015 08:21:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The PMBDeviceInfoProvider service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/20/2015 08:21:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Machine Debug Manager service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/20/2015 08:21:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The DeviceFinderService service terminated unexpectedly.  It has done this 1 time(s).

Microsoft Office:
=========================
Error: (05/20/2015 08:22:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: frst.exe19.5.2015.0frst.exe19.5.2015.00001f405

Error: (05/19/2015 08:21:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (05/19/2015 08:21:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (05/18/2015 09:04:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (04/16/2015 04:19:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (03/01/2015 05:14:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe8.0.6001.18702mshtml.dll8.0.6001.2358800231ccc

Error: (02/22/2015 04:29:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe5.1.2600.5512msi.dll3.1.4001.5512000ffbde

Error: (02/21/2015 11:29:52 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (02/21/2015 11:29:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe8.0.6001.18702flash32_16_0_0_305.ocx16.0.0.305000e7be9

Error: (02/20/2015 09:53:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

==================== Memory info ===========================

Processor: AMD Athlon™ 64 Processor 3300+
Percentage of memory in use: 25%
Total physical RAM: 1983.48 MB
Available physical RAM: 1483.67 MB
Total Pagefile: 2502.92 MB
Available Pagefile: 2182.93 MB
Total Virtual: 2047.88 MB
Available Virtual: 1938.59 MB

==================== Drives ================================

Drive c: (PRESARIO) (Fixed) (Total:143.79 GB) (Free:80.93 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (PRESARIO_RP) (Fixed) (Total:5.25 GB) (Free:0.55 GB) FAT32 ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149.1 GB) (Disk ID: 6B1E6B1E)
Partition 1: (Not Active) - (Size=5.3 GB) - (Type=0C)
Partition 2: (Active) - (Size=143.8 GB) - (Type=07 NTFS)

==================== End of log ============================


  • 0

#7
BrownePoints
Posted 23 May 2015 - 08:56 PM

BrownePoints

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Sorry, I didn't get back to you yesterday. I was busy with family.

I don't think JRT worked. I tried it 3 times and each time the black box got as far as "Checking Startup" and then it would disappear.

I forgot to tell you that whenever I turn on the computer, I get a black screen with white wording that says something like

 

Microsoft XP Home Edition

Master Recovery Console

Enter up and down arrows

 

It only lasts a few seconds and then it goes straight to opening Microsoft XP Home Edition. What's that about?

 

# AdwCleaner v4.205 - Logfile created 23/05/2015 at 19:27:36
# Updated 21/05/2015 by Xplode
# Database : 2015-05-21.2 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Compaq_Owner - YOUR-4F1261A8E5
# Running from : C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : YahooAUService

***** [ Files / Folders ] *****

File Found : C:\Documents and Settings\All Users\Start Menu\FinalMediaPlayer.lnk
Folder Found : C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
Folder Found : C:\Documents and Settings\All Users\Start Menu\Programs\FinalMediaPlayer
Folder Found : C:\Documents and Settings\All Users\Start Menu\Programs\FinalMediaPlayer
Folder Found : C:\Program Files\AOL Toolbar
Folder Found : C:\Program Files\FinalMediaPlayer
Folder Found : C:\Program Files\FinalMediaPlayer
Folder Found : C:\Program Files\PC Speed Maximizer
Folder Found : C:\Program Files\SereneScreen

***** [ Scheduled tasks ] *****

Task Found : Final Media Player Update Checker

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF0118D4-63FF-4138-9327-F3028FB1A578}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D35349A7-84D1-4A70-8536-E9C1F77DCF5B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Found : HKCU\Software\SereneScreen
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1c6cd4b9-c965-4aa0-802e-71d3708ade10}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4369f96e-4071-43e7-8fd2-4d8f96918ef3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7A5C22FE-972C-4B1E-8521-E045F74E5F2E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}
Key Found : HKLM\SOFTWARE\Classes\MapsGalaxy_39.ToolbarProtector
Key Found : HKLM\SOFTWARE\Classes\MapsGalaxy_39.ToolbarProtector.1
Key Found : HKLM\SOFTWARE\Classes\OnlineMapFinder_9p.ToolbarProtector
Key Found : HKLM\SOFTWARE\Classes\OnlineMapFinder_9p.ToolbarProtector.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{69d0bac4-a1b1-45ce-944f-9eeb1479f059}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6f9ad55c-1bce-4a69-939d-1a94cd5e1db8}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6818868a-1b3d-4e35-a561-fa964a96cd3b}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8663977e-01e4-4f5c-b343-4675834e8a9f}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{aed6e119-4324-4e26-956b-6ad9acef9e7e}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{bf75b5a2-8403-4f70-88a6-488e3bea0d7b}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Yahoo! Companion
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
Key Found : HKLM\SOFTWARE\SereneScreen

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Google Chrome v43.0.2357.65

*************************

AdwCleaner[R0].txt - [4229 bytes] - [23/05/2015 19:27:36]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4288 bytes] ##########

 

 


  • 0

#8
Sugartooth
Posted 24 May 2015 - 04:04 PM

Sugartooth

    Member

  • Member
  • PipPipPip
  • 881 posts
Hi BrownePoints,
 

Sorry, I didn't get back to you yesterday. I was busy with family.

No problem, we all get busy.
 

I don't think JRT worked. I tried it 3 times and each time the black box got as far as "Checking Startup" and then it would disappear.

That's quite alright. It would have been nice to have, but not essential.
 

I forgot to tell you that whenever I turn on the computer, I get a black screen....

Let's try this:

1. Right click on My Computer and select Properties.
2. Now click on the Advanced tab.
3. In a section labeled Startup and Recovery, click on the button labeled Settings.
4. You should now be looking at a dialog like this:

post-177837-0-16356200-1432462059.jpg

5. Remove the tick from Time to display list of operating systems:
6. Click OK and close it.



Cleaning with AdwCleaner

This time we'll be using the Cleaning feature.

1. Close all open programs and internet browsers.
2. Double-click on adwcleaner.pngAdwCleaner to run the tool.

legit-adwcleaner.jpg

3. Click on Scan.
4. Once the scan has finished, it will say Waiting for action. Please uncheck elements you want to keep.
5. Click Cleaning.
6. Click OK to the AdwCleaner - Closing programs box.
7. During the cleaning, AdwCleaner - Information box will pop up. Click OK.
8. Click OK to AdwCleaner - Reboot.
The report will be opened on the next reboot. Copy and paste AdwCleaner[S0].txt in your next reply.
The log is also saved at C:\AdwCleaner\AdwCleaner[S0].txt



Things I need to see in your next posting:

1. Is the black screen gone?
2. AdwCleaner[S0].txt
3. Have you ever installed Combofix or the Recovery Console?
4. Information on how your computer is running now. Are you having any computer problems?
  • 0

#9
BrownePoints
Posted 24 May 2015 - 09:43 PM

BrownePoints

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Hello Sugartooth,

 

The kids were using the computer today and after they were done with it, I tried to access this website, but couldn't. When I tried to type geekstogo.com, the first "g" would be in multiples! Each additional letter became a multiple. I decided to shut down and restart the computer. That resulted in a stuck mouse! After numerous shut downs with the power button because the mouse wasn't working, my computer tower made a horrendous noise and now it all works again. What do you make of that?

 

Also with all those shut-downs, sometimes I would get that black screen that I mentioned above and sometimes I wouldn't. I did the thing with Startup and Recovery and with the last startup, the black screen didn't appear.

 

No, I've never installed Combofix or the Recovery Console.

 

I thought you might like a new FRST scan to see if anything was wrong.

 

# AdwCleaner v4.205 - Logfile created 24/05/2015 at 20:20:45
# Updated 21/05/2015 by Xplode
# Database : 2015-05-24.1 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Compaq_Owner - YOUR-4F1261A8E5
# Running from : C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : YahooAUService

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\FinalMediaPlayer
Folder Deleted : C:\Program Files\AOL Toolbar
Folder Deleted : C:\Program Files\FinalMediaPlayer
Folder Deleted : C:\Program Files\PC Speed Maximizer
Folder Deleted : C:\Program Files\SereneScreen
File Deleted : C:\Documents and Settings\All Users\Start Menu\FinalMediaPlayer.lnk

***** [ Scheduled tasks ] *****

Task Deleted : Final Media Player Update Checker

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
Key Deleted : HKLM\SOFTWARE\Classes\MapsGalaxy_39.ToolbarProtector
Key Deleted : HKLM\SOFTWARE\Classes\MapsGalaxy_39.ToolbarProtector.1
Key Deleted : HKLM\SOFTWARE\Classes\OnlineMapFinder_9p.ToolbarProtector
Key Deleted : HKLM\SOFTWARE\Classes\OnlineMapFinder_9p.ToolbarProtector.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1c6cd4b9-c965-4aa0-802e-71d3708ade10}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4369f96e-4071-43e7-8fd2-4d8f96918ef3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7A5C22FE-972C-4B1E-8521-E045F74E5F2E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6f9ad55c-1bce-4a69-939d-1a94cd5e1db8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{69d0bac4-a1b1-45ce-944f-9eeb1479f059}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF0118D4-63FF-4138-9327-F3028FB1A578}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D35349A7-84D1-4A70-8536-E9C1F77DCF5B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6818868a-1b3d-4e35-a561-fa964a96cd3b}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8663977e-01e4-4f5c-b343-4675834e8a9f}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{aed6e119-4324-4e26-956b-6ad9acef9e7e}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{bf75b5a2-8403-4f70-88a6-488e3bea0d7b}
Key Deleted : HKCU\Software\SereneScreen
Key Deleted : HKLM\SOFTWARE\SereneScreen
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Yahoo! Companion

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Google Chrome v43.0.2357.65

*************************

AdwCleaner[R0].txt - [4367 bytes] - [23/05/2015 19:27:36]
AdwCleaner[R1].txt - [4426 bytes] - [24/05/2015 20:19:23]
AdwCleaner[S0].txt - [4298 bytes] - [24/05/2015 20:20:45]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4357  bytes] ##########

