[evolutionpill]

Hi

 

would really appreciate your advice to a novice.

 

I I have an old dell laptop that I use as my backup mechanism. I use firefox as a web browse (only to get access to my emails when backing up). However firefox is is extremely slow and takes ages to load a page,  I assume that its a combination of my laptop being so old (over 10 yrs) and me using a more updated version of firefox (38.0.5). I know this is not the latest version.

 

My question is if I uninstall firefox and re install a version, which version is more suited to my laptop as when i look on the sites for older version there are so many.

 

My laptop specs are : Dell inspiron. Intel Pentium M. XP V2002. Processor 1.70GHZ  496 MB ram

 

I really do appreciate your assistace with this.

 

best Sean

[Advertisements]

Try running Firefox in Safe Mode.

https://support.mozi...using-safe-mode

 One or more of your extensions or plugins is probably slowing you down.  Java has a bad habit of leaving dead extensions which slow Firefox down.

 

Also try Speedyfox.  

 

http://www.crystalidea.com/speedyfox

 

Download Save and Run it.   Close Chrome/Firefox/Skpe. Hit Optimize.   You can run it any time that Chrome/Firefox seems slow starting..

 

As for which version of Firefox - you should run the latest that your operating system will do.

 

A laptop that old is probably running hot due to dust caught between the heatsink and the fan.  That will slow it down.

Try speedfan

http://www.filehippo...nload_speedfan/

 

Download, save and Install it  then run it.  It will tell you your temps in real time if the laptop has temp sensors.

If it is running over 60 in idle then it needs cleaning.

 

 

Also XP does not defrag on its own so you have to manually defrag it.

 

https://support.micr...en-us/kb/305781

 

Finally 496 MB ram is not enough for XP SP3.  It's going to be very slow loading.  If possible upgrade to 1 GB.

[RKinner]

Try running Firefox in Safe Mode.

https://support.mozi...using-safe-mode

 One or more of your extensions or plugins is probably slowing you down.  Java has a bad habit of leaving dead extensions which slow Firefox down.

 

Also try Speedyfox.  

 

http://www.crystalidea.com/speedyfox

 

Download Save and Run it.   Close Chrome/Firefox/Skpe. Hit Optimize.   You can run it any time that Chrome/Firefox seems slow starting..

 

As for which version of Firefox - you should run the latest that your operating system will do.

 

A laptop that old is probably running hot due to dust caught between the heatsink and the fan.  That will slow it down.

Try speedfan

http://www.filehippo...nload_speedfan/

 

Download, save and Install it  then run it.  It will tell you your temps in real time if the laptop has temp sensors.

If it is running over 60 in idle then it needs cleaning.

 

 

Also XP does not defrag on its own so you have to manually defrag it.

 

https://support.micr...en-us/kb/305781

 

Finally 496 MB ram is not enough for XP SP3.  It's going to be very slow loading.  If possible upgrade to 1 GB.

[evolutionpill]

Thank you RKinner

 

I will follow your suggestions. If I may, a few questions to help me clarify.

 

1. I am glad you used filehippo, as that is the exact site I use, hence my question regarding which updates on programs to use. Am I correct to think that the latest program downloads may be too advanced for my laptop, if so how do I know which one...for example firefox (on filehippo) has firefox 46.0 beta (older version 45.0.1 or 46.0.2..etc0 and firefox 64 bit 43.0.4 or for example my itunes was deleted and now I would like to install so i can copy some files onto my pc, again on filehippo, it gives me two options itunes 12.3.3 64-bit or itunes 12.3.3 32-bit and under each it has a nuber of older version,e.g itunes 12.3.2 or 12.3.1 or 12.2.1 etc.

 

As I mentioned my laptop is used as my backup storage, which i occassional use to retrieve od files so I still need programs like, firefox, itune, unzip, realplayer, I am planning on reformatting my C drive with the original software but would lie to download these few progras before I do that, but not sure if I should ALWAYS use the latest version or should I use older ones.

 

I do thank you for your time.

[RKinner]

Stay away from Beta versions.  I don't think they are too advanced just don't trust them.  The Firefox installer should know if it can run on XP and stop if it can't but I haven't heard of any problems with XP & Firefox.

 

 I would use 7-zip instead of unzip.  http://www.7-zip.org/

 

I expect your XP is 32 bits.  Most of them were.  You can open My Computer and check System Properties and it should tell you.  I'd try the latest version of itunes for 32 bit.

 

The problem with reformatting to the original software is that it will take you really far back in the windows updates process and I'm not sure that Microsoft is still providing XP updates.  I did hear they were still available in he catalog but that's a clunky way of getting them.  Unless it's not working at all I would avoid a reformat.  If you think it might be infected, I can have this topic moved to our malware forum and we can clean it up.  (I'm not allowed to run the malware scans outside of the malware forum)

[evolutionpill]

Again thank you for your very helpful advice, I will then use the latestes version of the programs.... The reason I use the CD's ( i know old school) but I a based in China, and only have the english on CD when I first bought the pc, cannot get legal english in China for windows. I am not sure if my laptop is infected, but it just seesm "even more" slower then usual when opening firefox, even i tried your first recommendations (safemode, speedy fox) it takes at least 5 minutes to open a page and when i check window task manager process it says firefox uses over 200 000k memory excluding the plug in, and when i download itunes it wont run..hence the whole question of me thinking that maybe this version of firefox was too big to run. I tried explorer but that was just impossible to run.

 

If I may ask, in your opinion which is the most convienent browser, that small and easy to use for my situation, is it firefox.  and last question I currently use panda antivirus ( i read it was a small andlight on the pc) what would you recommend.

 

BTW speedfan gives my pc following reading  HDO 35, Temp1 58 and tep2  51

[RKinner]

Expect if you run an antivirus scan or watch a video you will see the temps go up considerably.  Some Dells have a panel over the fan that you can remove then three screws and the fan pops out so you can clean the fins of the heatsink with a small brush and a vacuum cleaner hose (or compressed air).  DO NOT REMOVE THE HEATSINK OR THE COPPER HEAT PIPE unless you want to replace the thermal paste.  On others it's a lot more work.  You can usually search on the model number and find a youtube video that shows you how to get to the fan.

 

I'm going to have this topic moved to Malware so let's run a few scans:

 

 

Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer

 

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

 

Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).

 

 

Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

 

The report will be saved in the C:\AdwCleaner folder.

 

 

 

Junkware-Removal-Tool

 

Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site

• Pause your anti-virus.  Close all browsers.

Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.

 

 

 

Please download Farbar Recovery Scan Tool and save it to your Desktop. 

 

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. 

 

•  

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 

Press Scan button. 

It will produce a log called FRST.txt in the same directory the tool is run from.  

Please copy and paste log back here. 

The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 

[evolutionpill]

Dear Rkinner

 

I hve followed your instructions, please find the logs below.

 

Best

Sean

 

 

ADW

 

# AdwCleaner v5.105 - Logfile created 25/03/2016 at 22:28:24
# Updated 21/03/2016 by Xplode
# Database : 2016-03-24.4 [Server]
# Operating system : Microsoft Windows XP Service Pack 2 (x86)
# Username : sf - SS
# Running from : C:\Documents and Settings\sf\Desktop\adwcleaner_5.105.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : PCFasterSvc_{PCFaster_5.1.0.0}

***** [ Folders ] *****

[-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\pc faster
[-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\ToolsUpdatePlatform
[J] Folder Not Deleted : C:\Documents and Settings\All Users\Application Data\PC Faster
[-] Folder Deleted : C:\Documents and Settings\All Users\Documents\pc faster
[J] Folder Not Deleted : C:\Documents and Settings\All Users\Documents\PC Faster
[-] Folder Deleted : C:\Documents and Settings\sf\Application Data\FLV and Media Player
[-] Folder Deleted : C:\Documents and Settings\sf\Application Data\OpenCandy
[-] Folder Deleted : C:\Documents and Settings\sf\Application Data\pc faster
[-] Folder Deleted : C:\Documents and Settings\sf\Application Data\WebExtend
[J] Folder Not Deleted : C:\Documents and Settings\sf\Application Data\PC Faster
[-] Folder Deleted : C:\Documents and Settings\sf\Application Data\Mozilla\Firefox\Profiles\hgx4pa98.default\extensions\[email protected]
[-] Folder Deleted : C:\Documents and Settings\sf\Local Settings\Application Data\PackageAware
[-] Folder Deleted : C:\Program Files\pc faster
[J] Folder Not Deleted : C:\Program Files\PC Faster

***** [ Files ] *****

[-] File Deleted : C:\Documents and Settings\All Users\Desktop\FLV and Media Player.lnk
[-] File Deleted : C:\Documents and Settings\sf\Application Data\Mozilla\Firefox\Profiles\hgx4pa98.default\extensions\[email protected]

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{47F40CF9-2D34-462A-B404-0E6E85636BB9}
[-] Key Deleted : HKCU\Software\Brothersoft
[-] Key Deleted : HKCU\Software\InstallCore
[-] Key Deleted : HKLM\SOFTWARE\SiteSee
[-] Key Deleted : HKLM\SOFTWARE\WeatherTool
[-] Key Deleted : HKLM\SOFTWARE\Secure
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FLV and Media Player
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FLV and Media Player
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
[-] Data Restored : HKU\S-1-5-21-1085031214-688789844-1343024091-1003\Software\Microsoft\Internet Explorer\Main [Start Page]

***** [ Web browsers ] *****

[-] [C:\Documents and Settings\sf\Application Data\Mozilla\Firefox\Profiles\hgx4pa98.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.BUTTON_STRUCTURE", "[{\"b\":224539475,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":224539476,\"c\":\"mindspark.entersearchterms\",\"p\":\"L.0.0[...]
[-] [C:\Documents and Settings\sf\Application Data\Mozilla\Firefox\Profiles\hgx4pa98.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.browser.version.last", "38.0");
[-] [C:\Documents and Settings\sf\Application Data\Mozilla\Firefox\Profiles\hgx4pa98.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.firstKnownVersion", "7.23.7.36087");
[-] [C:\Documents and Settings\sf\Application Data\Mozilla\Firefox\Profiles\hgx4pa98.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.homepage", "hxxp://home.tb.ask.com/index.jhtml?ptb=70EF8C1A-034F-4F52-8D98-F5598F1839F4&n=781bd875&p2=^Y6^xdm007^YYA^cn&si=CLaC9YSJ58cCFRAljgodGlsEA[...]
[-] [C:\Documents and Settings\sf\Application Data\Mozilla\Firefox\Profiles\hgx4pa98.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.initialized", true);
[-] [C:\Documents and Settings\sf\Application Data\Mozilla\Firefox\Profiles\hgx4pa98.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.installKeysSource", "LocalStorage");
[-] [C:\Documents and Settings\sf\Application Data\Mozilla\Firefox\Profiles\hgx4pa98.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.installType", "XPI");
[-] [C:\Documents and Settings\sf\Application Data\Mozilla\Firefox\Profiles\hgx4pa98.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.installation.contextKey", "");
[-] [C:\Documents and Settings\sf\Application Data\Mozilla\Firefox\Profiles\hgx4pa98.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.installation.dlpCountryCode", "CN");
[-] [C:\Documents and Settings\sf\Application Data\Mozilla\Firefox\Profiles\hgx4pa98.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.installation.installDate", "2015090805");
[-] [C:\Documents and Settings\sf\Application Data\Mozilla\Firefox\Profiles\hgx4pa98.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.installation.partnerId", "^Y6^xdm007^YYA^cn");
[-] [C:\Documents and Settings\sf\Application Data\Mozilla\Firefox\Profiles\hgx4pa98.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.installation.partnerSubId", "CLaC9YSJ58cCFRAljgodGlsEAA");
[-] [C:\Documents and Settings\sf\Application Data\Mozilla\Firefox\Profiles\hgx4pa98.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.installation.pixelUrl", "hxxp://download.fromdoctopdf.com/install_pixels.jhtml?partner=^Y6^xdm007^YYA^cn&sub_id=CLaC9YSJ58cCFRAljgodGlsEAA&coId=16cc[...]
[-] [C:\Documents and Settings\sf\Application Data\Mozilla\Firefox\Profiles\hgx4pa98.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.installation.success", true);
[-] [C:\Documents and Settings\sf\Application Data\Mozilla\Firefox\Profiles\hgx4pa98.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.installation.toolbarId", "70EF8C1A-034F-4F52-8D98-F5598F1839F4");
[-] [C:\Documents and Settings\sf\Application Data\Mozilla\Firefox\Profiles\hgx4pa98.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.lastActivePing", "1441705670919");
[-] [C:\Documents and Settings\sf\Application Data\Mozilla\Firefox\Profiles\hgx4pa98.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.lastKnownVersion", "7.23.7.36087");
[-] [C:\Documents and Settings\sf\Application Data\Mozilla\Firefox\Profiles\hgx4pa98.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.options.defaultSearch", false);
[-] [C:\Documents and Settings\sf\Application Data\Mozilla\Firefox\Profiles\hgx4pa98.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.options.homePageEnabled", false);
[-] [C:\Documents and Settings\sf\Application Data\Mozilla\Firefox\Profiles\hgx4pa98.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.options.keywordEnabled", false);
[-] [C:\Documents and Settings\sf\Application Data\Mozilla\Firefox\Profiles\hgx4pa98.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.options.tabEnabled", false);
[-] [C:\Documents and Settings\sf\Application Data\Mozilla\Firefox\Profiles\hgx4pa98.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.partnerPixelFired", true);
[-] [C:\Documents and Settings\sf\Application Data\Mozilla\Firefox\Profiles\hgx4pa98.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.successUrl", "hxxp://download.fromdoctopdf.com/installComplete.jhtml");
[-] [C:\Documents and Settings\sf\Application Data\Mozilla\Firefox\Profiles\hgx4pa98.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._65Members_.toolbarCollapsed", false);
[-] [C:\Documents and Settings\sf\Application Data\Mozilla\Firefox\Profiles\hgx4pa98.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "[email protected]");

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [9266 bytes] - [25/03/2016 22:28:24]
C:\AdwCleaner\AdwCleaner[S1].txt - [9299 bytes] - [25/03/2016 22:23:15]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [9412 bytes] ##########

 

 

JRT
 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.4 (03.14.2016)
Operating System: Microsoft Windows XP x86
Ran by sf (Administrator) on Fri 03/25/2016 at 22:35:28.96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 11

Successfully deleted: C:\Documents and Settings\sf\Application Data\getrighttogo (Folder)
Successfully deleted: C:\Documents and Settings\sf\Application Data\Mozilla\Firefox\Profiles\hgx4pa98.default\user.js (File)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\FUT7UAOD (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GRK142E2 (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IABLDEFG (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\UH6OOMCK (Temporary Internet Files Folder)
Successfully deleted: C:\Program Files\thunder network (Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\FUT7UAOD (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GRK142E2 (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\IABLDEFG (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UH6OOMCK (Temporary Internet Files Folder)



