Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Compaq HP XP in it's death throes [Solved]

Started by Redrosemadder , Dec 03 2016 04:32 PM
slow acting strangely wont respond malware viruses trojan

  • This topic is locked This topic is locked

#1
Redrosemadder
Posted 03 December 2016 - 04:32 PM

Redrosemadder

    Member

  • Member
  • PipPip
  • 11 posts

Hi. My name is Connie and It's been a while since I've been here. I'm helping my Mom with her ancient computer to the best of my ability but I've run into issues WAY over my head. I believe she has given remote access to spammers. She also downloaded and ran a "free virus removal program" from a pop up. 

 

Any help anyone could render would be greatly appreciated. 

 

 

She can't afford to purchase a new computer so if we can possibly rescue this it would be so beneficial. 

 

 

i ran frst.exe and here are the results. 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-12-2016
Ran by Compaq_Owner (administrator) on YOUR-D0F670B45A (03-12-2016 16:57:37)
Running from C:\Documents and Settings\Compaq_Owner\Desktop
Loaded Profiles: Compaq_Owner (Available Profiles: Compaq_Owner)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Coupons.com Inc.) C:\Program Files\Coupons\CouponPrinterService.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ftutil2] => "rundll32.exe" ftutil2.dll,SetWriteCacheMode
HKLM\...\Run: [NvCplDaemon] => "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [nwiz] => "nwiz.exe" /install
HKLM\...\Run: [NvMediaCenter] => "RunDLL32.exe" NvMCTray.dll,NvTaskbarInit
HKLM\...\Run: [KBD] => C:\HP\KBD\KBD.EXE [61440 2005-02-02] (Hewlett-Packard Company)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20145368 2013-06-24] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [PSUAMain] => C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe [54520 2015-10-22] (Panda Security, S.L.)
HKLM\...\Run: [UserFaultCheck] => %systemroot%\system32\dumprep 0 -u
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM\...\Run: [MSConfig] => C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [169984 2008-04-13] (Microsoft Corporation)
Winlogon\Notify\WgaLogon: 
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Run: [Messenger (Yahoo!)] => C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [ClassicShell] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {6B78A880-15CA-468f-8422-A7960AD6FBB9} => C:\Program Files\Webroot\Security\current\plugins\sync\WebRootShellExt.dll No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {4EE7A346-5845-471e-9FAB-002EAF83F8B0} => C:\Program Files\Webroot\Security\current\plugins\sync\WebRootShellExt.dll No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {53DABC15-4F29-44ad-B09A-E0D0F9A3D075} => C:\Program Files\Webroot\Security\current\plugins\sync\WebRootShellExt.dll No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {493FC96E-B938-4924-9B38-C4088E9B8AC2} => C:\Program Files\Webroot\Security\current\plugins\sync\WebRootShellExt.dll No File
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk [2006-12-12]
ShortcutTarget: Compaq Connections.lnk -> C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe (Hewlett-Packard)
Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk [2005-08-17]
ShortcutTarget: Pin.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
GroupPolicyScripts: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{55512C5C-6A38-463A-AFEF-B67E67905F95}: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{80443072-5384-4D29-A197-604ECE8884D8}: [DhcpNameServer] 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://att.yahoo.com/
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
URLSearchHook: HKU\S-1-5-21-3838367069-130207366-2897235942-1008 - att.net Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
URLSearchHook: HKU\S-1-5-21-3838367069-130207366-2897235942-1008 - (No Name) - {03402f96-3dc7-4285-bc50-9e81fefafe43} -  No File
SearchScopes: HKLM -> {976A15CC-7485-4291-97B6-12BF0F2E3931} URL = hxxp://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
SearchScopes: HKU\.DEFAULT -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\.DEFAULT -> {976A15CC-7485-4291-97B6-12BF0F2E3931} URL = 
SearchScopes: HKU\S-1-5-21-3838367069-130207366-2897235942-1008 -> DefaultScope {D408E06E-2526-4CE7-ADE6-A0EE2300E7FA} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B014US679D20150504&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3838367069-130207366-2897235942-1008 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://supertoolbar.ask.com/redirect?client=ie&tb=WBR&o=&src=crm&q={searchTerms}&locale={locale.underscore}
SearchScopes: HKU\S-1-5-21-3838367069-130207366-2897235942-1008 -> {4A87269F-AE6C-4E28-B98A-85E27F02D05B} URL = hxxp://www.flickr.com/search/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3838367069-130207366-2897235942-1008 -> {52DB8470-04A4-41EC-9E4F-EF3E4AF4521D} URL = hxxp://delicious.com/search?p={searchTerms}
SearchScopes: HKU\S-1-5-21-3838367069-130207366-2897235942-1008 -> {976A15CC-7485-4291-97B6-12BF0F2E3931} URL = 
SearchScopes: HKU\S-1-5-21-3838367069-130207366-2897235942-1008 -> {a64b497e-e5b4-4e8e-9b86-12d6bc33d53c} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us
SearchScopes: HKU\S-1-5-21-3838367069-130207366-2897235942-1008 -> {A7935409-BC37-42AA-A105-6D0A942CB9F1} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ie8
SearchScopes: HKU\S-1-5-21-3838367069-130207366-2897235942-1008 -> {B6B91A22-0F20-4C22-B213-341CBC0632CD} URL = hxxp://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
SearchScopes: HKU\S-1-5-21-3838367069-130207366-2897235942-1008 -> {C2BF02AC-9F26-47A0-BADC-5A89A997F5AF} URL = hxxp://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
SearchScopes: HKU\S-1-5-21-3838367069-130207366-2897235942-1008 -> {D339FEA9-7C72-4D8B-8230-809CB2D872D8} URL = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3838367069-130207366-2897235942-1008 -> {D408E06E-2526-4CE7-ADE6-A0EE2300E7FA} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B014US679D20150504&p={searchTerms}
BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2010-06-01] (Yahoo! Inc.)
BHO: AT&T Toolbar -> {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} -> No File
BHO: EWPBrowseObject Class -> {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} -> C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-04-18] ()
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-10-19] (Oracle Corporation)
BHO: hpWebHelper Class -> {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} -> C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll [2008-11-11] (Hewlett-Packard)
BHO: Ask.com Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> No File
BHO: WebrootBHO Class -> {D93EC24D-8741-4D41-B83D-A5793B998416} -> C:\Program Files\Webroot\Security\current\plugins\browserextension\WebrootBHO.dll => No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-19] (Oracle Corporation)
BHO: Webroot Browser Helper Object -> {e08861fe-8847-4b2a-8ec2-08edb20e4020} -> C:\Program Files\Webroot\Security\install\products\WISE\toolbar\LPBar.dll => No File
BHO: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2010-06-01] (Yahoo! Inc)
Toolbar: HKLM - Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006-04-18] ()
Toolbar: HKLM - AT&T Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} -  No File
Toolbar: HKLM - Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKLM - att.net Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2010-06-01] (Yahoo! Inc.)
Toolbar: HKLM - Webroot Toolbar - {d84a64a0-f2b2-4975-b264-3a3bce8d57d6} - C:\Program Files\Webroot\Security\install\products\WISE\toolbar\LPBar.dll No File
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3838367069-130207366-2897235942-1008 -> att.net Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2010-06-01] (Yahoo! Inc.)
Toolbar: HKU\S-1-5-21-3838367069-130207366-2897235942-1008 -> AT&T Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} -  No File
Toolbar: HKU\S-1-5-21-3838367069-130207366-2897235942-1008 -> Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\S-1-5-21-3838367069-130207366-2897235942-1008 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-02] [not signed]
FF HKLM\...\Firefox\Extensions: [{3DF533F5-FB3C-4c4c-A1D7-99717F8C3038}] - C:\Program Files\Webroot\Security\current\plugins\browserextension\ff_ptc => not found
FF HKU\.DEFAULT\...\Firefox\Extensions: [{3DF533F5-FB3C-4c4c-A1D7-99717F8C3038}] - C:\Program Files\Webroot\Security\current\plugins\browserextension\ff_ptc => not found
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1215155.dll [2014-12-02] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-19] (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2009-06-20] (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll [2011-08-30] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\Common Files\Motive\npMotive.dll [2009-01-07] (Motive, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: @viewpoint.com/VMP -> C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll [2004-02-20] ()
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Plugin: (Widevine Content Decryption Module) - C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\User Data\WidevineCDM\1.4.8.903\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\22.0.0.209\pepflashplayer.dll ()
CHR Profile: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default [2016-12-03]
CHR Extension: (Google Drive) - C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-18]
CHR Extension: (YouTube) - C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-18]
CHR Extension: (Search Manager) - C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hpakgmokehmecofodopaddfhdblmjnod [2016-10-26]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR Extension: (Gmail) - C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-18]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 CouponPrinterService; C:\Program Files\Coupons\CouponPrinterService.exe [1051240 2015-09-18] (Coupons.com Inc.)
S3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2008-03-25] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe [142072 2015-10-18] (Panda Security, S.L.)
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PandaAgent; C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe [73176 2016-02-22] (Panda Security, S.L.) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PSUAService; C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-10-22] (Panda Security, S.L.)
S2 mfecore; "C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [36352 2005-03-09] (Advanced Micro Devices)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 gfiark; C:\WINDOWS\System32\drivers\gfiark.sys [43368 2013-05-23] (ThreatTrack Security)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2007-03-07] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2007-03-07] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2007-03-07] (HP)
R3 HSX_DP; C:\WINDOWS\System32\DRIVERS\HSX_DP.sys [936448 2005-12-06] (Conexant Systems, Inc.)
S3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [350240 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [81296 2014-08-20] (McAfee, Inc.)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2009-10-22] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMPR5; C:\Program Files\Common Files\Motive\MREMPR5.sys [19345 2004-11-22] (Motive, Inc.) [File not signed]
S3 MRENDIS5; C:\Program Files\Common Files\Motive\MRENDIS5.sys [18003 2004-11-22] (Motive, Inc.) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2009-10-22] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R1 NNSALPC; C:\WINDOWS\System32\DRIVERS\NNSAlpc.sys [87032 2015-07-09] (Panda Security, S.L.)
R1 NNSHTTP; C:\WINDOWS\System32\DRIVERS\NNSHttp.sys [202104 2015-07-09] (Panda Security, S.L.)
R1 NNSHTTPS; C:\WINDOWS\System32\DRIVERS\NNSHttps.sys [109688 2015-07-09] (Panda Security, S.L.)
R1 NNSIDS; C:\WINDOWS\System32\DRIVERS\NNSIds.sys [121720 2015-07-09] (Panda Security, S.L.)
R3 NNSNAHS; C:\WINDOWS\System32\DRIVERS\NNSNAHS.sys [55216 2015-05-20] (Panda Security, S.L.)
R1 NNSPICC; C:\WINDOWS\System32\DRIVERS\NNSPicc.sys [102264 2015-07-09] (Panda Security, S.L.)
R1 NNSPIHS; C:\WINDOWS\System32\DRIVERS\NNSPihs.sys [52088 2015-07-09] (Panda Security, S.L.)
R1 NNSPOP3; C:\WINDOWS\System32\DRIVERS\NNSPop3.sys [120568 2015-07-09] (Panda Security, S.L.)
R1 NNSPROT; C:\WINDOWS\System32\DRIVERS\NNSProt.sys [281720 2015-07-09] (Panda Security, S.L.)
R1 NNSPRV; C:\WINDOWS\System32\DRIVERS\NNSPrv.sys [209016 2015-07-09] (Panda Security, S.L.)
R1 NNSSMTP; C:\WINDOWS\System32\DRIVERS\NNSSmtp.sys [108408 2015-07-09] (Panda Security, S.L.)
R1 NNSSTRM; C:\WINDOWS\System32\DRIVERS\NNSStrm.sys [240376 2015-07-09] (Panda Security, S.L.)
R1 NNSTLSC; C:\WINDOWS\System32\DRIVERS\NNSTlsc.sys [94968 2015-07-09] (Panda Security, S.L.)
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [34176 2006-03-03] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [13056 2006-03-03] (NVIDIA Corporation)
R2 PSINAflt; C:\WINDOWS\System32\DRIVERS\PSINAflt.sys [140792 2015-07-19] (Panda Security, S.L.)
R2 PSINFile; C:\WINDOWS\System32\DRIVERS\PSINFile.sys [103288 2015-07-19] (Panda Security, S.L.)
R1 PSINKNC; C:\WINDOWS\System32\DRIVERS\psinknc.sys [172792 2015-07-19] (Panda Security, S.L.)
R2 PSINProc; C:\WINDOWS\System32\DRIVERS\PSINProc.sys [114680 2015-07-19] (Panda Security, S.L.)
R2 PSINProt; C:\WINDOWS\System32\DRIVERS\PSINProt.sys [125176 2015-07-19] (Panda Security, S.L.)
R2 PSINReg; C:\WINDOWS\System32\DRIVERS\PSINReg.sys [100600 2015-07-19] (Panda Security, S.L.)
R3 PSKMAD; C:\WINDOWS\System32\DRIVERS\PSKMAD.sys [50832 2015-05-22] (Panda Security, S.L.)
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
S3 SWDUMon; C:\WINDOWS\System32\DRIVERS\SWDUMon.sys [13368 2015-07-03] (SlimWare Utilities, Inc.)
R3 winachsx; C:\WINDOWS\System32\DRIVERS\HSX_CNXT.sys [670208 2005-12-06] (Conexant Systems, Inc.)
S3 EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys [X]
S0 ftsata2; system32\DRIVERS\ftsata2.sys [X]
S2 HIDKbFlt; system32\DRIVERS\HIDKbFlt.sys [X]
S3 IPFilter; system32\DRIVERS\IPFilter.sys [X]
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
S0 Lbd; system32\DRIVERS\Lbd.sys [X]
S3 LVUSBSta; system32\DRIVERS\LVUSBSta.sys [X]
U0 mfewfpk; no ImagePath
S1 MpKsl18c2b999; \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{31533E68-2D77-4808-8C70-BD325C022755}\MpKsl18c2b999.sys [X]
S1 MpKsl38e53981; \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{31533E68-2D77-4808-8C70-BD325C022755}\MpKsl38e53981.sys [X]
S3 PCD5SRVC{8A863ACB-F5F6CC6A-05010004}; \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms [X]
S3 PID_0928; system32\DRIVERS\LV561AV.SYS [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 wanatw; system32\DRIVERS\wanatw4.sys [X]
U1 WS2IFSL; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-12-03 16:55 - 2016-12-03 16:55 - 00000408 _____ C:\Documents and Settings\Compaq_Owner\Desktop\Addition.txt
2016-12-03 16:54 - 2016-12-03 16:57 - 00031805 _____ C:\Documents and Settings\Compaq_Owner\Desktop\FRST.txt
2016-12-03 16:52 - 2016-12-03 16:54 - 00000000 ___DC C:\FRST
2016-12-03 16:44 - 2016-12-03 16:44 - 01761280 _____ (Farbar) C:\Documents and Settings\Compaq_Owner\Desktop\FRST.exe
2016-11-29 01:48 - 2015-05-22 03:45 - 00050832 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\PSKMAD.sys
2016-11-24 08:25 - 2016-11-24 08:25 - 00000572 ____C C:\Documents and Settings\Compaq_Owner\My Documents\spider.sav
2016-11-22 13:19 - 2016-11-22 13:19 - 00000000 ___DC C:\738327a8a4104a01908359bc
2016-11-22 13:13 - 2016-12-03 12:52 - 00000382 ___HC C:\WINDOWS\Tasks\{8B289E16-5365-4504-88F2-B8BFE4F1ACD5}.job
2016-11-10 20:25 - 2016-11-10 20:25 - 00097784 ____C C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2016-11-10 18:34 - 2016-11-10 18:34 - 00000000 ___DC C:\quardata
2016-11-10 17:51 - 2016-11-10 20:25 - 00000000 ____D C:\Program Files\ScanGuard
2016-11-10 17:50 - 2016-11-10 19:05 - 00000000 ___DC C:\Documents and Settings\All Users\Application Data\Package Cache
2016-11-09 04:10 - 2016-11-09 04:10 - 00000000 ___DC C:\46d630d215e65e87ea7c4350242f53
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-12-03 16:57 - 2012-09-19 17:38 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Local Settings\Temp
2016-12-03 16:22 - 2016-07-08 21:29 - 00000830 ____C C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-12-03 16:16 - 2016-02-05 20:51 - 00000886 ____C C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-12-03 16:16 - 2016-02-05 20:51 - 00000882 ____C C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-12-03 16:08 - 2016-07-01 00:56 - 00000892 ____C C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-12-03 16:08 - 2005-12-06 13:06 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-12-03 13:54 - 2005-12-05 14:31 - 00000281 __SHC C:\boot.ini
2016-12-03 13:54 - 2005-12-05 01:50 - 00000611 ____C C:\WINDOWS\win.ini
2016-12-03 13:54 - 2005-12-04 17:44 - 00000227 ____C C:\WINDOWS\system.ini
2016-12-03 13:03 - 2006-09-04 17:17 - 00004580 ____C C:\WINDOWS\ModemLog_Data Fax SoftModem with SmartCP.txt
2016-12-03 13:02 - 2006-09-04 17:14 - 00043531 ____C C:\WINDOWS\system32\nvapps.xml
2016-12-03 13:02 - 2005-12-05 02:05 - 00000006 ___HC C:\WINDOWS\Tasks\SA.DAT
2016-12-03 12:54 - 2015-11-05 15:11 - 09633792 _____ C:\WINDOWS\system32\config\Nano.evt
2016-12-03 12:52 - 2016-07-22 01:31 - 00000382 ___HC C:\WINDOWS\Tasks\{3F74DB38-E453-4FFA-BFF7-29B91233625E}.job
2016-12-03 05:56 - 2005-12-05 02:05 - 00032408 _____ C:\WINDOWS\SchedLgU.Txt
2016-12-03 05:55 - 2006-12-12 13:00 - 00000178 __SHC C:\Documents and Settings\Compaq_Owner\ntuser.ini
2016-12-02 20:17 - 2009-08-30 20:33 - 00000436 ___HC C:\WINDOWS\Tasks\User_Feed_Synchronization-{211B5687-97DC-44B5-B985-C88EF0E30031}.job
2016-11-30 22:03 - 2005-12-06 12:23 - 00000000 ____D C:\WINDOWS\Help
2016-11-26 18:45 - 2006-09-04 12:27 - 00000000 _RSHD C:\WINDOWS\system32\dllcache
2016-11-24 23:02 - 2014-08-15 15:23 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Adobe
2016-11-24 23:01 - 2012-04-10 11:16 - 00796352 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-11-24 23:01 - 2011-05-15 07:48 - 00142528 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-11-24 08:25 - 2006-12-12 13:00 - 00000000 ___RD C:\Documents and Settings\Compaq_Owner\My Documents
2016-11-09 04:07 - 2005-12-05 01:53 - 00001158 ____C C:\WINDOWS\system32\wpa.dbl
2016-11-09 04:05 - 2006-12-12 13:00 - 00000000 ____D C:\Documents and Settings\Compaq_Owner
2016-11-09 04:05 - 2006-09-04 16:50 - 00000000 __SHD C:\Documents and Settings\NetworkService
2016-11-09 04:05 - 2006-09-04 16:50 - 00000000 __SHD C:\Documents and Settings\LocalService
2016-11-09 04:05 - 2005-12-06 12:49 - 00000000 ____D C:\WINDOWS\Registration
2016-11-08 15:00 - 2014-03-24 21:24 - 00000230 ____C C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2016-11-06 09:55 - 2005-12-05 01:55 - 00644300 ____C C:\WINDOWS\system32\PerfStringBackup.INI
 
