Hi. My name is Connie and It's been a while since I've been here. I'm helping my Mom with her ancient computer to the best of my ability but I've run into issues WAY over my head. I believe she has given remote access to spammers. She also downloaded and ran a "free virus removal program" from a pop up.
Any help anyone could render would be greatly appreciated.
She can't afford to purchase a new computer so if we can possibly rescue this it would be so beneficial.
i ran frst.exe and here are the results.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-12-2016
Ran by Compaq_Owner (administrator) on YOUR-D0F670B45A (03-12-2016 16:57:37)
Running from C:\Documents and Settings\Compaq_Owner\Desktop
Loaded Profiles: Compaq_Owner (Available Profiles: Compaq_Owner)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Coupons.com Inc.) C:\Program Files\Coupons\CouponPrinterService.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ftutil2] => "rundll32.exe" ftutil2.dll,SetWriteCacheMode
HKLM\...\Run: [NvCplDaemon] => "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [nwiz] => "nwiz.exe" /install
HKLM\...\Run: [NvMediaCenter] => "RunDLL32.exe" NvMCTray.dll,NvTaskbarInit
HKLM\...\Run: [KBD] => C:\HP\KBD\KBD.EXE [61440 2005-02-02] (Hewlett-Packard Company)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20145368 2013-06-24] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [PSUAMain] => C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe [54520 2015-10-22] (Panda Security, S.L.)
HKLM\...\Run: [UserFaultCheck] => %systemroot%\system32\dumprep 0 -u
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM\...\Run: [MSConfig] => C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [169984 2008-04-13] (Microsoft Corporation)
Winlogon\Notify\WgaLogon:
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Run: [Messenger (Yahoo!)] => C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [ClassicShell] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {6B78A880-15CA-468f-8422-A7960AD6FBB9} => C:\Program Files\Webroot\Security\current\plugins\sync\WebRootShellExt.dll No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {4EE7A346-5845-471e-9FAB-002EAF83F8B0} => C:\Program Files\Webroot\Security\current\plugins\sync\WebRootShellExt.dll No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {53DABC15-4F29-44ad-B09A-E0D0F9A3D075} => C:\Program Files\Webroot\Security\current\plugins\sync\WebRootShellExt.dll No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {493FC96E-B938-4924-9B38-C4088E9B8AC2} => C:\Program Files\Webroot\Security\current\plugins\sync\WebRootShellExt.dll No File
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk [2006-12-12]
ShortcutTarget: Compaq Connections.lnk -> C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe (Hewlett-Packard)
Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk [2005-08-17]
ShortcutTarget: Pin.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
GroupPolicyScripts: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{55512C5C-6A38-463A-AFEF-B67E67905F95}: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{80443072-5384-4D29-A197-604ECE8884D8}: [DhcpNameServer] 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://att.yahoo.com/
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
URLSearchHook: HKU\S-1-5-21-3838367069-130207366-2897235942-1008 - att.net Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
URLSearchHook: HKU\S-1-5-21-3838367069-130207366-2897235942-1008 - (No Name) - {03402f96-3dc7-4285-bc50-9e81fefafe43} - No File
SearchScopes: HKLM -> {976A15CC-7485-4291-97B6-12BF0F2E3931} URL = hxxp://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
SearchScopes: HKU\.DEFAULT -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\.DEFAULT -> {976A15CC-7485-4291-97B6-12BF0F2E3931} URL =
SearchScopes: HKU\S-1-5-21-3838367069-130207366-2897235942-1008 -> DefaultScope {D408E06E-2526-4CE7-ADE6-A0EE2300E7FA} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B014US679D20150504&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3838367069-130207366-2897235942-1008 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://supertoolbar.ask.com/redirect?client=ie&tb=WBR&o=&src=crm&q={searchTerms}&locale={locale.underscore}
SearchScopes: HKU\S-1-5-21-3838367069-130207366-2897235942-1008 -> {4A87269F-AE6C-4E28-B98A-85E27F02D05B} URL = hxxp://www.flickr.com/search/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3838367069-130207366-2897235942-1008 -> {52DB8470-04A4-41EC-9E4F-EF3E4AF4521D} URL = hxxp://delicious.com/search?p={searchTerms}
SearchScopes: HKU\S-1-5-21-3838367069-130207366-2897235942-1008 -> {976A15CC-7485-4291-97B6-12BF0F2E3931} URL =
SearchScopes: HKU\S-1-5-21-3838367069-130207366-2897235942-1008 -> {a64b497e-e5b4-4e8e-9b86-12d6bc33d53c} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us
SearchScopes: HKU\S-1-5-21-3838367069-130207366-2897235942-1008 -> {A7935409-BC37-42AA-A105-6D0A942CB9F1} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ie8
SearchScopes: HKU\S-1-5-21-3838367069-130207366-2897235942-1008 -> {B6B91A22-0F20-4C22-B213-341CBC0632CD} URL = hxxp://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
SearchScopes: HKU\S-1-5-21-3838367069-130207366-2897235942-1008 -> {C2BF02AC-9F26-47A0-BADC-5A89A997F5AF} URL = hxxp://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
SearchScopes: HKU\S-1-5-21-3838367069-130207366-2897235942-1008 -> {D339FEA9-7C72-4D8B-8230-809CB2D872D8} URL = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3838367069-130207366-2897235942-1008 -> {D408E06E-2526-4CE7-ADE6-A0EE2300E7FA} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B014US679D20150504&p={searchTerms}
BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2010-06-01] (Yahoo! Inc.)