Registry: 5

Failed to delete: HKLM\SYSTEM\CurrentControlSet\services\BprotectEx (Registry Key)
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\BASSVC (Registry Key)
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\BsrSvc (Registry Key)
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\PCFApiUtil (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 03/25/2016 at 22:36:57.69
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

FRST

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-03-2016 01
Ran by sf (administrator) on SS (25-03-2016 22:39:07)
Running from C:\Documents and Settings\sf\Desktop
Loaded Profiles: sf (Available Profiles: sf)
Platform: Microsoft Windows XP Professional Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 6 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Baidu Inc.) C:\Program Files\Baidu Cleaner\BCleanerSvc.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Baidu Inc.) C:\Program Files\Baidu Cleaner\BCleanerTray.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IntelWireless] => C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [385024 2004-10-30] (Intel Corporation)
HKLM\...\Run: [IMJPMIG8.1] => C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2004-08-04] (Microsoft Corporation)
HKLM\...\Run: [Baidu Cleaner] => C:\Program Files\Baidu Cleaner\BCleanerTray.exe [2162488 2015-05-26] (Baidu Inc.)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2086240 2015-04-28] (Wondershare)
HKLM\...\Run: [PSUAMain] => C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe [54520 2015-10-23] (Panda Security, S.L.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll [2004-08-20] (Intel Corporation)
Winlogon\Notify\IntelWireless: C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [2004-09-07] (Intel Corporation)
HKU\S-1-5-21-1085031214-688789844-1343024091-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Lsa: [Authentication Packages] msv1_0 nwprovau
GroupPolicyScripts: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D7107B94-1DDC-4D20-A2B4-35619214B37B}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-1085031214-688789844-1343024091-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-1085031214-688789844-1343024091-1003 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "hxxp://www.google.com" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll [2015-07-08] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll [2015-07-08] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\sf\Application Data\Mozilla\Firefox\Profiles\hgx4pa98.default
FF DefaultSearchEngine: Yahoo
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll [2014-11-13] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw.dll [2012-04-26] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll [2015-07-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll [2015-07-08] (Oracle Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2014-10-02] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll [2014-10-02] (RealPlayer)
FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.0 -> C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll [2006-03-31] (RealNetworks, Inc.)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1085031214-688789844-1343024091-1003: @real.com/RhapsodyPlayerEngine -> C:\Documents and Settings\sf\Application Data\nprhapengine.dll [No File]
FF Extension: Web Counselor - C:\Documents and Settings\sf\Application Data\Mozilla\Firefox\Profiles\hgx4pa98.default\Extensions\{25dd52dc-89a8-469d-9e8f-8d483095d1e8} [2014-10-02] [not signed]
FF Extension: Flash Block - C:\Documents and Settings\sf\Application Data\Mozilla\Firefox\Profiles\hgx4pa98.default\Extensions\{95ab36d4-fb6f-47b0-8b8d-e5f3bd547953}.xpi [2015-06-16]
FF Extension: Video DownloadHelper - C:\Documents and Settings\sf\Application Data\Mozilla\Firefox\Profiles\hgx4pa98.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-10-31]
FF Extension: YouTube Flash Video Player - C:\Documents and Settings\sf\Application Data\Mozilla\Firefox\Profiles\hgx4pa98.default\Extensions\{f3bd3dd2-2888-44c5-91a2-2caeb33fb898}.xpi [2016-03-13]
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-24] [not signed]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-10-02] [not signed]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 aunhelper; C:\Program Files\Common Files\aunhelper\aunhelper.exe [89168 2015-09-21] ()
R2 BCleanerSvc; C:\Program Files\Baidu Cleaner\BCleanerSvc.exe [1697896 2015-05-26] (Baidu Inc.)
S3 EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [86016 2004-09-07] (Intel Corporation) [File not signed]
R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe [142072 2015-10-18] (Panda Security, S.L.)
R2 NWCWorkstation; C:\WINDOWS\System32\nwwks.dll [64000 2004-08-04] (Microsoft Corporation)
S2 PandaAgent; C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe [73176 2016-02-22] (Panda Security, S.L.) [File not signed]
R2 PSUAService; C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-10-23] (Panda Security, S.L.)
S2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S3 RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [139264 2004-09-07] (Intel Corporation) [File not signed]
S2 S24EventMonitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [360521 2004-09-07] (Intel Corporation ) [File not signed]
S2 WLANKEEPER; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [225353 2004-09-07] (Intel® Corporation) [File not signed]
S3 WsDrvInst; "C:\Program Files\Wondershare\TunesGoRetro\DriverInstall.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [17056 2014-10-01] (Meetinghouse Data Communications) [File not signed]
R0 Bhbase; C:\WINDOWS\System32\drivers\Bhbase.sys [47408 2015-03-31] (Baidu, Inc.)
R1 BprotectEx; C:\WINDOWS\System32\drivers\BprotectEx.sys [114960 2015-03-31] (Baidu, Inc.)
R0 giveio; C:\WINDOWS\System32\giveio.sys [5248 1996-04-04] () [File not signed]
R3 ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [737874 2004-08-20] (Intel Corporation) [File not signed]
R3 IWCA; C:\WINDOWS\System32\DRIVERS\iwca.sys [234496 2004-08-12] (Intel Corporation) [File not signed]
R1 NNSALPC; C:\WINDOWS\System32\DRIVERS\NNSAlpc.sys [87032 2015-07-09] (Panda Security, S.L.)
R1 NNSHTTP; C:\WINDOWS\System32\DRIVERS\NNSHttp.sys [202104 2015-07-09] (Panda Security, S.L.)
R1 NNSHTTPS; C:\WINDOWS\System32\DRIVERS\NNSHttps.sys [109688 2015-07-09] (Panda Security, S.L.)
R1 NNSIDS; C:\WINDOWS\System32\DRIVERS\NNSIds.sys [121720 2015-07-09] (Panda Security, S.L.)
R3 NNSNAHS; C:\WINDOWS\System32\DRIVERS\NNSNAHS.sys [55216 2015-05-20] (Panda Security, S.L.)
R1 NNSPICC; C:\WINDOWS\System32\DRIVERS\NNSPicc.sys [102264 2015-07-09] (Panda Security, S.L.)
R1 NNSPIHS; C:\WINDOWS\System32\DRIVERS\NNSPihs.sys [52088 2015-07-09] (Panda Security, S.L.)
R1 NNSPOP3; C:\WINDOWS\System32\DRIVERS\NNSPop3.sys [120568 2015-07-09] (Panda Security, S.L.)
R1 NNSPROT; C:\WINDOWS\System32\DRIVERS\NNSProt.sys [281720 2015-07-09] (Panda Security, S.L.)
R1 NNSPRV; C:\WINDOWS\System32\DRIVERS\NNSPrv.sys [209016 2015-07-09] (Panda Security, S.L.)
R1 NNSSMTP; C:\WINDOWS\System32\DRIVERS\NNSSmtp.sys [108408 2015-07-09] (Panda Security, S.L.)
R1 NNSSTRM; C:\WINDOWS\System32\DRIVERS\NNSStrm.sys [240376 2015-07-09] (Panda Security, S.L.)
R1 NNSTLSC; C:\WINDOWS\System32\DRIVERS\NNSTlsc.sys [94968 2015-07-09] (Panda Security, S.L.)
R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88448 2004-08-04] (Microsoft Corporation)
R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2004-08-04] (Microsoft Corporation)
R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2004-08-04] (Microsoft Corporation)
R3 NWRDR; C:\WINDOWS\System32\DRIVERS\nwrdr.sys [163584 2004-08-04] (Microsoft Corporation)
R1 OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [13632 2001-08-22] (Dell Computer Corporation) [File not signed]
R2 PSINAflt; C:\WINDOWS\System32\DRIVERS\PSINAflt.sys [140792 2015-07-20] (Panda Security, S.L.)
R2 PSINFile; C:\WINDOWS\System32\DRIVERS\PSINFile.sys [103288 2015-07-20] (Panda Security, S.L.)
R1 PSINKNC; C:\WINDOWS\System32\DRIVERS\psinknc.sys [172792 2015-07-20] (Panda Security, S.L.)
R2 PSINProc; C:\WINDOWS\System32\DRIVERS\PSINProc.sys [114680 2015-07-20] (Panda Security, S.L.)
R2 PSINProt; C:\WINDOWS\System32\DRIVERS\PSINProt.sys [125176 2015-07-20] (Panda Security, S.L.)
R2 PSINReg; C:\WINDOWS\System32\DRIVERS\PSINReg.sys [100600 2015-07-20] (Panda Security, S.L.)
R3 PSKMAD; C:\WINDOWS\System32\DRIVERS\PSKMAD.sys [50832 2015-05-22] (Panda Security, S.L.)
S3 Rockusb; C:\WINDOWS\System32\DRIVERS\rockusb.sys [46160 2013-10-28] (Fuzhou Rockchip Electronics Co,Ltd.)
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [11354 2004-08-31] (Intel Corporation) [File not signed]
S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [27440 2004-08-04] ()
R0 speedfan; C:\WINDOWS\System32\speedfan.sys [24184 2012-12-30] (Almico Software)
R3 STAC97; C:\WINDOWS\System32\drivers\stac97.sys [264440 2004-11-15] (SigmaTel, Inc.) [File not signed]
S3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [32968 2014-03-07] (The OpenVPN Project)
R3 tifm; C:\WINDOWS\System32\drivers\tifm.sys [67072 2004-05-21] (Texas Instruments) [File not signed]
R3 w29n51; C:\WINDOWS\System32\DRIVERS\w29n51.sys [3210496 2004-10-21] (Intel® Corporation) [File not signed]
U1 WS2IFSL; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-25 22:39 - 2016-03-25 22:39 - 00014541 _____ C:\Documents and Settings\sf\Desktop\FRST.txt
2016-03-25 22:38 - 2016-03-25 22:39 - 00000000 ____D C:\FRST
2016-03-25 22:38 - 2016-03-25 22:38 - 00002566 _____ C:\Documents and Settings\sf\My Documents\JRT.txt
2016-03-25 22:36 - 2016-03-25 22:36 - 00002566 _____ C:\Documents and Settings\sf\Desktop\JRT.txt
2016-03-25 22:34 - 2016-03-25 22:34 - 00000000 ____D C:\Documents and Settings\sf\Application Data\FLV and Media Player
2016-03-25 22:22 - 2016-03-25 22:28 - 00000000 ____D C:\AdwCleaner
2016-03-25 22:17 - 2016-03-25 22:18 - 01610352 _____ (Malwarebytes) C:\Documents and Settings\sf\Desktop\JRT.exe
2016-03-25 22:15 - 2016-03-25 22:16 - 01530368 _____ C:\Documents and Settings\sf\Desktop\adwcleaner_5.105.exe
2016-03-25 22:14 - 2016-03-25 22:14 - 01725440 _____ (Farbar) C:\Documents and Settings\sf\Desktop\FRST.exe
2016-03-25 17:12 - 2015-05-22 16:45 - 00050832 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\PSKMAD.sys
2016-03-24 22:24 - 2016-03-25 21:51 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-03-24 21:15 - 2016-03-24 21:15 - 00000000 ____D C:\Documents and Settings\sf\Application Data\CrystalIdea Software
2016-03-24 21:14 - 2016-03-24 22:10 - 00000000 ____D C:\Program Files\SpeedFan
2016-03-24 21:14 - 2016-03-24 21:14 - 00000682 _____ C:\Documents and Settings\sf\Desktop\SpeedFan.lnk
2016-03-24 21:14 - 2016-03-24 21:14 - 00000045 _____ C:\WINDOWS\system32\initdebug.nfo
2016-03-24 21:14 - 2016-03-24 21:14 - 00000000 ____D C:\Documents and Settings\sf\Start Menu\Programs\SpeedFan
2016-03-24 17:15 - 2016-03-25 21:12 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2016-03-24 17:14 - 2013-03-18 16:51 - 06112864 _____ (Apple, Inc.) C:\WINDOWS\system32\usbaaplrc.dll
2016-03-24 17:14 - 2013-03-18 16:51 - 00045056 _____ (Apple, Inc.) C:\WINDOWS\system32\Drivers\usbaapl.sys
2016-03-23 18:49 - 2016-03-23 18:49 - 00000000 ____D C:\WINDOWS\system32\appmgmt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-25 22:39 - 2014-10-01 20:21 - 00000000 ____D C:\Documents and Settings\sf\Local Settings\Temp
2016-03-25 22:38 - 2014-10-01 20:21 - 00000000 ___RD C:\Documents and Settings\sf\My Documents
2016-03-25 22:37 - 2014-11-02 19:55 - 00000446 _____ C:\WINDOWS\Tasks\WpsUpdateTask_sf.job
2016-03-25 22:32 - 2014-10-01 20:58 - 00000272 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1085031214-688789844-1343024091-1003.job
2016-03-25 22:32 - 2014-10-01 20:20 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-25 22:31 - 2014-10-01 21:13 - 08519680 _____ C:\WINDOWS\system32\config\Nano.evt
2016-03-25 22:31 - 2014-10-01 20:20 - 00032480 _____ C:\WINDOWS\SchedLgU.Txt
2016-03-25 22:30 - 2014-10-01 20:21 - 00000178 ___SH C:\Documents and Settings\sf\ntuser.ini
2016-03-25 22:30 - 2014-10-01 20:21 - 00000000 ____D C:\Documents and Settings\sf
2016-03-25 22:10 - 2014-11-01 12:08 - 00000446 _____ C:\WINDOWS\Tasks\WpsNotifyTask_sf.job
2016-03-25 21:38 - 2014-10-01 20:22 - 00000000 ____D C:\2014 program downloads
2016-03-25 21:37 - 2014-10-31 11:33 - 00000000 ____D C:\Documents and Settings\sf\dwhelper
2016-03-25 21:36 - 2016-01-22 16:17 - 00000000 ____D C:\Program Files\Haali
2016-03-25 21:22 - 2015-05-26 11:23 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\RpData
2016-03-25 21:21 - 2014-10-02 14:08 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-03-25 21:21 - 2014-10-02 14:06 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Apple
2016-03-25 21:19 - 2016-02-07 18:35 - 00000000 ____D C:\Documents and Settings\sf\Start Menu\Programs\3herosoft
2016-03-25 21:18 - 2015-09-19 21:16 - 00000000 ____D C:\ipad
2016-03-25 21:12 - 2014-10-02 14:09 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Apple Computer
2016-03-25 21:08 - 2015-08-19 16:03 - 00000000 ____D C:\Program Files\:spam: Studio
2016-03-25 21:08 - 2015-08-19 11:22 - 00000000 ____D C:\Program Files\Vibosoft
2016-03-25 21:08 - 2015-08-19 11:22 - 00000000 ____D C:\Documents and Settings\sf\Start Menu\Programs\Vibosoft
2016-03-25 21:01 - 2016-02-07 17:59 - 00000000 ____D C:\Program Files\Cucusoft
2016-03-25 21:00 - 2015-08-19 15:59 - 00000000 ____D C:\Program Files\iStonsoft
2016-03-25 21:00 - 2015-08-19 15:59 - 00000000 ____D C:\Documents and Settings\sf\Start Menu\Programs\iStonsoft
2016-03-25 20:57 - 2014-10-02 03:37 - 00000000 ___HD C:\WINDOWS\inf
2016-03-25 20:09 - 2015-09-08 16:09 - 00000334 _____ C:\WINDOWS\Tasks\{6A128791-4857-4484-9BB2-71D4C1257200}.job
2016-03-25 19:32 - 2015-03-04 19:32 - 00000350 _____ C:\WINDOWS\Tasks\Baidu PC Faster Update.job
2016-03-25 17:54 - 2016-02-05 18:55 - 00000000 ____D C:\Documents and Settings\sf\My Documents\tv
2016-03-25 17:45 - 2015-03-04 19:32 - 00000000 ____D C:\Documents and Settings\LocalService\Start Menu\Programs\Baidu PC Faster
2016-03-25 17:45 - 2015-03-04 19:32 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Baidu PC Faster
2016-03-25 17:43 - 2016-02-07 18:36 - 00000882 _____ C:\Documents and Settings\sf\Local Settings\mhli.bak8
2016-03-25 17:43 - 2016-02-07 18:36 - 00000144 _____ C:\Documents and Settings\sf\Local Settings\mhli.bak11
2016-03-25 17:43 - 2016-02-07 18:36 - 00000115 _____ C:\Documents and Settings\sf\Local Settings\ibooks1.bak
2016-03-25 17:43 - 2016-02-07 18:36 - 00000115 _____ C:\Documents and Settings\sf\Local Settings\ibooks0.bak
2016-03-25 17:43 - 2016-02-07 18:36 - 00000112 _____ C:\Documents and Settings\sf\Local Settings\mhli.bak12
2016-03-25 17:22 - 2015-05-26 11:22 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Baidu Cleaner
2016-03-25 17:12 - 2016-02-07 17:34 - 00000000 ____D C:\Program Files\Common Files\aunhelper
2016-03-25 11:22 - 2015-05-26 11:22 - 00000334 _____ C:\WINDOWS\Tasks\Baidu Cleaner Update.job
2016-03-24 17:07 - 2014-10-01 20:46 - 00105984 _____ C:\Documents and Settings\sf\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-03-24 16:50 - 2014-10-01 23:20 - 00000000 ____D C:\Documents and Settings\sf\My Documents\My Videos
2016-03-24 14:17 - 2015-08-19 16:04 - 00000000 ____D C:\Program Files\Aiseesoft Studio
2016-03-24 14:12 - 2014-12-20 16:12 - 00000000 ____D C:\WINDOWS\Minidump
2016-03-24 10:45 - 2004-08-04 20:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2016-03-23 10:22 - 2014-10-01 20:58 - 00000280 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1085031214-688789844-1343024091-1003.job
2016-03-06 10:19 - 2015-08-22 05:49 - 00000289 _____ C:\Documents and Settings\sf\Application Data\FotoSketcher.ini
2016-03-04 18:57 - 2015-05-26 11:21 - 00000000 ____D C:\Program Files\Baidu Cleaner
2016-03-04 17:01 - 2003-11-14 16:25 - 00004096 _____ C:\WINDOWS\system32\windrvrz.vxd
2016-02-24 19:12 - 2014-10-01 20:21 - 00000000 ___RD C:\Documents and Settings\sf\My Documents\My Music