==================== Files in the root of some directories =======
 
2007-08-23 12:55 - 2007-08-23 12:59 - 4907008 ____C () C:\Program Files\BellSouthMessengerSetup44.exe
2007-08-23 12:44 - 2007-08-23 12:44 - 0066269 ____C () C:\Program Files\INSTALL.LOG
2012-12-13 12:56 - 2013-12-11 18:23 - 10395072 ____C (Webroot Software, Inc.) C:\Program Files\Common Files\wruninstall.exe
2015-06-19 18:10 - 2015-06-19 18:10 - 0000053 ____C () C:\Documents and Settings\Compaq_Owner\Application Data\LogFile.txt
2008-03-04 07:28 - 2008-03-04 07:40 - 0004120 ____C () C:\Documents and Settings\Compaq_Owner\Application Data\update.log
2014-06-05 17:41 - 2015-05-05 23:31 - 0000348 ____C () C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
2008-07-20 21:13 - 2009-08-06 08:59 - 0008192 ____C () C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-05-01 13:37 - 2010-05-01 13:37 - 0000135 ____C () C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\fusioncache.dat
2015-01-03 21:11 - 2015-01-03 21:11 - 0000000 ____C () C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\{77AFBE2C-EC14-4175-B09B-18F917EB3490}
2006-09-04 17:18 - 2012-03-10 14:44 - 0007330 ____C () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
 
Files to move or delete:
====================
C:\Documents and Settings\Compaq_Owner\jagex_runescape_preferences.dat
C:\Documents and Settings\Compaq_Owner\jagex_runescape_preferences2.dat
C:\Windows\Tasks\{3F74DB38-E453-4FFA-BFF7-29B91233625E}.job
C:\Windows\Tasks\{8B289E16-5365-4504-88F2-B8BFE4F1ACD5}.job
 
 
Some files in TEMP:
====================
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\IadHide5.dll
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-12-2016
Ran by Compaq_Owner (03-12-2016 16:58:09)
Running from C:\Documents and Settings\Compaq_Owner\Desktop
Microsoft Windows XP Home Edition Service Pack 3 (X86) (2006-12-12 18:00:19)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3838367069-130207366-2897235942-500 - Administrator - Enabled)
ASPNET (S-1-5-21-3838367069-130207366-2897235942-1009 - Limited - Enabled)
Compaq_Owner (S-1-5-21-3838367069-130207366-2897235942-1008 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Compaq_Owner
Guest (S-1-5-21-3838367069-130207366-2897235942-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-3838367069-130207366-2897235942-1007 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-3838367069-130207366-2897235942-1002 - Limited - Disabled)
SUPPORT_fddfa904 (S-1-5-21-3838367069-130207366-2897235942-1006 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: PC Cleaners (Disabled - Up to date) {737A8864-C2D9-4337-B49A-B5E35815B9BB}
AV: Panda Free Antivirus (Enabled - Up to date) {5AD27692-540A-464E-B625-78275FA38393}
FW: Norton Internet Worm Protection (Disabled) {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: Panda Firewall (Disabled) {1337562C-110A-4AF8-B12B-750C0B30E802}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.1.0.0 - Adobe Systems Incorporated)
Acrobat.com (Version: 2.1.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe Flash Player 23 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Adobe Flash Player 23 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Reader 9.5.4 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.4 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.5.155 - Adobe Systems, Inc.)
ArcSoft PhotoStudio 5.5 (HKLM\...\{85309D89-7BE9-4094-BB17-24999C6118FC}) (Version:  - ArcSoft)
AT&T Toolbar (HKLM\...\blstoolbar) (Version:  - )
AT&T Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
att.net Toolbar (HKLM\...\Yahoo! Companion) (Version:  - )
ATT-PRT22 (HKLM\...\ATT-PRT22) (Version:  - )
BellSouth Application Management (HKLM\...\BellSouth Application Management) (Version:  - )
BufferChm (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Canon MP600 User Registration (HKLM\...\Canon MP600 User Registration) (Version:  - )
Compaq Connections (remove only) (HKLM\...\HPOOVClient-5577497 Uninstaller) (Version:  - )
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.1.8) (Version: 5.0.1.8 - Coupons.com Incorporated)
Customer Experience Enhancement (HKLM\...\InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}) (Version: Customer Experience Enhancement -1.0.0.1680 - Hewlett-Packard)
Customer Experience Enhancement (Version: Customer Experience Enhancement -1.0.0.1680 - Hewlett-Packard) Hidden
Data Fax SoftModem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1) (Version:  - )
Download Updater (AOL LLC) (HKLM\...\SoftwareUpdUtility) (Version:  - ) <==== ATTENTION
Easy Internet Sign-up (HKLM\...\InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}) (Version: FE UI-4.1.0.1680 - Hewlett-Packard)
Easy Internet Sign-up (Version: FE UI-4.1.0.1680 - Hewlett-Packard) Hidden
Easy-WebPrint (HKLM\...\Easy-WebPrint) (Version:  - )
Enhanced Multimedia Keyboard Solution (HKLM\...\KBD) (Version:  - )
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - )
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
F4100_doccd (Version: 90.0.200.000 - Hewlett-Packard) Hidden
FastAccess® DSL Help Center 4.1 (HKLM\...\BellsouthHelpCenter4.0b_is1) (Version: 4.1.19 - ATT)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Boot Optimizer (HKLM\...\{1341D838-719C-4A05-B50F-49420CA1B4BB}) (Version: 3.0.0 - Hewlett-Packard)
HP Deskjet 2050 J510 series Basic Device Software (HKLM\...\{5033F411-4848-49D6-BAC2-DAA06AFA0AFC}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Deskjet 2050 J510 series Help (HKLM\...\{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}) (Version: 140.0.61.61 - Hewlett Packard)
HP Deskjet 2050 J510 series Product Improvement Study (HKLM\...\{9C344D4A-69B8-430E-B463-BAA1A83D7F68}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.3341 - HP Photo Creations Powered by RocketLife)
HP Product Detection (HKLM\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Solution Center 9.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 9.0 - HP)
HP Support Overview (HKLM\...\{D7DBA21A-CDE5-42EC-BB1C-AE4B3E616B9A}_is1) (Version: 1.0.0 - Hewlett-Packard Company)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Web Helper (HKLM\...\{DAAD5187-62C5-4AD6-A526-803C18C4944D}) (Version:  - )
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPPhotoSmartExpress (Version: 70.0.170.000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 90.0.146.000 - Hewlett-Packard) Hidden
HpSdpAppCoreApp (Version: 3.00.0000 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}) (Version: 2.2.0.0000 - Hewlett Packard Development Company L.P.)
InstantShareAlert (Version: 1.00.0000 - HP) Hidden
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
Java 8 Update 111 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60831.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Works (HKLM\...\{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}) (Version: 08.04.0623 - Microsoft Corporation)
Move Networks Media Player for Internet Explorer (HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Move Networks Player - IE) (Version:  - )
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 and SOAP Toolkit 3.0 (Version: 1.0.0.0 - Webroot Software, Inc.) Hidden
MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
Panda Devices Agent (Version: 1.03.07 - Panda Security) Hidden
Panda Devices Agent (Version: 1.06.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM\...\Panda Universal Agent Endpoint) (Version: 16.0.2 - Panda Security)
Panda Free Antivirus (Version: 8.04.00.0000 - Panda Security) Hidden
QuickTime (HKLM\...\QuickTime) (Version:  - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.7040 - Realtek Semiconductor Corp.)
SolutionCenter (Version: 90.0.146.000 - Hewlett-Packard) Hidden
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Unload (Version: 7.0.0 - Hewlett-Packard) Hidden
UnloadSupport (Version: 9.0.0 - Hewlett-Packard) Hidden
Viewpoint Media Player (HKLM\...\ViewpointMediaPlayer) (Version:  - )
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WildTangent Web Driver (HKLM\...\WildTangent CDA) (Version:  - )
Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (09/13/2013 5.10.0.7040) (HKLM\...\8AF9FB9D51A08D283F2D63ECDE71641C23C42A78) (Version: 09/13/2013 5.10.0.7040 - Realtek Semiconductor Corp.)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format Runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 10 (HKLM\...\Windows Media Player) (Version:  - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job => 
Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_23_0_0_207_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{211B5687-97DC-44B5-B985-C88EF0E30031}.job => C:\WINDOWS\system32\msfeedssync.exe
Task: C:\WINDOWS\Tasks\{3F74DB38-E453-4FFA-BFF7-29B91233625E}.job => C:\Program Files\Panda Security\Panda Security Protection\JobLauncher.exe
Task: C:\WINDOWS\Tasks\{8B289E16-5365-4504-88F2-B8BFE4F1ACD5}.job => C:\Program Files\Panda Security\Panda Security Protection\JobLauncher.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Documents and Settings\Compaq_Owner\Desktop\tool for comp\HP Extended Service Plans.lnk -> C:\hp\VINETLINK\VINETLINK.exe () -> "www.hp.com/go/dticonesp"
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-04-12 12:23 - 2013-04-12 12:23 - 00612664 _____ () C:\Program Files\Panda Security\Panda Security Protection\SQLite3.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4 [268]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:258F3E77 [260]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:B95CF7DA [118]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:C46995DA [120]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:CFE0B346 [228]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\facebook -> facebook
IE trusted site: HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\google%20chrome -> google%20chrome
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2004-08-04 06:00 - 2012-01-16 21:10 - 00000734 ___AC C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 209.18.47.62 - 209.18.47.61
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupreg: AROReminder => C:\Program Files\ARO 2011\ARO.exe -rem
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
DomainProfile\AuthorizedApplications: [C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe] => Enabled:Compaq Connections
StandardProfile\AuthorizedApplications: [C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe] => Enabled:Compaq Connections
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe] => Enabled:Nexon Game Manager
StandardProfile\AuthorizedApplications: [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe] => Enabled:Yahoo! Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\Internet Explorer\iexplore.exe] => Enabled:Internet Explorer
StandardProfile\AuthorizedApplications: [C:\Program Files\Messenger\msmsgs.exe] => Enabled:Windows Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\USBSetup.exe] => :LocalSubNet:Enabled:HP Device Setup
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2012\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\sessmgr.exe] => Disabled:@xpsp2res.dll,-22019
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
==================== Restore Points =========================
 