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-05-2015 01
Ran by Compaq_Owner (administrator) on YOUR-4F1261A8E5 on 24-05-2015 20:04:51
Running from C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop
Loaded Profiles: Compaq_Owner (Available Profiles: Compaq_Owner)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Hewlett-Packard Company) C:\WINDOWS\system\hpsysdrv.exe
(Agere Systems) C:\WINDOWS\AGRSMMSG.exe
(Hewlett-Packard Company) C:\hp\KBD\kbd.exe
(Apple Computer, Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Computer, Inc.) C:\Program Files\QuickTime\qttask.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Sony Corporation) C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
() C:\Program Files\Sony\PlayMemories Home\dfs.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Sony Corporation) C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(HP) C:\WINDOWS\system32\HPZipm12.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Apple Computer, Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\windows\system\hpsysdrv.exe [52736 1998-05-07] (Hewlett-Packard Company)
HKLM\...\Run: [AGRSMMSG] => C:\WINDOWS\AGRSMMSG.exe [88363 2004-06-29] (Agere Systems)
HKLM\...\Run: [KBD] => C:\HP\KBD\KBD.EXE [61440 2003-02-11] (Hewlett-Packard Company)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [278528 2004-10-14] (Apple Computer, Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [98304 2005-02-15] (Apple Computer, Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [TkBellExe] => C:\program files\real\realplayer\update\realsched.exe [296056 2011-12-02] (RealNetworks, Inc.)
HKLM\...\Run: [PMBVolumeWatcher] => C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe [740888 2013-04-24] (Sony Corporation)
HKU\S-1-5-21-3036499068-691177906-837026766-1009\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3036499068-691177906-837026766-1009\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
HKU\S-1-5-21-3036499068-691177906-837026766-1009\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
HKU\S-1-5-21-3036499068-691177906-837026766-1009\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...ario&pf=desktop
URLSearchHook: [S-1-5-21-3036499068-691177906-837026766-1009] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKU\S-1-5-21-3036499068-691177906-837026766-1009 -> DefaultScope {5AD266E2-AF0D-4069-8443-5B8F21633EE8} URL = http://search.yahoo....f-8&fr=chr-yie8
SearchScopes: HKU\S-1-5-21-3036499068-691177906-837026766-1009 -> {5AD266E2-AF0D-4069-8443-5B8F21633EE8} URL = http://search.yahoo....f-8&fr=chr-yie8
SearchScopes: HKU\S-1-5-21-3036499068-691177906-837026766-1009 -> {5B17CE5D-73D2-4EA9-9390-F90B47B4089B} URL = http://delicious.com...?p={searchTerms}
SearchScopes: HKU\S-1-5-21-3036499068-691177906-837026766-1009 -> {73198342-D752-4CDF-BB3E-27DC07C8E311} URL = http://rover.ebay.co...le={searchTerms}
SearchScopes: HKU\S-1-5-21-3036499068-691177906-837026766-1009 -> {A91EBEC7-F573-499F-9B03-FE32465A8802} URL = http://www.flickr.co...?q={searchTerms}
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-12-02] (RealPlayer)
BHO: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll [2010-03-23] (Yahoo! Inc)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1

FireFox:
========
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=15.0.0.198 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2011-12-02] (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.0.198 -> c:\program files\real\realplayer\Netscape6\nprjplug.dll [2011-12-02] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.0.198 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2011-12-02] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.0.198 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2011-12-02] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=15.0.0.198 -> c:\program files\real\realplayer\Netscape6\nprpjplug.dll [2011-12-02] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-12-02]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-10-17]

Chrome:
=======
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\42.0.2311.152\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\42.0.2311.152\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\42.0.2311.152\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 6.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (RealNetworks™ Chrome Background Extension Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (My Web Search Plugin Stub) - C:\Program Files\MyWebSearch\bar\3.bin\NPMyWebS.dll No File
CHR Plugin: (RealJukebox NS Plugin) - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Profile: C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Bookmark Manager) - C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-21]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2011-12-02]
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-23]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-12-02]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 DeviceFinderService; C:\Program Files\Sony\PlayMemories Home\dfs.exe [149528 2013-04-24] ()
R3 iPodService; C:\Program Files\iPod\bin\iPodService.exe [327680 2004-10-14] (Apple Computer, Inc.) []
R2 PMBDeviceInfoProvider; C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [483864 2013-04-24] (Sony Corporation)
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [73728 2007-08-09] (HP) []

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [2317696 2005-04-20] (Realtek Semiconductor Corp.)
R3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51120 2004-12-14] (HP)
R3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2004-12-14] (HP)
R3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21744 2004-12-14] (HP)
R3 Iviaspi; C:\WINDOWS\System32\drivers\iviaspi.sys [21060 2003-09-11] (InterVideo, Inc.) []
R3 Pfc; C:\WINDOWS\System32\drivers\pfc.sys [10368 2003-09-19] (Padus, Inc.) []
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [20576 2005-02-15] (Sonic Solutions) []
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-04] (Realtek Semiconductor Corporation)
R3 SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [247296 2005-04-12] (Silicon Integrated Systems Corporation)
R1 SiSkp; C:\WINDOWS\System32\DRIVERS\srvkp.sys [11904 2005-04-12] (Silicon Integrated Systems Corporation)
R3 SISNIC; C:\WINDOWS\System32\DRIVERS\sisnic.sys [32768 2003-07-11] (SiS Corporation)
S3 HSFHWBS2; system32\DRIVERS\HSFHWBS2.sys [X]
S3 HSF_DP; system32\DRIVERS\HSF_DP.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 smserial; system32\DRIVERS\smserial.sys [X]
S3 winachsf; system32\DRIVERS\HSF_CNXT.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-23 19:30 - 2015-05-23 19:30 - 00000000 ____D () C:\RegBackup
2015-05-23 19:27 - 2015-05-23 19:28 - 00000000 ____D () C:\AdwCleaner
2015-05-23 19:25 - 2015-05-23 19:26 - 00001516 _____ () C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\Instructions.txt
2015-05-23 19:24 - 2015-05-23 19:36 - 02720636 _____ (Thisisu) C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\JRT.exe
2015-05-23 19:24 - 2015-05-23 19:24 - 02223104 _____ () C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\AdwCleaner.exe
2015-05-20 20:34 - 2015-05-20 20:34 - 00000000 __SHD () C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\IECompatCache
2015-05-20 20:30 - 2015-05-24 20:06 - 00000000 ____D () C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Local Settings\Temp
2015-05-20 20:21 - 2015-05-24 20:04 - 00000000 ____D () C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\FRST-OlderVersion
2015-05-19 20:59 - 2015-05-19 20:59 - 00009216 _____ () C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\cong part 3.wps
2015-05-19 20:44 - 2015-05-24 20:03 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d092af4082782e.job
2015-05-18 18:40 - 2015-05-21 19:14 - 00027712 _____ () C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\Addition.txt
2015-05-18 18:39 - 2015-05-24 20:06 - 00013477 _____ () C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\FRST.txt
2015-05-18 18:39 - 2015-05-24 20:04 - 00000000 ____D () C:\FRST
2015-05-18 18:36 - 2015-05-24 20:04 - 01146880 _____ (Farbar) C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\FRST.exe
2015-05-17 17:47 - 2015-05-19 16:57 - 00014336 _____ () C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\Argumentative essay off campus eating.wps
2015-05-14 16:29 - 2015-05-19 20:54 - 00010240 _____ () C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\con hear part 2.wps
2015-05-14 15:41 - 2015-05-14 15:41 - 00009728 _____ () C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\congreesinal hear part one.wps
2015-05-07 10:53 - 2015-05-07 10:53 - 00105238 _____ () C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\adam
2015-04-28 16:06 - 2015-04-28 16:06 - 00686232 _____ () C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\debra

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-24 20:05 - 2004-10-15 10:52 - 01582338 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-24 20:03 - 2015-02-06 19:44 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0427ffd7a7e0c.job
2015-05-24 20:03 - 2014-11-13 16:43 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cfff9bab2ab3f0.job
2015-05-24 20:03 - 2014-10-23 08:20 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cfeed4da8d847e.job
2015-05-24 20:03 - 2011-07-21 09:07 - 00000292 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-3036499068-691177906-837026766-1009.job
2015-05-24 20:03 - 2011-07-16 22:07 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cc443f6f4a153a.job
2015-05-24 20:03 - 2011-01-15 01:51 - 00000400 _____ () C:\WINDOWS\Tasks\Final Media Player Update Checker.job
2015-05-24 20:03 - 2005-07-19 14:09 - 00000248 _____ () C:\WINDOWS\system\hpsysdrv.dat
2015-05-24 20:03 - 2004-10-15 10:51 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-24 20:03 - 2004-10-15 03:33 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-05-24 20:03 - 2004-10-15 03:33 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-05-24 20:01 - 2011-05-20 14:51 - 00000178 ___SH () C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\ntuser.ini
2015-05-24 20:01 - 2004-10-15 10:51 - 00032346 _____ () C:\WINDOWS\SchedLgU.Txt
2015-05-24 19:43 - 2011-07-16 22:07 - 00000898 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cc443f6fa710f0.job
2015-05-24 18:08 - 2013-04-29 20:16 - 08402571 _____ () C:\WINDOWS\KB978542.log
2015-05-23 19:17 - 2012-05-24 07:16 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-05-20 20:34 - 2011-05-20 14:51 - 00000000 ____D () C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5
2015-05-20 20:24 - 2005-01-28 21:28 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Temp
2015-05-20 20:24 - 2005-01-28 21:27 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
2015-05-19 21:54 - 2011-07-12 19:45 - 00015320 _____ () C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Application Data\wklnhst.dat
2015-05-19 21:54 - 2005-02-15 17:22 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2015-05-18 17:27 - 2004-10-15 10:41 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
2015-05-17 16:46 - 2014-09-08 16:51 - 00027136 _____ () C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\Agenda.Template.wps
2015-05-14 16:50 - 2013-08-19 12:55 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-05-14 16:39 - 2011-05-20 16:23 - 137310008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-05-08 15:00 - 2014-03-05 16:10 - 00000230 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job