BHO: AT&T Toolbar -> {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} -> No File
BHO: EWPBrowseObject Class -> {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} -> C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-04-18] ()
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-10-19] (Oracle Corporation)
BHO: hpWebHelper Class -> {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} -> C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll [2008-11-11] (Hewlett-Packard)
BHO: Ask.com Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> No File
BHO: WebrootBHO Class -> {D93EC24D-8741-4D41-B83D-A5793B998416} -> C:\Program Files\Webroot\Security\current\plugins\browserextension\WebrootBHO.dll => No File
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-19] (Oracle Corporation)
BHO: Webroot Browser Helper Object -> {e08861fe-8847-4b2a-8ec2-08edb20e4020} -> C:\Program Files\Webroot\Security\install\products\WISE\toolbar\LPBar.dll => No File
BHO: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2010-06-01] (Yahoo! Inc)
Toolbar: HKLM - Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006-04-18] ()
Toolbar: HKLM - AT&T Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - No File
Toolbar: HKLM - Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKLM - att.net Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2010-06-01] (Yahoo! Inc.)
Toolbar: HKLM - Webroot Toolbar - {d84a64a0-f2b2-4975-b264-3a3bce8d57d6} - C:\Program Files\Webroot\Security\install\products\WISE\toolbar\LPBar.dll No File
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-3838367069-130207366-2897235942-1008 -> att.net Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2010-06-01] (Yahoo! Inc.)
Toolbar: HKU\S-1-5-21-3838367069-130207366-2897235942-1008 -> AT&T Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - No File
Toolbar: HKU\S-1-5-21-3838367069-130207366-2897235942-1008 -> Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\S-1-5-21-3838367069-130207366-2897235942-1008 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-02] [not signed]
FF HKLM\...\Firefox\Extensions: [{3DF533F5-FB3C-4c4c-A1D7-99717F8C3038}] - C:\Program Files\Webroot\Security\current\plugins\browserextension\ff_ptc => not found
FF HKU\.DEFAULT\...\Firefox\Extensions: [{3DF533F5-FB3C-4c4c-A1D7-99717F8C3038}] - C:\Program Files\Webroot\Security\current\plugins\browserextension\ff_ptc => not found
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1215155.dll [2014-12-02] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-19] (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2009-06-20] (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll [2011-08-30] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\Common Files\Motive\npMotive.dll [2009-01-07] (Motive, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: @viewpoint.com/VMP -> C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll [2004-02-20] ()
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Plugin: (Widevine Content Decryption Module) - C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\User Data\WidevineCDM\1.4.8.903\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\22.0.0.209\pepflashplayer.dll ()
CHR Profile: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default [2016-12-03]
CHR Extension: (Google Drive) - C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-18]
CHR Extension: (YouTube) - C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-18]
CHR Extension: (Search Manager) - C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hpakgmokehmecofodopaddfhdblmjnod [2016-10-26]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR Extension: (Gmail) - C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-18]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 CouponPrinterService; C:\Program Files\Coupons\CouponPrinterService.exe [1051240 2015-09-18] (Coupons.com Inc.)
S3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2008-03-25] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe [142072 2015-10-18] (Panda Security, S.L.)
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PandaAgent; C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe [73176 2016-02-22] (Panda Security, S.L.) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PSUAService; C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-10-22] (Panda Security, S.L.)