10-11-2016 00:04:20 Software Distribution Service 3.0
10-11-2016 17:50:57 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
11-11-2016 00:00:38 Software Distribution Service 3.0
12-11-2016 02:05:14 Software Distribution Service 3.0
13-11-2016 00:00:42 Software Distribution Service 3.0
14-11-2016 12:54:15 System Checkpoint
15-11-2016 14:48:54 System Checkpoint
16-11-2016 00:51:09 Software Distribution Service 3.0
17-11-2016 12:23:52 System Checkpoint
18-11-2016 12:54:17 System Checkpoint
19-11-2016 13:48:50 System Checkpoint
20-11-2016 03:00:21 Software Distribution Service 3.0
21-11-2016 01:05:44 Software Distribution Service 3.0
22-11-2016 02:34:43 System Checkpoint
22-11-2016 06:14:35 Software Distribution Service 3.0
22-11-2016 13:17:38 Software Distribution Service 3.0
22-11-2016 13:23:11 Software Distribution Service 3.0
23-11-2016 14:02:09 System Checkpoint
24-11-2016 14:21:33 System Checkpoint
25-11-2016 14:30:07 System Checkpoint
26-11-2016 14:44:26 System Checkpoint
26-11-2016 23:41:09 Software Distribution Service 3.0
27-11-2016 04:02:38 Software Distribution Service 3.0
28-11-2016 04:20:31 System Checkpoint
29-11-2016 05:06:16 System Checkpoint
29-11-2016 06:15:29 Software Distribution Service 3.0
30-11-2016 18:47:08 System Checkpoint
02-12-2016 01:24:49 System Checkpoint
03-12-2016 02:37:21 System Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/03/2016 04:55:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application frst.exe, version 2.12.2016.0, faulting module frst.exe, version 2.12.2016.0, fault address 0x000211de.
Processing media-specific event for [frst.exe!ws!]
 
Error: (11/30/2016 11:02:28 PM) (Source: Application Error) (EventID: 1001) (User: )
Description: Fault bucket 354618321.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication.  The current setting has been marked as failed and the Wireless connection will be disconnected.
 
Error: (11/30/2016 11:02:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application psuamain.exe, version 4.0.0.646, faulting module ndkapi.dll, version 4.0.0.570, fault address 0x000711e9.
Processing media-specific event for [psuamain.exe!ws!]
 
Error: (11/29/2016 06:27:23 AM) (Source: HotFixInstaller) (EventID: 5000) (User: )
Description: EventType visualstudio8setup, P1 microsoft .net framework 3.5-kb958484, P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.31211.0, P7 install, P8 x86, P9 xp, P10 0.
 
Error: (11/29/2016 01:20:43 AM) (Source: Application Error) (EventID: 1001) (User: )
Description: Fault bucket 337106215.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication.  The current setting has been marked as failed and the Wireless connection will be disconnected.
 
Error: (11/29/2016 01:19:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application psuamain.exe, version 4.0.0.646, faulting module ndkapi.license.dll, version 4.0.0.556, fault address 0x00006f8a.
Processing media-specific event for [psuamain.exe!ws!]
 
Error: (11/28/2016 04:27:59 PM) (Source: Application Error) (EventID: 1001) (User: )
Description: Fault bucket 1204182323.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication.  The current setting has been marked as failed and the Wireless connection will be disconnected.
 
Error: (11/28/2016 04:17:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application PSProfiler.exe, version 4.0.0.39, faulting module NdkApi.License.dll, version 4.0.0.556, fault address 0x00006f8a.
Processing media-specific event for [PSProfiler.exe!ws!]
 
Error: (11/28/2016 02:11:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application psuamain.exe, version 4.0.0.646, faulting module ndkapi.license.dll, version 4.0.0.556, fault address 0x00006f8a.
Processing media-specific event for [psuamain.exe!ws!]
 
Error: (11/27/2016 04:12:15 AM) (Source: HotFixInstaller) (EventID: 5000) (User: )
Description: EventType visualstudio8setup, P1 microsoft .net framework 3.5-kb958484, P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.31211.0, P7 install, P8 x86, P9 xp, P10 0.
 
 
System errors:
=============
Error: (12/03/2016 01:03:49 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
ftsata2
Lbd
 
Error: (12/03/2016 01:03:33 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The McAfee Anti-Malware Core service depends on the following nonexistent service: mfevtp
 
Error: (12/03/2016 01:03:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HIDKbFlt.SvcDesc% service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (12/03/2016 12:55:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The IMAPI CD-Burning COM Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (12/03/2016 12:55:58 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
 
Error: (12/03/2016 12:54:04 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
ftsata2
Lbd
 
Error: (12/03/2016 12:53:43 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The McAfee Anti-Malware Core service depends on the following nonexistent service: mfevtp
 
Error: (12/03/2016 12:53:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HIDKbFlt.SvcDesc% service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (12/02/2016 09:53:10 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
ftsata2
Lbd
 
Error: (12/02/2016 09:52:57 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The McAfee Anti-Malware Core service depends on the following nonexistent service: mfevtp
 
 
==================== Memory info =========================== 
 
Processor: AMD Sempron™ Processor 3400+
Percentage of memory in use: 80%
Total physical RAM: 446.48 MB
Available physical RAM: 87.67 MB
Total Virtual: 1281.67 MB
Available Virtual: 827.01 MB
 
==================== Drives ================================
 
Drive c: (PRESARIO) (Fixed) (Total:104.46 GB) (Free:87.8 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: (PRESARIO_RP) (Fixed) (Total:7.3 GB) (Free:0.52 GB) FAT32 ==>[drive with boot components (Windows XP)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 111.8 GB) (Disk ID: CAB10BEE)
Partition 1: (Active) - (Size=104.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=7.3 GB) - (Type=0C)
 
==================== End of Addition.txt ============================

 


  • 0

Advertisements

#2
Redrosemadder
Posted 03 December 2016 - 06:28 PM

Redrosemadder

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I did find out, upon further questioning, she had installed and ran "Supremo" at the behest of a scammer this morning. I don't know if that helps but it's additional information, anyway.

Thank you for your help.
  • 0

#3
pystryker
Posted 04 December 2016 - 07:21 AM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Hello and welcome to Geeks To Go! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • If you are receiving help for this issue at another forum, please let me know so I can close this thread.
  • Please download to and run all requested tools from your Desktop.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexpected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
  • Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
  • Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)
Special note: Please know that I am against pirating software in any form. Having pirated software on your machine is a direct violation of the Terms of Service you agreed to when creating your account.

If pirated software, key gens, or programs like KMS are found on your machine, you will be asked to remove it. Refusing to do so will result in termination of assistance with your malware issues.


Now, let's get started, shall we? :thumbsup:


Hello :) Let's see what we can do to breathe some life into this machine. :thumbsup:


Step 1: Program Removals

Please uninstall the following program from your machine as it is an adware/malware related program.

Download Updater


Step 2: Fix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

    NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

Start
CreateRestorePoint:
CloseProcesses:
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {6B78A880-15CA-468f-8422-A7960AD6FBB9} => C:\Program Files\Webroot\Security\current\plugins\sync\WebRootShellExt.dll No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {4EE7A346-5845-471e-9FAB-002EAF83F8B0} => C:\Program Files\Webroot\Security\current\plugins\sync\WebRootShellExt.dll No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {53DABC15-4F29-44ad-B09A-E0D0F9A3D075} => C:\Program Files\Webroot\Security\current\plugins\sync\WebRootShellExt.dll No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {493FC96E-B938-4924-9B38-C4088E9B8AC2} => C:\Program Files\Webroot\Security\current\plugins\sync\WebRootShellExt.dll No File
GroupPolicyScripts: Restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-3838367069-130207366-2897235942-1008 - (No Name) - {03402f96-3dc7-4285-bc50-9e81fefafe43} - No File
SearchScopes: HKU\.DEFAULT -> {976A15CC-7485-4291-97B6-12BF0F2E3931} URL =
SearchScopes: HKU\S-1-5-21-3838367069-130207366-2897235942-1008 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://supertoolbar.ask.com/redirect?client=ie&tb=WBR&o=&src=crm&q={searchTerms}&locale={locale.underscore}
SearchScopes: HKU\S-1-5-21-3838367069-130207366-2897235942-1008 -> {976A15CC-7485-4291-97B6-12BF0F2E3931} URL =
BHO: AT&T Toolbar -> {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} -> No File
BHO: Ask.com Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> No File
BHO: WebrootBHO Class -> {D93EC24D-8741-4D41-B83D-A5793B998416} -> C:\Program Files\Webroot\Security\current\plugins\browserextension\WebrootBHO.dll => No File
BHO: Webroot Browser Helper Object -> {e08861fe-8847-4b2a-8ec2-08edb20e4020} -> C:\Program Files\Webroot\Security\install\products\WISE\toolbar\LPBar.dll => No File
Toolbar: HKLM - AT&T Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - No File
Toolbar: HKLM - Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKLM - Webroot Toolbar - {d84a64a0-f2b2-4975-b264-3a3bce8d57d6} - C:\Program Files\Webroot\Security\install\products\WISE\toolbar\LPBar.dll No File
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-3838367069-130207366-2897235942-1008 -> AT&T Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - No File
Toolbar: HKU\S-1-5-21-3838367069-130207366-2897235942-1008 -> Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\S-1-5-21-3838367069-130207366-2897235942-1008 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF HKLM\...\Firefox\Extensions: [{3DF533F5-FB3C-4c4c-A1D7-99717F8C3038}] - C:\Program Files\Webroot\Security\current\plugins\browserextension\ff_ptc => not found
FF HKU\.DEFAULT\...\Firefox\Extensions: [{3DF533F5-FB3C-4c4c-A1D7-99717F8C3038}] - C:\Program Files\Webroot\Security\current\plugins\browserextension\ff_ptc => not found
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
S2 mfecore; "C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe" [X]
S3 EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys [X]
S0 ftsata2; system32\DRIVERS\ftsata2.sys [X]
S2 HIDKbFlt; system32\DRIVERS\HIDKbFlt.sys [X]
S3 IPFilter; system32\DRIVERS\IPFilter.sys [X]
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
S0 Lbd; system32\DRIVERS\Lbd.sys [X]
S3 LVUSBSta; system32\DRIVERS\LVUSBSta.sys [X]
U0 mfewfpk; no ImagePath
S1 MpKsl18c2b999; \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{31533E68-2D77-4808-8C70-BD325C022755}\MpKsl18c2b999.sys [X]
S1 MpKsl38e53981; \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{31533E68-2D77-4808-8C70-BD325C022755}\MpKsl38e53981.sys [X]
S3 PCD5SRVC{8A863ACB-F5F6CC6A-05010004}; \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms [X]
S3 PID_0928; system32\DRIVERS\LV561AV.SYS [X]
S3 wanatw; system32\DRIVERS\wanatw4.sys [X]
U1 WS2IFSL; no ImagePath
C:\Windows\Tasks\{3F74DB38-E453-4FFA-BFF7-29B91233625E}.job
C:\Windows\Tasks\{8B289E16-5365-4504-88F2-B8BFE4F1ACD5}.job
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 3: Junkware Removal Tool

junkware-removal-tool_zpspjolgpuh.png Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: AdwCleaner

Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleanerscreen_zpsm6wq1ei9.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Once AdwCleaner's control panel is open and it says "Waiting for Action", click on Options at the top of the control panel.
  • Please Check the following options:
    • Reset Proxy Settings
    • Reset Winsock Settings
    • Reset TCP/IP Settings
    • Reset Firewall Settings
    • Reset IPSec Settings
    • Reset BITS Queue
    • Reset Internet Explorer Policies
    • Reset Chrome Policies
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Cleaning button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Logfile button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\Adwcleaner
Step 5: Fresh FRST Scans
  • Start Farbar's Recovery Scan Tool, place a check in the Addition.txt box and press the Scan button.
  • FRST will scan your system and produce two logs: FRST.txt and Addition.txt. Please post them in your next reply.
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

Fixlog.txt Log

Junkware Removal Tool Log

AdwCleaner Log

Fresh FRST.txt Log

Fresh Addition.txt Log
  • 0

#4
Redrosemadder
Posted 04 December 2016 - 10:19 PM

Redrosemadder

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

Pystryker, i sincerely appreciate your help. My poor Mom does too. 

 

I was unable to remove the Download Updater program; i was unable to fina the program or any associated files. 

 

I was unable to download the junkware removal tool and the adwCleaner from the site you recommended. I went to the malwarebytes site and successfully downloaded them. 

 

There are a few other small issues with her computer I'd like to discuss with you once we get the huge mess fixed. 

 

In the meantime:

 

 

 

 

Fixlog.text Log

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 04-12-2016
Ran by Compaq_Owner (04-12-2016 18:32:28) Run:3
Running from C:\Documents and Settings\Compaq_Owner\Desktop
Loaded Profiles: Compaq_Owner (Available Profiles: Compaq_Owner)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {6B78A880-15CA-468f-8422-A7960AD6FBB9} => C:\Program Files\Webroot\Security\current\plugins\sync\WebRootShellExt.dll No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {4EE7A346-5845-471e-9FAB-002EAF83F8B0} => C:\Program Files\Webroot\Security\current\plugins\sync\WebRootShellExt.dll No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {53DABC15-4F29-44ad-B09A-E0D0F9A3D075} => C:\Program Files\Webroot\Security\current\plugins\sync\WebRootShellExt.dll No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {493FC96E-B938-4924-9B38-C4088E9B8AC2} => C:\Program Files\Webroot\Security\current\plugins\sync\WebRootShellExt.dll No File
GroupPolicyScripts: Restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-3838367069-130207366-2897235942-1008 - (No Name) - {03402f96-3dc7-4285-bc50-9e81fefafe43} - No File
SearchScopes: HKU\.DEFAULT -> {976A15CC-7485-4291-97B6-12BF0F2E3931} URL =
SearchScopes: HKU\S-1-5-21-3838367069-130207366-2897235942-1008 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://supertoolbar.ask.com/redirect?client=ie&tb=WBR&o=&src=crm&q={searchTerms}&locale={locale.underscore}
SearchScopes: HKU\S-1-5-21-3838367069-130207366-2897235942-1008 -> {976A15CC-7485-4291-97B6-12BF0F2E3931} URL =
BHO: AT&T Toolbar -> {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} -> No File
BHO: Ask.com Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> No File
BHO: WebrootBHO Class -> {D93EC24D-8741-4D41-B83D-A5793B998416} -> C:\Program Files\Webroot\Security\current\plugins\browserextension\WebrootBHO.dll => No File
BHO: Webroot Browser Helper Object -> {e08861fe-8847-4b2a-8ec2-08edb20e4020} -> C:\Program Files\Webroot\Security\install\products\WISE\toolbar\LPBar.dll => No File
Toolbar: HKLM - AT&T Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - No File
Toolbar: HKLM - Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKLM - Webroot Toolbar - {d84a64a0-f2b2-4975-b264-3a3bce8d57d6} - C:\Program Files\Webroot\Security\install\products\WISE\toolbar\LPBar.dll No File
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-3838367069-130207366-2897235942-1008 -> AT&T Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - No File
Toolbar: HKU\S-1-5-21-3838367069-130207366-2897235942-1008 -> Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\S-1-5-21-3838367069-130207366-2897235942-1008 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF HKLM\...\Firefox\Extensions: [{3DF533F5-FB3C-4c4c-A1D7-99717F8C3038}] - C:\Program Files\Webroot\Security\current\plugins\browserextension\ff_ptc => not found
FF HKU\.DEFAULT\...\Firefox\Extensions: [{3DF533F5-FB3C-4c4c-A1D7-99717F8C3038}] - C:\Program Files\Webroot\Security\current\plugins\browserextension\ff_ptc => not found
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
S2 mfecore; "C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe" [X]
S3 EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys [X]
S0 ftsata2; system32\DRIVERS\ftsata2.sys [X]
S2 HIDKbFlt; system32\DRIVERS\HIDKbFlt.sys [X]
S3 IPFilter; system32\DRIVERS\IPFilter.sys [X]
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
S0 Lbd; system32\DRIVERS\Lbd.sys [X]
S3 LVUSBSta; system32\DRIVERS\LVUSBSta.sys [X]
U0 mfewfpk; no ImagePath
S1 MpKsl18c2b999; \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{31533E68-2D77-4808-8C70-BD325C022755}\MpKsl18c2b999.sys [X]
S1 MpKsl38e53981; \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{31533E68-2D77-4808-8C70-BD325C022755}\MpKsl38e53981.sys [X]
S3 PCD5SRVC{8A863ACB-F5F6CC6A-05010004}; \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms [X]
S3 PID_0928; system32\DRIVERS\LV561AV.SYS [X]
S3 wanatw; system32\DRIVERS\wanatw4.sys [X]
U1 WS2IFSL; no ImagePath
C:\Windows\Tasks\{3F74DB38-E453-4FFA-BFF7-29B91233625E}.job
C:\Windows\Tasks\{8B289E16-5365-4504-88F2-B8BFE4F1ACD5}.job
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncBackedUp => key not found. 
HKCR\CLSID\{6B78A880-15CA-468f-8422-A7960AD6FBB9} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncPending => key not found. 
HKCR\CLSID\{4EE7A346-5845-471e-9FAB-002EAF83F8B0} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncRoot => key not found. 
HKCR\CLSID\{53DABC15-4F29-44ad-B09A-E0D0F9A3D075} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncShared => key not found. 
HKCR\CLSID\{493FC96E-B938-4924-9B38-C4088E9B8AC2} => key not found. 
"C:\WINDOWS\system32\GroupPolicy\Machine" => not found.
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\Software\Microsoft\Internet Explorer\URLSearchHooks\\{03402f96-3dc7-4285-bc50-9e81fefafe43} => value not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{976A15CC-7485-4291-97B6-12BF0F2E3931} => key not found. 
HKCR\CLSID\{976A15CC-7485-4291-97B6-12BF0F2E3931} => key not found. 
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => key not found. 
HKCR\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => key not found. 
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{976A15CC-7485-4291-97B6-12BF0F2E3931} => key not found. 
HKCR\CLSID\{976A15CC-7485-4291-97B6-12BF0F2E3931} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} => key not found. 
HKCR\CLSID\{4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} => key not found. 
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D93EC24D-8741-4D41-B83D-A5793B998416} => key not found. 
HKCR\CLSID\{D93EC24D-8741-4D41-B83D-A5793B998416} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e08861fe-8847-4b2a-8ec2-08edb20e4020} => key not found. 
HKCR\CLSID\{e08861fe-8847-4b2a-8ec2-08edb20e4020} => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} => value not found.
HKCR\CLSID\{4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value not found.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{d84a64a0-f2b2-4975-b264-3a3bce8d57d6} => value not found.
HKCR\CLSID\{d84a64a0-f2b2-4975-b264-3a3bce8d57d6} => key not found. 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value not found.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found. 
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} => value not found.
HKCR\CLSID\{4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} => key not found. 
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value not found.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => key not found. 
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value not found.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found. 
HKLM\Software\Mozilla\Firefox\Extensions\\{3DF533F5-FB3C-4c4c-A1D7-99717F8C3038} => value not found.
HKU\.DEFAULT\Software\Mozilla\Firefox\Extensions\\{3DF533F5-FB3C-4c4c-A1D7-99717F8C3038} => value not found.
Chrome DefaultSearchURL => not found.
Chrome DefaultSuggestURL => not found.
mfecore => service not found.
EagleNT => service not found.
ftsata2 => service not found.
HIDKbFlt => service not found.
IPFilter => service not found.
Lavasoft Kernexplorer => service not found.
Lbd => service not found.
LVUSBSta => service not found.
mfewfpk => service not found.
MpKsl18c2b999 => service not found.
MpKsl38e53981 => service not found.
PCD5SRVC{8A863ACB-F5F6CC6A-05010004} => service not found.
PID_0928 => service not found.
wanatw => service not found.
WS2IFSL => service not found.
"C:\Windows\Tasks\{3F74DB38-E453-4FFA-BFF7-29B91233625E}.job" => not found.
"C:\Windows\Tasks\{8B289E16-5365-4504-88F2-B8BFE4F1ACD5}.job" => not found.
HKU\.DEFAULT\Software\Classes\exefile => key not found. 
HKU\.DEFAULT\Software\Classes\.exe => key not found. 
 
========= netsh advfirewall reset =========
 
The following command was not found: advfirewall reset.
 
========= End of CMD: =========
 
 
========= netsh advfirewall set allprofiles state on =========
 
The following command was not found: advfirewall set allprofiles state on.
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
 
Windows IP Configuration
 
 
 
Successfully flushed the DNS Resolver Cache.
 