==================== Files in the root of some directories =======

2011-07-12 19:45 - 2015-05-19 21:54 - 0015320 _____ () C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Application Data\wklnhst.dat
2012-03-06 04:22 - 2014-02-19 14:51 - 0016384 _____ () C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-05-20 14:51 - 2011-05-20 15:46 - 0000151 _____ () C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Local Settings\Application Data\fusioncache.dat

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-05-2015 01
Ran by Compaq_Owner at 2015-05-24 20:09:15
Running from C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3036499068-691177906-837026766-500 - Administrator - Enabled)
ASPNET (S-1-5-21-3036499068-691177906-837026766-1010 - Limited - Enabled)
Compaq_Owner (S-1-5-21-3036499068-691177906-837026766-1009 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5
Guest (S-1-5-21-3036499068-691177906-837026766-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-3036499068-691177906-837026766-1008 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-3036499068-691177906-837026766-1002 - Limited - Disabled)
SUPPORT_fddfa904 (S-1-5-21-3036499068-691177906-837026766-1007 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1600 (Version: 47.0.1.000 - Hewlett-Packard) Hidden
1600_Help (Version: 47.0.1.000 - Hewlett-Packard) Hidden
1600Trb (Version: 47.0.1.000 - Hewlett-Packard) Hidden
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Agere Systems PCI Soft Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - )
AiO_Scan (Version: 47.0.1.000 - Hewlett-Packard) Hidden
AiOSoftware (Version: 47.0.1.000 - Hewlett-Packard) Hidden
Blackhawk Striker 2 from Compaq (remove only) (HKLM\...\BFAF1EEC-E987-415B-BCB8-80CDB0BC6CDF) (Version:  - )
Blasterball 2 from Compaq (remove only) (HKLM\...\75528D5F-DD82-402E-BA7C-045B7DC6A712) (Version:  - )
Blasterball 2 Remix from Compaq (remove only) (HKLM\...\9D7E7CDA-051E-4B0D-8CEE-58F41F449CF9) (Version:  - )
Bounce Symphony from Compaq (remove only) (HKLM\...\29FF6D07-4A15-41F1-9D5E-E0F3A58012C6) (Version:  - )
BufferChm (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Cisco Connect (HKLM\...\Cisco Connect) (Version: 1.4.11245.0 - Cisco Consumer Products LLC)
Compaq Connections (HKLM\...\BackWeb-6750491 Uninstaller) (Version:  - )
Compaq Organize (HKLM\...\{D0122362-6333-4DE4-93F6-A5A2F3CC101A}) (Version:  - )
Copy (Version: 45.4.157.000 - Hewlett-Packard) Hidden
CP_AtenaShokunin1Config (Version: 45.4.131.000 - Hewlett-Packard) Hidden
cp_dwShrek2Albums1 (Version: 45.4.157.000 - Hewlett-Packard) Hidden
cp_dwShrek2Cards1 (Version: 45.4.157.000 - Hewlett-Packard) Hidden
CreativeProjects (Version: 45.4.157.000 - Hewlett-Packard) Hidden
CreativeProjectsTemplates (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Crystal Maze from Compaq (remove only) (HKLM\...\C43D84CD-EBFC-48D3-A330-7868C8AD415A) (Version:  - )
CueTour (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Destinations (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Director (Version: 45.4.157.000 - Hewlett-Packard) Hidden
DocProc (Version: 4.5.0.0 - Hewlett-Packard) Hidden
DocumentViewer (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Easy Internet Sign-up (HKLM\...\InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}) (Version: FE UI-3.1.0.1288 - Hewlett-Packard)
Easy Internet Sign-up (Version: FE UI-3.1.0.1288 - Hewlett-Packard) Hidden
Fax (Version: 47.0.1.000 - Hewlett-Packard) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.65 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
Help and Support Additions (HKLM\...\Help and Support Additions) (Version:  - )
HP Image Zone 4.7 (HKLM\...\HP Photo & Imaging) (Version: 4.7 - HP)
HP PSC & OfficeJet 4.7 (HKLM\...\{342C7C88-D335-4bc2-8CF1-281857629CE2}) (Version:  - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HpSdpAppCoreApp (Version: 3.00.0000 - Hewlett-Packard) Hidden
HPSystemDiagnostics (Version: 1.6.0.0 - Your Company Name) Hidden
InstantShare (Version: 45.4.157.000 - Hewlett-Packard) Hidden
InstantShareAlert (Version: 1.00.0000 - HP) Hidden
InterVideo DiscLabel (HKLM\...\{C3F058C0-A21C-452D-8D99-95B1A45F417D}) (Version:  - )
InterVideo WinDVD Creator (HKLM\...\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}) (Version: 2.5.14.426 - InterVideo Inc.)
InterVideo WinDVD Creator (HKLM\...\{6B350CA4-0031-0002-3757-34999AD85AEC}) (Version:  - )
InterVideo WinDVD Player (HKLM\...\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}) (Version: 5.0-B11.668 - InterVideo Inc.)
iTunes (HKLM\...\InstallShield_{BE20E2F5-1903-4AAE-B1AF-2046E586C925}) (Version: 4.7.0.42 - Apple Computer, Inc.)
iTunes (Version: 4.7.0.42 - Apple Computer, Inc.) Hidden
Java 2 Runtime Environment, SE v1.4.2_03 (HKLM\...\{7148F0A8-6813-11D6-A77B-00B0D0142030}) (Version: 1.4.2_03 - Sun Microsystems, Inc.)
KBD (HKLM\...\KBD) (Version:  - )
LP_Flash (Version: 1.00.0000 - Hewlett-Packard) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Plus! Dancer LE (HKLM\...\{1A103D70-5C9B-4E1A-B306-5106C68F9914}) (Version: 1.1.0.3522 - Microsoft Corporation)
Microsoft Plus! Digital Media Edition Installer (HKLM\...\{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}) (Version: 1.1.0.3500 - Microsoft Corporation)
Microsoft Plus! Photo Story 2 LE (HKLM\...\{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}) (Version: 1.1.0.3463 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Works (HKLM\...\{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}) (Version: 08.04.0623 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Orbital from Compaq (remove only) (HKLM\...\26DC0ED6-93A7-43C1-8DC5-EC16079580F9) (Version:  - )
Overball from Compaq (remove only) (HKLM\...\FA7F5211-C629-4711-BD82-7DFFB08CB518) (Version:  - )
PanoStandAlone (Version: 45.4.157.000 - Hewlett-Packard) Hidden
PC-Doctor for Windows (HKLM\...\InstallShield_{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA}) (Version: 1.06.002 - PC-Doctor, Inc.)
PC-Doctor for Windows (Version: 1.06.002 - PC-Doctor, Inc.) Hidden
PhotoGallery (Version: 45.4.157.000 - Hewlett-Packard) Hidden
PlayMemories Home (HKLM\...\{0657DE52-8F5C-4073-B70C-ED4F3F7FA076}) (Version: 7.0.03.04240 - Sony Corporation)
Polar Bowler from Compaq (remove only) (HKLM\...\05E21449-3BA3-42BF-BBDA-95205F4EA40A) (Version:  - )
Polar Golfer from Compaq (remove only) (HKLM\...\3330A279-CC39-4A17-AE19-DA464B26AD9A) (Version:  - )
ProductContext (Version: 47.0.1.000 - Hewlett-Packard) Hidden
PS2 (HKLM\...\PS2) (Version:  - )
Python 2.2 pywin32 extensions (build 203) (HKLM\...\pywin32-py2.2) (Version:  - )
Python 2.2.3 (HKLM\...\Python 2.2.3) (Version: 2.2.3 - PythonLabs at Zope Corporation)
QFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
QuickTime (HKLM\...\QuickTime) (Version:  - )
Readme (Version: 47.0.1.000 - Hewlett-Packard) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 15.0) (Version:  - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Road Ready Streetwise from Compaq (remove only) (HKLM\...\A2E85A38-C2D9-4EDF-AFDA-F76BCBFEBBC4) (Version:  - )
Scan (Version: 4.5.0.0 - Hewlett-Packard) Hidden
ScannerCopy (Version: 4.5.0.0 - Hewlett-Packard) Hidden
Shrek 2 Ogre Bowler from Compaq (remove only) (HKLM\...\BBCBAA5D-AC5A-4098-A53E-EC60A68F38F9) (Version:  - )
SiS VGA Utilities (HKLM\...\SiS VGA Driver) (Version:  - )
SkinsHP1 (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Sonic Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 1.0.0 - Sonic Solutions)
Sonic RecordNow! (HKLM\...\{9541FED0-327F-4DF0-8B96-EF57EF622F19}) (Version: 7.22 - Hewlett-Packard)
SpySubtract (HKLM\...\SpySubtract) (Version:  - interMute, Inc.)
Super Granny from Compaq (remove only) (HKLM\...\DE87FA96-7840-420C-86F9-33F3B7B3CED1) (Version:  - )
Tradewinds from Compaq (remove only) (HKLM\...\66195170-D19D-46C5-8FB7-8A4630071ADC) (Version:  - )
TrayApp (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Unload (Version: 4.5.0 - Hewlett-Packard) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