==================== Files in the root of some directories =======

2013-10-14 10:44 - 2013-10-14 10:44 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files\Common Files\atimpenc.dll
2015-08-22 05:49 - 2016-03-06 10:19 - 0000289 _____ () C:\Documents and Settings\sf\Application Data\FotoSketcher.ini
2014-10-01 20:46 - 2016-03-24 17:07 - 0105984 _____ () C:\Documents and Settings\sf\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Files to move or delete:
====================
C:\Windows\Tasks\{6A128791-4857-4484-9BB2-71D4C1257200}.job


Some files in TEMP:
====================
C:\Documents and Settings\sf\Local Settings\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

FRST - ADDITONAL

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:05-03-2016 01
Ran by sf (2016-03-25 22:40:19)
Running from C:\Documents and Settings\sf\Desktop
Microsoft Windows XP Professional Service Pack 2 (X86) (2014-10-01 12:18:33)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1085031214-688789844-1343024091-500 - Administrator - Enabled)
Guest (S-1-5-21-1085031214-688789844-1343024091-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1085031214-688789844-1343024091-1000 - Limited - Disabled)
sf (S-1-5-21-1085031214-688789844-1343024091-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\sf
SUPPORT_388945a0 (S-1-5-21-1085031214-688789844-1343024091-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Free Antivirus (Enabled - Up to date) {5AD27692-540A-464E-B625-78275FA38393}
FW: Panda Firewall (Disabled) {1337562C-110A-4AF8-B12B-750C0B30E802}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
Apple Mobile Device Support (HKLM\...\{10E3A6DD-84D8-4D8A-BB11-5E5314BCA7FD}) (Version: 7.1.0.32 - Apple Inc.)
Baidu Cleaner (HKLM\...\Baidu Cleaner) (Version: 6.0.4.143778 - Baidu Inc.)
Baidu PC Faster (HKLM\...\Baidu PC Faster 5.1.0.0) (Version: 5.1.3.126764 - Baidu, Inc.) <==== ATTENTION
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
FotoSketcher 3.10 (HKLM\...\{E7C6D565-2E48-4303-A114-AFE7B2E561AF}_is1) (Version:  - David THOIRON)
FreeSizer v.1.0.0 (HKLM\...\{B0C5249A-E603-450A-B19A-D9989D24C855}}_is1) (Version: 1.0.0 - WinBit Software)
iMacsoft iPhone Photo to PC Transfer (HKLM\...\iMacsoft iPhone Photo to PC Transfer) (Version: 3.0.9.0909 - iMacsoft)
Intel® Extreme Graphics 2 Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version:  - )
Intel® PROSet/Wireless Software (HKLM\...\ProInst) (Version: 9.00.0000 - Intel Corporation)
Java 8 Update 20 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218020F0}) (Version: 8.0.200 - Oracle Corporation)
LAV Filters 0.51.3 (HKLM\...\lavfilters_is1) (Version: 0.51.3 - Hendrik Leppkes)
mCore (Version: 1.19.0000 - Intel Corporation) Hidden
mDriver (Version: 1.19.0000 - Intel) Hidden
mDrWiFi (Version: 1.19.0000 - Intel Corporation) Hidden
mHlpDell (Version: 1.19.0000 - Intel) Hidden
Microsoft .NET Framework 2.0 Client Profile Basic SP2 Version 1.0.1.22 (HKLM\...\{10E4121C-8181-4217-8DA9-6CD38DDC34F9}_is1) (Version: 1.0.1.22 - Wondershare, Inc.)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
mIWA (Version: 1.19.0000 - Intel Corporation) Hidden
mIWCA (Version: 1.19.0000 - Intel Corporation) Hidden
mLogView (Version: 1.19.0000 - Intel Corporation) Hidden
mMHouse (Version: 1.19.0000 - Intel Corporation) Hidden
Mozilla Firefox 45.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 45.0.1 (x86 en-US)) (Version: 45.0.1 - Mozilla)
mPfMgr (Version: 1.19.0000 - Intel Corporation) Hidden
mPfWiz (Version: 1.19.0000 - Intel Corporation) Hidden
mProSafe (Version: 9.00.0000 - Intel) Hidden
mSSO (Version: 1.19.0000 - Intel Corporation) Hidden
mToolkit (Version: 1.19.0000 - Intel Corporation) Hidden
mWlsSafe (Version: 9.00.0000 - Intel) Hidden
mXML (Version: 1.19.0000 - Intel Corporation) Hidden
mZConfig (Version: 1.19.0000 - Intel Corporation) Hidden
NingPo MahJong Deluxe 1.04 (HKLM\...\NingPo MahJong Deluxe 1.04) (Version:  - )
Panda Devices Agent (Version: 1.03.07 - Panda Security) Hidden
Panda Devices Agent (Version: 1.06.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM\...\Panda Universal Agent Endpoint) (Version: 16.0.2 - Panda Security)
Panda Free Antivirus (Version: 8.04.00.0000 - Panda Security) Hidden
PCIxx20 (Version: 1.01.0004 - Dell) Hidden
Photo! Editor 1.1 (HKLM\...\PhotoToolkit_is1) (Version:  - )
PhotoBulk 1.0.257 (HKLM\...\PhotoBulk_is1) (Version: 1.0.257 - Eltima Software)
Real Alternative 2.0.2 (HKLM\...\RealAlt_is1) (Version: 2.0.2 - )
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Rhapsody Player Engine (HKLM\...\{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}) (Version: 1.0.604 - RealNetworks)
Sothink Video Converter (HKLM\...\{0FD155A3-DF78-43ee-84B0-3CC86BA962F2}_is1) (Version: 3.6 - SourceTec Software Co., LTD)
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version:  - )
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version:  - )
Texas Instruments PCIxx20 drivers. (HKLM\...\InstallShield_{6F30B469-5ED7-4734-8252-B9BC962A2AB3}) (Version: 1.01.0004 - Dell)
VSDC Free Video Editor version 3.3.0.394 (HKLM\...\VSDC Free Video Editor_is1) (Version: 3.3.0.394 - Flash-Integro LLC)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
WinRAR 5.11 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
WPS Office (9.1.0.4746) (HKU\S-1-5-21-1085031214-688789844-1343024091-1003\...\WPS Office) (Version: 9.1.0.4746 - Kingsoft Corp.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{00020812-0000-0000-C000-000000000046}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{00020820-0000-0000-C000-000000000046}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{00020821-0000-0000-C000-000000000046}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{00020830-0000-0000-C000-000000000046}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{00020832-0000-0000-C000-000000000046}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{00020900-0000-0000-C000-000000000046}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{00020906-0000-0000-C000-000000000046}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{00020906-0000-4b30-A977-D214852036FF}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{00020907-0000-0000-C000-000000000046}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{000209F0-0000-4b30-A977-D214852036FF}\InprocServer32 ->  => No File
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{000209FF-0000-0000-C000-000000000046}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{000209FF-0000-4b30-A977-D214852036FF}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{00024500-0000-0000-C000-000000000046}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{0002CE21-0000-0000-C000-000000000046}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\ksee\EqnEdit.exe (Design Science, Inc.)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{048EB43E-2059-422F-95E0-557DA96038AF}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{08DA629F-8B2B-489c-A667-2FC213E043FD}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{18A06B6B-2F3F-4E2B-A611-52BE631B2D22}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{3C18EAE4-BC25-4134-B7DF-1ECA1337DDDC}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{44720441-94BF-4940-926D-4F38FECF2A48}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{44720444-94BF-4940-926D-4F38FECF2A48}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{45540001-5750-5300-4B49-4E47534F4655}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{45540003-5750-5300-4B49-4E47534F4655}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{45540086-5750-5300-4B49-4E47534F4655}\InprocServer32 ->  => No File
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{45540086-5750-5300-4B49-4E47534F4655}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{4D4E0078-1386-4536-BD05-3E1013F17116}\InprocServer32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\oledefaulthandler.dll (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{64818D10-4F9B-11CF-86EA-00AA00B929E8}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{64818D11-4F9B-11CF-86EA-00AA00B929E8}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{75D01070-1234-44E9-82F6-DB5B39A47C13}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{8A624388-AA27-43E0-89F8-2A12BFF7BCCD}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{912ABC52-36E2-4714-8E62-A8B73CA5E390}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{91493441-5A91-11CF-8700-00AA0060263B}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{91493443-94BF-4940-926D-4F38FECF2A48}\InprocServer32 ->  => No File
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{9F284818-F253-49f2-82C1-F6CFF86CD4EE}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{CF4F55F4-8F87-4D47-80BB-5808164BB3F8}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{DC020317-E6E2-4A62-B9FA-B3EFE16626F4}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{F4754C9B-64F5-4B40-8AF4-679732AC0607}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\060184C3-9766-46a0-B258-F4518A0B2633.job => C:\WINDOWS\system32\cscript.exeJC:\Documents and Settings\All Users\Application Data\Duplicaterecord.js <==== ATTENTION
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\Baidu Cleaner Update.job => C:\Program Files\Baidu Cleaner\Updater.exe
Task: C:\WINDOWS\Tasks\Baidu PC Faster Update.job => C:\Program Files\PC Faster\5.1.0.0\Updater.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1085031214-688789844-1343024091-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1085031214-688789844-1343024091-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\WpsNotifyTask_sf.job => C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\wtoolex\wpsnotify.exe
Task: C:\WINDOWS\Tasks\WpsUpdateTask_sf.job => C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\wtoolex\wpsupdate.exe
Task: C:\WINDOWS\Tasks\{6A128791-4857-4484-9BB2-71D4C1257200}.job => C:\Documents and Settings\All Users\Application Data\ToolsUpdatePlatform\CallBackInstall.exe <==== ATTENTION

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-03-31 14:13 - 2015-03-31 14:13 - 00596792 _____ () C:\Program Files\Baidu Cleaner\sqlite.dll
2013-04-13 01:23 - 2013-04-13 01:23 - 00612664 _____ () C:\Program Files\Panda Security\Panda Security Protection\SQLite3.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:16EAB5F6 [135]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-04 20:00 - 2004-08-04 20:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1085031214-688789844-1343024091-1003\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Bliss.bmp
DNS Servers: 192.168.1.1
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [F:\Microsoft Age of Empires - Rise of Rome\AOE\Empires.exe] => Disabled:Age of Empires
StandardProfile\AuthorizedApplications: [F:\Microsoft Age of Empires - Rise of Rome\AOE\EMPIRESX.EXE] => Disabled:Age of Empires, the Rise of Rome
StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour Service
StandardProfile\AuthorizedApplications: [E:\Microsoft Age of Empires - Rise of Rome\Microsoft Age of Empires - Rise of Rome\AOE\EMPIRESX.EXE] => Enabled:Age of Empires, the Rise of Rome
StandardProfile\AuthorizedApplications: [C:\Program Files\FlashIntegro\VideoEditor\VideoEditor.exe] => Enabled:VSDC Free Video Editor
StandardProfile\AuthorizedApplications: [C:\Program Files\FlashIntegro\VideoEditor\Updater.exe] => Enabled:VSDC Free Video Editor Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22008

==================== Restore Points =========================

24-03-2016 17:14:58 Installed iTunes
25-03-2016 17:29:20 System Checkpoint
25-03-2016 22:35:34 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: Ethernet Controller
Description: Ethernet Controller
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Modem
Description: PCI Modem
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/23/2016 06:22:13 PM) (Source: MsiInstaller) (EventID: 10005) (User: SS)
Description: Product: iTunes -- A later version of iTunes is already installed on this computer.