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache => 0 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/dllcache/drivers => 3430 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Documents and Settings => 0 B
Default User => 0 B
All Users => 0 B
systemprofile => 0 B
LocalService => 424 B
NetworkService => 0 B
Compaq_Owner => 3313204 B
 
RecycleBin => 0 B
EmptyTemp: => 3.2 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 18:32:49 ====

  • 0

#5
Redrosemadder
Posted 04 December 2016 - 10:21 PM

Redrosemadder

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

Junkware Removal Tool Log

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Microsoft Windows XP x86 
Ran by Compaq_Owner (Administrator) on Sun 12/04/2016 at 20:28:24.46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 28 
 
Failed to delete: C:\Program Files\coupons (Folder) 
Successfully deleted: C:\Documents and Settings\All Users\Start Menu\Programs\coupons (Folder) 
Successfully deleted: C:\Documents and Settings\All Users\Start Menu\Programs\regclean pro (Folder) 
Successfully deleted: C:\Documents and Settings\Compaq_Owner\Application Data\drivercure (Folder) 
Successfully deleted: C:\Documents and Settings\Compaq_Owner\Application Data\mysearchdial (Folder) 
Successfully deleted: C:\Documents and Settings\Compaq_Owner\Application Data\pc cleaners (Folder) 
Successfully deleted: C:\Documents and Settings\Compaq_Owner\Application Data\secure pc cleaner (Folder) 
Successfully deleted: C:\Documents and Settings\Compaq_Owner\Application Data\speedypc software (Folder) 
Successfully deleted: C:\Documents and Settings\Compaq_Owner\Application Data\systweak (Folder) 
Successfully deleted: C:\Documents and Settings\Compaq_Owner\Application Data\viewpoint (Folder) 
Successfully deleted: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\packageaware (Folder) 
Successfully deleted: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\slimware utilities inc (Folder) 
Successfully deleted: C:\WINDOWS\couponprinter.ocx (File) 
Successfully deleted: C:\WINDOWS\System32\drivers\swdumon.sys (File) 
Successfully deleted: C:\WINDOWS\wininit.ini (File) 
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F1YSRW0H (Temporary Internet Files Folder) 
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\NZE5OOR9 (Temporary Internet Files Folder) 
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\S851TEPI (Temporary Internet Files Folder) 
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\U38AFXTV (Temporary Internet Files Folder) 
Successfully deleted: C:\Program Files\Common Files\software update utility (Folder) 
Successfully deleted: C:\Program Files\mysearchdial (Folder) 
Successfully deleted: C:\Program Files\totalsystemcare (Folder) 
Successfully deleted: C:\Program Files\viewpoint (Folder) 
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\F1YSRW0H (Temporary Internet Files Folder) 
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\NZE5OOR9 (Temporary Internet Files Folder) 
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S851TEPI (Temporary Internet Files Folder) 
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\U38AFXTV (Temporary Internet Files Folder) 
Successfully deleted: C:\WINDOWS\System32\roboot.exe (File) 
 
 
 
Registry: 14 
 
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\CouponPrinterService (Registry Key) 
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\SWDUMon (Registry Key) 
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\YahooAUService (Registry Key) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL (Registry Value) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} (Registry Value) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{a64b497e-e5b4-4e8e-9b86-12d6bc33d53c} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B6B91A22-0F20-4C22-B213-341CBC0632CD} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D339FEA9-7C72-4D8B-8230-809CB2D872D8} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D408E06E-2526-4CE7-ADE6-A0EE2300E7FA} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{976A15CC-7485-4291-97B6-12BF0F2E3931} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL (Registry Value) 
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Main\\Search Bar (Registry Value) 
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value) 
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} (Registry Value) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 12/04/2016 at 20:31:19.07
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • 0

#6
Redrosemadder
Posted 04 December 2016 - 10:24 PM

Redrosemadder

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

AdwCleaner Log

 

# AdwCleaner v6.040 - Logfile created 04/12/2016 at 20:42:30
# Updated on 02/12/2016 by Malwarebytes
# Database : 2016-12-04.1 [Server]
# Operating System : Microsoft Windows XP Service Pack 3 (X86)
# Username : Compaq_Owner - YOUR-D0F670B45A
# Running from : C:\Documents and Settings\Compaq_Owner\Desktop\adwcleaner_6.040.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
[-] Service deleted: CouponPrinterService
[-] Service deleted: YahooAUService
[-] Service deleted: swdumon
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\Documents and Settings\All Users\Application Data\ParetoLogic
[-] Folder deleted: C:\Documents and Settings\All Users\Application Data\speedypc software
[-] Folder deleted: C:\Documents and Settings\All Users\Application Data\Viewpoint
[-] Folder deleted: C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[#] Folder deleted on reboot: C:\Documents and Settings\All Users\Application Data\SpeedyPC Software
[-] Folder deleted: C:\Documents and Settings\All Users\Documents\Downloaded Installers
[-] Folder deleted: C:\Program Files\Coupons
[-] Folder deleted: C:\Program Files\Yahoo!\Companion
 
 
***** [ Files ] *****
 
[-] File deleted: C:\Program Files\Yahoo!\Common\unyt.exe
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKLM\SOFTWARE\Classes\AolCalSvr.ACToolBarCtrl
[-] Key deleted: HKLM\SOFTWARE\Classes\AolCalSvr.ACToolBarCtrl.5
[-] Key deleted: HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
[-] Key deleted: HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
[-] Key deleted: HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
[-] Key deleted: HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
[-] Key deleted: HKLM\SOFTWARE\Classes\BackWeb.Client.ScriptHelper-5577497
[-] Key deleted: HKLM\SOFTWARE\Classes\dnUpdate
[-] Key deleted: HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
[-] Key deleted: HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
[-] Key deleted: HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
[-] Key deleted: HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
[-] Key deleted: HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
[-] Key deleted: HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
[-] Key deleted: HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample
[-] Key deleted: HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample.1
[-] Key deleted: HKLM\SOFTWARE\Classes\SdcUser.SdcMailCtl
[-] Key deleted: HKLM\SOFTWARE\Classes\SdcUser.SdcMailCtl.1
[-] Key deleted: HKLM\SOFTWARE\Classes\Yahoo.AntiSpyPlugin
[-] Key deleted: HKLM\SOFTWARE\Classes\Yahoo.AntiSpyPlugin.6
[-] Key deleted: HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin
[-] Key deleted: HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin.4
[-] Key deleted: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key deleted: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YCAPlugin.CAYASPlugin
[-] Key deleted: HKLM\SOFTWARE\Classes\YCAPlugin.CAYASPlugin.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl
[-] Key deleted: HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YPUBC.DataStore
[-] Key deleted: HKLM\SOFTWARE\Classes\YPUBC.DataStore.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler
[-] Key deleted: HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YPUBC.StringList
[-] Key deleted: HKLM\SOFTWARE\Classes\YPUBC.StringList.1
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.CacheLoader
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.CacheLoader.1
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.Clickstream
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.Clickstream.1
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.YTHelper
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.YTHelper.2
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.YToolbarBand
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.YToolbarBand.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YTabBar.YTabBarControl
[-] Key deleted: HKLM\SOFTWARE\Classes\YTabBar.YTabBarControl.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YCAAssistant
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YCAAssistant.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoUpdaterAssistant
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoUpdaterAssistant.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBGeneralAssistant
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBGeneralAssistant.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBSingleInstanceAssistant
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBSingleInstanceAssistant.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YTBM.YTBMButton
[-] Key deleted: HKLM\SOFTWARE\Classes\YTBM.YTBMButton.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF
[-] Key deleted: HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP
[-] Key deleted: HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YTNavAssist.YTNavAssistPlugin
[-] Key deleted: HKLM\SOFTWARE\Classes\YTNavAssist.YTNavAssistPlugin.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YTSingleInstance.SingleInstance
[-] Key deleted: HKLM\SOFTWARE\Classes\YTSingleInstance.SingleInstance.1
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{07CDAAD9-1226-4C6D-B774-C00E7B323484}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{1CAE874F-F5C7-4BCC-BA46-9AD26DF35B93}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{35860EFB-1589-4F32-A618-99E847A502B2}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{39DCCEAF-C749-4390-9953-527CF916935C}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{41D7CEE0-D91F-498C-BC88-4A6BEE46C2BC}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{9EDCCD11-960D-49AE-B523-C6B5AB7E1345}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{EB2BA65E-41F6-4F64-92A6-216CDFFDF577}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{EFC0651C-B6D7-49CD-A6E0-B1CE9AB5FE46}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{FFFFE1D1-E40D-49a1-9622-BC59BD1879C3}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{7473D292-B7BB-4F24-AE82-7E2CE94BB6A9}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{1147DC83-6208-4dca-8E88-DD45BAAB3043}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{11CB4723-D5A1-4a55-8D1D-5C2679D54CF5}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{1E57256D-9F39-4267-AB39-D7813D644C5A}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{31371420-098D-4C0E-A11E-EBEC2305DD01}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{37B8167C-B9A4-4316-94B2-67B64BB2BA7C}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{3A06AA27-D94B-48C2-BB55-9FD0FF2120E3}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{46140CE4-76FE-440E-AE88-4C2272BC05C7}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{6E40017D-FB6A-4804-BDE4-3BB09F1719C1}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{9F9C4C5C-2BA8-4E00-A697-9F710BB1026B}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B7A0E898-93E5-43f4-B99A-6C70B303699C}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{C60CCE95-6AF9-4E74-B66B-3212D19F1D2F}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{D40A62D1-8FC0-4F03-90C4-0DE03BE73A41}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{DDCED22E-D018-471D-9A5C-A4EA2F21133D}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{E1A2D448-6334-45ec-8800-6D7F71DC87FC}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{F9A10D86-182A-4946-869B-70C3D109D14D}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{FBE30D66-39A2-4b72-8B43-6D4C335A6F34}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{F5CC67F7-F6BA-44E3-98EC-EA17D17E6479}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{3C16E079-E4C7-493C-BE9F-E0F2BB0B7430}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{6EB4349D-4333-442F-ACA4-4C72AF28B6ED}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{7DB8B625-DBF0-4491-B544-5A06F7B17BB4}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{9DE77B51-89F6-468E-9402-16050382E950}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{F56ACA29-1C99-40F1-AC64-2E44C4F6BC71}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{11D5E9EA-3117-4389-8E58-742F0975C980}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{12D3E096-0FDF-42CC-8F44-04944F9C1648}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{22389F39-2CF4-47C4-B8B2-273BB16BF70C}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{23E3CEB3-D63A-433E-A5D0-4DB1C501B915}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{2723E96B-905F-4C64-8999-D868A08E6370}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{29E3319C-4B3C-479F-8692-BDD2CA30BEDD}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{2FCB4E7E-E5C7-4D07-BB2C-78DF2DA867AD}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{367BD1CD-74A3-451F-B1A4-6A2DE4129A2D}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{3D592FCB-FEFD-43A6-9A4F-BDE2D4607D07}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{49F018EE-F362-4B5B-8EC8-BCF9246ABF21}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{63B73044-FC1A-4FE1-991B-FDBD4CDAA868}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{67E5E37C-E6B8-4782-877D-E9437C4CD982}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{686D40BC-FA43-4317-8474-E634E6B487F2}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{7207E52B-821E-4C05-A8D6-2965B2BE77CF}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{863FCF5D-DC39-4DA9-AF32-CB0025990EEE}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{A310B105-FB7D-4497-A7E8-E046462B012F}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{B09E015A-4D4E-4F8D-A436-95E19140947D}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{B1E712C4-03AA-495F-B0F5-0F057E126E2A}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{D13DC65C-C77B-4986-9078-DEA3D34C71BB}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{DF522774-8CA0-4B15-A93A-5F61AB95DA1C}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{F9A10D86-182A-4946-869B-70C3D109D14D}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{AD34BE7D-2603-43DD-8D1F-E4431D42C44E}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{B82D18E0-1649-48DE-92D7-AA89BBB5F0AD}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{D2EA97F6-6235-4B2D-B5AA-A4472B9CE557}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{0548C79F-7B8C-455D-B228-97D35371BB62}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{4A1E52AC-64F2-49E9-BFD7-0806D9494DBB}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{61A2027D-B837-4080-A925-6E30E10DEF32}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{78DB07DF-483E-4829-AB44-ED7952083584}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{8A1AB044-787D-4309-8410-709768E484AB}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{A2C55651-A23E-43CA-B63D-C10B99EFF7E0}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
[-] Key deleted: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key deleted: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
[-] Key deleted: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
[-] Key deleted: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key deleted: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
[-] Key deleted: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key deleted: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
[-] Key deleted: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key deleted: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{327C2873-E90D-4C37-AA9D-10AC9BABA46C}]
[-] Value deleted: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
[-] Key deleted: HKU\.DEFAULT\Software\Yahoo\Companion
[-] Key deleted: HKU\.DEFAULT\Software\Auslogics
[-] Key deleted: HKU\S-1-5-21-3838367069-130207366-2897235942-1008\Software\PCCleaners
[-] Key deleted: HKU\S-1-5-21-3838367069-130207366-2897235942-1008\Software\SlimWare Utilities Inc
[-] Key deleted: HKU\S-1-5-21-3838367069-130207366-2897235942-1008\Software\SpeeditUp
[-] Key deleted: HKU\S-1-5-21-3838367069-130207366-2897235942-1008\Software\speedypc software
[-] Key deleted: HKU\S-1-5-21-3838367069-130207366-2897235942-1008\Software\Yahoo\Companion
[-] Key deleted: HKU\S-1-5-21-3838367069-130207366-2897235942-1008\Software\Yahoo\YFriendsBar
[-] Key deleted: HKU\S-1-5-21-3838367069-130207366-2897235942-1008\Software\YahooPartnerToolbar
[-] Key deleted: HKU\S-1-5-21-3838367069-130207366-2897235942-1008\Software\systweak
[-] Key deleted: HKU\S-1-5-21-3838367069-130207366-2897235942-1008\Software\Auslogics
[#] Key deleted on reboot: HKU\S-1-5-18\Software\Yahoo\Companion
[#] Key deleted on reboot: HKU\S-1-5-18\Software\Auslogics
[#] Key deleted on reboot: HKCU\Software\PCCleaners
[#] Key deleted on reboot: HKCU\Software\SlimWare Utilities Inc
[#] Key deleted on reboot: HKCU\Software\SpeeditUp
[#] Key deleted on reboot: HKCU\Software\speedypc software
[#] Key deleted on reboot: HKCU\Software\Yahoo\Companion
[#] Key deleted on reboot: HKCU\Software\Yahoo\YFriendsBar
[#] Key deleted on reboot: HKCU\Software\YahooPartnerToolbar
[#] Key deleted on reboot: HKCU\Software\systweak
[#] Key deleted on reboot: HKCU\Software\Auslogics
[-] Key deleted: HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
[-] Key deleted: HKLM\SOFTWARE\firstsearch
[-] Key deleted: HKLM\SOFTWARE\Freeze.com
[-] Key deleted: HKLM\SOFTWARE\Jawego
[-] Key deleted: HKLM\SOFTWARE\MetaStream
[-] Key deleted: HKLM\SOFTWARE\SlimWare Utilities Inc
[-] Key deleted: HKLM\SOFTWARE\speedypc software
[-] Key deleted: HKLM\SOFTWARE\TotalSystemCare
[-] Key deleted: HKLM\SOFTWARE\Uniblue
[-] Key deleted: HKLM\SOFTWARE\Viewpoint
[-] Key deleted: HKLM\SOFTWARE\Yahoo\Companion
[-] Key deleted: HKLM\SOFTWARE\Secure PC Cleaner
[-] Key deleted: HKLM\SOFTWARE\systweak
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Yahoo! Companion
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\dnu.EXE
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
[-] Key deleted: HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\YCAPlugin.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\YPUBC.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\yt.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\YTabBar.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\ytbbroker.EXE
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\YTBM.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\YTMsgr.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\YTNavAssist.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\YTSingleInstance.DLL
 