S2 mfecore; "C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [36352 2005-03-09] (Advanced Micro Devices)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 gfiark; C:\WINDOWS\System32\drivers\gfiark.sys [43368 2013-05-23] (ThreatTrack Security)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2007-03-07] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2007-03-07] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2007-03-07] (HP)
R3 HSX_DP; C:\WINDOWS\System32\DRIVERS\HSX_DP.sys [936448 2005-12-06] (Conexant Systems, Inc.)
S3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [350240 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [81296 2014-08-20] (McAfee, Inc.)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2009-10-22] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMPR5; C:\Program Files\Common Files\Motive\MREMPR5.sys [19345 2004-11-22] (Motive, Inc.) [File not signed]
S3 MRENDIS5; C:\Program Files\Common Files\Motive\MRENDIS5.sys [18003 2004-11-22] (Motive, Inc.) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2009-10-22] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R1 NNSALPC; C:\WINDOWS\System32\DRIVERS\NNSAlpc.sys [87032 2015-07-09] (Panda Security, S.L.)
R1 NNSHTTP; C:\WINDOWS\System32\DRIVERS\NNSHttp.sys [202104 2015-07-09] (Panda Security, S.L.)
R1 NNSHTTPS; C:\WINDOWS\System32\DRIVERS\NNSHttps.sys [109688 2015-07-09] (Panda Security, S.L.)
R1 NNSIDS; C:\WINDOWS\System32\DRIVERS\NNSIds.sys [121720 2015-07-09] (Panda Security, S.L.)
R3 NNSNAHS; C:\WINDOWS\System32\DRIVERS\NNSNAHS.sys [55216 2015-05-20] (Panda Security, S.L.)
R1 NNSPICC; C:\WINDOWS\System32\DRIVERS\NNSPicc.sys [102264 2015-07-09] (Panda Security, S.L.)
R1 NNSPIHS; C:\WINDOWS\System32\DRIVERS\NNSPihs.sys [52088 2015-07-09] (Panda Security, S.L.)
R1 NNSPOP3; C:\WINDOWS\System32\DRIVERS\NNSPop3.sys [120568 2015-07-09] (Panda Security, S.L.)
R1 NNSPROT; C:\WINDOWS\System32\DRIVERS\NNSProt.sys [281720 2015-07-09] (Panda Security, S.L.)
R1 NNSPRV; C:\WINDOWS\System32\DRIVERS\NNSPrv.sys [209016 2015-07-09] (Panda Security, S.L.)
R1 NNSSMTP; C:\WINDOWS\System32\DRIVERS\NNSSmtp.sys [108408 2015-07-09] (Panda Security, S.L.)
R1 NNSSTRM; C:\WINDOWS\System32\DRIVERS\NNSStrm.sys [240376 2015-07-09] (Panda Security, S.L.)
R1 NNSTLSC; C:\WINDOWS\System32\DRIVERS\NNSTlsc.sys [94968 2015-07-09] (Panda Security, S.L.)
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [34176 2006-03-03] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [13056 2006-03-03] (NVIDIA Corporation)
R2 PSINAflt; C:\WINDOWS\System32\DRIVERS\PSINAflt.sys [140792 2015-07-19] (Panda Security, S.L.)
R2 PSINFile; C:\WINDOWS\System32\DRIVERS\PSINFile.sys [103288 2015-07-19] (Panda Security, S.L.)
R1 PSINKNC; C:\WINDOWS\System32\DRIVERS\psinknc.sys [172792 2015-07-19] (Panda Security, S.L.)
R2 PSINProc; C:\WINDOWS\System32\DRIVERS\PSINProc.sys [114680 2015-07-19] (Panda Security, S.L.)
R2 PSINProt; C:\WINDOWS\System32\DRIVERS\PSINProt.sys [125176 2015-07-19] (Panda Security, S.L.)
R2 PSINReg; C:\WINDOWS\System32\DRIVERS\PSINReg.sys [100600 2015-07-19] (Panda Security, S.L.)
R3 PSKMAD; C:\WINDOWS\System32\DRIVERS\PSKMAD.sys [50832 2015-05-22] (Panda Security, S.L.)
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
S3 SWDUMon; C:\WINDOWS\System32\DRIVERS\SWDUMon.sys [13368 2015-07-03] (SlimWare Utilities, Inc.)
R3 winachsx; C:\WINDOWS\System32\DRIVERS\HSX_CNXT.sys [670208 2005-12-06] (Conexant Systems, Inc.)
S3 EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys [X]
S0 ftsata2; system32\DRIVERS\ftsata2.sys [X]
S2 HIDKbFlt; system32\DRIVERS\HIDKbFlt.sys [X]
S3 IPFilter; system32\DRIVERS\IPFilter.sys [X]
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
S0 Lbd; system32\DRIVERS\Lbd.sys [X]
S3 LVUSBSta; system32\DRIVERS\LVUSBSta.sys [X]
U0 mfewfpk; no ImagePath
S1 MpKsl18c2b999; \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{31533E68-2D77-4808-8C70-BD325C022755}\MpKsl18c2b999.sys [X]
S1 MpKsl38e53981; \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{31533E68-2D77-4808-8C70-BD325C022755}\MpKsl38e53981.sys [X]
S3 PCD5SRVC{8A863ACB-F5F6CC6A-05010004}; \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms [X]
S3 PID_0928; system32\DRIVERS\LV561AV.SYS [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 wanatw; system32\DRIVERS\wanatw4.sys [X]
U1 WS2IFSL; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-03 16:55 - 2016-12-03 16:55 - 00000408 _____ C:\Documents and Settings\Compaq_Owner\Desktop\Addition.txt
2016-12-03 16:54 - 2016-12-03 16:57 - 00031805 _____ C:\Documents and Settings\Compaq_Owner\Desktop\FRST.txt
2016-12-03 16:52 - 2016-12-03 16:54 - 00000000 ___DC C:\FRST
2016-12-03 16:44 - 2016-12-03 16:44 - 01761280 _____ (Farbar) C:\Documents and Settings\Compaq_Owner\Desktop\FRST.exe
2016-11-29 01:48 - 2015-05-22 03:45 - 00050832 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\PSKMAD.sys
2016-11-24 08:25 - 2016-11-24 08:25 - 00000572 ____C C:\Documents and Settings\Compaq_Owner\My Documents\spider.sav
2016-11-22 13:19 - 2016-11-22 13:19 - 00000000 ___DC C:\738327a8a4104a01908359bc
2016-11-22 13:13 - 2016-12-03 12:52 - 00000382 ___HC C:\WINDOWS\Tasks\{8B289E16-5365-4504-88F2-B8BFE4F1ACD5}.job
2016-11-10 20:25 - 2016-11-10 20:25 - 00097784 ____C C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2016-11-10 18:34 - 2016-11-10 18:34 - 00000000 ___DC C:\quardata
2016-11-10 17:51 - 2016-11-10 20:25 - 00000000 ____D C:\Program Files\ScanGuard
2016-11-10 17:50 - 2016-11-10 19:05 - 00000000 ___DC C:\Documents and Settings\All Users\Application Data\Package Cache
2016-11-09 04:10 - 2016-11-09 04:10 - 00000000 ___DC C:\46d630d215e65e87ea7c4350242f53
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-03 16:57 - 2012-09-19 17:38 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Local Settings\Temp
2016-12-03 16:22 - 2016-07-08 21:29 - 00000830 ____C C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-12-03 16:16 - 2016-02-05 20:51 - 00000886 ____C C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-12-03 16:16 - 2016-02-05 20:51 - 00000882 ____C C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-12-03 16:08 - 2016-07-01 00:56 - 00000892 ____C C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-12-03 16:08 - 2005-12-06 13:06 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-12-03 13:54 - 2005-12-05 14:31 - 00000281 __SHC C:\boot.ini
2016-12-03 13:54 - 2005-12-05 01:50 - 00000611 ____C C:\WINDOWS\win.ini
2016-12-03 13:54 - 2005-12-04 17:44 - 00000227 ____C C:\WINDOWS\system.ini
2016-12-03 13:03 - 2006-09-04 17:17 - 00004580 ____C C:\WINDOWS\ModemLog_Data Fax SoftModem with SmartCP.txt
2016-12-03 13:02 - 2006-09-04 17:14 - 00043531 ____C C:\WINDOWS\system32\nvapps.xml
2016-12-03 13:02 - 2005-12-05 02:05 - 00000006 ___HC C:\WINDOWS\Tasks\SA.DAT
2016-12-03 12:54 - 2015-11-05 15:11 - 09633792 _____ C:\WINDOWS\system32\config\Nano.evt
2016-12-03 12:52 - 2016-07-22 01:31 - 00000382 ___HC C:\WINDOWS\Tasks\{3F74DB38-E453-4FFA-BFF7-29B91233625E}.job
2016-12-03 05:56 - 2005-12-05 02:05 - 00032408 _____ C:\WINDOWS\SchedLgU.Txt
2016-12-03 05:55 - 2006-12-12 13:00 - 00000178 __SHC C:\Documents and Settings\Compaq_Owner\ntuser.ini
2016-12-02 20:17 - 2009-08-30 20:33 - 00000436 ___HC C:\WINDOWS\Tasks\User_Feed_Synchronization-{211B5687-97DC-44B5-B985-C88EF0E30031}.job
2016-11-30 22:03 - 2005-12-06 12:23 - 00000000 ____D C:\WINDOWS\Help
2016-11-26 18:45 - 2006-09-04 12:27 - 00000000 _RSHD C:\WINDOWS\system32\dllcache
2016-11-24 23:02 - 2014-08-15 15:23 - 00000000 ____D C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Adobe
2016-11-24 23:01 - 2012-04-10 11:16 - 00796352 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-11-24 23:01 - 2011-05-15 07:48 - 00142528 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-11-24 08:25 - 2006-12-12 13:00 - 00000000 ___RD C:\Documents and Settings\Compaq_Owner\My Documents
2016-11-09 04:07 - 2005-12-05 01:53 - 00001158 ____C C:\WINDOWS\system32\wpa.dbl
2016-11-09 04:05 - 2006-12-12 13:00 - 00000000 ____D C:\Documents and Settings\Compaq_Owner
2016-11-09 04:05 - 2006-09-04 16:50 - 00000000 __SHD C:\Documents and Settings\NetworkService
2016-11-09 04:05 - 2006-09-04 16:50 - 00000000 __SHD C:\Documents and Settings\LocalService
2016-11-09 04:05 - 2005-12-06 12:49 - 00000000 ____D C:\WINDOWS\Registration
2016-11-08 15:00 - 2014-03-24 21:24 - 00000230 ____C C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2016-11-06 09:55 - 2005-12-05 01:55 - 00644300 ____C C:\WINDOWS\system32\PerfStringBackup.INI
==================== Files in the root of some directories =======
2007-08-23 12:55 - 2007-08-23 12:59 - 4907008 ____C () C:\Program Files\BellSouthMessengerSetup44.exe
2007-08-23 12:44 - 2007-08-23 12:44 - 0066269 ____C () C:\Program Files\INSTALL.LOG
2012-12-13 12:56 - 2013-12-11 18:23 - 10395072 ____C (Webroot Software, Inc.) C:\Program Files\Common Files\wruninstall.exe
2015-06-19 18:10 - 2015-06-19 18:10 - 0000053 ____C () C:\Documents and Settings\Compaq_Owner\Application Data\LogFile.txt
2008-03-04 07:28 - 2008-03-04 07:40 - 0004120 ____C () C:\Documents and Settings\Compaq_Owner\Application Data\update.log
2014-06-05 17:41 - 2015-05-05 23:31 - 0000348 ____C () C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
2008-07-20 21:13 - 2009-08-06 08:59 - 0008192 ____C () C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-05-01 13:37 - 2010-05-01 13:37 - 0000135 ____C () C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\fusioncache.dat
2015-01-03 21:11 - 2015-01-03 21:11 - 0000000 ____C () C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\{77AFBE2C-EC14-4175-B09B-18F917EB3490}
2006-09-04 17:18 - 2012-03-10 14:44 - 0007330 ____C () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
Files to move or delete:
====================
C:\Documents and Settings\Compaq_Owner\jagex_runescape_preferences.dat
C:\Documents and Settings\Compaq_Owner\jagex_runescape_preferences2.dat
C:\Windows\Tasks\{3F74DB38-E453-4FFA-BFF7-29B91233625E}.job
C:\Windows\Tasks\{8B289E16-5365-4504-88F2-B8BFE4F1ACD5}.job
Some files in TEMP:
====================
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\IadHide5.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-12-2016
Ran by Compaq_Owner (03-12-2016 16:58:09)
Running from C:\Documents and Settings\Compaq_Owner\Desktop
Microsoft Windows XP Home Edition Service Pack 3 (X86) (2006-12-12 18:00:19)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3838367069-130207366-2897235942-500 - Administrator - Enabled)
ASPNET (S-1-5-21-3838367069-130207366-2897235942-1009 - Limited - Enabled)
Compaq_Owner (S-1-5-21-3838367069-130207366-2897235942-1008 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Compaq_Owner
Guest (S-1-5-21-3838367069-130207366-2897235942-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-3838367069-130207366-2897235942-1007 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-3838367069-130207366-2897235942-1002 - Limited - Disabled)
SUPPORT_fddfa904 (S-1-5-21-3838367069-130207366-2897235942-1006 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: PC Cleaners (Disabled - Up to date) {737A8864-C2D9-4337-B49A-B5E35815B9BB}
AV: Panda Free Antivirus (Enabled - Up to date) {5AD27692-540A-464E-B625-78275FA38393}
FW: Norton Internet Worm Protection (Disabled) {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: Panda Firewall (Disabled) {1337562C-110A-4AF8-B12B-750C0B30E802}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.1.0.0 - Adobe Systems Incorporated)
Acrobat.com (Version: 2.1.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe Flash Player 23 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Adobe Flash Player 23 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Reader 9.5.4 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.4 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.5.155 - Adobe Systems, Inc.)
ArcSoft PhotoStudio 5.5 (HKLM\...\{85309D89-7BE9-4094-BB17-24999C6118FC}) (Version: - ArcSoft)
AT&T Toolbar (HKLM\...\blstoolbar) (Version: - )
AT&T Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
att.net Toolbar (HKLM\...\Yahoo! Companion) (Version: - )
ATT-PRT22 (HKLM\...\ATT-PRT22) (Version: - )
BellSouth Application Management (HKLM\...\BellSouth Application Management) (Version: - )
BufferChm (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Canon MP600 User Registration (HKLM\...\Canon MP600 User Registration) (Version: - )
Compaq Connections (remove only) (HKLM\...\HPOOVClient-5577497 Uninstaller) (Version: - )
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.1.8) (Version: 5.0.1.8 - Coupons.com Incorporated)
Customer Experience Enhancement (HKLM\...\InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}) (Version: Customer Experience Enhancement -1.0.0.1680 - Hewlett-Packard)
Customer Experience Enhancement (Version: Customer Experience Enhancement -1.0.0.1680 - Hewlett-Packard) Hidden
Data Fax SoftModem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1) (Version: - )
Download Updater (AOL LLC) (HKLM\...\SoftwareUpdUtility) (Version: - ) <==== ATTENTION
Easy Internet Sign-up (HKLM\...\InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}) (Version: FE UI-4.1.0.1680 - Hewlett-Packard)
Easy Internet Sign-up (Version: FE UI-4.1.0.1680 - Hewlett-Packard) Hidden
Easy-WebPrint (HKLM\...\Easy-WebPrint) (Version: - )
Enhanced Multimedia Keyboard Solution (HKLM\...\KBD) (Version: - )
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - )
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
F4100_doccd (Version: 90.0.200.000 - Hewlett-Packard) Hidden
FastAccess® DSL Help Center 4.1 (HKLM\...\BellsouthHelpCenter4.0b_is1) (Version: 4.1.19 - ATT)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Boot Optimizer (HKLM\...\{1341D838-719C-4A05-B50F-49420CA1B4BB}) (Version: 3.0.0 - Hewlett-Packard)
HP Deskjet 2050 J510 series Basic Device Software (HKLM\...\{5033F411-4848-49D6-BAC2-DAA06AFA0AFC}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Deskjet 2050 J510 series Help (HKLM\...\{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}) (Version: 140.0.61.61 - Hewlett Packard)
HP Deskjet 2050 J510 series Product Improvement Study (HKLM\...\{9C344D4A-69B8-430E-B463-BAA1A83D7F68}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.3341 - HP Photo Creations Powered by RocketLife)
HP Product Detection (HKLM\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Solution Center 9.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 9.0 - HP)
HP Support Overview (HKLM\...\{D7DBA21A-CDE5-42EC-BB1C-AE4B3E616B9A}_is1) (Version: 1.0.0 - Hewlett-Packard Company)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Web Helper (HKLM\...\{DAAD5187-62C5-4AD6-A526-803C18C4944D}) (Version: - )
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPPhotoSmartExpress (Version: 70.0.170.000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 90.0.146.000 - Hewlett-Packard) Hidden
HpSdpAppCoreApp (Version: 3.00.0000 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}) (Version: 2.2.0.0000 - Hewlett Packard Development Company L.P.)
InstantShareAlert (Version: 1.00.0000 - HP) Hidden
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )
Java 8 Update 111 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60831.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Works (HKLM\...\{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}) (Version: 08.04.0623 - Microsoft Corporation)
Move Networks Media Player for Internet Explorer (HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\Move Networks Player - IE) (Version: - )
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 and SOAP Toolkit 3.0 (Version: 1.0.0.0 - Webroot Software, Inc.) Hidden
MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
Panda Devices Agent (Version: 1.03.07 - Panda Security) Hidden
Panda Devices Agent (Version: 1.06.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM\...\Panda Universal Agent Endpoint) (Version: 16.0.2 - Panda Security)
Panda Free Antivirus (Version: 8.04.00.0000 - Panda Security) Hidden
QuickTime (HKLM\...\QuickTime) (Version: - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.7040 - Realtek Semiconductor Corp.)
SolutionCenter (Version: 90.0.146.000 - Hewlett-Packard) Hidden
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Unload (Version: 7.0.0 - Hewlett-Packard) Hidden
UnloadSupport (Version: 9.0.0 - Hewlett-Packard) Hidden
Viewpoint Media Player (HKLM\...\ViewpointMediaPlayer) (Version: - )
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WildTangent Web Driver (HKLM\...\WildTangent CDA) (Version: - )
Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (09/13/2013 5.10.0.7040) (HKLM\...\8AF9FB9D51A08D283F2D63ECDE71641C23C42A78) (Version: 09/13/2013 5.10.0.7040 - Realtek Semiconductor Corp.)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format Runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 10 (HKLM\...\Windows Media Player) (Version: - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
XML Paper Specification Shared Components Pack 1.0 (Version: - Microsoft Corporation) Hidden
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version: - )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job =>
Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_23_0_0_207_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{211B5687-97DC-44B5-B985-C88EF0E30031}.job => C:\WINDOWS\system32\msfeedssync.exe
Task: C:\WINDOWS\Tasks\{3F74DB38-E453-4FFA-BFF7-29B91233625E}.job => C:\Program Files\Panda Security\Panda Security Protection\JobLauncher.exe
Task: C:\WINDOWS\Tasks\{8B289E16-5365-4504-88F2-B8BFE4F1ACD5}.job => C:\Program Files\Panda Security\Panda Security Protection\JobLauncher.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Documents and Settings\Compaq_Owner\Desktop\tool for comp\HP Extended Service Plans.lnk -> C:\hp\VINETLINK\VINETLINK.exe () -> "www.hp.com/go/dticonesp"
==================== Loaded Modules (Whitelisted) ==============
2013-04-12 12:23 - 2013-04-12 12:23 - 00612664 _____ () C:\Program Files\Panda Security\Panda Security Protection\SQLite3.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4 [268]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:258F3E77 [260]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:B95CF7DA [118]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:C46995DA [120]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:CFE0B346 [228]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\facebook -> facebook
IE trusted site: HKU\S-1-5-21-3838367069-130207366-2897235942-1008\...\google%20chrome -> google%20chrome
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2004-08-04 06:00 - 2012-01-16 21:10 - 00000734 ___AC C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3838367069-130207366-2897235942-1008\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 209.18.47.62 - 209.18.47.61
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\startupreg: AROReminder => C:\Program Files\ARO 2011\ARO.exe -rem
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
DomainProfile\AuthorizedApplications: [C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe] => Enabled:Compaq Connections
StandardProfile\AuthorizedApplications: [C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe] => Enabled:Compaq Connections
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe] => Enabled:Nexon Game Manager
StandardProfile\AuthorizedApplications: [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe] => Enabled:Yahoo! Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\Internet Explorer\iexplore.exe] => Enabled:Internet Explorer
StandardProfile\AuthorizedApplications: [C:\Program Files\Messenger\msmsgs.exe] => Enabled:Windows Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\USBSetup.exe] => :LocalSubNet:Enabled:HP Device Setup
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2012\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\sessmgr.exe] => Disabled:@xpsp2res.dll,-22019
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002
==================== Restore Points =========================
10-11-2016 00:04:20 Software Distribution Service 3.0
10-11-2016 17:50:57 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
11-11-2016 00:00:38 Software Distribution Service 3.0
12-11-2016 02:05:14 Software Distribution Service 3.0
13-11-2016 00:00:42 Software Distribution Service 3.0
14-11-2016 12:54:15 System Checkpoint
15-11-2016 14:48:54 System Checkpoint
16-11-2016 00:51:09 Software Distribution Service 3.0
17-11-2016 12:23:52 System Checkpoint
18-11-2016 12:54:17 System Checkpoint
19-11-2016 13:48:50 System Checkpoint
20-11-2016 03:00:21 Software Distribution Service 3.0
21-11-2016 01:05:44 Software Distribution Service 3.0
22-11-2016 02:34:43 System Checkpoint
22-11-2016 06:14:35 Software Distribution Service 3.0
22-11-2016 13:17:38 Software Distribution Service 3.0
22-11-2016 13:23:11 Software Distribution Service 3.0
23-11-2016 14:02:09 System Checkpoint
24-11-2016 14:21:33 System Checkpoint
25-11-2016 14:30:07 System Checkpoint
26-11-2016 14:44:26 System Checkpoint
26-11-2016 23:41:09 Software Distribution Service 3.0
27-11-2016 04:02:38 Software Distribution Service 3.0
28-11-2016 04:20:31 System Checkpoint
29-11-2016 05:06:16 System Checkpoint
29-11-2016 06:15:29 Software Distribution Service 3.0
30-11-2016 18:47:08 System Checkpoint
02-12-2016 01:24:49 System Checkpoint
03-12-2016 02:37:21 System Checkpoint
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (12/03/2016 04:55:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application frst.exe, version 2.12.2016.0, faulting module frst.exe, version 2.12.2016.0, fault address 0x000211de.
Processing media-specific event for [frst.exe!ws!]
Error: (11/30/2016 11:02:28 PM) (Source: Application Error) (EventID: 1001) (User: )
Description: Fault bucket 354618321.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.
Error: (11/30/2016 11:02:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application psuamain.exe, version 4.0.0.646, faulting module ndkapi.dll, version 4.0.0.570, fault address 0x000711e9.
Processing media-specific event for [psuamain.exe!ws!]
Error: (11/29/2016 06:27:23 AM) (Source: HotFixInstaller) (EventID: 5000) (User: )
Description: EventType visualstudio8setup, P1 microsoft .net framework 3.5-kb958484, P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.31211.0, P7 install, P8 x86, P9 xp, P10 0.
Error: (11/29/2016 01:20:43 AM) (Source: Application Error) (EventID: 1001) (User: )
Description: Fault bucket 337106215.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.
Error: (11/29/2016 01:19:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application psuamain.exe, version 4.0.0.646, faulting module ndkapi.license.dll, version 4.0.0.556, fault address 0x00006f8a.
Processing media-specific event for [psuamain.exe!ws!]
Error: (11/28/2016 04:27:59 PM) (Source: Application Error) (EventID: 1001) (User: )
Description: Fault bucket 1204182323.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.
Error: (11/28/2016 04:17:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application PSProfiler.exe, version 4.0.0.39, faulting module NdkApi.License.dll, version 4.0.0.556, fault address 0x00006f8a.
Processing media-specific event for [PSProfiler.exe!ws!]
Error: (11/28/2016 02:11:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application psuamain.exe, version 4.0.0.646, faulting module ndkapi.license.dll, version 4.0.0.556, fault address 0x00006f8a.
Processing media-specific event for [psuamain.exe!ws!]
Error: (11/27/2016 04:12:15 AM) (Source: HotFixInstaller) (EventID: 5000) (User: )
Description: EventType visualstudio8setup, P1 microsoft .net framework 3.5-kb958484, P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.31211.0, P7 install, P8 x86, P9 xp, P10 0.
System errors:
=============
Error: (12/03/2016 01:03:49 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ftsata2
Lbd
Error: (12/03/2016 01:03:33 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The McAfee Anti-Malware Core service depends on the following nonexistent service: mfevtp
Error: (12/03/2016 01:03:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HIDKbFlt.SvcDesc% service failed to start due to the following error:
The system cannot find the file specified.
Error: (12/03/2016 12:55:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The IMAPI CD-Burning COM Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (12/03/2016 12:55:58 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
Error: (12/03/2016 12:54:04 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ftsata2
Lbd
Error: (12/03/2016 12:53:43 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The McAfee Anti-Malware Core service depends on the following nonexistent service: mfevtp
Error: (12/03/2016 12:53:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HIDKbFlt.SvcDesc% service failed to start due to the following error:
The system cannot find the file specified.
Error: (12/02/2016 09:53:10 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ftsata2
Lbd
Error: (12/02/2016 09:52:57 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The McAfee Anti-Malware Core service depends on the following nonexistent service: mfevtp
==================== Memory info ===========================
Processor: AMD Sempron Processor 3400+
Percentage of memory in use: 80%
Total physical RAM: 446.48 MB
Available physical RAM: 87.67 MB
Total Virtual: 1281.67 MB
Available Virtual: 827.01 MB
==================== Drives ================================
Drive c: (PRESARIO) (Fixed) (Total:104.46 GB) (Free:87.8 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: (PRESARIO_RP) (Fixed) (Total:7.3 GB) (Free:0.52 GB) FAT32 ==>[drive with boot components (Windows XP)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 111.8 GB) (Disk ID: CAB10BEE)
Partition 1: (Active) - (Size=104.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=7.3 GB) - (Type=0C)
==================== End of Addition.txt ============================