Error: (02/07/2016 05:14:36 PM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: .NET Runtime version 2.0.50727.3053 - Fatal Execution Engine Error (7A097706) (80131506)

Error: (02/07/2016 05:11:34 PM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: .NET Runtime version 2.0.50727.3053 - Fatal Execution Engine Error (7A097706) (80131506)

Error: (02/07/2016 05:10:43 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (09/19/2015 09:55:34 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: WebCompanionInstaller.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
Stack:
   at WebCompanionInstaller.App.OpenInstallerWcfHost()
   at WebCompanionInstaller.App.Main()

Error: (08/19/2015 02:03:31 PM) (Source: MsiInstaller) (EventID: 10005) (User: SS)
Description: Product: iTunes -- iTunes requires that your computer is running Windows 7 or newer.

Error: (07/16/2015 06:23:38 PM) (Source: MsiInstaller) (EventID: 11722) (User: SS)
Description: Product: Java 8 Update 20 -- Error 1722. There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action installexe, location: C:\WINDOWS\Installer\MSI60.tmp, command:  INSTALLDIR="C:\Program Files\Java\jre1.8.0_20\\" REPAIRMODE=1


System errors:
=============
Error: (03/25/2016 10:35:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The RealNetworks Downloader Resolver Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/25/2016 10:35:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Panda Devices Agent service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.

Error: (03/25/2016 10:35:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The aunhelper service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/25/2016 10:35:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The WLANKEEPER service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/25/2016 10:35:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Spectrum24 Event Monitor service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/25/2016 10:35:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The EvtEng service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/25/2016 10:32:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Apple Mobile Device service failed to start due to the following error:
%%1053

Error: (03/25/2016 10:32:34 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Apple Mobile Device service to connect.

Error: (03/25/2016 10:29:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Apple Mobile Device service failed to start due to the following error:
%%1053

Error: (03/25/2016 10:29:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Apple Mobile Device service to connect.


==================== Memory info ===========================

Processor:  Intel® Pentium® M processor 1.70GHz
Percentage of memory in use: 67%
Total physical RAM: 494.42 MB
Available physical RAM: 162.48 MB
Total Virtual: 1156.95 MB
Available Virtual: 809.34 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:19.53 GB) (Free:11.97 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: (Local Disk) (Fixed) (Total:29.29 GB) (Free:5.29 GB) NTFS
Drive e: () (Fixed) (Total:29.29 GB) (Free:2.95 GB) NTFS
Drive f: () (Fixed) (Total:33.66 GB) (Free:6.91 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 111.8 GB) (Disk ID: 04890488)
Partition 1: (Active) - (Size=19.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=92.2 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================

[RKinner]

Clear the Java Cache by following the instructions on

http://www.java.com/...lugin_cache.xml

 

You do not have the latest Java.

First go into Control Panel, Add/Remove Software (XP) or Programs and Features (Vista/Win 7) and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)

I see:

Java 8 Update 20 (

Java has been very vulnerable to infection so unless you absolutely need it you should not reinstall it.

 

If you feel you must have Java:

Get the latest Java at:

http://www.java.com/en/

 

Save it to your PC then close all browsers and install it.  Do not let it install the yahoo toolbar or other foistware.

Once installed, go into Control Panel, Java, Security and set the slider to the Highest then OK.

 

(If you also want the 64 bit version then use the 64 bit version of IE to get it.)

 

 

 

 

Uninstall

 

Baidu Cleaner 
Baidu PC Faster 

 

 

 

Start, Run, eventvwr.msc, OK to bring up the Event Viewer.  Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application. 

 

Reboot. 

 

 

1. Please download the Event Viewer Tool by Vino Rosso

http://images.malwar...om/vino/VEW.exe

and save it to your Desktop:

2. Double-click VEW.exe

3. Under 'Select log to query', select:

 

* System

4. Under 'Select type to list', select:

* Error

* Warning

 

 

Then use the 'Number of events' as follows:

 

 

1. Click the radio button for 'Number of events'

Type 20 in the 1 to 20 box

Then click the Run button.

Notepad will open with the output log.

 

 

Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)

 

 

 

 

[evolutionpill]

Hi

 

Firstly thank you for your assistance.

 

I have followed your instruction to the letter.

 

A few points and some questions if you dont mind.

 

1. Firefox this time round was extremely slow to open the sites and would hang...twice I had to open windows task manager and end the process

 

2. At one point I received the following window "PSUmain.exe application error. Instruction at 0x0258a749 referred memory at 0x006c0061 memory not read"

 

3. I removed the programs you requested, I also noticed in add/remove programs some things i did not recognise and not sure if I need

 3.1 swMSM.exe

  3.2  LAV filters 0.51.3

  3.3 Rhapsody player engine

  3.4 Texas Instrumentation pcixx20 drivers

 

4. regarding Java, I am not sure if I need it, forgive my ignorance but what would i need it for, if I did need it.

 

5. There was a program that was called wondershare (previously i used baidu cleaner - before you asked to delete it) it suggested i remove by deleting it directly from ..C:\Program Files\Common Files\Wondershare, I did, it deleted some files but a large amount remained with a windows stating.."could not delete CBSCcreativeVC.dll access denied"...please advise

 

6. Regarding an earlier post wrt itunes, i was not sure if i should download 32 or 64 bit from filehippo, I have downloaded both and they both do not want to run and install.. could you advise

 

Sorry about all the questions just trying to be thorough, and i really do appreciate your assistance.

 

Below the logs

 

View log - SYSTEM

 

Vino's Event Viewer v01c run on Windows XP in English
Report run at 25/03/2016 11:49:25 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 25/03/2016 11:44:39 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Apple Mobile Device service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.  

Log: 'System' Date/Time: 25/03/2016 11:44:39 PM
Type: error Category: 0
Event: 7009 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for the Apple Mobile Device service to connect.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

VIEW log - APPLICATION

 

Vino's Event Viewer v01c run on Windows XP in English
Report run at 25/03/2016 11:51:40 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

[RKinner]

Uninstall Apple Mobile Device Support (

It's not working.  You will need a working copy to get itunes to work so download it from Apple:

http://apple-mobile-...datestar.com/en

 

1. Firefox issue.  We will look at firefox when we run FRST again.

 

2. At one point I received the following window "PSUmain.exe application error. Instruction at 0x0258a749 referred memory at 0x006c0061 memory not read"

This is from your Panda anti-virus. Perhaps you need to download a new copy, uninstall the old, reboot and reinstall?

 

3. I removed the programs you requested, I also noticed in add/remove programs some things i did not recognise and not sure if I need

 3.1 swMSM.exe

 

Part of Adobe Shockwave.  Don't think you need it.  You can uninstall it if you like.

 

  3.2  LAV filters 0.51.3

 

LAV Filters are a set of open-source DirectShow filters, aimed to eventually replace the better part of the playback chain required to play all and any modern media. LAV Splitter is a Souce Filter/Splitter required to demux the files into their separate elementary streams. LAV Audio and Video Decoder are powerful decoders with a focus on quality and performance, without any compromises.  Supported Formats: MKV/WebM, AVI, MP4/MOV, MPEG-TS/PS (including basic EVO support), FLV, OGG, and many more that are supported by ffmpeg!

LAV Filters are based on ffmpeg and libbluray and is aimed to offer a all-around solution to perfect playback of file-based Media as well as Blu-rays.

 

Sounds good but if you run the free VLC video player

http://www.videolan.org/vlc/index.html

(which is what I use instead of Windows Media Player)  then you don't need any filters.

  3.3 Rhapsody player engine

This is part of RealPlayer.  Your version of RealPlayer is probably out of date so you might want to uninstall it and get a newer version.

  3.4 Texas Instrumentation pcixx20 drivers

 

You need these if you want to use the flash card slot on your PC.

 

4. regarding Java, I am not sure if I need it, forgive my ignorance but what would i need it for, if I did need it.

Most people do not need it.  Very few websites use it any more because it's so prone to malware.  Odds are you don't need it.  If you do need it the site will tell you then I would get the latest java from java.com and not from some link they offer you.

 

5. There was a program that was called wondershare (previously i used baidu cleaner - before you asked to delete it) it suggested i remove by deleting it directly from ..C:\Program Files\Common Files\Wondershare, I did, it deleted some files but a large amount remained with a windows stating.."could not delete CBSCcreativeVC.dll access denied"...please advise

 

We can let FRST try to delete it.  If they are in C:\Program Files\Common Files\Wondershare then the attached fixlist should remove it:

 

Download the attached fixlist.txt to the same location as FRST

 

 

Run FRST and press Fix

A fix log will be generated please post that 

 

6. Regarding an earlier post wrt itunes, i was not sure if i should download 32 or 64 bit from filehippo, I have downloaded both and they both do not want to run and install.. could you advise

 

 

You need the 32 bit version.  I would get it from Apple directly.

 

http://www.apple.com/itunes/download/

 

Sorry about all the questions just trying to be thorough, and i really do appreciate your assistance.  No problem with questions. 

 

Lets run a new FRST scan with Addition.txt checked .  Post both logs.

 

 

[evolutionpill]

1. Once I Uninstall Apple Mobile Device Support ( I have not installed a new one yet will do tomorrow) , the PC rebooted and then the visual display on my pc changed and became larger and blurred and a window popped up stating... found new hardware wizard video controller (VGA comparability) insert CD.... not sure what happened

 

2. I followed the fix list.

 

3. I will do the itune downloads tmr as it is 1.30 am.

 

4. Currently the only player i use is the fly media player so I will unstal lreal and quicktime. However I will install ad try the one you recommended.

 

Below logs

 

Fixlist

 

Fix result of Farbar Recovery Scan Tool (x86) Version:05-03-2016 01
Ran by sf (2016-03-26 01:22:23) Run:1
Running from C:\Documents and Settings\sf\Desktop
Loaded Profiles: sf (Available Profiles: sf)
Boot Mode: Normal

==============================================

fixlist content:
*****************
C:\Program Files\Common Files\Wondershare



*****************


"C:\Program Files\Common Files\Wondershare" folder move:

Could not move "C:\Program Files\Common Files\Wondershare" => Scheduled to move on reboot.


Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-03-26 01:24:08)

C:\Program Files\Common Files\Wondershare => moved successfully

==== End of Fixlog 01:24:08 ====

 

FRST log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-03-2016 01
Ran by sf (administrator) on SS (26-03-2016 01:39:12)
Running from C:\Documents and Settings\sf\Desktop
Loaded Profiles: sf (Available Profiles: sf)
Platform: Microsoft Windows XP Professional Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 6 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(Intel Corporation ) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
(Intel® Corporation) C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
(Intel) C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
() C:\Program Files\Common Files\aunhelper\aunhelper.exe
() C:\Program Files\Common Files\aunhelper\worker.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IntelWireless] => C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [385024 2004-10-30] (Intel Corporation)
HKLM\...\Run: [IMJPMIG8.1] => C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2004-08-04] (Microsoft Corporation)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM\...\Run: [PSUAMain] => C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe [54520 2015-10-23] (Panda Security, S.L.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll [2004-08-20] (Intel Corporation)
Winlogon\Notify\IntelWireless: C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [2004-09-07] (Intel Corporation)
HKU\S-1-5-21-1085031214-688789844-1343024091-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Lsa: [Authentication Packages] msv1_0 nwprovau
GroupPolicyScripts: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D7107B94-1DDC-4D20-A2B4-35619214B37B}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-1085031214-688789844-1343024091-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-1085031214-688789844-1343024091-1003 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "hxxp://www.google.com" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\sf\Application Data\Mozilla\Firefox\Profiles\hgx4pa98.default
FF DefaultSearchEngine: Yahoo
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll [2014-11-13] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw.dll [2012-04-26] (Adobe Systems, Inc.)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2014-10-02] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll [2014-10-02] (RealPlayer)
FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.0 -> C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll [2006-03-31] (RealNetworks, Inc.)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1085031214-688789844-1343024091-1003: @real.com/RhapsodyPlayerEngine -> C:\Documents and Settings\sf\Application Data\nprhapengine.dll [No File]
FF Extension: Web Counselor - C:\Documents and Settings\sf\Application Data\Mozilla\Firefox\Profiles\hgx4pa98.default\Extensions\{25dd52dc-89a8-469d-9e8f-8d483095d1e8} [2014-10-02] [not signed]
FF Extension: Flash Block - C:\Documents and Settings\sf\Application Data\Mozilla\Firefox\Profiles\hgx4pa98.default\Extensions\{95ab36d4-fb6f-47b0-8b8d-e5f3bd547953}.xpi [2015-06-16]
FF Extension: Video DownloadHelper - C:\Documents and Settings\sf\Application Data\Mozilla\Firefox\Profiles\hgx4pa98.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-10-31]
FF Extension: YouTube Flash Video Player - C:\Documents and Settings\sf\Application Data\Mozilla\Firefox\Profiles\hgx4pa98.default\Extensions\{f3bd3dd2-2888-44c5-91a2-2caeb33fb898}.xpi [2016-03-13]
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-24] [not signed]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-10-02] [not signed]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aunhelper; C:\Program Files\Common Files\aunhelper\aunhelper.exe [89168 2015-09-21] ()
R3 EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [86016 2004-09-07] (Intel Corporation) [File not signed]
R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe [142072 2015-10-18] (Panda Security, S.L.)
R2 NWCWorkstation; C:\WINDOWS\System32\nwwks.dll [64000 2004-08-04] (Microsoft Corporation)
R2 PandaAgent; C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe [73176 2016-02-22] (Panda Security, S.L.) [File not signed]
R2 PSUAService; C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-10-23] (Panda Security, S.L.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S3 RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [139264 2004-09-07] (Intel Corporation) [File not signed]
R2 S24EventMonitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [360521 2004-09-07] (Intel Corporation ) [File not signed]
R2 WLANKEEPER; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [225353 2004-09-07] (Intel® Corporation) [File not signed]
S3 WsDrvInst; "C:\Program Files\Wondershare\TunesGoRetro\DriverInstall.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [17056 2014-10-01] (Meetinghouse Data Communications) [File not signed]
R0 Bhbase; C:\WINDOWS\System32\drivers\Bhbase.sys [47408 2015-03-31] (Baidu, Inc.)
R0 giveio; C:\WINDOWS\System32\giveio.sys [5248 1996-04-04] () [File not signed]
S3 ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [737874 2004-08-20] (Intel Corporation) [File not signed]
R3 IWCA; C:\WINDOWS\System32\DRIVERS\iwca.sys [234496 2004-08-12] (Intel Corporation) [File not signed]
R1 NNSALPC; C:\WINDOWS\System32\DRIVERS\NNSAlpc.sys [87032 2015-07-09] (Panda Security, S.L.)
R1 NNSHTTP; C:\WINDOWS\System32\DRIVERS\NNSHttp.sys [202104 2015-07-09] (Panda Security, S.L.)
R1 NNSHTTPS; C:\WINDOWS\System32\DRIVERS\NNSHttps.sys [109688 2015-07-09] (Panda Security, S.L.)
R1 NNSIDS; C:\WINDOWS\System32\DRIVERS\NNSIds.sys [121720 2015-07-09] (Panda Security, S.L.)
R3 NNSNAHS; C:\WINDOWS\System32\DRIVERS\NNSNAHS.sys [55216 2015-05-20] (Panda Security, S.L.)
R1 NNSPICC; C:\WINDOWS\System32\DRIVERS\NNSPicc.sys [102264 2015-07-09] (Panda Security, S.L.)
R1 NNSPIHS; C:\WINDOWS\System32\DRIVERS\NNSPihs.sys [52088 2015-07-09] (Panda Security, S.L.)
R1 NNSPOP3; C:\WINDOWS\System32\DRIVERS\NNSPop3.sys [120568 2015-07-09] (Panda Security, S.L.)
R1 NNSPROT; C:\WINDOWS\System32\DRIVERS\NNSProt.sys [281720 2015-07-09] (Panda Security, S.L.)
R1 NNSPRV; C:\WINDOWS\System32\DRIVERS\NNSPrv.sys [209016 2015-07-09] (Panda Security, S.L.)
R1 NNSSMTP; C:\WINDOWS\System32\DRIVERS\NNSSmtp.sys [108408 2015-07-09] (Panda Security, S.L.)
R1 NNSSTRM; C:\WINDOWS\System32\DRIVERS\NNSStrm.sys [240376 2015-07-09] (Panda Security, S.L.)
R1 NNSTLSC; C:\WINDOWS\System32\DRIVERS\NNSTlsc.sys [94968 2015-07-09] (Panda Security, S.L.)
R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88448 2004-08-04] (Microsoft Corporation)
R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2004-08-04] (Microsoft Corporation)
R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2004-08-04] (Microsoft Corporation)
R3 NWRDR; C:\WINDOWS\System32\DRIVERS\nwrdr.sys [163584 2004-08-04] (Microsoft Corporation)
R1 OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [13632 2001-08-22] (Dell Computer Corporation) [File not signed]
R2 PSINAflt; C:\WINDOWS\System32\DRIVERS\PSINAflt.sys [140792 2015-07-20] (Panda Security, S.L.)
R2 PSINFile; C:\WINDOWS\System32\DRIVERS\PSINFile.sys [103288 2015-07-20] (Panda Security, S.L.)
R1 PSINKNC; C:\WINDOWS\System32\DRIVERS\psinknc.sys [172792 2015-07-20] (Panda Security, S.L.)
R2 PSINProc; C:\WINDOWS\System32\DRIVERS\PSINProc.sys [114680 2015-07-20] (Panda Security, S.L.)
R2 PSINProt; C:\WINDOWS\System32\DRIVERS\PSINProt.sys [125176 2015-07-20] (Panda Security, S.L.)
R2 PSINReg; C:\WINDOWS\System32\DRIVERS\PSINReg.sys [100600 2015-07-20] (Panda Security, S.L.)
R3 PSKMAD; C:\WINDOWS\System32\DRIVERS\PSKMAD.sys [50832 2015-05-22] (Panda Security, S.L.)
S3 Rockusb; C:\WINDOWS\System32\DRIVERS\rockusb.sys [46160 2013-10-28] (Fuzhou Rockchip Electronics Co,Ltd.)
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [11354 2004-08-31] (Intel Corporation) [File not signed]
S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [27440 2004-08-04] ()
R0 speedfan; C:\WINDOWS\System32\speedfan.sys [24184 2012-12-30] (Almico Software)
R3 STAC97; C:\WINDOWS\System32\drivers\stac97.sys [264440 2004-11-15] (SigmaTel, Inc.) [File not signed]
S3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [32968 2014-03-07] (The OpenVPN Project)
R3 tifm; C:\WINDOWS\System32\drivers\tifm.sys [67072 2004-05-21] (Texas Instruments) [File not signed]
R3 w29n51; C:\WINDOWS\System32\DRIVERS\w29n51.sys [3210496 2004-10-21] (Intel® Corporation) [File not signed]
S3 BprotectEx; \??\C:\WINDOWS\System32\drivers\BprotectEx.sys [X]
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
U1 WS2IFSL; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-26 01:22 - 2016-03-26 01:24 - 00000733 _____ C:\Documents and Settings\sf\Desktop\Fixlog.txt
2016-03-26 00:16 - 2016-03-26 00:16 - 00000000 ____D C:\Program Files\7-Zip
2016-03-26 00:16 - 2016-03-26 00:16 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
2016-03-25 23:51 - 2016-03-25 23:51 - 00000839 _____ C:\VEWlog system.txt
2016-03-25 23:51 - 2016-03-25 23:51 - 00000359 _____ C:\VEW log application.txt
2016-03-25 23:49 - 2016-03-25 23:51 - 00000359 _____ C:\VEW.txt
2016-03-25 23:37 - 2016-03-25 23:37 - 00002924 _____ C:\sfvb.txt
2016-03-25 23:26 - 2016-03-25 23:32 - 00061440 _____ ( ) C:\Documents and Settings\sf\Desktop\VEW.exe
2016-03-25 22:40 - 2016-03-25 22:41 - 00027245 _____ C:\Documents and Settings\sf\Desktop\Addition.txt
2016-03-25 22:39 - 2016-03-26 01:39 - 00014266 _____ C:\Documents and Settings\sf\Desktop\FRST.txt
2016-03-25 22:38 - 2016-03-26 01:39 - 00000000 ____D C:\FRST
2016-03-25 22:38 - 2016-03-25 22:38 - 00002566 _____ C:\Documents and Settings\sf\My Documents\JRT.txt
2016-03-25 22:36 - 2016-03-25 22:36 - 00002566 _____ C:\Documents and Settings\sf\Desktop\JRT.txt
2016-03-25 22:34 - 2016-03-25 22:34 - 00000000 ____D C:\Documents and Settings\sf\Application Data\FLV and Media Player
2016-03-25 22:22 - 2016-03-25 22:28 - 00000000 ____D C:\AdwCleaner
2016-03-25 22:17 - 2016-03-25 22:18 - 01610352 _____ (Malwarebytes) C:\Documents and Settings\sf\Desktop\JRT.exe
2016-03-25 22:15 - 2016-03-25 22:16 - 01530368 _____ C:\Documents and Settings\sf\Desktop\adwcleaner_5.105.exe
2016-03-25 22:14 - 2016-03-25 22:14 - 01725440 _____ (Farbar) C:\Documents and Settings\sf\Desktop\FRST.exe
2016-03-25 17:12 - 2015-05-22 16:45 - 00050832 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\PSKMAD.sys
2016-03-24 22:24 - 2016-03-25 22:50 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-03-24 21:15 - 2016-03-24 21:15 - 00000000 ____D C:\Documents and Settings\sf\Application Data\CrystalIdea Software
2016-03-24 21:14 - 2016-03-24 22:10 - 00000000 ____D C:\Program Files\SpeedFan
2016-03-24 21:14 - 2016-03-24 21:14 - 00000682 _____ C:\Documents and Settings\sf\Desktop\SpeedFan.lnk
2016-03-24 21:14 - 2016-03-24 21:14 - 00000045 _____ C:\WINDOWS\system32\initdebug.nfo
2016-03-24 21:14 - 2016-03-24 21:14 - 00000000 ____D C:\Documents and Settings\sf\Start Menu\Programs\SpeedFan
2016-03-24 17:15 - 2016-03-25 21:12 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2016-03-23 18:49 - 2016-03-23 18:49 - 00000000 ____D C:\WINDOWS\system32\appmgmt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-26 01:39 - 2014-10-01 20:21 - 00000000 ____D C:\Documents and Settings\sf\Local Settings\Temp
2016-03-26 01:37 - 2014-11-02 19:55 - 00000446 _____ C:\WINDOWS\Tasks\WpsUpdateTask_sf.job
2016-03-26 01:25 - 2014-10-01 20:58 - 00000272 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1085031214-688789844-1343024091-1003.job
2016-03-26 01:24 - 2016-02-07 17:34 - 00000000 ____D C:\Program Files\Common Files\aunhelper
2016-03-26 01:23 - 2014-10-01 20:20 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-26 01:22 - 2014-10-01 21:13 - 08585216 _____ C:\WINDOWS\system32\config\Nano.evt
2016-03-26 01:22 - 2014-10-01 20:21 - 00000178 ___SH C:\Documents and Settings\sf\ntuser.ini
2016-03-26 01:22 - 2014-10-01 20:20 - 00032444 _____ C:\WINDOWS\SchedLgU.Txt
2016-03-26 01:10 - 2014-11-01 12:08 - 00000446 _____ C:\WINDOWS\Tasks\WpsNotifyTask_sf.job
2016-03-26 01:06 - 2014-10-02 03:37 - 00000000 ___HD C:\WINDOWS\inf
2016-03-26 00:09 - 2015-09-08 16:09 - 00000334 _____ C:\WINDOWS\Tasks\{6A128791-4857-4484-9BB2-71D4C1257200}.job
2016-03-25 23:39 - 2015-05-26 11:23 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\RpData
2016-03-25 22:38 - 2014-10-01 20:21 - 00000000 ___RD C:\Documents and Settings\sf\My Documents
2016-03-25 22:30 - 2014-10-01 20:21 - 00000000 ____D C:\Documents and Settings\sf
2016-03-25 21:38 - 2014-10-01 20:22 - 00000000 ____D C:\2014 program downloads
2016-03-25 21:37 - 2014-10-31 11:33 - 00000000 ____D C:\Documents and Settings\sf\dwhelper
2016-03-25 21:21 - 2014-10-02 14:06 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Apple
2016-03-25 21:19 - 2016-02-07 18:35 - 00000000 ____D C:\Documents and Settings\sf\Start Menu\Programs\3herosoft
2016-03-25 21:18 - 2015-09-19 21:16 - 00000000 ____D C:\ipad
2016-03-25 21:12 - 2014-10-02 14:09 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Apple Computer
2016-03-25 21:08 - 2015-08-19 16:03 - 00000000 ____D C:\Program Files\:spam: Studio
2016-03-25 21:08 - 2015-08-19 11:22 - 00000000 ____D C:\Program Files\Vibosoft
2016-03-25 21:08 - 2015-08-19 11:22 - 00000000 ____D C:\Documents and Settings\sf\Start Menu\Programs\Vibosoft
2016-03-25 21:01 - 2016-02-07 17:59 - 00000000 ____D C:\Program Files\Cucusoft
2016-03-25 21:00 - 2015-08-19 15:59 - 00000000 ____D C:\Program Files\iStonsoft
2016-03-25 21:00 - 2015-08-19 15:59 - 00000000 ____D C:\Documents and Settings\sf\Start Menu\Programs\iStonsoft
2016-03-25 19:32 - 2015-03-04 19:32 - 00000350 _____ C:\WINDOWS\Tasks\Baidu PC Faster Update.job
2016-03-25 17:54 - 2016-02-05 18:55 - 00000000 ____D C:\Documents and Settings\sf\My Documents\tv
2016-03-25 17:45 - 2015-03-04 19:32 - 00000000 ____D C:\Documents and Settings\LocalService\Start Menu\Programs\Baidu PC Faster
2016-03-25 17:45 - 2015-03-04 19:32 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Baidu PC Faster
2016-03-25 17:43 - 2016-02-07 18:36 - 00000882 _____ C:\Documents and Settings\sf\Local Settings\mhli.bak8
2016-03-25 17:43 - 2016-02-07 18:36 - 00000144 _____ C:\Documents and Settings\sf\Local Settings\mhli.bak11
2016-03-25 17:43 - 2016-02-07 18:36 - 00000115 _____ C:\Documents and Settings\sf\Local Settings\ibooks1.bak
2016-03-25 17:43 - 2016-02-07 18:36 - 00000115 _____ C:\Documents and Settings\sf\Local Settings\ibooks0.bak
2016-03-25 17:43 - 2016-02-07 18:36 - 00000112 _____ C:\Documents and Settings\sf\Local Settings\mhli.bak12
2016-03-24 17:07 - 2014-10-01 20:46 - 00105984 _____ C:\Documents and Settings\sf\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-03-24 16:50 - 2014-10-01 23:20 - 00000000 ____D C:\Documents and Settings\sf\My Documents\My Videos
2016-03-24 14:17 - 2015-08-19 16:04 - 00000000 ____D C:\Program Files\Aiseesoft Studio
2016-03-24 14:12 - 2014-12-20 16:12 - 00000000 ____D C:\WINDOWS\Minidump
2016-03-24 10:45 - 2004-08-04 20:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2016-03-23 10:22 - 2014-10-01 20:58 - 00000280 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1085031214-688789844-1343024091-1003.job
2016-03-06 10:19 - 2015-08-22 05:49 - 00000289 _____ C:\Documents and Settings\sf\Application Data\FotoSketcher.ini
2016-03-04 17:01 - 2003-11-14 16:25 - 00004096 _____ C:\WINDOWS\system32\windrvrz.vxd

==================== Files in the root of some directories =======

2013-10-14 10:44 - 2013-10-14 10:44 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files\Common Files\atimpenc.dll
2015-08-22 05:49 - 2016-03-06 10:19 - 0000289 _____ () C:\Documents and Settings\sf\Application Data\FotoSketcher.ini
2014-10-01 20:46 - 2016-03-24 17:07 - 0105984 _____ () C:\Documents and Settings\sf\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Files to move or delete:
====================
C:\Windows\Tasks\{6A128791-4857-4484-9BB2-71D4C1257200}.job


Some files in TEMP:
====================
C:\Documents and Settings\sf\Local Settings\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

FRST - ADDITIONAL

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:05-03-2016 01
Ran by sf (2016-03-26 01:40:12)
Running from C:\Documents and Settings\sf\Desktop
Microsoft Windows XP Professional Service Pack 2 (X86) (2014-10-01 12:18:33)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1085031214-688789844-1343024091-500 - Administrator - Enabled)
Guest (S-1-5-21-1085031214-688789844-1343024091-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1085031214-688789844-1343024091-1000 - Limited - Disabled)
sf (S-1-5-21-1085031214-688789844-1343024091-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\sf
SUPPORT_388945a0 (S-1-5-21-1085031214-688789844-1343024091-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Free Antivirus (Enabled - Up to date) {5AD27692-540A-464E-B625-78275FA38393}
FW: Panda Firewall (Disabled) {1337562C-110A-4AF8-B12B-750C0B30E802}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.14 (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
FotoSketcher 3.10 (HKLM\...\{E7C6D565-2E48-4303-A114-AFE7B2E561AF}_is1) (Version:  - David THOIRON)
FreeSizer v.1.0.0 (HKLM\...\{B0C5249A-E603-450A-B19A-D9989D24C855}}_is1) (Version: 1.0.0 - WinBit Software)
iMacsoft iPhone Photo to PC Transfer (HKLM\...\iMacsoft iPhone Photo to PC Transfer) (Version: 3.0.9.0909 - iMacsoft)
Intel® PROSet/Wireless Software (HKLM\...\ProInst) (Version: 9.00.0000 - Intel Corporation)
LAV Filters 0.51.3 (HKLM\...\lavfilters_is1) (Version: 0.51.3 - Hendrik Leppkes)
mCore (Version: 1.19.0000 - Intel Corporation) Hidden
mDriver (Version: 1.19.0000 - Intel) Hidden
mDrWiFi (Version: 1.19.0000 - Intel Corporation) Hidden
mHlpDell (Version: 1.19.0000 - Intel) Hidden
Microsoft .NET Framework 2.0 Client Profile Basic SP2 Version 1.0.1.22 (HKLM\...\{10E4121C-8181-4217-8DA9-6CD38DDC34F9}_is1) (Version: 1.0.1.22 - Wondershare, Inc.)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
mIWA (Version: 1.19.0000 - Intel Corporation) Hidden
mIWCA (Version: 1.19.0000 - Intel Corporation) Hidden
mLogView (Version: 1.19.0000 - Intel Corporation) Hidden
mMHouse (Version: 1.19.0000 - Intel Corporation) Hidden
Mozilla Firefox 45.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 45.0.1 (x86 en-US)) (Version: 45.0.1 - Mozilla)
mPfMgr (Version: 1.19.0000 - Intel Corporation) Hidden
mPfWiz (Version: 1.19.0000 - Intel Corporation) Hidden
mProSafe (Version: 9.00.0000 - Intel) Hidden
mSSO (Version: 1.19.0000 - Intel Corporation) Hidden
mToolkit (Version: 1.19.0000 - Intel Corporation) Hidden
mWlsSafe (Version: 9.00.0000 - Intel) Hidden
mXML (Version: 1.19.0000 - Intel Corporation) Hidden
mZConfig (Version: 1.19.0000 - Intel Corporation) Hidden
NingPo MahJong Deluxe 1.04 (HKLM\...\NingPo MahJong Deluxe 1.04) (Version:  - )
Panda Devices Agent (Version: 1.03.07 - Panda Security) Hidden
Panda Devices Agent (Version: 1.06.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM\...\Panda Universal Agent Endpoint) (Version: 16.0.2 - Panda Security)
Panda Free Antivirus (Version: 8.04.00.0000 - Panda Security) Hidden
PCIxx20 (Version: 1.01.0004 - Dell) Hidden
Photo! Editor 1.1 (HKLM\...\PhotoToolkit_is1) (Version:  - )
PhotoBulk 1.0.257 (HKLM\...\PhotoBulk_is1) (Version: 1.0.257 - Eltima Software)
Real Alternative 2.0.2 (HKLM\...\RealAlt_is1) (Version: 2.0.2 - )
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Rhapsody Player Engine (HKLM\...\{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}) (Version: 1.0.604 - RealNetworks)
Sothink Video Converter (HKLM\...\{0FD155A3-DF78-43ee-84B0-3CC86BA962F2}_is1) (Version: 3.6 - SourceTec Software Co., LTD)
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version:  - )
Texas Instruments PCIxx20 drivers. (HKLM\...\InstallShield_{6F30B469-5ED7-4734-8252-B9BC962A2AB3}) (Version: 1.01.0004 - Dell)
VSDC Free Video Editor version 3.3.0.394 (HKLM\...\VSDC Free Video Editor_is1) (Version: 3.3.0.394 - Flash-Integro LLC)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
WinRAR 5.11 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
WPS Office (9.1.0.4746) (HKU\S-1-5-21-1085031214-688789844-1343024091-1003\...\WPS Office) (Version: 9.1.0.4746 - Kingsoft Corp.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{00020812-0000-0000-C000-000000000046}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{00020820-0000-0000-C000-000000000046}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{00020821-0000-0000-C000-000000000046}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{00020830-0000-0000-C000-000000000046}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{00020832-0000-0000-C000-000000000046}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{00020900-0000-0000-C000-000000000046}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{00020906-0000-0000-C000-000000000046}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{00020906-0000-4b30-A977-D214852036FF}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{00020907-0000-0000-C000-000000000046}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{000209F0-0000-4b30-A977-D214852036FF}\InprocServer32 ->  => No File
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{000209FF-0000-0000-C000-000000000046}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{000209FF-0000-4b30-A977-D214852036FF}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{00024500-0000-0000-C000-000000000046}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{0002CE21-0000-0000-C000-000000000046}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\ksee\EqnEdit.exe (Design Science, Inc.)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{048EB43E-2059-422F-95E0-557DA96038AF}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{08DA629F-8B2B-489c-A667-2FC213E043FD}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{18A06B6B-2F3F-4E2B-A611-52BE631B2D22}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{3C18EAE4-BC25-4134-B7DF-1ECA1337DDDC}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{44720441-94BF-4940-926D-4F38FECF2A48}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{44720444-94BF-4940-926D-4F38FECF2A48}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{45540001-5750-5300-4B49-4E47534F4655}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{45540003-5750-5300-4B49-4E47534F4655}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{45540086-5750-5300-4B49-4E47534F4655}\InprocServer32 ->  => No File
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{45540086-5750-5300-4B49-4E47534F4655}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{4D4E0078-1386-4536-BD05-3E1013F17116}\InprocServer32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\oledefaulthandler.dll (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{64818D10-4F9B-11CF-86EA-00AA00B929E8}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{64818D11-4F9B-11CF-86EA-00AA00B929E8}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{75D01070-1234-44E9-82F6-DB5B39A47C13}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{8A624388-AA27-43E0-89F8-2A12BFF7BCCD}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{912ABC52-36E2-4714-8E62-A8B73CA5E390}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{91493441-5A91-11CF-8700-00AA0060263B}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{91493443-94BF-4940-926D-4F38FECF2A48}\InprocServer32 ->  => No File
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{9F284818-F253-49f2-82C1-F6CFF86CD4EE}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{CF4F55F4-8F87-4D47-80BB-5808164BB3F8}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{DC020317-E6E2-4A62-B9FA-B3EFE16626F4}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{F4754C9B-64F5-4B40-8AF4-679732AC0607}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\Baidu PC Faster Update.job => C:\Program Files\PC Faster\5.1.0.0\Updater.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1085031214-688789844-1343024091-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1085031214-688789844-1343024091-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\WpsNotifyTask_sf.job => C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\wtoolex\wpsnotify.exe
Task: C:\WINDOWS\Tasks\WpsUpdateTask_sf.job => C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\wtoolex\wpsupdate.exe
Task: C:\WINDOWS\Tasks\{6A128791-4857-4484-9BB2-71D4C1257200}.job => C:\Documents and Settings\All Users\Application Data\ToolsUpdatePlatform\CallBackInstall.exe <==== ATTENTION

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2004-09-07 16:03 - 2004-09-07 16:03 - 00073728 _____ () C:\Program Files\Intel\Wireless\Bin\D8021Xps.DLL
2016-02-07 17:34 - 2015-09-21 09:44 - 00089168 _____ () C:\Program Files\Common Files\aunhelper\aunhelper.exe
2016-02-07 17:34 - 2015-09-21 09:44 - 00064592 _____ () C:\Program Files\Common Files\aunhelper\worker.exe
2016-02-07 17:34 - 2015-09-18 17:49 - 00229376 _____ () C:\Program Files\Common Files\aunhelper\logger.job
2016-02-07 17:34 - 2015-09-18 17:49 - 00086016 _____ () C:\Program Files\Common Files\aunhelper\popup.job
2016-02-07 17:34 - 2015-09-21 09:34 - 00200704 _____ () C:\Program Files\Common Files\aunhelper\IOSHelper.dll
2016-02-07 17:34 - 2015-09-18 17:49 - 00241664 _____ () C:\Program Files\Common Files\aunhelper\update.job
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2013-04-13 01:23 - 2013-04-13 01:23 - 00612664 _____ () C:\Program Files\Panda Security\Panda Security Protection\SQLite3.dll
2004-08-04 20:00 - 2004-08-04 20:00 - 01287680 _____ () C:\WINDOWS\system32\quartz.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:16EAB5F6 [135]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-04 20:00 - 2004-08-04 20:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1085031214-688789844-1343024091-1003\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Bliss.bmp
DNS Servers: 192.168.1.1
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [F:\Microsoft Age of Empires - Rise of Rome\AOE\Empires.exe] => Disabled:Age of Empires
StandardProfile\AuthorizedApplications: [F:\Microsoft Age of Empires - Rise of Rome\AOE\EMPIRESX.EXE] => Disabled:Age of Empires, the Rise of Rome
StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour Service
StandardProfile\AuthorizedApplications: [E:\Microsoft Age of Empires - Rise of Rome\Microsoft Age of Empires - Rise of Rome\AOE\EMPIRESX.EXE] => Enabled:Age of Empires, the Rise of Rome
StandardProfile\AuthorizedApplications: [C:\Program Files\FlashIntegro\VideoEditor\VideoEditor.exe] => Enabled:VSDC Free Video Editor
StandardProfile\AuthorizedApplications: [C:\Program Files\FlashIntegro\VideoEditor\Updater.exe] => Enabled:VSDC Free Video Editor Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22008

==================== Restore Points =========================

24-03-2016 17:14:58 Installed iTunes
25-03-2016 17:29:20 System Checkpoint
25-03-2016 22:35:34 JRT Pre-Junkware Removal
25-03-2016 23:24:09 Removed Java 8 Update 20
26-03-2016 01:06:13 Removed Apple Mobile Device Support
26-03-2016 01:16:05 Removed swMSM.

==================== Faulty Device Manager Devices =============

Name: Video Controller (VGA Compatible)
Description: Video Controller (VGA Compatible)
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Video Controller
Description: Video Controller
Class Guid:
Manufacturer:
Service:
Problem: : This device is not configured correctly. (Code1)
Resolution: You may be prompted to provide the path of the driver. Windows may have the driver built-in, or may still have the driver files installed from the last time that you set up the device. If you are asked for the driver and you do not have it, you can try to download the latest driver from the hardware vendor�s Web site.
In the device properties dialog box, click the "Driver" tab, and then click "Update Driver" to start the "Hardware Update Wizard". Follow the instructions to update the driver. If updating the driver does not work, see your hardware documentation for more information.

Name: Ethernet Controller
Description: Ethernet Controller
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Modem
Description: PCI Modem
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (03/25/2016 11:44:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Apple Mobile Device service failed to start due to the following error:
%%1053

Error: (03/25/2016 11:44:39 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Apple Mobile Device service to connect.


==================== Memory info ===========================

Processor:  Intel® Pentium® M processor 1.70GHz
Percentage of memory in use: 84%
Total physical RAM: 494.42 MB
Available physical RAM: 77.54 MB
Total Virtual: 1156.95 MB
Available Virtual: 661.3 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:19.53 GB) (Free:11.86 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: (Local Disk) (Fixed) (Total:29.29 GB) (Free:5.29 GB) NTFS
Drive e: () (Fixed) (Total:29.29 GB) (Free:2.95 GB) NTFS
Drive f: () (Fixed) (Total:33.66 GB) (Free:6.91 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 111.8 GB) (Disk ID: 04890488)
Partition 1: (Active) - (Size=19.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=92.2 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================

[RKinner]

Got another fixlist for you.  This one is going to remove the remnants of Baidu and wondershare and also something called aunhelper.   aunhelper is not in your uninstall list and runs from a funny place so not trustworthy.

 

 

Your error log says that something has happened to your video driver and it's not setup up correctly.  I would download a new video driver from the PC Maker's website and install it.

 

 

 

 

[evolutionpill]

Hi

 

Thank you for that.

 

I have another set of questions, again hope you dont mind.

 

1. Under add/remove

 

1.1 I have adobe flash plugin 15 and shockwave 11.6   do I keep these?

 

1.2 there is something called bonjour, dont know what it is...do I keep or remove?

 

1.3 I see quicktime, on the list but no option to remove, how do I do that?

 

1.4 You recommended i use 7-zip instead of rar, shall I remove rar from add/remove?

 

 

2. Program files in C drive-I was looking through my program files and saw a few things I am not sure of

 

2.1 Java.jre 1.8.0_20. I removed all java from add/remove but still in my program files...do i just delete?

 

2.2 Can I delete net meeting?

 

2.3 I still have Real, real alternative, real network files ( not empty) even though I deleted them in add/remove

 

2.4 I have quicktime folder ( although cannot remove from add/remove)

 

2.5 under windows folder, system32, their are an incredible amount of files...is this normal?

 

3. Firefox, this is still giving me trouble.... (I have updated it) Firstly it still hangs and takes very long time to open each page, I have to refresh a number of times before the page will eventually open.? ( I do see at the bottom of the page a small script window that will either state waiting for geekstogo.com...and then changes to connecting to google or googleleads...etc but eventually the page opens or if a do a yahoo search it will open the yahoo.com page but if i seach its says page failed.

 

 

4. You recommended videolan however it requires SP3, it has option for win 95 but I need to install a kernnel, and under older version there is a long list which im not sure which to select. currently I use Applian Technologies\FLV and Media Player, is this ok or not.

 

5. In windows task manager, processes called worker.exe which I have not seen before

 

6. I downloaded itunes, however upon opening I get...itunes cannot connect with itunes store error 0x80096004

 

I will do the new fixlist and send the log

 

Once again thank you

[evolutionpill]

the FRST logs

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-03-2016 01
Ran by sf (administrator) on SS (26-03-2016 14:37:43)
Running from C:\Documents and Settings\sf\Desktop
Loaded Profiles: sf (Available Profiles: sf)
Platform: Microsoft Windows XP Professional Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 6 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(Intel Corporation ) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
(Intel® Corporation) C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
(Intel) C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IntelWireless] => C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [385024 2004-10-30] (Intel Corporation)
HKLM\...\Run: [IMJPMIG8.1] => C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2004-08-04] (Microsoft Corporation)
HKLM\...\Run: [PSUAMain] => C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe [54520 2015-10-23] (Panda Security, S.L.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll [2004-08-20] (Intel Corporation)
Winlogon\Notify\IntelWireless: C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [2004-09-07] (Intel Corporation)
HKU\S-1-5-21-1085031214-688789844-1343024091-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Lsa: [Authentication Packages] msv1_0 nwprovau

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D7107B94-1DDC-4D20-A2B4-35619214B37B}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-1085031214-688789844-1343024091-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-1085031214-688789844-1343024091-1003 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

FireFox:
========
FF ProfilePath: C:\Documents and Settings\sf\Application Data\Mozilla\Firefox\Profiles\hgx4pa98.default
FF DefaultSearchEngine: Yahoo
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll [2014-11-13] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-20] ()
FF Extension: Web Counselor - C:\Documents and Settings\sf\Application Data\Mozilla\Firefox\Profiles\hgx4pa98.default\Extensions\{25dd52dc-89a8-469d-9e8f-8d483095d1e8} [2014-10-02] [not signed]
FF Extension: Flash Block - C:\Documents and Settings\sf\Application Data\Mozilla\Firefox\Profiles\hgx4pa98.default\Extensions\{95ab36d4-fb6f-47b0-8b8d-e5f3bd547953}.xpi [2015-06-16]
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-24] [not signed]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2014-02-20]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [86016 2004-09-07] (Intel Corporation) [File not signed]
R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe [142072 2015-10-18] (Panda Security, S.L.)
R2 NWCWorkstation; C:\WINDOWS\System32\nwwks.dll [64000 2004-08-04] (Microsoft Corporation)
R2 PandaAgent; C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe [73176 2016-02-22] (Panda Security, S.L.) [File not signed]
R2 PSUAService; C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-10-23] (Panda Security, S.L.)
S3 RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [139264 2004-09-07] (Intel Corporation) [File not signed]
R2 S24EventMonitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [360521 2004-09-07] (Intel Corporation ) [File not signed]
R2 WLANKEEPER; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [225353 2004-09-07] (Intel® Corporation) [File not signed]
S3 WsDrvInst; "C:\Program Files\Wondershare\TunesGoRetro\DriverInstall.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [17056 2014-10-01] (Meetinghouse Data Communications) [File not signed]
R0 giveio; C:\WINDOWS\System32\giveio.sys [5248 1996-04-04] () [File not signed]
S3 ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [737874 2004-08-20] (Intel Corporation) [File not signed]
R3 IWCA; C:\WINDOWS\System32\DRIVERS\iwca.sys [234496 2004-08-12] (Intel Corporation) [File not signed]
R1 NNSALPC; C:\WINDOWS\System32\DRIVERS\NNSAlpc.sys [87032 2015-07-09] (Panda Security, S.L.)
R1 NNSHTTP; C:\WINDOWS\System32\DRIVERS\NNSHttp.sys [202104 2015-07-09] (Panda Security, S.L.)
R1 NNSHTTPS; C:\WINDOWS\System32\DRIVERS\NNSHttps.sys [109688 2015-07-09] (Panda Security, S.L.)
R1 NNSIDS; C:\WINDOWS\System32\DRIVERS\NNSIds.sys [121720 2015-07-09] (Panda Security, S.L.)
R3 NNSNAHS; C:\WINDOWS\System32\DRIVERS\NNSNAHS.sys [55216 2015-05-20] (Panda Security, S.L.)
R1 NNSPICC; C:\WINDOWS\System32\DRIVERS\NNSPicc.sys [102264 2015-07-09] (Panda Security, S.L.)
R1 NNSPIHS; C:\WINDOWS\System32\DRIVERS\NNSPihs.sys [52088 2015-07-09] (Panda Security, S.L.)
R1 NNSPOP3; C:\WINDOWS\System32\DRIVERS\NNSPop3.sys [120568 2015-07-09] (Panda Security, S.L.)
R1 NNSPROT; C:\WINDOWS\System32\DRIVERS\NNSProt.sys [281720 2015-07-09] (Panda Security, S.L.)
R1 NNSPRV; C:\WINDOWS\System32\DRIVERS\NNSPrv.sys [209016 2015-07-09] (Panda Security, S.L.)
R1 NNSSMTP; C:\WINDOWS\System32\DRIVERS\NNSSmtp.sys [108408 2015-07-09] (Panda Security, S.L.)
R1 NNSSTRM; C:\WINDOWS\System32\DRIVERS\NNSStrm.sys [240376 2015-07-09] (Panda Security, S.L.)
R1 NNSTLSC; C:\WINDOWS\System32\DRIVERS\NNSTlsc.sys [94968 2015-07-09] (Panda Security, S.L.)
R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88448 2004-08-04] (Microsoft Corporation)
R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2004-08-04] (Microsoft Corporation)
R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2004-08-04] (Microsoft Corporation)
R3 NWRDR; C:\WINDOWS\System32\DRIVERS\nwrdr.sys [163584 2004-08-04] (Microsoft Corporation)
R1 OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [13632 2001-08-22] (Dell Computer Corporation) [File not signed]
R2 PSINAflt; C:\WINDOWS\System32\DRIVERS\PSINAflt.sys [140792 2015-07-20] (Panda Security, S.L.)
R2 PSINFile; C:\WINDOWS\System32\DRIVERS\PSINFile.sys [103288 2015-07-20] (Panda Security, S.L.)
R1 PSINKNC; C:\WINDOWS\System32\DRIVERS\psinknc.sys [172792 2015-07-20] (Panda Security, S.L.)
R2 PSINProc; C:\WINDOWS\System32\DRIVERS\PSINProc.sys [114680 2015-07-20] (Panda Security, S.L.)
R2 PSINProt; C:\WINDOWS\System32\DRIVERS\PSINProt.sys [125176 2015-07-20] (Panda Security, S.L.)
R2 PSINReg; C:\WINDOWS\System32\DRIVERS\PSINReg.sys [100600 2015-07-20] (Panda Security, S.L.)
R3 PSKMAD; C:\WINDOWS\System32\DRIVERS\PSKMAD.sys [50832 2015-05-22] (Panda Security, S.L.)
S3 Rockusb; C:\WINDOWS\System32\DRIVERS\rockusb.sys [46160 2013-10-28] (Fuzhou Rockchip Electronics Co,Ltd.)
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [11354 2004-08-31] (Intel Corporation) [File not signed]
S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [27440 2004-08-04] ()
R0 speedfan; C:\WINDOWS\System32\speedfan.sys [24184 2012-12-30] (Almico Software)
R3 STAC97; C:\WINDOWS\System32\drivers\stac97.sys [264440 2004-11-15] (SigmaTel, Inc.) [File not signed]
S3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [32968 2014-03-07] (The OpenVPN Project)
R3 tifm; C:\WINDOWS\System32\drivers\tifm.sys [67072 2004-05-21] (Texas Instruments) [File not signed]
R3 w29n51; C:\WINDOWS\System32\DRIVERS\w29n51.sys [3210496 2004-10-21] (Intel® Corporation) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-26 11:51 - 2016-03-26 11:51 - 00001542 _____ C:\Documents and Settings\All Users\Desktop\iTunes.lnk
2016-03-26 11:51 - 2016-03-26 11:51 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
2016-03-26 11:51 - 2012-08-21 13:01 - 00026840 _____ (GEAR Software Inc.) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2016-03-26 11:50 - 2016-03-26 11:51 - 00000000 ____D C:\Program Files\iTunes
2016-03-26 11:50 - 2016-03-26 11:51 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2016-03-26 11:50 - 2016-03-26 11:50 - 00000000 ____D C:\Program Files\iPod
2016-03-26 11:49 - 2013-03-18 16:51 - 06112864 _____ (Apple, Inc.) C:\WINDOWS\system32\usbaaplrc.dll
2016-03-26 11:49 - 2013-03-18 16:51 - 00045056 _____ (Apple, Inc.) C:\WINDOWS\system32\Drivers\usbaapl.sys
2016-03-26 11:48 - 2016-03-26 11:50 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-03-26 09:01 - 2015-05-22 16:45 - 00050832 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\PSKMAD.sys
2016-03-26 01:22 - 2016-03-26 14:34 - 00010884 _____ C:\Documents and Settings\sf\Desktop\Fixlog.txt
2016-03-26 00:16 - 2016-03-26 00:16 - 00000000 ____D C:\Program Files\7-Zip
2016-03-26 00:16 - 2016-03-26 00:16 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
2016-03-25 23:51 - 2016-03-25 23:51 - 00000839 _____ C:\VEWlog system.txt
2016-03-25 23:51 - 2016-03-25 23:51 - 00000359 _____ C:\VEW log application.txt
2016-03-25 23:49 - 2016-03-25 23:51 - 00000359 _____ C:\VEW.txt
2016-03-25 23:37 - 2016-03-26 11:38 - 00003062 _____ C:\sfvb.txt
2016-03-25 23:26 - 2016-03-25 23:32 - 00061440 _____ ( ) C:\Documents and Settings\sf\Desktop\VEW.exe
2016-03-25 22:40 - 2016-03-26 14:29 - 00024597 _____ C:\Documents and Settings\sf\Desktop\Addition.txt
2016-03-25 22:39 - 2016-03-26 14:38 - 00010635 _____ C:\Documents and Settings\sf\Desktop\FRST.txt
2016-03-25 22:38 - 2016-03-26 14:37 - 00000000 ____D C:\FRST
2016-03-25 22:38 - 2016-03-25 22:38 - 00002566 _____ C:\Documents and Settings\sf\My Documents\JRT.txt
2016-03-25 22:36 - 2016-03-25 22:36 - 00002566 _____ C:\Documents and Settings\sf\Desktop\JRT.txt
2016-03-25 22:34 - 2016-03-26 14:01 - 00000000 ____D C:\Documents and Settings\sf\Application Data\FLV and Media Player
2016-03-25 22:22 - 2016-03-25 22:28 - 00000000 ____D C:\AdwCleaner
2016-03-25 22:17 - 2016-03-25 22:18 - 01610352 _____ (Malwarebytes) C:\Documents and Settings\sf\Desktop\JRT.exe
2016-03-25 22:15 - 2016-03-25 22:16 - 01530368 _____ C:\Documents and Settings\sf\Desktop\adwcleaner_5.105.exe
2016-03-25 22:14 - 2016-03-25 22:14 - 01725440 _____ (Farbar) C:\Documents and Settings\sf\Desktop\FRST.exe
2016-03-24 22:24 - 2016-03-26 13:17 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-03-24 21:15 - 2016-03-24 21:15 - 00000000 ____D C:\Documents and Settings\sf\Application Data\CrystalIdea Software
2016-03-24 21:14 - 2016-03-24 22:10 - 00000000 ____D C:\Program Files\SpeedFan
2016-03-24 21:14 - 2016-03-24 21:14 - 00000682 _____ C:\Documents and Settings\sf\Desktop\SpeedFan.lnk
2016-03-24 21:14 - 2016-03-24 21:14 - 00000045 _____ C:\WINDOWS\system32\initdebug.nfo
2016-03-24 21:14 - 2016-03-24 21:14 - 00000000 ____D C:\Documents and Settings\sf\Start Menu\Programs\SpeedFan
2016-03-23 18:49 - 2016-03-23 18:49 - 00000000 ____D C:\WINDOWS\system32\appmgmt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-26 14:38 - 2014-10-01 20:21 - 00000000 ____D C:\Documents and Settings\sf\Local Settings\Temp
2016-03-26 14:36 - 2014-10-01 20:20 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-26 14:35 - 2014-10-01 21:13 - 08650752 _____ C:\WINDOWS\system32\config\Nano.evt
2016-03-26 14:35 - 2014-10-01 20:21 - 00000178 ___SH C:\Documents and Settings\sf\ntuser.ini
2016-03-26 14:35 - 2014-10-01 20:21 - 00000000 ____D C:\Documents and Settings\sf
2016-03-26 14:35 - 2014-10-01 20:20 - 00032444 _____ C:\WINDOWS\SchedLgU.Txt
2016-03-26 14:34 - 2014-11-01 12:33 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-03-26 14:23 - 2014-10-01 21:27 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat
2016-03-26 13:57 - 2016-02-07 18:36 - 00000882 _____ C:\Documents and Settings\sf\Local Settings\mhli.bak8
2016-03-26 13:57 - 2016-02-07 18:36 - 00000144 _____ C:\Documents and Settings\sf\Local Settings\mhli.bak11
2016-03-26 13:57 - 2016-02-07 18:36 - 00000115 _____ C:\Documents and Settings\sf\Local Settings\ibooks1.bak
2016-03-26 13:57 - 2016-02-07 18:36 - 00000115 _____ C:\Documents and Settings\sf\Local Settings\ibooks0.bak
2016-03-26 13:57 - 2016-02-07 18:36 - 00000112 _____ C:\Documents and Settings\sf\Local Settings\mhli.bak12
2016-03-26 11:50 - 2014-10-02 14:09 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Apple Computer
2016-03-26 11:49 - 2014-10-02 03:37 - 00000000 ___HD C:\WINDOWS\inf
2016-03-26 11:48 - 2014-10-02 14:06 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Apple
2016-03-26 10:53 - 2014-10-02 11:59 - 00000000 ____D C:\Program Files\Real
2016-03-26 10:48 - 2014-10-01 20:56 - 00000000 ____D C:\Documents and Settings\sf\Application Data\Real
2016-03-25 23:39 - 2015-05-26 11:23 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\RpData
2016-03-25 22:38 - 2014-10-01 20:21 - 00000000 ___RD C:\Documents and Settings\sf\My Documents
2016-03-25 21:38 - 2014-10-01 20:22 - 00000000 ____D C:\2014 program downloads
2016-03-25 21:37 - 2014-10-31 11:33 - 00000000 ____D C:\Documents and Settings\sf\dwhelper
2016-03-25 21:19 - 2016-02-07 18:35 - 00000000 ____D C:\Documents and Settings\sf\Start Menu\Programs\3herosoft
2016-03-25 21:18 - 2015-09-19 21:16 - 00000000 ____D C:\ipad
2016-03-25 21:08 - 2015-08-19 11:22 - 00000000 ____D C:\Documents and Settings\sf\Start Menu\Programs\Vibosoft
2016-03-25 21:00 - 2015-08-19 15:59 - 00000000 ____D C:\Documents and Settings\sf\Start Menu\Programs\iStonsoft
2016-03-25 17:54 - 2016-02-05 18:55 - 00000000 ____D C:\Documents and Settings\sf\My Documents\tv
2016-03-25 17:45 - 2015-03-04 19:32 - 00000000 ____D C:\Documents and Settings\LocalService\Start Menu\Programs\Baidu PC Faster
2016-03-25 17:45 - 2015-03-04 19:32 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Baidu PC Faster
2016-03-24 17:07 - 2014-10-01 20:46 - 00105984 _____ C:\Documents and Settings\sf\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-03-24 16:50 - 2014-10-01 23:20 - 00000000 ____D C:\Documents and Settings\sf\My Documents\My Videos
2016-03-24 14:12 - 2014-12-20 16:12 - 00000000 ____D C:\WINDOWS\Minidump
2016-03-24 10:45 - 2004-08-04 20:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2016-03-06 10:19 - 2015-08-22 05:49 - 00000289 _____ C:\Documents and Settings\sf\Application Data\FotoSketcher.ini
2016-03-04 17:01 - 2003-11-14 16:25 - 00004096 _____ C:\WINDOWS\system32\windrvrz.vxd

==================== Files in the root of some directories =======

2013-10-14 10:44 - 2013-10-14 10:44 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files\Common Files\atimpenc.dll
2015-08-22 05:49 - 2016-03-06 10:19 - 0000289 _____ () C:\Documents and Settings\sf\Application Data\FotoSketcher.ini
2014-10-01 20:46 - 2016-03-24 17:07 - 0105984 _____ () C:\Documents and Settings\sf\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
C:\Documents and Settings\sf\Local Settings\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

FRST Additional

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:05-03-2016 01
Ran by sf (2016-03-26 14:39:48)
Running from C:\Documents and Settings\sf\Desktop
Microsoft Windows XP Professional Service Pack 2 (X86) (2014-10-01 12:18:33)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1085031214-688789844-1343024091-500 - Administrator - Enabled)
Guest (S-1-5-21-1085031214-688789844-1343024091-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1085031214-688789844-1343024091-1000 - Limited - Disabled)
sf (S-1-5-21-1085031214-688789844-1343024091-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\sf
SUPPORT_388945a0 (S-1-5-21-1085031214-688789844-1343024091-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Free Antivirus (Enabled - Up to date) {5AD27692-540A-464E-B625-78275FA38393}
FW: Panda Firewall (Disabled) {1337562C-110A-4AF8-B12B-750C0B30E802}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.14 (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
FotoSketcher 3.10 (HKLM\...\{E7C6D565-2E48-4303-A114-AFE7B2E561AF}_is1) (Version:  - David THOIRON)
FreeSizer v.1.0.0 (HKLM\...\{B0C5249A-E603-450A-B19A-D9989D24C855}}_is1) (Version: 1.0.0 - WinBit Software)
iMacsoft iPhone Photo to PC Transfer (HKLM\...\iMacsoft iPhone Photo to PC Transfer) (Version: 3.0.9.0909 - iMacsoft)
Intel® PROSet/Wireless Software (HKLM\...\ProInst) (Version: 9.00.0000 - Intel Corporation)
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
LAV Filters 0.51.3 (HKLM\...\lavfilters_is1) (Version: 0.51.3 - Hendrik Leppkes)
mCore (Version: 1.19.0000 - Intel Corporation) Hidden
mDriver (Version: 1.19.0000 - Intel) Hidden
mDrWiFi (Version: 1.19.0000 - Intel Corporation) Hidden
mHlpDell (Version: 1.19.0000 - Intel) Hidden
Microsoft .NET Framework 2.0 Client Profile Basic SP2 Version 1.0.1.22 (HKLM\...\{10E4121C-8181-4217-8DA9-6CD38DDC34F9}_is1) (Version: 1.0.1.22 - Wondershare, Inc.)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
mIWA (Version: 1.19.0000 - Intel Corporation) Hidden
mIWCA (Version: 1.19.0000 - Intel Corporation) Hidden
mLogView (Version: 1.19.0000 - Intel Corporation) Hidden
mMHouse (Version: 1.19.0000 - Intel Corporation) Hidden
Mozilla Firefox 45.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 45.0.1 (x86 en-US)) (Version: 45.0.1 - Mozilla)
mPfMgr (Version: 1.19.0000 - Intel Corporation) Hidden
mPfWiz (Version: 1.19.0000 - Intel Corporation) Hidden
mProSafe (Version: 9.00.0000 - Intel) Hidden
mSSO (Version: 1.19.0000 - Intel Corporation) Hidden
mToolkit (Version: 1.19.0000 - Intel Corporation) Hidden
mWlsSafe (Version: 9.00.0000 - Intel) Hidden
mXML (Version: 1.19.0000 - Intel Corporation) Hidden
mZConfig (Version: 1.19.0000 - Intel Corporation) Hidden
NingPo MahJong Deluxe 1.04 (HKLM\...\NingPo MahJong Deluxe 1.04) (Version:  - )
Panda Devices Agent (Version: 1.03.07 - Panda Security) Hidden
Panda Devices Agent (Version: 1.06.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM\...\Panda Universal Agent Endpoint) (Version: 16.0.2 - Panda Security)
Panda Free Antivirus (Version: 8.04.00.0000 - Panda Security) Hidden
PCIxx20 (Version: 1.01.0004 - Dell) Hidden
Photo! Editor 1.1 (HKLM\...\PhotoToolkit_is1) (Version:  - )
PhotoBulk 1.0.257 (HKLM\...\PhotoBulk_is1) (Version: 1.0.257 - Eltima Software)
Real Alternative 2.0.2 (HKLM\...\RealAlt_is1) (Version: 2.0.2 - )
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Sothink Video Converter (HKLM\...\{0FD155A3-DF78-43ee-84B0-3CC86BA962F2}_is1) (Version: 3.6 - SourceTec Software Co., LTD)
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version:  - )
Texas Instruments PCIxx20 drivers. (HKLM\...\InstallShield_{6F30B469-5ED7-4734-8252-B9BC962A2AB3}) (Version: 1.01.0004 - Dell)
VSDC Free Video Editor version 3.3.0.394 (HKLM\...\VSDC Free Video Editor_is1) (Version: 3.3.0.394 - Flash-Integro LLC)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
WinRAR 5.11 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
WPS Office (9.1.0.4746) (HKU\S-1-5-21-1085031214-688789844-1343024091-1003\...\WPS Office) (Version: 9.1.0.4746 - Kingsoft Corp.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{00020812-0000-0000-C000-000000000046}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{00020820-0000-0000-C000-000000000046}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{00020821-0000-0000-C000-000000000046}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{00020830-0000-0000-C000-000000000046}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{00020832-0000-0000-C000-000000000046}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{00020900-0000-0000-C000-000000000046}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{00020906-0000-0000-C000-000000000046}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{00020906-0000-4b30-A977-D214852036FF}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{00020907-0000-0000-C000-000000000046}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{000209FF-0000-0000-C000-000000000046}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{000209FF-0000-4b30-A977-D214852036FF}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{00024500-0000-0000-C000-000000000046}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{0002CE21-0000-0000-C000-000000000046}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\ksee\EqnEdit.exe (Design Science, Inc.)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{048EB43E-2059-422F-95E0-557DA96038AF}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{18A06B6B-2F3F-4E2B-A611-52BE631B2D22}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{3C18EAE4-BC25-4134-B7DF-1ECA1337DDDC}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{44720441-94BF-4940-926D-4F38FECF2A48}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{44720444-94BF-4940-926D-4F38FECF2A48}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{45540001-5750-5300-4B49-4E47534F4655}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{45540003-5750-5300-4B49-4E47534F4655}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{4D4E0078-1386-4536-BD05-3E1013F17116}\InprocServer32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\oledefaulthandler.dll (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{64818D10-4F9B-11CF-86EA-00AA00B929E8}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{64818D11-4F9B-11CF-86EA-00AA00B929E8}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{75D01070-1234-44E9-82F6-DB5B39A47C13}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{8A624388-AA27-43E0-89F8-2A12BFF7BCCD}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{912ABC52-36E2-4714-8E62-A8B73CA5E390}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{91493441-5A91-11CF-8700-00AA0060263B}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{CF4F55F4-8F87-4D47-80BB-5808164BB3F8}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{DC020317-E6E2-4A62-B9FA-B3EFE16626F4}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1085031214-688789844-1343024091-1003_Classes\CLSID\{F4754C9B-64F5-4B40-8AF4-679732AC0607}\localserver32 -> C:\Documents and Settings\sf\Local Settings\Application Data\Kingsoft\WPS Office\9.1.0.4746\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-04-13 01:23 - 2013-04-13 01:23 - 00612664 _____ () C:\Program Files\Panda Security\Panda Security Protection\SQLite3.dll
2004-09-07 16:03 - 2004-09-07 16:03 - 00073728 _____ () C:\Program Files\Intel\Wireless\Bin\D8021Xps.DLL

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:16EAB5F6 [135]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-04 20:00 - 2004-08-04 20:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1085031214-688789844-1343024091-1003\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Bliss.bmp
DNS Servers: 192.168.1.1
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [F:\Microsoft Age of Empires - Rise of Rome\AOE\Empires.exe] => Disabled:Age of Empires
StandardProfile\AuthorizedApplications: [F:\Microsoft Age of Empires - Rise of Rome\AOE\EMPIRESX.EXE] => Disabled:Age of Empires, the Rise of Rome
StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour Service
StandardProfile\AuthorizedApplications: [E:\Microsoft Age of Empires - Rise of Rome\Microsoft Age of Empires - Rise of Rome\AOE\EMPIRESX.EXE] => Enabled:Age of Empires, the Rise of Rome
StandardProfile\AuthorizedApplications: [C:\Program Files\FlashIntegro\VideoEditor\VideoEditor.exe] => Enabled:VSDC Free Video Editor
StandardProfile\AuthorizedApplications: [C:\Program Files\FlashIntegro\VideoEditor\Updater.exe] => Enabled:VSDC Free Video Editor Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\AuthorizedApplications: [C:\Program Files\iTunes\iTunes.exe] => Enabled:iTunes
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22008

==================== Restore Points =========================

24-03-2016 17:14:58 Installed iTunes
25-03-2016 17:29:20 System Checkpoint
25-03-2016 22:35:34 JRT Pre-Junkware Removal
25-03-2016 23:24:09 Removed Java 8 Update 20
26-03-2016 01:06:13 Removed Apple Mobile Device Support
26-03-2016 01:16:05 Removed swMSM.
26-03-2016 10:53:44 Removed Rhapsody Player Engine
26-03-2016 11:50:14 Installed iTunes

==================== Faulty Device Manager Devices =============

Name: Video Controller (VGA Compatible)
Description: Video Controller (VGA Compatible)
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Video Controller
Description: Video Controller
Class Guid:
Manufacturer:
Service:
Problem: : This device is not configured correctly. (Code1)
Resolution: You may be prompted to provide the path of the driver. Windows may have the driver built-in, or may still have the driver files installed from the last time that you set up the device. If you are asked for the driver and you do not have it, you can try to download the latest driver from the hardware vendor�s Web site.
In the device properties dialog box, click the "Driver" tab, and then click "Update Driver" to start the "Hardware Update Wizard". Follow the instructions to update the driver. If updating the driver does not work, see your hardware documentation for more information.

Name: Ethernet Controller
Description: Ethernet Controller
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Modem
Description: PCI Modem
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/26/2016 11:32:17 AM) (Source: MsiInstaller) (EventID: 10005) (User: SS)
Description: Product: iTunes -- iTunes requires that your computer is running Windows 7 or newer.

Error: (03/26/2016 11:26:50 AM) (Source: MsiInstaller) (EventID: 10005) (User: SS)
Description: Product: iTunes -- iTunes requires that your computer is running Windows 7 or newer.


System errors:
=============
Error: (03/26/2016 02:34:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The aunhelper service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/25/2016 11:44:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Apple Mobile Device service failed to start due to the following error:
%%1053

Error: (03/25/2016 11:44:39 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Apple Mobile Device service to connect.


==================== Memory info ===========================

Processor:  Intel® Pentium® M processor 1.70GHz
Percentage of memory in use: 91%
Total physical RAM: 494.42 MB
Available physical RAM: 44.12 MB
Total Virtual: 1156.99 MB
Available Virtual: 687.18 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:19.53 GB) (Free:11.29 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: (Local Disk) (Fixed) (Total:29.29 GB) (Free:5.29 GB) NTFS
Drive e: () (Fixed) (Total:29.29 GB) (Free:2.95 GB) NTFS
Drive f: () (Fixed) (Total:33.66 GB) (Free:3.33 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 111.8 GB) (Disk ID: 04890488)
Partition 1: (Active) - (Size=19.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=92.2 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================

[RKinner]

You can still update to SP3 and you should.  Microsoft's old link is dead but FileHippo still has it:

 

http://filehippo.com...service_pack_3/

 

The problem with SP3 is that if it's an AMD CPU rather than an Intel you may need KB953356 first.  I was able to get it off the MS catalog site.  Going to try and attach it in zip form.

 

 

 

Bad news with itunes:   

iTunes requires that your computer is running Windows 7 or newer.  

 

So we may have to look for an older version.  (It appears to be running tho so you might try it)   Sorry about that I thought Apple would offer you one that worked with your system.  

 

 

You still have the IPX protocol installed.  Haven't seen that in ages.  It should be removed:if SP3 doesn't do it.

 

Go to Control Panel, Network and Internet Connections, Network Connections, right click on Local Area Connection (or in your case on your wireless), select Properties, highlight Internet NWLink IPX/SPX and select Uninstall.

 

Alternative is to open a command prompt and type:

snetcfg -v -u MS_NWIPX 

then hit Enter.

 

 

Your Questions:

 

1. Under add/remove

 

1.1 I have adobe flash plugin 15 and shockwave 11.6   do I keep these?

 

 

I would get rid of Shockwave since it's seldom used.  Your flash is obsolete and it's dangerous to have an old flash but I'm not sure if the newer versions work on XP.   

 

1.2 there is something called bonjour, dont know what it is...do I keep or remove?

 

 

 

Bonjour is an Apple product.  You will get a new version when you update Apple products.  I think it detect other Apple products on your local net so you can talk to them.  Don't think it's very important so I would remove it.

 

1.3 I see quicktime, on the list but no option to remove, how do I do that?

 

 

If it's not in the uninstall list you can just delete its folder in Program Files.

 

1.4 You recommended i use 7-zip instead of rar, shall I remove rar from add/remove?

 

You can keep rar if you want.  I don't like it because the newer downloads are full of adware.  

2

. Program files in C drive-I was looking through my program files and saw a few things I am not sure of

 

2.1 Java.jre 1.8.0_20. I removed all java from add/remove but still in my program files...do i just delete?

 

 

Yes.

 

2.2 Can I delete net meeting?

 

 

It's obsolete but it came with XP so I would to try to uninstall it:

 

1. Click Start, click Control Panel, and then double-click Add or Remove Programs.
2. Click Add/Remove Windows Components. The Windows Components Wizard starts.
3. In the Components list, click to clear the check box next to the component that you want to remove. Note that a shaded check box next to a component indicates that only some of its subcomponents are installed. 
   
   If you want to remove a subcomponent, click Details. Then, click to clear the check box next to the subcomponents that you want to remove, and then click OK.
4. Click Next.
5. In the Completing the Windows Components Wizard screen, click Finish.

 

 

2.3 I still have Real, real alternative, real network files ( not empty) even though I deleted them in add/remove

 

 

Delete the Real folders under Program Files.

 

2

.4 I have quicktime folder ( although cannot remove from add/remove)

 

 

Delete the folder

 

2.5 under windows folder, system32, their are an incredible amount of files...is this normal?  

 

 

Yes.  Don't touch these.

 

3. Firefox, this is still giving me trouble.... (I have updated it) Firstly it still hangs and takes very long time to open each page, I have to refresh a number of times before the page will eventually open.? ( I do see at the bottom of the page a small script window that will either state waiting for geekstogo.com...and then changes to connecting to google or googleleads...etc but eventually the page opens or if a do a yahoo search it will open the yahoo.com page but if i seach its says page failed.

 

 

 

Firefox recommends that you be on XP SP3 so that may be part of it.  You can try going into Options and changing your search to Google.

 

They recommend running Opera if you don't have SP3.  http://www.opera.com/

 

 

4. You recommended videolan however it requires SP3, it has option for win 95 but I need to install a kernnel, and under older version there is a long list which im not sure which to select. currently I use Applian Technologies\FLV and Media Player, is this ok or not.

 

 

I think you should update to SP3 but if you don't just stay with what you have.

 

5. In windows task manager, processes called worker.exe which I have not seen before

 

 

It should be gone after the last fixlist.  

 

 

6. I downloaded itunes, however upon opening I get...itunes cannot connect with itunes store error 0x80096004

 

 

 

We are getting an error message that says it needs Windows 7 so we probably need an older version