 
***** [ Web browsers ] *****
 
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
:: Proxy settings cleared
:: TCP/IP settings cleared
:: Firewall rules cleared
:: IPSec settings cleared
:: BITS queue cleared
:: IE policies deleted
:: Chrome policies deleted
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [21768 Bytes] - [04/12/2016 20:42:30]
C:\AdwCleaner\AdwCleaner[S0].txt - [20449 Bytes] - [04/12/2016 20:39:46]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [21916 Bytes] ##########

  • 0

#7
Redrosemadder
Posted 04 December 2016 - 10:26 PM

Redrosemadder

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

Fresh FRST.txt Log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-12-2016
Ran by Compaq_Owner (administrator) on YOUR-D0F670B45A (04-12-2016 20:51:16)
Running from C:\Documents and Settings\Compaq_Owner\Desktop
Loaded Profiles: Compaq_Owner (Available Profiles: Compaq_Owner)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Hewlett-Packard Company) C:\hp\KBD\kbd.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe
(Yahoo! Inc.) C:\PROGRA~1\Yahoo!\Messenger\Ymsgr_tray.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ftutil2] => "rundll32.exe" ftutil2.dll,SetWriteCacheMode
HKLM\...\Run: [NvCplDaemon] => "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [nwiz] => "nwiz.exe" /install
HKLM\...\Run: [NvMediaCenter] => "RunDLL32.exe" NvMCTray.dll,NvTaskbarInit
HKLM\...\Run: [KBD] => C:\HP\KBD\KBD.EXE [61440 2005-02-02] (Hewlett-Packard Company)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20145368 2013-06-24] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [PSUAMain] => C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe [54520 2015-10-22] (Panda Security, S.L.)
HKLM\...\Run: [UserFaultCheck] => %systemroot%\system32\dumprep 0 -u
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
Winlogon\Notify\WgaLogon: 
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Run: [Messenger (Yahoo!)] => C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [ClassicShell] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk [2006-12-12]
ShortcutTarget: Compaq Connections.lnk -> C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe (Hewlett-Packard)
Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk [2005-08-17]
ShortcutTarget: Pin.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{55512C5C-6A38-463A-AFEF-B67E67905F95}: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{80443072-5384-4D29-A197-604ECE8884D8}: [DhcpNameServer] 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
ManualProxies: 
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://att.yahoo.com/
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
SearchScopes: HKU\.DEFAULT -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-3838367069-130207366-2897235942-1008 -> DefaultScope {D408E06E-2526-4CE7-ADE6-A0EE2300E7FA} URL = 
SearchScopes: HKU\S-1-5-21-3838367069-130207366-2897235942-1008 -> {4A87269F-AE6C-4E28-B98A-85E27F02D05B} URL = hxxp://www.flickr.com/search/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3838367069-130207366-2897235942-1008 -> {52DB8470-04A4-41EC-9E4F-EF3E4AF4521D} URL = hxxp://delicious.com/search?p={searchTerms}
SearchScopes: HKU\S-1-5-21-3838367069-130207366-2897235942-1008 -> {A7935409-BC37-42AA-A105-6D0A942CB9F1} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ie8
SearchScopes: HKU\S-1-5-21-3838367069-130207366-2897235942-1008 -> {C2BF02AC-9F26-47A0-BADC-5A89A997F5AF} URL = hxxp://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
BHO: EWPBrowseObject Class -> {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} -> C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-04-18] ()
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-10-19] (Oracle Corporation)
BHO: No Name -> {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} -> No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-19] (Oracle Corporation)
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-02] [not signed]
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1215155.dll [2014-12-02] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-19] (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2009-06-20] (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll [2011-08-30] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\Common Files\Motive\npMotive.dll [2009-01-07] (Motive, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Plugin: (Widevine Content Decryption Module) - C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\User Data\WidevineCDM\1.4.8.903\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\22.0.0.209\pepflashplayer.dll ()
CHR Profile: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default [2016-12-04]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-04]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2008-03-25] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe [142072 2015-10-18] (Panda Security, S.L.)
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PandaAgent; C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe [73176 2016-02-22] (Panda Security, S.L.) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PSUAService; C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-10-22] (Panda Security, S.L.)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [36352 2005-03-09] (Advanced Micro Devices)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 gfiark; C:\WINDOWS\System32\drivers\gfiark.sys [43368 2013-05-23] (ThreatTrack Security)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2007-03-07] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2007-03-07] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2007-03-07] (HP)
R3 HSX_DP; C:\WINDOWS\System32\DRIVERS\HSX_DP.sys [936448 2005-12-06] (Conexant Systems, Inc.)
S3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [350240 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [81296 2014-08-20] (McAfee, Inc.)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2009-10-22] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMPR5; C:\Program Files\Common Files\Motive\MREMPR5.sys [19345 2004-11-22] (Motive, Inc.) [File not signed]
S3 MRENDIS5; C:\Program Files\Common Files\Motive\MRENDIS5.sys [18003 2004-11-22] (Motive, Inc.) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2009-10-22] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R1 NNSALPC; C:\WINDOWS\System32\DRIVERS\NNSAlpc.sys [87032 2015-07-09] (Panda Security, S.L.)
R1 NNSHTTP; C:\WINDOWS\System32\DRIVERS\NNSHttp.sys [202104 2015-07-09] (Panda Security, S.L.)
R1 NNSHTTPS; C:\WINDOWS\System32\DRIVERS\NNSHttps.sys [109688 2015-07-09] (Panda Security, S.L.)
R1 NNSIDS; C:\WINDOWS\System32\DRIVERS\NNSIds.sys [121720 2015-07-09] (Panda Security, S.L.)
R3 NNSNAHS; C:\WINDOWS\System32\DRIVERS\NNSNAHS.sys [55216 2015-05-20] (Panda Security, S.L.)
R1 NNSPICC; C:\WINDOWS\System32\DRIVERS\NNSPicc.sys [102264 2015-07-09] (Panda Security, S.L.)
R1 NNSPIHS; C:\WINDOWS\System32\DRIVERS\NNSPihs.sys [52088 2015-07-09] (Panda Security, S.L.)
R1 NNSPOP3; C:\WINDOWS\System32\DRIVERS\NNSPop3.sys [120568 2015-07-09] (Panda Security, S.L.)
R1 NNSPROT; C:\WINDOWS\System32\DRIVERS\NNSProt.sys [281720 2015-07-09] (Panda Security, S.L.)
R1 NNSPRV; C:\WINDOWS\System32\DRIVERS\NNSPrv.sys [209016 2015-07-09] (Panda Security, S.L.)
R1 NNSSMTP; C:\WINDOWS\System32\DRIVERS\NNSSmtp.sys [108408 2015-07-09] (Panda Security, S.L.)
R1 NNSSTRM; C:\WINDOWS\System32\DRIVERS\NNSStrm.sys [240376 2015-07-09] (Panda Security, S.L.)
R1 NNSTLSC; C:\WINDOWS\System32\DRIVERS\NNSTlsc.sys [94968 2015-07-09] (Panda Security, S.L.)
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [34176 2006-03-03] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [13056 2006-03-03] (NVIDIA Corporation)
R2 PSINAflt; C:\WINDOWS\System32\DRIVERS\PSINAflt.sys [140792 2015-07-19] (Panda Security, S.L.)
R2 PSINFile; C:\WINDOWS\System32\DRIVERS\PSINFile.sys [103288 2015-07-19] (Panda Security, S.L.)
R1 PSINKNC; C:\WINDOWS\System32\DRIVERS\psinknc.sys [172792 2015-07-19] (Panda Security, S.L.)
R2 PSINProc; C:\WINDOWS\System32\DRIVERS\PSINProc.sys [114680 2015-07-19] (Panda Security, S.L.)
R2 PSINProt; C:\WINDOWS\System32\DRIVERS\PSINProt.sys [125176 2015-07-19] (Panda Security, S.L.)
R2 PSINReg; C:\WINDOWS\System32\DRIVERS\PSINReg.sys [100600 2015-07-19] (Panda Security, S.L.)
R3 PSKMAD; C:\WINDOWS\System32\DRIVERS\PSKMAD.sys [50832 2015-05-22] (Panda Security, S.L.)
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
R3 winachsx; C:\WINDOWS\System32\DRIVERS\HSX_CNXT.sys [670208 2005-12-06] (Conexant Systems, Inc.)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-12-04 20:48 - 2016-12-04 20:48 - 00021996 _____ C:\Documents and Settings\Compaq_Owner\Desktop\AdwCleaner[C0].txt
2016-12-04 20:36 - 2016-12-04 20:42 - 00000000 ___DC C:\AdwCleaner
2016-12-04 20:34 - 2016-12-04 20:35 - 03968464 _____ C:\Documents and Settings\Compaq_Owner\Desktop\adwcleaner_6.040.exe
2016-12-04 20:31 - 2016-12-04 20:31 - 00005209 _____ C:\Documents and Settings\Compaq_Owner\Desktop\JRT.txt
2016-12-04 20:25 - 2016-12-04 20:26 - 01631928 _____ (Malwarebytes) C:\Documents and Settings\Compaq_Owner\Desktop\JRT.exe
2016-12-04 18:29 - 2016-12-04 18:32 - 00011081 _____ C:\Documents and Settings\Compaq_Owner\Desktop\Fixlog.txt
2016-12-04 18:28 - 2016-12-04 18:28 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Desktop\FRST-OlderVersion
2016-12-03 16:55 - 2016-12-03 16:58 - 00025470 _____ C:\Documents and Settings\Compaq_Owner\Desktop\Addition.txt
2016-12-03 16:54 - 2016-12-04 20:51 - 00024121 _____ C:\Documents and Settings\Compaq_Owner\Desktop\FRST.txt
2016-12-03 16:52 - 2016-12-04 20:51 - 00000000 ___DC C:\FRST
2016-12-03 16:44 - 2016-12-04 18:28 - 01761792 ____C (Farbar) C:\Documents and Settings\Compaq_Owner\Desktop\FRST.exe
2016-11-29 01:48 - 2015-05-22 03:45 - 00050832 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\PSKMAD.sys
2016-11-24 08:25 - 2016-11-24 08:25 - 00000572 ____C C:\Documents and Settings\Compaq_Owner\My Documents\spider.sav
2016-11-22 13:19 - 2016-11-22 13:19 - 00000000 ___DC C:\738327a8a4104a01908359bc
2016-11-10 20:25 - 2016-11-10 20:25 - 00097784 ____C C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2016-11-10 18:34 - 2016-11-10 18:34 - 00000000 ___DC C:\quardata
2016-11-10 17:51 - 2016-11-10 20:25 - 00000000 ____D C:\Program Files\ScanGuard
2016-11-10 17:50 - 2016-11-10 19:05 - 00000000 ___DC C:\Documents and Settings\All Users\Application Data\Package Cache
2016-11-09 04:10 - 2016-11-09 04:10 - 00000000 ___DC C:\46d630d215e65e87ea7c4350242f53
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-12-04 21:30 - 2012-09-19 17:38 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Local Settings\Temp
2016-12-04 21:23 - 2016-07-08 21:29 - 00000830 ____C C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-12-04 21:17 - 2016-02-05 20:51 - 00000886 ____C C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-12-04 20:45 - 2006-09-04 17:17 - 00004580 ____C C:\WINDOWS\ModemLog_Data Fax SoftModem with SmartCP.txt
2016-12-04 20:45 - 2006-09-04 17:14 - 00043531 ____C C:\WINDOWS\system32\nvapps.xml
2016-12-04 20:44 - 2005-12-05 02:05 - 00000006 ___HC C:\WINDOWS\Tasks\SA.DAT
2016-12-04 20:43 - 2015-11-05 15:11 - 09764864 _____ C:\WINDOWS\system32\config\Nano.evt
2016-12-04 20:43 - 2006-12-12 13:00 - 00000178 __SHC C:\Documents and Settings\Compaq_Owner\ntuser.ini
2016-12-04 20:43 - 2005-12-05 02:05 - 00032590 _____ C:\WINDOWS\SchedLgU.Txt
2016-12-04 20:41 - 2006-09-04 17:52 - 00000000 ____D C:\Program Files\Yahoo!
2016-12-04 18:21 - 2006-09-04 12:27 - 00000000 _RSHD C:\WINDOWS\system32\dllcache
2016-12-04 16:16 - 2016-02-05 20:51 - 00000882 ____C C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-12-03 23:10 - 2016-07-01 00:56 - 00000892 ____C C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-12-03 23:10 - 2005-12-06 13:06 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-12-03 21:03 - 2009-08-30 20:33 - 00000436 ___HC C:\WINDOWS\Tasks\User_Feed_Synchronization-{211B5687-97DC-44B5-B985-C88EF0E30031}.job
2016-12-03 13:54 - 2005-12-05 14:31 - 00000281 __SHC C:\boot.ini
2016-12-03 13:54 - 2005-12-05 01:50 - 00000611 ____C C:\WINDOWS\win.ini
2016-12-03 13:54 - 2005-12-04 17:44 - 00000227 ____C C:\WINDOWS\system.ini
2016-11-30 22:03 - 2005-12-06 12:23 - 00000000 ____D C:\WINDOWS\Help
2016-11-24 23:02 - 2014-08-15 15:23 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Adobe
2016-11-24 23:01 - 2012-04-10 11:16 - 00796352 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-11-24 23:01 - 2011-05-15 07:48 - 00142528 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-11-24 08:25 - 2006-12-12 13:00 - 00000000 ___RD C:\Documents and Settings\Compaq_Owner\My Documents
2016-11-09 04:07 - 2005-12-05 01:53 - 00001158 ____C C:\WINDOWS\system32\wpa.dbl
2016-11-09 04:05 - 2006-12-12 13:00 - 00000000 ____D C:\Documents and Settings\Compaq_Owner
2016-11-09 04:05 - 2006-09-04 16:50 - 00000000 __SHD C:\Documents and Settings\NetworkService
2016-11-09 04:05 - 2006-09-04 16:50 - 00000000 __SHD C:\Documents and Settings\LocalService
2016-11-09 04:05 - 2005-12-06 12:49 - 00000000 ____D C:\WINDOWS\Registration
2016-11-08 15:00 - 2014-03-24 21:24 - 00000230 ____C C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2016-11-06 09:55 - 2005-12-05 01:55 - 00644300 ____C C:\WINDOWS\system32\PerfStringBackup.INI
 