19-02-2015 19:44:55 Software Distribution Service 3.0
20-02-2015 21:54:17 Software Distribution Service 3.0
21-02-2015 11:30:19 Software Distribution Service 3.0
22-02-2015 10:42:31 Software Distribution Service 3.0
23-02-2015 16:41:28 Software Distribution Service 3.0
23-02-2015 20:29:15 Software Distribution Service 3.0
24-02-2015 10:49:42 Software Distribution Service 3.0
24-02-2015 14:46:03 Software Distribution Service 3.0
24-02-2015 18:31:22 Software Distribution Service 3.0
27-02-2015 11:17:56 Software Distribution Service 3.0
01-03-2015 17:18:23 Software Distribution Service 3.0
02-03-2015 20:22:16 Software Distribution Service 3.0
03-03-2015 17:57:22 Software Distribution Service 3.0
05-03-2015 21:08:56 Software Distribution Service 3.0
06-03-2015 17:10:59 Software Distribution Service 3.0
06-03-2015 20:19:54 Software Distribution Service 3.0
08-03-2015 09:41:19 Software Distribution Service 3.0
08-03-2015 09:56:20 Software Distribution Service 3.0
08-03-2015 12:59:35 Software Distribution Service 3.0
08-03-2015 19:14:07 Software Distribution Service 3.0
08-03-2015 20:56:46 Software Distribution Service 3.0
11-03-2015 16:59:15 Software Distribution Service 3.0
15-03-2015 19:32:27 Software Distribution Service 3.0
16-03-2015 12:59:43 Software Distribution Service 3.0
16-03-2015 13:21:51 Software Distribution Service 3.0
16-03-2015 20:11:52 Software Distribution Service 3.0
17-03-2015 18:42:02 Software Distribution Service 3.0
18-03-2015 18:34:57 Software Distribution Service 3.0
23-03-2015 17:15:02 Software Distribution Service 3.0
24-03-2015 10:23:26 Software Distribution Service 3.0
24-03-2015 20:03:23 Software Distribution Service 3.0
02-04-2015 17:45:50 Software Distribution Service 3.0
03-04-2015 10:48:23 Software Distribution Service 3.0
06-04-2015 16:35:03 System Checkpoint
06-04-2015 16:58:15 Software Distribution Service 3.0
06-04-2015 19:41:21 Software Distribution Service 3.0
07-04-2015 17:48:14 Software Distribution Service 3.0
16-04-2015 16:45:57 System Checkpoint
16-04-2015 17:15:43 Software Distribution Service 3.0
21-04-2015 17:31:30 Software Distribution Service 3.0
21-04-2015 21:15:17 Software Distribution Service 3.0
22-04-2015 18:19:07 Software Distribution Service 3.0
23-04-2015 18:48:30 Software Distribution Service 3.0
28-04-2015 12:13:20 Software Distribution Service 3.0
28-04-2015 18:33:14 Software Distribution Service 3.0
07-05-2015 10:58:24 Software Distribution Service 3.0
08-05-2015 13:44:16 System Checkpoint
08-05-2015 16:05:11 Software Distribution Service 3.0
10-05-2015 11:45:59 System Checkpoint
10-05-2015 12:04:15 Software Distribution Service 3.0
10-05-2015 13:50:13 Software Distribution Service 3.0
10-05-2015 16:19:22 Software Distribution Service 3.0
10-05-2015 18:21:51 Software Distribution Service 3.0
14-05-2015 16:37:07 Software Distribution Service 3.0
14-05-2015 18:08:07 Software Distribution Service 3.0
17-05-2015 17:53:10 Software Distribution Service 3.0
18-05-2015 17:53:30 Software Distribution Service 3.0
18-05-2015 21:18:43 Software Distribution Service 3.0
19-05-2015 17:03:53 Software Distribution Service 3.0
19-05-2015 21:57:17 Software Distribution Service 3.0
20-05-2015 08:21:12 Software Distribution Service 3.0
20-05-2015 14:12:17 Software Distribution Service 3.0
20-05-2015 20:09:16 Removed SlimCleaner Plus
20-05-2015 20:21:57 Restore Point Created by FRST
20-05-2015 20:23:46 Restore Point Created by FRST
20-05-2015 21:18:26 Software Distribution Service 3.0
21-05-2015 19:06:21 Restore Point Created by FRST
21-05-2015 19:48:10 Software Distribution Service 3.0
22-05-2015 17:56:24 Software Distribution Service 3.0
23-05-2015 10:36:31 Software Distribution Service 3.0
23-05-2015 19:19:36 Software Distribution Service 3.0
23-05-2015 20:07:11 Software Distribution Service 3.0
24-05-2015 18:08:07 Software Distribution Service 3.0

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-04 18:00 - 2004-08-04 18:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Final Media Player Update Checker.job => C:\Program Files\FinalMediaPlayer\FMPCheckForUpdates.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cc443f6f4a153a.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cfeed4da8d847e.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cfff9bab2ab3f0.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0427ffd7a7e0c.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d092af4082782e.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cc443f6fa710f0.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-3036499068-691177906-837026766-1009.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-3036499068-691177906-837026766-1009.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\ReclaimerResumeInstall_Compaq_Owner.job => C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Application Data\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe

==================== Loaded Modules (Whitelisted) ==============

2004-08-04 11:00 - 2008-04-13 17:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2004-08-04 11:00 - 2008-04-13 17:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2013-04-24 05:31 - 2013-04-24 05:31 - 00149528 _____ () C:\Program Files\Sony\PlayMemories Home\dfs.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3036499068-691177906-837026766-1009\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 75.75.75.75 - 75.75.76.76

==================== MSCONFIG/TASK MANAGER Error getting ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk => C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk => C:\WINDOWS\pss\Compaq Connections.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk => C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpySubtract.lnk => C:\WINDOWS\pss\SpySubtract.lnkCommon Startup

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [%ProgramFiles%\iTunes\iTunes.exe] => enabled:iTunes
StandardProfile\AuthorizedApplications: [C:\Program Files\iTunes\iTunes.exe] => Enabled:iTunes
StandardProfile\AuthorizedApplications: [C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe] => Enabled:BackWeb for Presario
StandardProfile\AuthorizedApplications: [C:\Program Files\EarthLink TotalAccess\TaskPanl.exe] => Enabled:Earthlink
StandardProfile\AuthorizedApplications: [C:\Program Files\Messenger\msmsgs.exe] => Enabled:Windows Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/22/2015 04:35:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.23588, fault address 0x000dcdd7.
Processing media-specific event for [iexplore.exe!ws!]

Error: (05/21/2015 07:18:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (05/20/2015 08:22:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application frst.exe, version 19.5.2015.0, faulting module frst.exe, version 19.5.2015.0, fault address 0x0001f405.
Processing media-specific event for [frst.exe!ws!]

Error: (05/19/2015 08:21:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (05/19/2015 08:21:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (05/18/2015 09:04:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (04/16/2015 04:19:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/01/2015 05:14:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.23588, fault address 0x00231ccc.
Processing media-specific event for [iexplore.exe!ws!]

Error: (02/22/2015 04:29:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application svchost.exe, version 5.1.2600.5512, faulting module msi.dll, version 3.1.4001.5512, fault address 0x000ffbde.
Processing media-specific event for [svchost.exe!ws!]

Error: (02/21/2015 11:29:52 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

System errors:
=============
Error: (05/24/2015 06:09:01 PM) (Source: Windows Update Agent) (EventID: 20) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070008: Security Update for Windows XP (KB978542).

Error: (05/24/2015 06:08:59 PM) (Source: NtServicePack) (EventID: 4373) (User: NT AUTHORITY)
Description: Windows XP KB978542 installation failed.
Not enough storage is available to process this command.

Error: (05/23/2015 08:08:19 PM) (Source: Windows Update Agent) (EventID: 20) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070008: Security Update for Windows XP (KB978542).

Error: (05/23/2015 08:08:17 PM) (Source: NtServicePack) (EventID: 4373) (User: NT AUTHORITY)
Description: Windows XP KB978542 installation failed.
Not enough storage is available to process this command.

Error: (05/23/2015 07:20:28 PM) (Source: Windows Update Agent) (EventID: 20) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070008: Security Update for Windows XP (KB978542).

Error: (05/23/2015 07:20:23 PM) (Source: NtServicePack) (EventID: 4373) (User: YOUR-4F1261A8E5)
Description: Windows XP KB978542 installation failed.
Not enough storage is available to process this command.

Error: (05/23/2015 10:37:20 AM) (Source: Windows Update Agent) (EventID: 20) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070008: Security Update for Windows XP (KB978542).

Error: (05/23/2015 10:37:18 AM) (Source: NtServicePack) (EventID: 4373) (User: NT AUTHORITY)
Description: Windows XP KB978542 installation failed.
Not enough storage is available to process this command.

Error: (05/22/2015 05:57:12 PM) (Source: Windows Update Agent) (EventID: 20) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070008: Security Update for Windows XP (KB978542).

Error: (05/22/2015 05:57:10 PM) (Source: NtServicePack) (EventID: 4373) (User: NT AUTHORITY)
Description: Windows XP KB978542 installation failed.
Not enough storage is available to process this command.

Microsoft Office:
=========================
Error: (05/22/2015 04:35:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe8.0.6001.18702mshtml.dll8.0.6001.23588000dcdd7

Error: (05/21/2015 07:18:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (05/20/2015 08:22:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: frst.exe19.5.2015.0frst.exe19.5.2015.00001f405

Error: (05/19/2015 08:21:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (05/19/2015 08:21:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (05/18/2015 09:04:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (04/16/2015 04:19:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (03/01/2015 05:14:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe8.0.6001.18702mshtml.dll8.0.6001.2358800231ccc

Error: (02/22/2015 04:29:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe5.1.2600.5512msi.dll3.1.4001.5512000ffbde

Error: (02/21/2015 11:29:52 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

==================== Memory info ===========================

Processor: AMD Athlon™ 64 Processor 3300+
Percentage of memory in use: 25%
Total physical RAM: 1983.48 MB
Available physical RAM: 1485.77 MB
Total Pagefile: 2502.92 MB
Available Pagefile: 2186.08 MB
Total Virtual: 2047.88 MB
Available Virtual: 1935.57 MB

==================== Drives ================================

Drive c: (PRESARIO) (Fixed) (Total:143.79 GB) (Free:79.93 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (PRESARIO_RP) (Fixed) (Total:5.25 GB) (Free:0.55 GB) FAT32 ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149.1 GB) (Disk ID: 6B1E6B1E)
Partition 1: (Not Active) - (Size=5.3 GB) - (Type=0C)
Partition 2: (Active) - (Size=143.8 GB) - (Type=07 NTFS)

==================== End of log ============================

 

 

 


  • 0

#10
Sugartooth
Posted 25 May 2015 - 04:38 PM

Sugartooth

    Member

  • Member
  • PipPipPip
  • 881 posts

Hello BrownePoints,

Your symptoms seem to indicate there might be some bad hard drive sectors. Please run Chkdsk. It wouldn't hurt if you also unplugged your keyboard, turned it upside down, and gave it a good shaking in the event something was lodged under the keys.

Step 1
Run Chkdsk

1. Click Start > Run.
2. In the Run box, type the following text: cmd
3. Click OK.

670px-Run-a-Chkdsk-Function-on-Windows-X

4. At the Command Prompt C:\ > type the following: chkdsk c: /r and press the Enter key.

Note: there is a space between the : and the /.


If a box similar to this appears:

670px-Run-a-Chkdsk-Function-on-Windows-X

1. Press the Y key.
2. At the Command Prompt C:\ > Type in exit and and press the Enter key.
3. Now Reboot (Restart) your computer.
Note: Upon Reboot (Restart), CHKDSK will start and carry out the repairs required.

Let me know the results of Chkdsk.



Step 2
Google Chrome Plugins

The following is a list of Google Chrome Plugins that need to be refreshed.

Native Client
Chrome PDF Viewer
Shockwave Flash
Adobe Acrobat
Google Update

Open Chrome.

  • Copy and paste the following in the address bar and press Enter:

chrome://plugins

  • You will get a page with all the plugins listed. There is an option to disable each plugin.
  • Press Disable under each plugin involved. Then press Enable.

There is an additional Plugin My Web Search Plugin Stub which we do not want to Enable. Press Disable only.

Close Chrome.



Step 3
Install Antivirus

You do not have an Antivirus installed. You should always have one antivirus installed, but never more than one. Doing so may cause conflicts negatively impacting the effectiveness of each antivirus installed. One program will attempt to remove an infection while the other, also doing it's job, will prevent it. False positives and false negatives will be triggered resulting in neither antivirus detecting malware. It will also cause system instability and performance issues.

The following are free or you may purchase the full protection version: AVG, Avast , Bitdefender , Avira and Comodo. Please select one by clicking on the name. It will take you to the software's download page.



Things I need to see in your next posting:

1. Results of Chkdsk.
2. Did you have any problems with the Plugins?
3. Which Antivirus did you choose? Any problems installing it?
4. Information on how your computer is running now.


  • 0

Advertisements

#11
BrownePoints
Posted 26 May 2015 - 03:40 PM

BrownePoints

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

I guess Chkdsk completed. I'm not sure. Yesterday, after several hours, it said it was at Stage 4 of 5 and 61% completion. I went to bed. I checked it about an hour ago and my desktop was back. Things seem to be working great. I've haven't had anymore of those multiple duplicate letters appear when I type. Internet is fast. No more black screen with white wording when I start the computer. And I shook the heck out of the keyboard. I only saw dust.

 

Google Update and My Web Search Plugin weren't listed under Chrome.

 

I installed AVG antivirus.


  • 0

#12
Sugartooth
Posted 27 May 2015 - 03:39 PM

Sugartooth

    Member

  • Member
  • PipPipPip
  • 881 posts

Hi BrownePoints,

Things are looking good. I would like to run a couple of scans to check for any remnants.

Step 1

Temporarily disable your AVG antivirus. Instructions are here. Re-enable it after you have completed the steps.

I see you already have Malwarebytes Anti-Malware installed. Please double-click it to start the tool.

  • Now select the Settings tab, and check the box next to Scan for rootkits:
    MBAM3_zps83324155.png
  • Go back to the Dashboard tab, and click the Scan Now button:
  • Note: If you see A scan has never been run on your system Fix Now >>, please click on Fix Now >> to update.
    MBAM4_zpse3cd4a79.png
  • The scan may take some time to finish,so please be patient.
    MBAM5_zps36d7537b.png
  • When the scan is complete, it will show you the results. (This one is clean):
    MBAM65_zpsb0aa143c.png
  • Make sure that everything is checked, and click Quarantine All (or similar).
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note below) If the log doesn't open, select View detailed log in the Scan tab:
    MBAM7_zps782405f0.png
  • The log is automatically saved by MBAM and can be viewed by going to the History tab and clicking on Application Logs:
    MBAM9_zps1f87702b.png
  • Choose the latest Scan Log, and click on the View button:
    MBAM10_zps5a48f689.png
  • In the bottom of the Scanning History Log window that opens, you can click on Export > Save to Text file (*.txt). Save the report to your Desktop.
    MBAM8_zpsad402941.png
  • Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

 

 

 

Step 2
Scan with ESET Online Scanner

Click here and select the blue Run ESET Online Scanner button:
ESET1_zps23a5e840.png

If using Internet Explorer:If using Mozilla Firefox or Google Chrome:To perform the scan:

  • Accept the Terms of Use and click Start.
  • Allow the running of add-on.
  • A link to esetsmartinstaller_enu.exe will be provided. Make sure to download it to the desktop.
  • Double click esetsmartinstaller_enu.exe.
  • Allow the Terms of Use and click Start.
  • Make sure that Enable detection of potentially unwanted applications is checked.
  • In the Advanced Settings dropdown menu:
    • Make sure that Remove found threats is unchecked.
    • Scan archives is checked.
    • Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
    • Use custom proxy settings is unchecked.
  • Now click on Start.
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

 

 

 

 

Step 3
Scan with SecurityCheck

Download SecurityCheck xsecuritycheck_zpsb7736812.jpg.pagespeed by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Note: Don't forget to re-enable AVG.




Things I need to see in your next posting:

1. MBAM log
2. ESET scan log
3. SecurityCheck Log
4. Information on how your computer is running.


  • 0

#13
BrownePoints
Posted 28 May 2015 - 07:01 PM

BrownePoints

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Hi Sugartooth,
 
When I started Malwarebytes Anti-Malware, it informed me that a new version was available (2.1.6.1022) and I installed it. Things seem to be running great. :)  

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/27/2015
Scan Time: 3:14:36 PM
Logfile: malwarebytes.txt
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.05.27.05
Rootkit Database: v2015.05.24.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Compaq_Owner

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 481653
Time Elapsed: 7 hr, 39 min, 9 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 7
PUP.Optional.Mindspark.A, HKU\S-1-5-21-3036499068-691177906-837026766-1009\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{1E91A655-BB4B-4693-A05E-2EDEBC4C9D89}, Quarantined, [465b2177b5d52e0827b764fd2ed5bd43],
PUP.Optional.Mindspark.A, HKU\S-1-5-21-3036499068-691177906-837026766-1009\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{1E91A655-BB4B-4693-A05E-2EDEBC4C9D89}, Quarantined, [465b2177b5d52e0827b764fd2ed5bd43],
PUP.Optional.Mindspark.A, HKU\S-1-5-21-3036499068-691177906-837026766-1009\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{364EA597-E728-4CE4-BB4A-ED846EF47970}, Quarantined, [b0f18612d5b5e84e34aca1c0f80b0af6],
PUP.Optional.Mindspark.A, HKU\S-1-5-21-3036499068-691177906-837026766-1009\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{364EA597-E728-4CE4-BB4A-ED846EF47970}, Quarantined, [b0f18612d5b5e84e34aca1c0f80b0af6],
PUP.Optional.Mindspark.A, HKU\S-1-5-21-3036499068-691177906-837026766-1009\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{71C1D63A-C944-428A-A5BD-BA513190E5D2}, Quarantined, [bae7a2f67b0f25116a798fd28c77fd03],
PUP.Optional.Mindspark.A, HKU\S-1-5-21-3036499068-691177906-837026766-1009\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{71C1D63A-C944-428A-A5BD-BA513190E5D2}, Quarantined, [bae7a2f67b0f25116a798fd28c77fd03],
PUP.Optional.Mindspark.A, HKU\S-1-5-21-3036499068-691177906-837026766-1009\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{26842A09-FFA8-4E2C-AE12-0C80F01C3295}, Quarantined, [e5bc8117cfbb8bab0fd07fe240c31ae6],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 170
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1558\A0764181.dll, Quarantined, [8a1766320b7f7fb79dfe88e040c67b85],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1558\A0764199.DLL, Quarantined, [ebb6acec2862aa8c16851256798d956b],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1558\A0764217.DLL, Quarantined, [f1b03860eaa06cca7b2091d7808660a0],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1558\A0764166.exe, Quarantined, [851caaee7b0f9b9b8d0eea7efc0ad42c],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1558\A0764173.dll, Quarantined, [f0b1bbdd94f60630c4d7fb6d7d89c040],
PUP.Optional.AudioToAudioToolBar.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1558\A0764174.exe, Quarantined, [6c358513a8e27cba90711f194ab68b75],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1558\A0764175.dll, Quarantined, [a7faf99fc5c5f640405b6305699da55b],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1558\A0764176.dll, Quarantined, [940dd5c33c4e80b6debd8fd930d6bb45],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1558\A0764177.dll, Quarantined, [6839c4d43d4d63d3633834347f87e31d],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1558\A0764179.dll, Quarantined, [643debad3357092dbbe04a1ed234718f],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1558\A0764180.exe, Quarantined, [b5ecd3c5c7c30036fba0402829dd2dd3],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1558\A0764182.dll, Quarantined, [dbc6e2b60288f145fc9f0563ea1c09f7],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1558\A0764183.dll, Quarantined, [267b8c0cb8d23cfa4a516305a75fd729],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1558\A0764184.dll, Quarantined, [356c5b3d7f0b8fa7910abaae5babec14],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1558\A0764185.exe, Quarantined, [0e9374247d0d80b6adee02661ee8b848],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1558\A0764186.dll, Quarantined, [3f62b6e2c4c62d094556541418ee40c0],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1558\A0764187.dll, Quarantined, [fda48a0e4347290df6a547210600a65a],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1558\A0764188.dll, Quarantined, [9f02f99f4e3ce452118a34342bdb1fe1],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1558\A0764189.dll, Quarantined, [e8b9791f90fa4cea5c3f1058e422a45c],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1558\A0764190.dll, Quarantined, [d7ca8612d0ba86b09efdf771e91d01ff],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1558\A0764191.dll, Quarantined, [3c654850bcced264514a1e4aa264bc44],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1558\A0764192.exe, Quarantined, [0d94158394f6c571d9c2ce9ad92d2ed2],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1558\A0764193.dll, Quarantined, [abf6bbdd2466db5b009bbaae32d435cb],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1558\A0764194.exe, Quarantined, [cad75741fc8ea5913c5f8eda48be7789],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1558\A0764195.dll, Quarantined, [e6bb6d2b8dfd1a1cc2d96dfb3acce11f],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1558\A0764196.dll, Quarantined, [41607523266458de2f6c6206cf37c937],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1558\A0764197.EXE, Quarantined, [f6abe4b47119aa8ccad11b4d8185629e],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1558\A0764198.exe, Quarantined, [51507424c8c2f83e43582b3dfc0a40c0],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1558\A0764200.dll, Quarantined, [0c952d6b5733b77f2d6e2642ab5ba65a],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1558\A0764201.DLL, Quarantined, [b6ebf0a8a6e4fb3b0b90beaa3cca7888],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1558\A0764202.DLL, Quarantined, [930e0098ccbe52e4cecdc8a00df916ea],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1558\A0764203.DLL, Quarantined, [8d14ecac2c5ee1551f7c92d6d82ec739],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1558\A0764204.DLL, Quarantined, [a7fa9efaef9b46f00f8cb5b328deca36],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1558\A0764205.EXE, Quarantined, [b8e9c8d0d9b16accff9c5612b65028d8],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1558\A0764206.DLL, Quarantined, [bce5d0c8fd8d20169dfed2969f6722de],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1558\A0764207.DLL, Quarantined, [772a4d4b8efcbd79d0cb4f19749243bd],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1558\A0764208.DLL, Quarantined, [445d36629dedd066e7b495d3cd398080],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1558\A0764209.exe, Quarantined, [cad7b6e2c5c5b87eb1ea254301054bb5],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1558\A0764210.DLL, Quarantined, [465b8810d3b784b24a51bcac8e781be5],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1558\A0764211.dll, Quarantined, [5a472e6a8efcc67025763335d135fb05],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1558\A0764212.DLL, Quarantined, [01a0c9cfe4a6d1651e7d4325f214758b],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1558\A0764213.DLL, Quarantined, [fda497016525e5513c5f2a3e887ea25e],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1558\A0764214.DLL, Quarantined, [b8e93e5aa7e3340255465a0ef70fe41c],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1558\A0764215.dll, Quarantined, [1d84bfd94149f640811a6cfc17efd828],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1558\A0764216.DLL, Quarantined, [a8f9fc9c24663ff742595810aa5c24dc],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1558\A0764218.DLL, Quarantined, [1e83d2c6107ad06658432741e521de22],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1558\A0764219.DLL, Quarantined, [1889beda008ac1758f0cb4b4ef1747b9],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1558\A0764220.DLL, Quarantined, [e3beefa9206ac472a3f888e0c83ef50b],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1558\A0764221.DLL, Quarantined, [7a272b6d5a300630dac11c4cc6405aa6],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1558\A0764223.DLL, Quarantined, [673a51479dedde58fe9db6b2d72f738d],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1558\A0764224.DLL, Quarantined, [9f02edab1674a690bdde72f631d5d42c],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1558\A0764225.EXE, Quarantined, [d6cb8513a6e46acc0b90b9afea1cb54b],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1558\A0764226.DLL, Quarantined, [8d143464abdf80b69cff93d5868036ca],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764232.exe, Quarantined, [267ba3f53852bc7a6e2d95d3c640b34d],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764233.exe, Quarantined, [1d840a8e7b0f2b0b910a80e88185a759],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764240.dll, Quarantined, [5d445147e8a2f640ddbee484b84e758b],
PUP.Optional.AudioToAudioToolBar.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764241.exe, Quarantined, [168b494f2e5c06308d74b187758b946c],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764242.dll, Quarantined, [b5ec9800afdb2a0cff9c6602040201ff],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764243.dll, Quarantined, [78298117e8a2b77f415a0f59dc2ad22e],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764244.dll, Quarantined, [d9c8abed4f3b93a36b30f8702ed8cf31],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764246.dll, Quarantined, [3a671e7a99f153e3ff9c6ff963a3ae52],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764248.dll, Quarantined, [406140585c2e44f2dcbfe880d135fc04],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764249.dll, Quarantined, [f1b076222169c67098035414f2140ef2],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764250.dll, Quarantined, [9908a5f3dfabff371f7ca3c5c3430cf4],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764251.dll, Quarantined, [079a6d2b91f94ee89dfe6602679f629e],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764252.exe, Quarantined, [b1f00395acded3636e2d590f5fa731cf],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764253.dll, Quarantined, [4e535e3ac2c85cda3962c2a6ce3801ff],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764254.dll, Quarantined, [4d54e0b82e5c71c5673438300ff7b64a],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764255.dll, Quarantined, [abf6a9efb9d16cca2774f57313f345bb],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764256.dll, Quarantined, [267bfa9ef79383b3e9b282e6a6608c74],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764257.dll, Quarantined, [0a977820dbafcc6aa7f4095f9175639d],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764258.dll, Quarantined, [e9b82b6db5d5a78f44575810f1152dd3],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764259.exe, Quarantined, [524f0395f793b284bcdf7bed00066f91],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764260.dll, Quarantined, [3a67e9af91f9c5717328b6b2df2704fc],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764261.exe, Quarantined, [fba65840d8b23105a1fae4845da9ee12],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764262.dll, Quarantined, [6c35267208821b1baeed056321e512ee],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764263.dll, Quarantined, [8f12890fe1a946f07e1d51172fd7bd43],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764264.EXE, Quarantined, [9809d1c7c7c372c47c1f01674fb75da3],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764266.DLL, Quarantined, [38695741aedcaf873c5f31377690bd43],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764267.dll, Quarantined, [6041b5e36b1fa88ee9b2a9bf7690e41c],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764268.DLL, Quarantined, [71307127a4e652e438634d1bc343857b],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764269.DLL, Quarantined, [bce55a3e9eec989e52491850d333b24e],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764270.DLL, Quarantined, [0d948216206a023435663335cd3945bb],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764271.DLL, Quarantined, [b9e8f5a3c7c37abc4d4ec0a864a29d63],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764272.EXE, Quarantined, [3c65b6e26d1dd660abf083e56e9813ed],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764273.DLL, Quarantined, [e8b90f893c4ec86e1388fe6a21e52ed2],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764274.DLL, Quarantined, [6041d5c321692214b4e7bdab56b05aa6],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764275.DLL, Quarantined, [6a37eeaa008a6ec8f1aac6a217ef5da3],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764276.exe, Quarantined, [6f32b3e59ceed5618f0ca6c23bcbf808],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764277.DLL, Quarantined, [544d81171773dc5ab5e697d1f610a65a],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764278.dll, Quarantined, [524fe6b25b2f69cdbfdccb9dd92d0af6],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764279.DLL, Quarantined, [bfe2692fc3c76cca7e1d0f59fd0939c7],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764280.DLL, Quarantined, [21805c3cf8922610cad166028680ca36],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764281.DLL, Quarantined, [1c8555439eeca5912378d692937333cd],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764282.dll, Quarantined, [adf44a4e692171c50f8cec7c43c347b9],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764284.DLL, Quarantined, [d1d005932268b87edcbf45236b9b5ba5],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764285.DLL, Quarantined, [7e230e8a78126fc7118ae88048be768a],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764286.DLL, Quarantined, [148de7b13852ce68aeed3b2d16f0758b],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764287.DLL, Quarantined, [653cc1d76525c472e0bb056321e506fa],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764288.DLL, Quarantined, [adf4ddbb97f38bab712aa9bfec1a0ff1],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764290.DLL, Quarantined, [059c9ff99eec85b15249e880d531f010],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764291.DLL, Quarantined, [247dc4d45c2ef24496054f19fd09d42c],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764292.EXE, Quarantined, [08994256fd8db5815e3db3b544c218e8],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764293.DLL, Quarantined, [fca515839feb20167b203335689e36ca],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764295.DLL, Quarantined, [ffa2a7f1d4b65cdaaeedbfa9cd399c64],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764296.DLL, Quarantined, [0e933761800a7bbbf0abcc9c937358a8],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764297.EXE, Quarantined, [e5bcb3e5bdcdc274d7c4105838cee41c],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764298.DLL, Quarantined, [346d7028f19944f27922d89046c004fc],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764299.DLL, Quarantined, [9e03f7a1cbbf0e28782379ef75917789],
PUP.Optional.AudioToAudioToolBar.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764300.exe, Quarantined, [ebb683152a600135e71aac8c55ab46ba],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764302.dll, Quarantined, [455c6038503a8bab603b4f19729457a9],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764303.dll, Quarantined, [b3ee5c3c63275bdbedae6ff9a066669a],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764304.dll, Quarantined, [d9c8eeaa2c5eb383960584e481850af6],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764305.dll, Quarantined, [7d24aaee870370c6debdfa6ea6607f81],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764306.exe, Quarantined, [7130fc9c98f24ee83b6095d3cb3bb848],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764307.dll, Quarantined, [8021306835556dc92d6e00682bdb2dd3],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764308.dll, Quarantined, [b4edfc9c9af00333a1fab3b560a68f71],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764309.dll, Quarantined, [eab7a7f171191521dac1d29625e1e31d],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764310.dll, Quarantined, [3a67f99fdfab3ef8aeed18508c7af709],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764311.exe, Quarantined, [10915e3ae8a23006b9e23d2bed190000],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764312.dll, Quarantined, [1988e9af008aee48efac06625ea837c9],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764313.dll, Quarantined, [c9d80c8c5634b680f7a42642c83eab55],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764314.dll, Quarantined, [abf68513d2b8d561a6f530381bebe020],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764315.dll, Quarantined, [e1c08e0aee9c51e5118a77f142c46e92],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764316.dll, Quarantined, [e7ba5741d6b492a42f6cbdaba165a15f],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764317.dll, Quarantined, [3c65a5f3c1c956e034670068bd493dc3],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764318.exe, Quarantined, [f2af0a8ecebc16207f1cf96fee18b050],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764320.dll, Quarantined, [475a3c5cd3b74aeca2f9d296887e7d83],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764321.EXE, Quarantined, [9c0515838bff94a2534896d260a6ff01],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764322.exe, Quarantined, [6b367127226868ce3863c8a032d41ee2],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764323.dll, Quarantined, [138e5048771388aecbd0de8a52b49f61],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764324.DLL, Quarantined, [4c557c1cff8bd4620398442451b540c0],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764325.DLL, Quarantined, [3e63dfb93555ea4cebb0d8908284ce32],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764326.DLL, Quarantined, [9b066d2b523825119308dc8c62a4b749],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764327.exe, Quarantined, [2978f5a343478bab019a9ccc2dd9de22],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764328.DLL, Quarantined, [3170ebadf09ae74f2a716107ad5950b0],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764329.dll, Quarantined, [5f42c9cf7b0f80b61883f96fd4324bb5],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764330.DLL, Quarantined, [ddc4a7f1cfbba4929704f672f70fab55],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764331.DLL, Quarantined, [7a27b6e24e3c45f15b404e1a25e19d63],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764332.DLL, Quarantined, [2a77fc9c632752e4c3d8333543c35da3],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764333.DLL, Quarantined, [7e2315831c6e0531c9d29dcb9c6a728e],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764334.DLL, Quarantined, [0d949efacfbb1224fba0bfa9a95d1ee2],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764335.DLL, Quarantined, [cad7494feb9f6dc9a9f20464b3536d93],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764336.DLL, Quarantined, [80214c4c6525de58eeadbdab917526da],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764247.exe, Quarantined, [b7ea7721bdcdb97d0f8c224662a47a86],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764265.exe, Quarantined, [d4cd6e2ae7a361d5d2c9264240c62ed2],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764283.DLL, Quarantined, [f1b0b9dfc8c2e2545843303829dd41bf],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764301.dll, Quarantined, [029f534563275ed8207b5f09d63021df],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764319.dll, Quarantined, [09980d8b2367b482b5e65b0dd43232ce],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764337.EXE, Quarantined, [b7ead9bf4743181ea5f6d395e81ed12f],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764338.DLL, Quarantined, [435eafe9c9c122144d4e2147b0563fc1],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1559\A0764357.exe, Quarantined, [acf58a0e09810d29debd2048be483cc4],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1560\A0764387.DLL, Quarantined, [a5fcf99fe7a377bf6a3190d8cc3abe42],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1560\A0764377.dll, Quarantined, [4958dcbcd9b12412f4a7f96f35d1f30d],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1560\A0764378.DLL, Quarantined, [8120316755352e08c5d64d1b788ec53b],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1560\A0764379.DLL, Quarantined, [4a57ebadbbcf10268a114523b1551fe1],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1560\A0764380.DLL, Quarantined, [a1007d1b800ab97db0eb3e2afc0a5aa6],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1560\A0764381.DLL, Quarantined, [ffa285131e6cec4a64376efac44242be],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1560\A0764382.dll, Quarantined, [e9b86434b8d2d75f4e4d1c4cf511c63a],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1560\A0764383.exe, Quarantined, [21805246e2a8330354474e1a16f04ab6],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1560\A0764384.dll, Quarantined, [c9d8890f33570531c1da5117a66047b9],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1560\A0764385.DLL, Quarantined, [9a07dcbcb4d65ed8c8d3c3a5976f9967],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1560\A0764386.DLL, Quarantined, [40617e1a4842be78e5b622469373d927],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1560\A0764388.DLL, Quarantined, [3869a4f40c7e8aac33686206887e659b],
PUP.Optional.Multiplug, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1562\A0764587.exe, Quarantined, [c5dc7c1c781285b10f1b27b510f1db25],
PUP.Optional.Unizeto, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1562\A0764589.exe, Quarantined, [0f927f194c3e3ff70e11ab421be611ef],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1562\A0764594.dll, Quarantined, [2879ecaca9e13bfb16858eda8a7c8878],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1562\A0764595.dll, Quarantined, [a6fb7f194545be78aaf10d5b7f873cc4],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1562\A0764596.dll, Quarantined, [247d99ffd5b510266437d395b35330d0],
PUP.Optional.Mindspark.A, C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1562\A0764597.dll, Quarantined, [4b5697015337d0660f8c8cdc3acc867a],

Physical Sectors: 0
(No malicious items detected)

(end)

 

 

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# product=EOS
# version=8
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=0476c937f7c7ef489b30c0fa110256b8
# engine=24071
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-05-28 11:59:23
# local_time=2015-05-28 04:59:23 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode_1='AVG AntiVirus Free Edition 2015'
# compatibility_mode=1055 16777213 100 100 6942 119037547 0 0
# scanned=144460
# found=8
# cleaned=0
# scan_time=10014
sh=BC8FC4C0B978B54E2F3352EA06DC0FA227DFB4D4 ft=1 fh=630f0b3e9da0e943 vn="a variant of Win32/SpeedingUpMyPC application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\PC Speed Maximizer\PCSpeedMaximizer.exe.vir"
sh=B761F6A793DEED25ED47FFA20FDB18C0F38B95E3 ft=1 fh=4129607c4cc3365f vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\AskToolbar\setup.exe"
sh=ADB1126EFA2B2254B386D7049ACF31D92E0BDDE8 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\AskToolbar\xaddon.cab"
sh=8AA603D3E7FFCB4117746543B2012E7B140E70BB ft=1 fh=7afcb4e0fc6e29e1 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\AskToolbar\Downloaded Program Files\xaddon.dll"
sh=B061445EDCB8F17370AC8113D4A7A44E560A6B74 ft=1 fh=1597a342d52ebb45 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Documents and Settings\Compaq_Owner\My Documents\RCA EasyRip\RCAeasyRipInstaller.exe"
sh=B061445EDCB8F17370AC8113D4A7A44E560A6B74 ft=1 fh=1597a342d52ebb45 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Documents and Settings\Compaq_Owner\My Documents\RCA EasyRip\install\RCAeasyRipInstaller.exe"
sh=51DECEEFBB6F99E6337301D61E647105AADCC455 ft=1 fh=4bc7642248d77c89 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Documents and Settings\Compaq_Owner\My Documents\RCA EasyRip\install\RCAEASYRIPINSTALLER2390.EXE"
sh=9EB7505F55D2DEEAF5CE13D4818262B89934F366 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\WINDOWS\Installer\1bf360.msi"
 

 

 Results of screen317's Security Check version 1.002 
 Windows XP Service Pack 3 x86  
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
 AVG 2015    
 ESET Online Scanner v3  
`````````Anti-malware/Other Utilities Check:`````````
 SpySubtract    
 Java 2 Runtime Environment, SE v1.4.2_03
 Java version 32-bit out of Date!
 Google Chrome (43.0.2357.65)
 Google Chrome (43.0.2357.81)
````````Process Check: objlist.exe by Laurent```````` 
 AVG avgwdsvc.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 5%
````````````````````End of Log``````````````````````
 

 

 

 

 

 

 
 


  • 0

#14
Sugartooth
Posted 29 May 2015 - 07:45 PM

Sugartooth

    Member

  • Member
  • PipPipPip
  • 881 posts

Hello BrownePoints,

One final FRST fix for you and your computer will be CLEAN! :yeah:

Step 1
FRST Fix

1. Open notepad (Start =>All Programs => Accessories => Notepad) and copy/paste the text present inside the code box below.
To Copy: Highlight the contents of the box, right-click on it, and choose Copy. To Paste: In the opened notepad, right-click and select Paste.

Warning: These fixes have been customized for this computer only. If you are NOT this user, DO NOT follow these directions as the tools used may damage your computer.
 

Start
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\AskToolbar
C:\Documents and Settings\Compaq_Owner\My Documents\RCA EasyRip
C:\WINDOWS\Installer\1bf360.msi
End

2. Click on File > Save as... and a Save As box will appear.

  • You will need to save this file to your Desktop. Click Desktop in the left pane of the Save As window.
  • Inside the File Name: box type fixlist.txt
  • Click the Save button and the box will close.

You can now close Notepad by clicking on the X in the top right corner.

NOTE: => It's important that both files, FRST and fixlist.txt are in the same location (on the Desktop) or the fix will not work.


3. Double-click on FRST to open it. Click the Fix button just once and wait.
NOTE: => FRST may check and download an updated version.
After the completion, a log (Fixlog.txt) will be produced. Copy and Paste the contents of the log in your next reply.



Step 2
Clean Up with Delfix

Delfix will remove the tools used for cleaning your machine. This will also remove the quarantined malware from your computer.

1. Download Delfix from here to your desktop.
2. Ensure everything is checked.
delfix_zpsjnkukbim.png

3. Click Run.

  • Once it has finished processing, a notepad file named DelFix.txt will open. Post the contents in your next reply for my review.
  • The log can also be located at the root of the system drive, C:\DelFix.txt.

4. After you have posted the aforementioned DelFix.txt, delete it by sending it to the Recycle Bin.



Step 3
Uninstall ESET Online Scanner

1. Please click the Start Orb Win7Orb.gif, click Control Panel, and then double-click Add or Remove Programs.
2. In the list of programs installed, locate the following program:

ESET Online Scanner

3. Click on the program, and then click Remove.
4. If you are prompted to confirm the removal of the program, click Yes.
5. After the program has been uninstalled, close the Add or Remove Programs window and the Control Panel and restart your computer.



Step 4
Delete the following files/folders if still present

CC Support

Note: If you see any other .log or .txt files created during our cleaning process, and left on the desktop, delete them and empty the Recycle Bin.

 

Now for some Information to help protect your machine.


Support for Windows XP ended on April 8th, 2014.



1. Keep Installed Programs Up to Date
It's important to keep all programs on your computer updated because they can have security vulnerabilities. This can be done manually by using the Update feature included in most programs or you can use Heimdal Free to help you with this task. You can run this on a weekly or monthly basis to check your programs for updates and then it will provide a link for you to download them.

2. Firewall and Anti-Virus
Always ensure that your firewall and anti-virus program are updated and running.

3. Malwarebytes Anti-Malware
I recommend keeping Malwarebytes Anti-Malware installed as it's an excellent on demand scanner. Remember that the free version is not equipped with automatic updates, so you need to update it manually before every scan. Run it at least once a week.

4. A Word About Java
Java has become the #1 program exploited by thieves and hackers as of today. It's gotten so bad, the Department of Homeland Security recently recommended that users disable Java on their machines. You can view the warning here.

Below are several options:

  • If you plan on keeping Java, be sure to keep it updated. Click on this link Java Website and click Do I Have Java? Then click the Verify Java Version button. It will scan your current version and then offer to update to the latest version.

You must then remove older versions as they contain vulnerabilities that malware can use to infect your system. Click here for How can I remove older versions of Java?

  • If you would like to disable Java until such time that you may need it, please click here.
  • If you would like to completely remove Java from your machine, click here.

7. CryptoPrevent
The CryptoLocker infection is very severe. CryptoLocker is a ransomware program that will encrypt and lock your files and then demand a ransom of up to $1,000. The cure is still unknown.The best way to prevent this is to use a small program called CryptoPrevent. Please download and install CryptoPrevent to avoid this infection.

8. TFC - Temp File Cleaner by OldTimer
A small tool that is used to clean unneeded temporary files from all user accounts resulting in a faster computer. Be sure to save any unsaved work before running TFC as it requires a reboot. It should be run weekly. You may download it from here.

Finally, here are three educational articles that I recommend reading: Simple and easy ways to keep your computer safe and secure on the Internet, Computer Security - a short guide to staying safer online and Best Practices for Safe Computing - Prevention of Malware Infection.



Things I need to see in your next posting:

1. Fixlog.txt
2. DelFix.txt log


  • 0

#15
BrownePoints
Posted 31 May 2015 - 08:01 PM

BrownePoints

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Hi Sugartooth,

 

Fixlog got deleted, but I looked at it when it opened and everything you listed was successful. Thank you so much for your help. The kids will sure be happy.

 

 

# DelFix v1.010 - Logfile created 31/05/2015 at 17:53:19
# Updated 26/04/2015 by Xplode
# Username : Compaq_Owner - YOUR-4F1261A8E5
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\RegBackup
Deleted : C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\FRST-OlderVersion
Deleted : C:\AdwCleaner[S1].txt
Deleted : C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\Addition.txt
Deleted : C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\AdwCleaner.exe
Deleted : C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\Fixlog.txt
Deleted : C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\FRST.exe
Deleted : C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\FRST.txt
Deleted : C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\JRT.exe
Deleted : C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\SecurityCheck.exe
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #1508 [Software Distribution Service 3.0 | 03/02/2015 00:18:23]
Deleted : RP #1509 [Software Distribution Service 3.0 | 03/03/2015 03:22:16]
Deleted : RP #1510 [Software Distribution Service 3.0 | 03/04/2015 00:57:22]
Deleted : RP #1511 [Software Distribution Service 3.0 | 03/06/2015 04:08:56]
Deleted : RP #1512 [Software Distribution Service 3.0 | 03/07/2015 00:10:59]
Deleted : RP #1513 [Software Distribution Service 3.0 | 03/07/2015 03:19:54]
Deleted : RP #1514 [Software Distribution Service 3.0 | 03/08/2015 16:41:19]
Deleted : RP #1515 [Software Distribution Service 3.0 | 03/08/2015 16:56:20]
Deleted : RP #1516 [Software Distribution Service 3.0 | 03/08/2015 19:59:35]
Deleted : RP #1517 [Software Distribution Service 3.0 | 03/09/2015 02:14:07]
Deleted : RP #1518 [Software Distribution Service 3.0 | 03/09/2015 03:56:46]
Deleted : RP #1519 [Software Distribution Service 3.0 | 03/11/2015 23:59:15]
Deleted : RP #1520 [Software Distribution Service 3.0 | 03/16/2015 02:32:27]
Deleted : RP #1521 [Software Distribution Service 3.0 | 03/16/2015 19:59:43]
Deleted : RP #1522 [Software Distribution Service 3.0 | 03/16/2015 20:21:51]
Deleted : RP #1523 [Software Distribution Service 3.0 | 03/17/2015 03:11:52]
Deleted : RP #1524 [Software Distribution Service 3.0 | 03/18/2015 01:42:02]
Deleted : RP #1525 [Software Distribution Service 3.0 | 03/19/2015 01:34:57]
Deleted : RP #1526 [Software Distribution Service 3.0 | 03/24/2015 00:15:02]
Deleted : RP #1527 [Software Distribution Service 3.0 | 03/24/2015 17:23:26]
Deleted : RP #1528 [Software Distribution Service 3.0 | 03/25/2015 03:03:23]
Deleted : RP #1529 [Software Distribution Service 3.0 | 04/03/2015 00:45:50]
Deleted : RP #1530 [Software Distribution Service 3.0 | 04/03/2015 17:48:23]
Deleted : RP #1531 [System Checkpoint | 04/06/2015 23:35:03]
Deleted : RP #1532 [Software Distribution Service 3.0 | 04/06/2015 23:58:15]
Deleted : RP #1533 [Software Distribution Service 3.0 | 04/07/2015 02:41:21]
Deleted : RP #1534 [Software Distribution Service 3.0 | 04/08/2015 00:48:14]
Deleted : RP #1535 [System Checkpoint | 04/16/2015 23:45:57]
Deleted : RP #1536 [Software Distribution Service 3.0 | 04/17/2015 00:15:43]
Deleted : RP #1537 [Software Distribution Service 3.0 | 04/22/2015 00:31:30]
Deleted : RP #1538 [Software Distribution Service 3.0 | 04/22/2015 04:15:17]
Deleted : RP #1539 [Software Distribution Service 3.0 | 04/23/2015 01:19:07]
Deleted : RP #1540 [Software Distribution Service 3.0 | 04/24/2015 01:48:30]
Deleted : RP #1541 [Software Distribution Service 3.0 | 04/28/2015 19:13:20]
Deleted : RP #1542 [Software Distribution Service 3.0 | 04/29/2015 01:33:14]
Deleted : RP #1543 [Software Distribution Service 3.0 | 05/07/2015 17:58:24]
Deleted : RP #1544 [System Checkpoint | 05/08/2015 20:44:16]
Deleted : RP #1545 [Software Distribution Service 3.0 | 05/08/2015 23:05:11]
Deleted : RP #1546 [System Checkpoint | 05/10/2015 18:45:59]
Deleted : RP #1547 [Software Distribution Service 3.0 | 05/10/2015 19:04:15]
Deleted : RP #1548 [Software Distribution Service 3.0 | 05/10/2015 20:50:13]
Deleted : RP #1549 [Software Distribution Service 3.0 | 05/10/2015 23:19:22]
Deleted : RP #1550 [Software Distribution Service 3.0 | 05/11/2015 01:21:51]
Deleted : RP #1551 [Software Distribution Service 3.0 | 05/14/2015 23:37:07]
Deleted : RP #1552 [Software Distribution Service 3.0 | 05/15/2015 01:08:07]
Deleted : RP #1553 [Software Distribution Service 3.0 | 05/18/2015 00:53:10]
Deleted : RP #1554 [Software Distribution Service 3.0 | 05/19/2015 00:53:30]
Deleted : RP #1555 [Software Distribution Service 3.0 | 05/19/2015 04:18:43]
Deleted : RP #1556 [Software Distribution Service 3.0 | 05/20/2015 00:03:53]
Deleted : RP #1557 [Software Distribution Service 3.0 | 05/20/2015 04:57:17]
Deleted : RP #1558 [Software Distribution Service 3.0 | 05/20/2015 15:21:12]
Deleted : RP #1559 [Software Distribution Service 3.0 | 05/20/2015 21:12:17]
Deleted : RP #1560 [Removed SlimCleaner Plus | 05/21/2015 03:09:16]
Deleted : RP #1561 [Restore Point Created by FRST | 05/21/2015 03:21:57]
Deleted : RP #1562 [Restore Point Created by FRST | 05/21/2015 03:23:46]
Deleted : RP #1563 [Software Distribution Service 3.0 | 05/21/2015 04:18:26]
Deleted : RP #1564 [Restore Point Created by FRST | 05/22/2015 02:06:21]
Deleted : RP #1565 [Software Distribution Service 3.0 | 05/22/2015 02:48:10]
Deleted : RP #1566 [Software Distribution Service 3.0 | 05/23/2015 00:56:24]
Deleted : RP #1567 [Software Distribution Service 3.0 | 05/23/2015 17:36:31]
Deleted : RP #1568 [Software Distribution Service 3.0 | 05/24/2015 02:19:36]
Deleted : RP #1569 [Software Distribution Service 3.0 | 05/24/2015 03:07:11]
Deleted : RP #1570 [Software Distribution Service 3.0 | 05/25/2015 01:08:07]
Deleted : RP #1571 [Software Distribution Service 3.0 | 05/25/2015 03:44:08]
Deleted : RP #1572 [System Checkpoint | 05/26/2015 07:26:59]
Deleted : RP #1573 [Software Distribution Service 3.0 | 05/26/2015 10:00:23]
Deleted : RP #1574 [Installed AVG 2015 | 05/26/2015 21:13:35]
Deleted : RP #1575 [Installed AVG 2015 | 05/26/2015 21:14:38]
Deleted : RP #1576 [Software Distribution Service 3.0 | 05/26/2015 21:43:54]
Deleted : RP #1577 [System Checkpoint | 05/28/2015 06:12:04]
Deleted : RP #1578 [Software Distribution Service 3.0 | 05/28/2015 10:00:24]
Deleted : RP #1579 [Software Distribution Service 3.0 | 05/28/2015 14:52:54]
Deleted : RP #1580 [Software Distribution Service 3.0 | 05/29/2015 01:40:56]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP