Hi I have a Microsoft Windows XP Home Edition Version 2002 Service Pack 3. For several months
I have this Virus or Malware that freezes my mouse cursor , makes my fan constantly run when I run a Anti -Virus or Anti - Spyware scan and the fan runs when I try to watch videos or play video games. It also makes Firefox start up slow.
My mouse will work in Safe Mode and I've gotten the mouse to sort of work in Normal Mode by going to Mouse Properties and check marking Display pointer trails.
I've tried scanning with everything from Panda,Avast,Avira,Malwarebytes,SuperAntiSpyware,several Root Kit Scanners, you name it and nothing is detecting it . It's very frustrating !
I even tried reinstalling my OS with Back-up and that didn't work . Right now my DVD-drive is busted so I can't do a Full Clean install of my OS and I don't want to lose my stuff.
---------------------------------------------------------------------------------------------------------------------
Can someone help me ? Here are my FRST logs :
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-07-2016
Ran by Owner (administrator) on YOUR-CF6AE05ECC (27-07-2016 09:49:48)
Running from C:\Documents and Settings\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 7 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe
(Check Point Software Technologies, Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
(Alcor Micro, Corp.) C:\Program Files\Digital Media Reader\readericon45G.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe
() C:\Program Files\Bitdefender\Tools\BDAntiRansomware\BDAntiRansomware.exe
(Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [14820864 2005-09-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [2623456 2016-06-02] (Malwarebytes Corporation)
HKLM\...\Run: [RemoteControl] => C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [32768 2005-01-12] (Cyberlink Corp.)
HKLM\...\Run: [readericon] => C:\Program Files\Digital Media Reader\readericon45G.exe [139264 2005-12-09] (Alcor Micro, Corp.)
HKLM\...\Run: [nwiz] => nwiz.exe /install
HKLM\...\Run: [High Definition Audio Property Page Shortcut] => C:\WINDOWS\system32\HDAShCut.exe [61952 2005-01-07] (Windows ® Server 2003 DDK provider)
HKLM\...\Run: [Recguard] => C:\WINDOWS\SMINST\RECGUARD.EXE [212992 2002-09-13] ()
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [PSUAMain] => C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe [54520 2015-10-22] (Panda Security, S.L.)
HKLM\...\Run: [BDAntiCryptoLocker] => C:\Program Files\Bitdefender\Tools\BDAntiRansomware\BDAntiRansomware.exe [1242144 2016-05-16] ()
HKLM\...\Run: [ZoneAlarm] => C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [134480 2016-03-24] (Check Point Software Technologies Ltd.)
HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\Run: [Uniblue SpeedUpMyPC] => C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [9495832 2007-08-16] (Uniblue Software)
HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6825888 2016-07-21] (SUPERAntiSpyware)
HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6851288 2016-07-13] (Piriform Ltd)
HKU\S-1-5-18\...\Policies\Explorer: [CDRAutoRun] 0
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
GroupPolicyScripts: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{0A0959AE-0881-49E2-93CD-40CF9768F46D}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-676961170-3691123601-236142853-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/
HKU\S-1-5-21-676961170-3691123601-236142853-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-676961170-3691123601-236142853-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-676961170-3691123601-236142853-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1410404456937
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\41qyd9cm.default
FF DefaultSearchEngine.US: Google
FF Homepage: hxxps://www.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-17] ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Extension: WOT - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\41qyd9cm.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-12-08]
FF Extension: FlashGot - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\41qyd9cm.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2016-03-16]
FF Extension: CS Lite Mod - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\41qyd9cm.default\extensions\[email protected] [2016-04-28]
FF Extension: BetterPrivacy - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\41qyd9cm.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2016-05-06]
FF Extension: Classic Theme Restorer - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\41qyd9cm.default\extensions\[email protected] [2016-07-03]
FF Extension: Ghostery - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\41qyd9cm.default\Extensions\[email protected] [2016-07-09]
FF Extension: Adblock Plus - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\41qyd9cm.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-07-12] [not signed]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [742368 2016-06-02] (Malwarebytes Corporation)
R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe [142072 2015-10-18] (Panda Security, S.L.)
R2 PandaAgent; C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe [73176 2016-02-22] (Panda Security, S.L.) [File not signed]
R2 PSUAService; C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-10-22] (Panda Security, S.L.)
R2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [3746584 2016-03-24] (Check Point Software Technologies Ltd.)
R2 ZAPrivacyService; C:\Program Files\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [96272 2015-10-19] (Check Point Software Technologies, Ltd.)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2004-08-04] (Microsoft Corporation)
R2 ASCTRM; C:\WINDOWS\system32\Drivers\ASCTRM.sys [8552 2014-07-07] (Windows ® 2000 DDK provider) [File not signed]
R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [50016 2016-06-02] ()
S3 HdAudAddService; C:\WINDOWS\System32\drivers\HdAudio.sys [145920 2005-01-07] (Windows ® Server 2003 DDK provider)
R1 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [121560 2016-07-27] (Malwarebytes)
S3 mxnic; C:\WINDOWS\System32\DRIVERS\mxnic.sys [19968 2001-08-17] (Macronix International Co., Ltd. )
R1 NNSALPC; C:\WINDOWS\System32\DRIVERS\NNSAlpc.sys [87032 2015-07-09] (Panda Security, S.L.)
R1 NNSHTTP; C:\WINDOWS\System32\DRIVERS\NNSHttp.sys [202104 2015-07-09] (Panda Security, S.L.)
R1 NNSHTTPS; C:\WINDOWS\System32\DRIVERS\NNSHttps.sys [109688 2015-07-09] (Panda Security, S.L.)
R1 NNSIDS; C:\WINDOWS\System32\DRIVERS\NNSIds.sys [121720 2015-07-09] (Panda Security, S.L.)
R3 NNSNAHS; C:\WINDOWS\System32\DRIVERS\NNSNAHS.sys [55216 2015-05-20] (Panda Security, S.L.)
R1 NNSPICC; C:\WINDOWS\System32\DRIVERS\NNSPicc.sys [102264 2015-07-09] (Panda Security, S.L.)
R1 NNSPIHS; C:\WINDOWS\System32\DRIVERS\NNSPihs.sys [52088 2015-07-09] (Panda Security, S.L.)
R1 NNSPOP3; C:\WINDOWS\System32\DRIVERS\NNSPop3.sys [120568 2015-07-09] (Panda Security, S.L.)
R1 NNSPROT; C:\WINDOWS\System32\DRIVERS\NNSProt.sys [281720 2015-07-09] (Panda Security, S.L.)
R1 NNSPRV; C:\WINDOWS\System32\DRIVERS\NNSPrv.sys [209016 2015-07-09] (Panda Security, S.L.)
R1 NNSSMTP; C:\WINDOWS\System32\DRIVERS\NNSSmtp.sys [108408 2015-07-09] (Panda Security, S.L.)
R1 NNSSTRM; C:\WINDOWS\System32\DRIVERS\NNSStrm.sys [240376 2015-07-09] (Panda Security, S.L.)
R1 NNSTLSC; C:\WINDOWS\System32\DRIVERS\NNSTlsc.sys [94968 2015-07-09] (Panda Security, S.L.)
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [34048 2005-07-29] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [12928 2005-07-29] (NVIDIA Corporation)
S1 P3; C:\WINDOWS\System32\DRIVERS\p3.sys [42752 2008-04-14] (Microsoft Corporation)
R2 PSINAflt; C:\WINDOWS\System32\DRIVERS\PSINAflt.sys [140792 2015-07-19] (Panda Security, S.L.)
R2 PSINFile; C:\WINDOWS\System32\DRIVERS\PSINFile.sys [103288 2015-07-19] (Panda Security, S.L.)
R1 PSINKNC; C:\WINDOWS\System32\DRIVERS\psinknc.sys [172792 2015-07-19] (Panda Security, S.L.)
R2 PSINProc; C:\WINDOWS\System32\DRIVERS\PSINProc.sys [114680 2015-07-19] (Panda Security, S.L.)
R2 PSINProt; C:\WINDOWS\System32\DRIVERS\PSINProt.sys [125176 2015-07-19] (Panda Security, S.L.)
R2 PSINReg; C:\WINDOWS\System32\DRIVERS\PSINReg.sys [100600 2015-07-19] (Panda Security, S.L.)
U3 PSKMAD; C:\WINDOWS\System32\DRIVERS\PSKMAD.sys [50832 2015-05-22] (Panda Security, S.L.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U3 TrueSight; C:\WINDOWS\system32\drivers\TrueSight.sys [24688 2016-07-26] ()
R1 Vsdatant; C:\WINDOWS\System32\vsdatant.sys [540112 2016-03-24] (Check Point Software Technologies Ltd.)
S3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
S3 asdids; no ImagePath
S3 cleanhlp; \??\C:\EEK\bin\cleanhlp32.sys [X]
S3 efavdrv; \??\C:\WINDOWS\system32\drivers\efavdrv.sys [X]
S1 epp32; \??\C:\EEK\bin\epp32.sys [X]
S3 MEMSWEEP2; \??\C:\WINDOWS\system32\B.tmp [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
U3 TlntSvr; no ImagePath
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam32.sys [X]
S1 ZAM_Guard; \??\C:\WINDOWS\System32\drivers\zamguard32.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-07-27 09:49 - 2016-07-27 09:51 - 00015641 _____ C:\Documents and Settings\Owner\Desktop\FRST.txt
2016-07-27 09:36 - 2016-07-27 09:37 - 01744384 _____ (Farbar) C:\Documents and Settings\Owner\Desktop\FRST.exe
2016-07-27 06:42 - 2015-05-22 01:45 - 00050832 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\PSKMAD.sys
2016-07-06 08:11 - 2016-07-06 08:11 - 00001060 _____ C:\stop sign.txt
2016-06-28 12:56 - 2016-06-28 13:02 - 00000000 ____D C:\Program Files\Mozilla Firefox
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-07-27 09:51 - 2014-11-17 19:34 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\temp
2016-07-27 09:49 - 2016-06-20 09:19 - 00000000 ____D C:\FRST
2016-07-27 09:47 - 2004-08-26 11:09 - 00000000 ____D C:\Documents and Settings\Owner
2016-07-27 09:38 - 2016-06-23 12:05 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\v
2016-07-27 07:08 - 2014-08-01 17:27 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Macromedia
2016-07-27 06:56 - 2014-11-18 18:38 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\TEMP
2016-07-27 06:56 - 2014-08-04 18:04 - 00000000 ____D C:\Program Files\SpywareBlaster
2016-07-27 06:53 - 2014-09-01 12:12 - 00121560 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-07-27 06:44 - 2014-07-07 20:58 - 00000000 ____D C:\WINDOWS\system32\Lang
2016-07-27 06:44 - 2014-07-07 09:32 - 00030277 _____ C:\WINDOWS\system32\nvapps.xml
2016-07-27 06:41 - 2004-08-26 11:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-07-27 06:39 - 2015-05-17 09:09 - 00032600 _____ C:\WINDOWS\SchedLgU.Txt
2016-07-27 06:39 - 2015-03-16 14:21 - 17367040 _____ C:\WINDOWS\system32\config\Nano.evt
2016-07-27 06:39 - 2004-08-26 11:09 - 00000178 ___SH C:\Documents and Settings\Owner\ntuser.ini
2016-07-27 06:35 - 2014-08-02 17:51 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-07-26 17:16 - 2014-02-18 16:34 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\Michael's Stuff
2016-07-26 07:30 - 2014-08-26 19:07 - 00024688 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-07-25 19:09 - 2016-05-09 12:19 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\My Music 4
2016-07-25 19:01 - 2015-11-28 13:15 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\My Music 3
2016-07-25 19:01 - 2005-07-19 18:40 - 00000000 ___RD C:\Documents and Settings\Owner\My Documents\My Music
2016-07-25 18:59 - 2015-06-11 08:32 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\My Music 2
2016-07-25 15:07 - 2014-08-02 18:16 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes Anti-Exploit
2016-07-25 12:14 - 2015-01-13 18:10 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\Commercials
2016-07-22 05:34 - 2015-02-20 11:30 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-07-21 20:04 - 2014-07-08 05:44 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\vlc
2016-07-20 12:49 - 2014-08-13 07:44 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2016-07-17 18:24 - 2014-09-23 17:59 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\Adobe
2016-07-17 18:23 - 2014-08-03 18:32 - 00796352 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-07-17 18:23 - 2014-08-03 18:32 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-07-17 18:23 - 2004-08-26 11:01 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-07-13 06:11 - 2004-08-26 09:12 - 00001170 _____ C:\WINDOWS\system32\wpa.dbl
2016-07-13 05:53 - 2014-07-08 05:56 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-07-13 05:44 - 2014-07-08 05:56 - 141983760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-06-28 17:19 - 2014-07-08 07:04 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-06-27 12:54 - 2016-03-30 12:55 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\BDAntiRansomware
==================== Files in the root of some directories =======
2015-03-21 18:49 - 2015-03-22 10:32 - 0147298 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\ars.cache
2015-03-21 18:50 - 2015-03-22 10:32 - 0442298 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\census.cache
2014-07-17 16:24 - 2016-06-25 08:54 - 0007680 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-21 18:25 - 2015-03-21 18:25 - 0000036 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
2015-03-21 18:36 - 2015-03-22 09:31 - 0000010 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\sponge.last.runtime.cache
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of FRST.txt ============================
-----------------------------------------------------------------------------------------------------------------------
Addition
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-07-2016
Ran by Owner (2016-07-27 09:52:32)
Running from C:\Documents and Settings\Owner\Desktop
Microsoft Windows XP Home Edition Service Pack 3 (X86) (2014-07-07 16:26:44)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-676961170-3691123601-236142853-500 - Administrator - Enabled)
Guest (S-1-5-21-676961170-3691123601-236142853-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-676961170-3691123601-236142853-1004 - Limited - Disabled)
Owner (S-1-5-21-676961170-3691123601-236142853-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Owner
SUPPORT_388945a0 (S-1-5-21-676961170-3691123601-236142853-1002 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Panda Free Antivirus (Enabled - Up to date) {5AD27692-540A-464E-B625-78275FA38393}
FW: Panda Firewall (Disabled) {1337562C-110A-4AF8-B12B-750C0B30E802}
FW: ZoneAlarm Free Firewall Firewall (Disabled) {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Agere Systems PCI-SV92PP Soft Modem (HKLM\...\Agere Systems Soft Modem) (Version: - )
AnyBurn (HKLM\...\AnyBurn) (Version: 3.1 - Power Software Ltd)
Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
BDAntiRansomware (HKLM\...\{BE40AB1F-558F-4434-B72F-461EF97E7796}_is1) (Version: 1.0.12.1 - Bitdefender)
CCleaner (HKLM\...\CCleaner) (Version: 5.20 - Piriform)
CDisplay 1.8 (HKLM\...\CDisplay_is1) (Version: - dvd8n)
CleanUp! (HKLM\...\CleanUp!) (Version: - )
Digital Media Reader (HKLM\...\InstallShield_{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}) (Version: 2.01.00.02 - AlcorMicro)
Digital Media Reader (Version: 2.01.00.02 - AlcorMicro) Hidden
Flash Cookie Cleaner (HKLM\...\{E4E1D7C7-6561-4462-96B5-E6439488ED41}) (Version: 2.0 - ConsumerSoft)
J2SE Runtime Environment 5.0 Update 2 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150020}) (Version: 1.5.0.20 - Sun Microsystems, Inc.)
K-Lite Mega Codec Pack 10.5.5 (HKLM\...\KLiteCodecPack_is1) (Version: 10.5.5 - )
LockHunter 3.1, 32/64 bit (HKLM\...\LockHunter_is1) (Version: - Crystal Rich Ltd)
Malwarebytes Anti-Exploit version 1.8.1.2563 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.2563 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.6361.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: - )
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 47.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 47.0.1.6018 - Mozilla)
MSConfig CleanUp 1.2 (HKLM\...\MSConfig CleanUp_is1) (Version: - Virtuoza)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
Panda Cloud Cleaner (HKLM\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.1.8 - Panda Security)
Panda Devices Agent (Version: 1.03.07 - Panda Security) Hidden
Panda Devices Agent (Version: 1.06.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM\...\Panda Universal Agent Endpoint) (Version: 16.0.2 - Panda Security)
Panda Free Antivirus (Version: 8.04.00.0000 - Panda Security) Hidden
Power2Go 4.0 (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: - )
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: - CyberLink Corporation)
Privacy Eraser Pro (HKLM\...\{F7AD1EF2-2670-40C2-A541-939265AF2F18}_is1) (Version: Privacy Eraser Pro 7.0 - PrivacyEraser Computing, Inc.)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RealPlayer Basic (HKLM\...\RealPlayer 6.0) (Version: - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 1.96 - Realtek Semiconductor Corp.)
Recovery Software Suite eMachines (HKLM\...\{15377C3E-9655-400F-B441-E69F0A6BEAFE}) (Version: 1.00.0000 - eMachines)
SpywareBlaster 5.5 (HKLM\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1170 - SUPERAntiSpyware.com)
Uniblue PowerSuite (HKLM\...\SYSTEMCARE_025B3ECB-F8A1-45ff-BABC-140E08C7D8C5_is1) (Version: - Uniblue)
Unlocker 1.9.0 (HKLM\...\Unlocker) (Version: 1.9.0 - Cedrick Collomb)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - )
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Backup Utility (HKLM\...\{76EFFC7C-17A6-479D-9E47-8E658C1695AE}) (Version: 5.1 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 7 (HKLM\...\ie7) (Version: 20070813.185237 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
ZoneAlarm Firewall (Version: 14.1.057.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM\...\ZoneAlarm Free Firewall) (Version: 14.1.057.000 - Check Point)
ZoneAlarm Security (Version: 14.1.057.000 - Check Point Software Technologies Ltd.) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Documents and Settings\Owner\NetHood\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.com
==================== Loaded Modules (Whitelisted) ==============
2014-07-25 17:11 - 2007-09-20 18:34 - 00129024 _____ () C:\Program Files\WinRAR\rarext.dll
2010-07-04 14:32 - 2010-07-04 14:32 - 00010752 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2013-04-12 10:23 - 2013-04-12 10:23 - 00612664 _____ () C:\Program Files\Panda Security\Panda Security Protection\SQLite3.dll
2016-03-30 12:55 - 2016-05-16 16:25 - 01242144 _____ () C:\Program Files\Bitdefender\Tools\BDAntiRansomware\BDAntiRansomware.exe
2016-03-30 12:55 - 2015-08-14 14:49 - 00504320 _____ () C:\Program Files\Bitdefender\Tools\BDAntiRansomware\BDMetrics.dll
2016-04-23 07:57 - 2016-04-15 17:11 - 00023968 _____ () C:\Program Files\Bitdefender\Tools\BDAntiRansomware\InjectionDll.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 [125]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\33765952.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\58187037.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\81294670.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\33765952.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\58187037.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\81294670.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR430 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\1001movie.com -> 1001movie.com
There are 6091 more sites.
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-05-26 21:02 - 2015-03-24 19:06 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-676961170-3691123601-236142853-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 68.105.28.11 - 68.105.29.11
Windows Firewall is disabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
DomainProfile\AuthorizedApplications: [C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe] => Enabled:True Vector
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\Loader\aolload.exe] => Enabled:AOL Application Loader
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe] => Enabled:WebKit
StandardProfile\AuthorizedApplications: [C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe] => Enabled:True Vector
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22008
==================== Restore Points =========================
27-04-2016 11:37:37 System Checkpoint
28-04-2016 17:39:14 System Checkpoint
30-04-2016 11:01:06 System Checkpoint
01-05-2016 17:39:09 System Checkpoint
03-05-2016 03:41:33 System Checkpoint
04-05-2016 11:00:49 System Checkpoint
05-05-2016 11:42:16 System Checkpoint
06-05-2016 12:29:10 System Checkpoint
07-05-2016 12:33:08 System Checkpoint
08-05-2016 13:14:25 System Checkpoint
10-05-2016 09:35:49 System Checkpoint
11-05-2016 04:56:30 Software Distribution Service 3.0
12-05-2016 07:20:07 System Checkpoint
13-05-2016 11:50:49 System Checkpoint
14-05-2016 17:00:25 System Checkpoint
16-05-2016 10:17:50 System Checkpoint
17-05-2016 16:46:23 System Checkpoint
18-05-2016 19:10:09 System Checkpoint
20-05-2016 09:28:52 System Checkpoint
21-05-2016 09:59:36 System Checkpoint
22-05-2016 10:13:16 System Checkpoint
23-05-2016 10:25:53 System Checkpoint
24-05-2016 12:03:10 System Checkpoint
25-05-2016 13:28:21 System Checkpoint
27-05-2016 12:23:48 System Checkpoint
29-05-2016 07:42:05 System Checkpoint
30-05-2016 09:22:13 System Checkpoint
31-05-2016 09:36:50 System Checkpoint
03-06-2016 02:56:16 System Checkpoint
04-06-2016 10:46:36 System Checkpoint
05-06-2016 14:30:08 System Checkpoint
06-06-2016 15:22:03 System Checkpoint
07-06-2016 15:57:44 System Checkpoint
08-06-2016 17:36:32 System Checkpoint
10-06-2016 07:56:13 System Checkpoint
11-06-2016 09:06:30 JRT Pre-Junkware Removal
12-06-2016 10:49:03 System Checkpoint
13-06-2016 15:25:34 System Checkpoint
15-06-2016 06:11:27 Software Distribution Service 3.0
16-06-2016 08:50:55 System Checkpoint
17-06-2016 12:13:04 System Checkpoint
19-06-2016 10:00:47 System Checkpoint
20-06-2016 12:37:29 System Checkpoint
22-06-2016 15:34:20 System Checkpoint
24-06-2016 14:07:46 System Checkpoint
27-06-2016 07:10:59 System Checkpoint
28-06-2016 12:01:37 System Checkpoint
29-06-2016 13:24:44 System Checkpoint
01-07-2016 14:06:40 System Checkpoint
03-07-2016 11:30:22 System Checkpoint
04-07-2016 12:04:04 System Checkpoint
05-07-2016 18:03:11 System Checkpoint
06-07-2016 19:10:28 System Checkpoint
08-07-2016 07:04:17 System Checkpoint
09-07-2016 10:57:50 System Checkpoint
10-07-2016 11:25:40 System Checkpoint
11-07-2016 11:30:34 System Checkpoint
13-07-2016 05:41:32 Software Distribution Service 3.0
14-07-2016 10:05:24 System Checkpoint
16-07-2016 09:25:39 System Checkpoint
18-07-2016 06:58:31 System Checkpoint
19-07-2016 07:29:58 System Checkpoint
20-07-2016 12:19:31 System Checkpoint
23-07-2016 07:05:02 System Checkpoint
24-07-2016 07:38:28 System Checkpoint
26-07-2016 08:55:38 System Checkpoint
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/26/2016 07:19:18 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application setup(1).tmp, version 51.52.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (07/26/2016 07:17:06 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application setup.tmp, version 51.52.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (07/26/2016 07:14:59 AM) (Source: Application Hang) (EventID: 1001) (User: )
Description: Fault bucket 1933422429.
Error: (07/26/2016 07:14:47 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application setup(1).tmp, version 51.52.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (07/14/2016 01:10:24 PM) (Source: Application Hang) (EventID: 1001) (User: )
Description: Fault bucket 111659915.
Error: (07/14/2016 01:10:20 PM) (Source: Application Hang) (EventID: 1001) (User: )
Description: Fault bucket 111659915.
Error: (07/14/2016 01:10:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application FlashCookieCleaner.exe, version 2.0.1.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (07/14/2016 01:10:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application FlashCookieCleaner.exe, version 2.0.1.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (07/13/2016 10:20:52 AM) (Source: Application Error) (EventID: 1001) (User: )
Description: Fault bucket 188974217.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.
Error: (07/13/2016 10:19:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application PSANHost.exe, version 4.0.0.785, faulting module msvcr100.dll, version 10.0.30319.1, fault address 0x0008ae6e.
Processing media-specific event for [PSANHost.exe!ws!]
System errors:
=============
Error: (07/27/2016 06:42:40 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
epp32
Error: (07/27/2016 06:42:11 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Human Interface Device Access service terminated with the following error:
%%126 = The specified module could not be found.
Error: (07/27/2016 06:37:57 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Panda Protection Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
Error: (07/27/2016 06:37:51 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Panda Devices Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
Error: (07/27/2016 06:37:51 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
Error: (07/27/2016 06:37:46 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Malwarebytes Anti-Exploit Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
Error: (07/27/2016 06:37:45 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
Error: (07/27/2016 06:13:13 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
epp32
Error: (07/27/2016 06:12:37 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Human Interface Device Access service terminated with the following error:
%%126 = The specified module could not be found.
Error: (07/26/2016 04:56:46 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
epp32
==================== Memory info ===========================
Processor: AMD Athlon 64 Processor 3400+
Percentage of memory in use: 45%
Total physical RAM: 895.36 MB
Available physical RAM: 492.27 MB
Total Virtual: 2167.24 MB
Available Virtual: 1494.33 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:181.87 GB) (Free:30.88 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: (RECOVERY) (Fixed) (Total:4.43 GB) (Free:2.12 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 186.3 GB) (Disk ID: 4B36BDEA)
Partition 1: (Active) - (Size=181.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=4.4 GB) - (Type=0B)
==================== End of Addition.txt ============================