==================== Files in the root of some directories =======
 
2007-08-23 12:55 - 2007-08-23 12:59 - 4907008 ____C () C:\Program Files\BellSouthMessengerSetup44.exe
2007-08-23 12:44 - 2007-08-23 12:44 - 0066269 ____C () C:\Program Files\INSTALL.LOG
2012-12-13 12:56 - 2013-12-11 18:23 - 10395072 ____C (Webroot Software, Inc.) C:\Program Files\Common Files\wruninstall.exe
2015-06-19 18:10 - 2015-06-19 18:10 - 0000053 ____C () C:\Documents and Settings\Compaq_Owner\Application Data\LogFile.txt
2008-03-04 07:28 - 2008-03-04 07:40 - 0004120 ____C () C:\Documents and Settings\Compaq_Owner\Application Data\update.log
2014-06-05 17:41 - 2015-05-05 23:31 - 0000348 ____C () C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
2008-07-20 21:13 - 2009-08-06 08:59 - 0008192 ____C () C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-05-01 13:37 - 2010-05-01 13:37 - 0000135 ____C () C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\fusioncache.dat
2015-01-03 21:11 - 2015-01-03 21:11 - 0000000 ____C () C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\{77AFBE2C-EC14-4175-B09B-18F917EB3490}
2006-09-04 17:18 - 2012-03-10 14:44 - 0007330 ____C () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
 
Files to move or delete:
====================
C:\Documents and Settings\Compaq_Owner\jagex_runescape_preferences.dat
C:\Documents and Settings\Compaq_Owner\jagex_runescape_preferences2.dat
 
 
Some files in TEMP:
====================
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\libeay32.dll
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\msvcr120.dll
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End of FRST.txt ============================

  • 0

#8
Redrosemadder
Posted 04 December 2016 - 10:28 PM

Redrosemadder

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

Fresh Addition.txt. Log

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-12-2016
Ran by Compaq_Owner (04-12-2016 21:34:29)
Running from C:\Documents and Settings\Compaq_Owner\Desktop
Microsoft Windows XP Home Edition Service Pack 3 (X86) (2006-12-12 18:00:19)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3838367069-130207366-2897235942-500 - Administrator - Enabled)
ASPNET (S-1-5-21-3838367069-130207366-2897235942-1009 - Limited - Enabled)
Compaq_Owner (S-1-5-21-3838367069-130207366-2897235942-1008 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Compaq_Owner
Guest (S-1-5-21-3838367069-130207366-2897235942-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-3838367069-130207366-2897235942-1007 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-3838367069-130207366-2897235942-1002 - Limited - Disabled)
SUPPORT_fddfa904 (S-1-5-21-3838367069-130207366-2897235942-1006 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: PC Cleaners (Disabled - Up to date) {737A8864-C2D9-4337-B49A-B5E35815B9BB}
AV: Panda Free Antivirus (Enabled - Up to date) {5AD27692-540A-464E-B625-78275FA38393}
FW: Norton Internet Worm Protection (Disabled) {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: Panda Firewall (Disabled) {1337562C-110A-4AF8-B12B-750C0B30E802}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.1.0.0 - Adobe Systems Incorporated)
Acrobat.com (Version: 2.1.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe Flash Player 23 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Adobe Flash Player 23 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Reader 9.5.4 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.4 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.5.155 - Adobe Systems, Inc.)
ArcSoft PhotoStudio 5.5 (HKLM\...\{85309D89-7BE9-4094-BB17-24999C6118FC}) (Version:  - ArcSoft)
AT&T Toolbar (HKLM\...\blstoolbar) (Version:  - )
AT&T Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
ATT-PRT22 (HKLM\...\ATT-PRT22) (Version:  - )
BellSouth Application Management (HKLM\...\BellSouth Application Management) (Version:  - )
BufferChm (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Canon MP600 User Registration (HKLM\...\Canon MP600 User Registration) (Version:  - )
Compaq Connections (remove only) (HKLM\...\HPOOVClient-5577497 Uninstaller) (Version:  - )
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.1.8) (Version: 5.0.1.8 - Coupons.com Incorporated)
Customer Experience Enhancement (HKLM\...\InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}) (Version: Customer Experience Enhancement -1.0.0.1680 - Hewlett-Packard)
Customer Experience Enhancement (Version: Customer Experience Enhancement -1.0.0.1680 - Hewlett-Packard) Hidden
Data Fax SoftModem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1) (Version:  - )
Easy Internet Sign-up (HKLM\...\InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}) (Version: FE UI-4.1.0.1680 - Hewlett-Packard)
Easy Internet Sign-up (Version: FE UI-4.1.0.1680 - Hewlett-Packard) Hidden
Easy-WebPrint (HKLM\...\Easy-WebPrint) (Version:  - )
Enhanced Multimedia Keyboard Solution (HKLM\...\KBD) (Version:  - )
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - )
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
F4100_doccd (Version: 90.0.200.000 - Hewlett-Packard) Hidden
FastAccess® DSL Help Center 4.1 (HKLM\...\BellsouthHelpCenter4.0b_is1) (Version: 4.1.19 - ATT)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Boot Optimizer (HKLM\...\{1341D838-719C-4A05-B50F-49420CA1B4BB}) (Version: 3.0.0 - Hewlett-Packard)
HP Deskjet 2050 J510 series Basic Device Software (HKLM\...\{5033F411-4848-49D6-BAC2-DAA06AFA0AFC}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Deskjet 2050 J510 series Help (HKLM\...\{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}) (Version: 140.0.61.61 - Hewlett Packard)
HP Deskjet 2050 J510 series Product Improvement Study (HKLM\...\{9C344D4A-69B8-430E-B463-BAA1A83D7F68}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.3341 - HP Photo Creations Powered by RocketLife)
HP Product Detection (HKLM\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Solution Center 9.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 9.0 - HP)
HP Support Overview (HKLM\...\{D7DBA21A-CDE5-42EC-BB1C-AE4B3E616B9A}_is1) (Version: 1.0.0 - Hewlett-Packard Company)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Web Helper (HKLM\...\{DAAD5187-62C5-4AD6-A526-803C18C4944D}) (Version:  - )
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPPhotoSmartExpress (Version: 70.0.170.000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 90.0.146.000 - Hewlett-Packard) Hidden
HpSdpAppCoreApp (Version: 3.00.0000 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}) (Version: 2.2.0.0000 - Hewlett Packard Development Company L.P.)
InstantShareAlert (Version: 1.00.0000 - HP) Hidden
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
Java 8 Update 111 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60831.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Works (HKLM\...\{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}) (Version: 08.04.0623 - Microsoft Corporation)
Move Networks Media Player for Internet Explorer (HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Move Networks Player - IE) (Version:  - )
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 and SOAP Toolkit 3.0 (Version: 1.0.0.0 - Webroot Software, Inc.) Hidden
MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
Panda Devices Agent (Version: 1.03.07 - Panda Security) Hidden
Panda Devices Agent (Version: 1.06.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM\...\Panda Universal Agent Endpoint) (Version: 16.0.2 - Panda Security)
Panda Free Antivirus (Version: 8.04.00.0000 - Panda Security) Hidden
QuickTime (HKLM\...\QuickTime) (Version:  - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.7040 - Realtek Semiconductor Corp.)
SolutionCenter (Version: 90.0.146.000 - Hewlett-Packard) Hidden
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Unload (Version: 7.0.0 - Hewlett-Packard) Hidden
UnloadSupport (Version: 9.0.0 - Hewlett-Packard) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WildTangent Web Driver (HKLM\...\WildTangent CDA) (Version:  - )
Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (09/13/2013 5.10.0.7040) (HKLM\...\8AF9FB9D51A08D283F2D63ECDE71641C23C42A78) (Version: 09/13/2013 5.10.0.7040 - Realtek Semiconductor Corp.)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format Runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 10 (HKLM\...\Windows Media Player) (Version:  - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job => 
Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_23_0_0_207_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{211B5687-97DC-44B5-B985-C88EF0E30031}.job => C:\WINDOWS\system32\msfeedssync.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Documents and Settings\Compaq_Owner\Desktop\tool for comp\HP Extended Service Plans.lnk -> C:\hp\VINETLINK\VINETLINK.exe () -> "www.hp.com/go/dticonesp"
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-04-12 12:23 - 2013-04-12 12:23 - 00612664 _____ () C:\Program Files\Panda Security\Panda Security Protection\SQLite3.dll
2015-07-04 02:26 - 2012-05-25 03:25 - 00921600 ____C () C:\Program Files\Yahoo!\Messenger\yui.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4 [268]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:258F3E77 [260]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:B95CF7DA [118]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:C46995DA [120]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:CFE0B346 [228]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\facebook -> facebook
IE trusted site: HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\google%20chrome -> google%20chrome
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2004-08-04 06:00 - 2012-01-16 21:10 - 00000734 ___AC C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 209.18.47.62 - 209.18.47.61
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupreg: AROReminder => C:\Program Files\ARO 2011\ARO.exe -rem
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
DomainProfile\AuthorizedApplications: [C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe] => Enabled:Compaq Connections
StandardProfile\AuthorizedApplications: [C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe] => Enabled:Compaq Connections
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe] => Enabled:Nexon Game Manager
StandardProfile\AuthorizedApplications: [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe] => Enabled:Yahoo! Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\Internet Explorer\iexplore.exe] => Enabled:Internet Explorer
StandardProfile\AuthorizedApplications: [C:\Program Files\Messenger\msmsgs.exe] => Enabled:Windows Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\USBSetup.exe] => :LocalSubNet:Enabled:HP Device Setup
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2012\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\sessmgr.exe] => Disabled:@xpsp2res.dll,-22019
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
==================== Restore Points =========================
 
10-11-2016 00:04:20 Software Distribution Service 3.0
10-11-2016 17:50:57 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
11-11-2016 00:00:38 Software Distribution Service 3.0
12-11-2016 02:05:14 Software Distribution Service 3.0
13-11-2016 00:00:42 Software Distribution Service 3.0
14-11-2016 12:54:15 System Checkpoint
15-11-2016 14:48:54 System Checkpoint
16-11-2016 00:51:09 Software Distribution Service 3.0
17-11-2016 12:23:52 System Checkpoint
18-11-2016 12:54:17 System Checkpoint
19-11-2016 13:48:50 System Checkpoint
20-11-2016 03:00:21 Software Distribution Service 3.0
21-11-2016 01:05:44 Software Distribution Service 3.0
22-11-2016 02:34:43 System Checkpoint
22-11-2016 06:14:35 Software Distribution Service 3.0
22-11-2016 13:17:38 Software Distribution Service 3.0
22-11-2016 13:23:11 Software Distribution Service 3.0
23-11-2016 14:02:09 System Checkpoint
24-11-2016 14:21:33 System Checkpoint
25-11-2016 14:30:07 System Checkpoint
26-11-2016 14:44:26 System Checkpoint
26-11-2016 23:41:09 Software Distribution Service 3.0
27-11-2016 04:02:38 Software Distribution Service 3.0
28-11-2016 04:20:31 System Checkpoint
29-11-2016 05:06:16 System Checkpoint
29-11-2016 06:15:29 Software Distribution Service 3.0
30-11-2016 18:47:08 System Checkpoint
02-12-2016 01:24:49 System Checkpoint
03-12-2016 02:37:21 System Checkpoint
04-12-2016 06:59:28 Software Distribution Service 3.0
04-12-2016 18:29:13 Restore Point Created by FRST
04-12-2016 18:30:12 Restore Point Created by FRST
04-12-2016 18:32:33 Restore Point Created by FRST
04-12-2016 20:28:34 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/04/2016 06:32:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application frst.exe, version 4.12.2016.0, faulting module frst.exe, version 4.12.2016.0, fault address 0x000211de.
Processing media-specific event for [frst.exe!ws!]
 
Error: (12/04/2016 06:29:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application frst.exe, version 4.12.2016.0, faulting module frst.exe, version 4.12.2016.0, fault address 0x000211de.
Processing media-specific event for [frst.exe!ws!]
 
Error: (12/04/2016 05:48:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application psuamain.exe, version 4.0.0.646, faulting module unknown, version 0.0.0.0, fault address 0x02db292d.
Processing media-specific event for [psuamain.exe!ws!]
 
Error: (12/04/2016 09:25:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application psuamain.exe, version 4.0.0.646, faulting module ndkapi.license.dll, version 4.0.0.556, fault address 0x00006f8a.
Processing media-specific event for [psuamain.exe!ws!]
 
Error: (12/04/2016 07:05:10 AM) (Source: HotFixInstaller) (EventID: 5000) (User: )
Description: EventType visualstudio8setup, P1 microsoft .net framework 3.5-kb958484, P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.31211.0, P7 install, P8 x86, P9 xp, P10 0.
 
Error: (12/04/2016 07:04:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application psuamain.exe, version 4.0.0.646, faulting module ndkapi.license.dll, version 4.0.0.556, fault address 0x00006f8a.
Processing media-specific event for [psuamain.exe!ws!]
 
Error: (12/03/2016 11:39:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application psuamain.exe, version 4.0.0.646, faulting module ndkapi.dll, version 4.0.0.570, fault address 0x000711e9.
Processing media-specific event for [psuamain.exe!ws!]
 
Error: (12/03/2016 04:55:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application frst.exe, version 2.12.2016.0, faulting module frst.exe, version 2.12.2016.0, fault address 0x000211de.
Processing media-specific event for [frst.exe!ws!]
 
Error: (11/30/2016 11:02:28 PM) (Source: Application Error) (EventID: 1001) (User: )
Description: Fault bucket 354618321.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication.  The current setting has been marked as failed and the Wireless connection will be disconnected.
 
Error: (11/30/2016 11:02:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application psuamain.exe, version 4.0.0.646, faulting module ndkapi.dll, version 4.0.0.570, fault address 0x000711e9.
Processing media-specific event for [psuamain.exe!ws!]
 
 
System errors:
=============
Error: (12/04/2016 08:40:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Application Layer Gateway Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (12/04/2016 08:40:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows User Mode Driver Framework service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (12/04/2016 08:40:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Panda Devices Agent service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
 
Error: (12/04/2016 08:40:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Coupon Printer Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (12/04/2016 08:40:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (12/04/2016 06:38:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The IMAPI CD-Burning COM Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (12/04/2016 06:38:59 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
 
Error: (12/04/2016 06:32:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (12/04/2016 06:32:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Coupon Printer Service service terminated unexpectedly.  It has done this 3 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (12/04/2016 06:30:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Coupon Printer Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
 
==================== Memory info =========================== 
 
Processor: AMD Sempron™ Processor 3400+
Percentage of memory in use: 70%
Total physical RAM: 446.48 MB
Available physical RAM: 131.58 MB
Total Virtual: 1281.67 MB
Available Virtual: 926.69 MB
 
==================== Drives ================================
 
Drive c: (PRESARIO) (Fixed) (Total:104.46 GB) (Free:89.52 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: (PRESARIO_RP) (Fixed) (Total:7.3 GB) (Free:0.52 GB) FAT32 ==>[drive with boot components (Windows XP)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 111.8 GB) (Disk ID: CAB10BEE)
Partition 1: (Active) - (Size=104.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=7.3 GB) - (Type=0C)
 
==================== End of Addition.txt ============================

  • 0

#9
pystryker
Posted 05 December 2016 - 05:01 AM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Hello :)
 

Pystryker, i sincerely appreciate your help. My poor Mom does too.


You're both very welcome, it's my pleasure. :)

 

I was unable to remove the Download Updater program; i was unable to fina the program or any associated files.


No worries on this. It didn't show up in the latest FRST scans, it looks like it was taken out either by Junkware Removal Tool or AdwCleaner.

 

I was unable to download the junkware removal tool and the adwCleaner from the site you recommended. I went to the malwarebytes site and successfully downloaded them.


:thumbsup:




There are a few other small issues with her computer I'd like to discuss with you once we get the huge mess fixed.


Ok, no problem. If I can't fix them, we'll get you into the right forum so they can be fixed.


The logs look good, so we'll run some scans for orphans and remnants and check for any out of date programs.


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Step 1: Scan with Malwarebytes


Please download Malwarebytes Anti-Malware to your desktop
Install the progam and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings_zpsb6b9ada0.jpg

Go back to the Dashboard and select Scan Now

mbam21-console_zpslhr5hawa.jpg

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot_zps9089ab30.jpg

MBAMLog_zpsade07f42.jpg

On completion of the scan (or after the reboot), start MBAM,

Click History, then Application Logs, then check the Select box by the first Scan Log in the list and then click on the log to highlight it.

Click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.


Step 2: SecurityCheck Scan


Download Security Checksecuritycheck_zpsb7736812.jpg by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Things I need to see in your next post:
  • MBAM Log
  • SecurityCheck Log

  • 0

#10
Redrosemadder
Posted 05 December 2016 - 04:56 PM

Redrosemadder

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

Here are the requested files. :) Mu Mom is enjoying all my company!!

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 12/5/2016
Scan Time: 3:55:41 PM
Logfile: mbam.txt
Administrator: Yes
 
Version: 0.0.0.0000
Malware Database: v2016.12.05.14
Rootkit Database: v2016.11.20.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Compaq_Owner
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 280399
Time Elapsed: 1 hr, 4 min, 29 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 Results of screen317's Security Check version 0.99.93  
 Windows XP Service Pack 3 x86   
 Internet Explorer 5 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
 Panda Free Antivirus    
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 111  
 Java version 32-bit out of Date! 
 Adobe Reader 9  
 Adobe Reader XI  
 Google Chrome (49.0.2623.112) 
 Google Chrome (plugins...) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:: 1% 
````````````````````End of Log`````````````````````` 
 

  • 0

Advertisements

#11
pystryker
Posted 05 December 2016 - 09:09 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts

Here are the requested files. :) Mu Mom is enjoying all my company!!


:) I'm glad she's having a good time. :)

The logs look good, only one program to update. How's the machine running?

Step 1: Java Warning and Update

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java

Please read this article about Java.

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to disable Java in your web browser and How to unplug Java from the browser)

If you do need to keep Java then download JavaRa
Run the programme and select Remove Java Runtime. Uninstall all versions of Java present
Once done then run it again and select Update Java runtime > Download and install Latest version.

javara_zpshnkbqglv.jpg


Once completed, please let me know and how the machine is running and we'll proceed. :thumbsup:
  • 0

#12
Redrosemadder
Posted 07 December 2016 - 03:38 PM

Redrosemadder

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

I've done everything and it is now slower than molasses in January. I'm sure its nothing we've done (at at least nothing in your instructions :)) but good heaven's. 

 

No weird pop ups, her major complaints seems to be solved but it literally took ten minute for chrome to open.

 

 

 

At this point I'm begging her to get a new computer. 

 

No deal. 

 

 

Any thoughts?


  • 0

#13
pystryker
Posted 07 December 2016 - 07:16 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Hello :)

Is Chrome the only browser she's willing to use? You might try using FireFox and see if it will open any quicker. But, to be honest, the machine does need replacing. Not only due to the age, but the fact that XP is no longer supported by Microsoft. They will not fix any new vulnerabilities found in the software and that leaves it vulnerable to attack.

Let's defrag the hard drive and see if that will help any. Please follow the instructions at the link below. Also, I'd let it run over night as the instructions at the link suggest. The machine can't be used while defragging. :thumbsup:

http://artsweb.bham....rag-win2kxp.htm
  • 0

#14
Redrosemadder
Posted 08 December 2016 - 12:56 PM

Redrosemadder

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

*sigh*

 

I'm getting an error message that says something has been changed in the system configuration system. 

Not by me!

 

I looked for a system restore point and there aren't any in Dec anymore except for today. 

 

 

Can we do anything about that? I mean, getting rid of the changes made.

 

 

I almost have her talked her into buying a new computer tomorrow. 

 

I have all her documents and pictures saved, thank goodness. 

 

so we might be okay. 

 

I can't get it to defrag - the system is soooo slow. 


  • 0

#15
pystryker
Posted 08 December 2016 - 07:33 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts

*sigh*
 
I'm getting an error message that says something has been changed in the system configuration system. 
Not by me!
 
I looked for a system restore point and there aren't any in Dec anymore except for today. 
 
 
Can we do anything about that? I mean, getting rid of the changes made.
 
 
I almost have her talked her into buying a new computer tomorrow. 
 
I have all her documents and pictures saved, thank goodness. 
 
so we might be okay. 
 
I can't get it to defrag - the system is soooo slow.


Hello :)

Let's get the Hardware Techs to run some tests on the machine and see if there's anything that will help. I'd honestly keep trying to get her to buy a new machine. The system will continue to degrade over time as new software (including browsers) demand more and more from it. I'm going to include a link below to the Hardware Forum if you'd like to get them to run some tests. Also, please let them know if you decide to, that the machine is clear of malware.

Let's remove my tools and create a new restore point on the machine. :thumbsup:

Link to Hardware Forum: http://www.geekstogo...nd-peripherals/

Step 1: Tool Removal with Delfix and Creation of a clean restore point
  • Download Delfix from here
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore
    • Reset System Settings
    delfix.jpg
  • Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.
  • I recommend keeping Malwarebytes Anti-Malware installed. Make sure to update it and run it at least once a week. If it finds things such as PUP's (Potentially Unwanted Programs) you can delete those with no worries. However, if it finds something like a trojan, come see us.
Step 2: Tips, Information, and Optional Installation of Unchecky
  • Watch what you open in your emails. If you get an email from an unknown source with any attached files, do not open it.
  • Install and keep only one anti-virus on your machine. Update it and scan your machine with it at least once a week.
  • Be careful of the websites you visit.
  • When installing new programs, don't be "click happy" and click through the screens. Many programs come with adware in them and are set to install them by default. Several programs require that you uncheck or select no to prevent the installation. Take your time and read each screen as you go. :)
To help protect yourself while on the web, I recommend you read How did I get infected in the first place?

I also recommend reading Miekiemoes Protection Tips


Installation of Unchecky

This is a very good little program that will automatically uncheck any boxes during a software installation. This helps prevent the software from installing any malware that is by default checked while the program is being installed.
  • Click here to be taken to Unchecky.com
  • Click the very large Download button.
  • Click Save
  • Once downloaded, double click the program (Vista, Win 7, and 8, right click and Run as Administrator)
  • Once open, click the Install button.
unchecky1_zps667e512d.jpg


Then click Finish

unchecky2_zpsca4e7d0d.jpg


Unchecky is now installed and will help you keep unwanted check boxes unchecked. :thumbsup:


Things I need to see in your next post

Delfix Log
  • 1
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: slow, acting strangely, wont respond, malware, viruses, trojan

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP