Sorry, fell asleep while the Panda scan was running. FRST logs pasted below.
Results of the Panda Cloud Cleaner scan were nearly identical to what it found back on May 24th--Malware:System Hijack, with no additional information, and this Suspicious Policy
Key: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED
Value: HIDEFILEEXT
Didn't let Panda clean it up this time around.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-05-2017
Ran by dave (administrator) on BADDABING (08-06-2017 06:51:38)
Running from C:\Documents and Settings\dave\My Documents\Downloads
Loaded Profiles: steveo & dean & dave (Available Profiles: steveo & dean & dave)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() C:\Program Files\Panda Security\Panda Cloud Cleaner\PCloudCleaner.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [2650576 2017-05-12] (Malwarebytes Corporation)
HKLM\...\Run: [BCMSMMSG] => C:\WINDOWS\BCMSMMSG.exe [122880 2003-08-29] (Broadcom Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-17] (Adobe Systems Incorporated)
HKLM\...\Run: [MSConfig] => C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE [169984 2008-04-13] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll [2005-10-19] (Intel Corporation)
Winlogon\Notify\NavLogon:
HKU\S-1-5-19\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-57989841-179605362-1644491937-1003\...\Run: [Google Update] => C:\Documents and Settings\steveo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [107912 2015-01-10] (Google Inc.)
HKU\S-1-5-21-57989841-179605362-1644491937-1003\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_23_0_0_207_pepper.exe [1224896 2016-11-13] (Adobe Systems Incorporated)
HKU\S-1-5-18\...\Policies\Explorer: [NoSetActiveDesktop] 0
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk [2016-03-06]
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (No File)
Startup: C:\Documents and Settings\steveo\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk [2010-10-09]
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864 2010-05-18] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.25
Tcpip\..\Interfaces\{2CE76E6F-8826-4E90-8653-9EFFF1ED8DA0}: [DhcpNameServer] 192.168.0.1 205.171.3.25
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-57989841-179605362-1644491937-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-57989841-179605362-1644491937-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-57989841-179605362-1644491937-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://qwest.live.com
HKU\S-1-5-21-57989841-179605362-1644491937-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-57989841-179605362-1644491937-1003\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-57989841-179605362-1644491937-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://qwest.live.com
HKU\S-1-5-21-57989841-179605362-1644491937-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://qwest.live.com
HKU\S-1-5-21-57989841-179605362-1644491937-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-57989841-179605362-1644491937-1004\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKU\S-1-5-21-57989841-179605362-1644491937-1004\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://duckduckgo.com/
hxxps://duckduckgo.com/
HKU\S-1-5-21-57989841-179605362-1644491937-1005\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-57989841-179605362-1644491937-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://qwest.live.com
SearchScopes: HKU\S-1-5-21-57989841-179605362-1644491937-1004 -> DefaultScope {A1367404-C3D9-4CCD-8676-89CA9E44E012} URL = hxxps://duckduckgo.com/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-57989841-179605362-1644491937-1004 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-57989841-179605362-1644491937-1004 -> {A1367404-C3D9-4CCD-8676-89CA9E44E012} URL = hxxps://duckduckgo.com/?q={searchTerms}
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_71-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0071-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_71-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_71-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
FireFox:
========
FF ProfilePath: C:\Documents and Settings\dave\Application Data\Mozilla\Firefox\Profiles\omdtrzrs.default [2017-06-08]
FF Extension: (Java Console) - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2016-11-04] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-08-26] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-29] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2010-07-21] ()
FF Plugin: @emusic.com/dlm-plugin -> C:\Program Files\eMusic Download Manager\plugin\npemusic.dll [2010-01-20] (eMusic.com)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-08-12] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-30] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-57989841-179605362-1644491937-1003: @emusic.com/dlm-plugin -> C:\Program Files\eMusic Download Manager\plugin\npemusic.dll [2010-01-20] (eMusic.com)
FF Plugin HKU\S-1-5-21-57989841-179605362-1644491937-1003: @talk.google.com/GoogleTalkPlugin -> C:\Documents and Settings\steveo\Application Data\Mozilla\plugins\npgoogletalk.dll [2014-06-06] (Google)
FF Plugin HKU\S-1-5-21-57989841-179605362-1644491937-1003: @talk.google.com/O1DPlugin -> C:\Documents and Settings\steveo\Application Data\Mozilla\plugins\npo1d.dll [2014-06-06] (Google)
FF Plugin HKU\S-1-5-21-57989841-179605362-1644491937-1003: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\steveo\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2015-01-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-57989841-179605362-1644491937-1003: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\steveo\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2015-01-10] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2010-07-21]
Chrome:
=======
StartMenuInternet: Google Chrome - C:\Documents and Settings\steveo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 EMET_Service; C:\Program Files\EMET 5.0\EMET_Service.exe [31880 2014-07-30] (Microsoft Corporation)
S4 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [67592 2016-03-02] (Bitdefender)
S2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [155088 2017-05-12] (Malwarebytes Corporation)
S4 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [652360 2012-01-13] (Malwarebytes Corporation)
S2 sprtlisten; C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe [1213728 2008-01-08] (SupportSoft, Inc.)
S2 sprtsvc_quickcare; C:\Program Files\Qwest\Quickcare\bin\sprtsvc.exe [206120 2010-01-16] (SupportSoft, Inc.)
S3 SupportSoft RemoteAssist; C:\Program Files\Common Files\supportsoft\bin\ssrc.exe [382320 2010-01-16] (SupportSoft, Inc.)
S2 tgsrvc_quickcare; C:\Program Files\Qwest\Quickcare\bin\tgsrvc.exe [185640 2010-01-16] (SupportSoft, Inc.)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S0 avc3; C:\WINDOWS\System32\DRIVERS\avc3.sys [633344 2013-04-17] (BitDefender)
S3 avckf; C:\WINDOWS\System32\DRIVERS\avckf.sys [486536 2013-04-17] (BitDefender)
S3 BCM42XX; C:\WINDOWS\System32\DRIVERS\bcm42xx5.sys [54271 2001-08-17] (Broadcom Corporation)
S3 BCM44X2; C:\WINDOWS\System32\DRIVERS\BCM4E5.SYS [26568 2001-08-17] (Broadcom Corporation)
S3 BCMModem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [1101696 2003-08-29] (Broadcom Corporation)
S1 bdftdif; C:\Program Files\Bitdefender\Antivirus Free Edition\bdftdif.sys [148600 2013-04-17] (Bitdefender SRL)
S1 bdselfpr; C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys [135472 2013-07-16] (BitDefender LLC)
S3 cmuda3; C:\WINDOWS\System32\drivers\cmudax3.sys [1512960 2010-02-26] (C-Media Inc)
S1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [59872 2017-05-12] ()
S1 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [164952 2013-04-22] (BitDefender LLC)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [20464 2011-12-10] (Malwarebytes Corporation) [File not signed]
S0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [355744 2013-05-28] (BitDefender S.R.L.)
U0 aswVmm; no ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S0 cerc6; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-06-08 06:34 - 2017-06-08 06:34 - 00000405 _____ C:\Documents and Settings\dave\Desktop\May24ditto.txt
2017-06-04 18:47 - 2017-06-04 18:47 - 05200384 _____ (AVAST Software) C:\Documents and Settings\dave\Desktop\aswmbr.exe
2017-06-04 18:44 - 2017-06-04 18:44 - 00000000 _____ C:\WINDOWS\system32\lic2.xml19118
2017-06-04 15:08 - 2017-06-04 15:08 - 00000000 ____D C:\Documents and Settings\dave\Start Menu\Programs\NirSoft ShellExView
2017-06-04 14:09 - 2017-06-04 14:57 - 00232734 _____ C:\TDSSKiller.3.1.0.15_04.06.2017_14.09.23_log.txt
2017-06-04 14:07 - 2017-06-04 14:07 - 04922400 _____ (AO Kaspersky Lab) C:\Documents and Settings\dave\Desktop\tdsskiller.exe
2017-05-31 11:48 - 2017-06-08 06:52 - 00000000 ____D C:\Documents and Settings\dave\Local Settings\temp
2017-05-31 11:48 - 2017-06-07 19:43 - 00000000 ____D C:\Documents and Settings\dean\Local Settings\temp
2017-05-31 11:48 - 2017-05-31 11:48 - 00011918 _____ C:\ComboFix.txt
2017-05-31 11:48 - 2017-05-31 11:48 - 00000000 ____D C:\Documents and Settings\steveo\Local Settings\temp
2017-05-31 11:48 - 2017-05-31 11:48 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2017-05-31 11:48 - 2017-05-31 11:48 - 00000000 ____D C:\Documents and Settings\Default User\Local Settings\temp
2017-05-31 11:21 - 2017-05-31 11:21 - 00000000 _____ C:\WINDOWS\system32\lic2.xml8031
2017-05-31 11:02 - 2011-06-26 01:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2017-05-31 11:02 - 2010-11-07 12:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2017-05-31 11:02 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2017-05-31 11:02 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2017-05-31 11:02 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2017-05-31 11:02 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2017-05-31 11:02 - 2000-08-30 19:00 - 00098816 _____ C:\WINDOWS\sed.exe
2017-05-31 11:02 - 2000-08-30 19:00 - 00080412 _____ C:\WINDOWS\grep.exe
2017-05-31 11:02 - 2000-08-30 19:00 - 00068096 _____ C:\WINDOWS\zip.exe
2017-05-31 10:50 - 2017-05-31 10:51 - 05659512 ____R (Swearware) C:\Documents and Settings\dave\Desktop\ComboFix.exe
2017-05-31 10:44 - 2017-05-31 10:44 - 00000000 ___RD C:\Documents and Settings\dave\My Documents\My Videos
2017-05-24 22:48 - 2017-06-04 18:55 - 00000000 ____D C:\Program Files\Farbar
2017-05-24 20:51 - 2017-06-08 06:51 - 00000000 ____D C:\FRST
2017-05-24 20:38 - 2017-05-24 20:38 - 00000633 _____ C:\Documents and Settings\dave\Desktop\Shortcut to FRST.lnk
2017-05-24 19:30 - 2017-05-24 19:32 - 00118940 _____ C:\TDSSKiller.3.1.0.15_24.05.2017_19.30.57_log.txt
2017-05-24 19:27 - 2017-05-24 19:27 - 00000364 _____ C:\TDSSKiller.3.1.0.9_24.05.2017_19.27.51_log.txt
2017-05-24 18:00 - 2017-05-24 18:00 - 00000000 ____D C:\Documents and Settings\dave\Local Settings\Application Data\ESET
2017-05-24 18:00 - 2017-05-24 18:00 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Panda Security
2017-05-24 18:00 - 2017-05-24 18:00 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Exploit
2017-05-24 17:59 - 2017-05-24 17:59 - 00000000 ____D C:\Program Files\MS Safety Scanner
2017-05-24 17:59 - 2017-05-24 17:59 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\CPUID
2017-05-24 17:59 - 2017-05-24 17:59 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus Free Edition
2017-05-24 15:21 - 2015-09-14 13:03 - 00038520 _____ C:\WINDOWS\system32\Drivers\DasPtct.SYS
2017-05-24 15:19 - 2017-05-24 15:19 - 00000935 _____ C:\Documents and Settings\All Users\Desktop\Panda Cloud Cleaner.lnk
2017-05-24 15:19 - 2017-05-24 15:19 - 00000000 ____D C:\Program Files\Panda Security
2017-05-24 13:00 - 2017-05-24 18:00 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Exploit
2017-05-24 13:00 - 2017-05-24 13:00 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes Anti-Exploit
2017-05-24 08:35 - 2017-05-24 08:35 - 00000000 ____D C:\Program Files\CPUID
2017-05-23 21:24 - 2017-05-23 21:24 - 00242504 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avchv.sys
2017-05-23 12:24 - 2017-05-23 12:24 - 00000000 ____D C:\Documents and Settings\steveo\Start Menu\Programs\Google Chrome
2017-05-22 12:03 - 2017-05-22 12:07 - 00117518 _____ C:\TDSSKiller.3.1.0.15_22.05.2017_12.03.54_log.txt
2017-05-22 11:58 - 2017-05-22 11:58 - 00000366 _____ C:\TDSSKiller.3.0.0.44_22.05.2017_11.58.19_log.txt
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-06-08 05:28 - 2016-11-08 20:30 - 02220458 _____ C:\WINDOWS\ntbtlog.txt
2017-06-07 22:06 - 2008-04-13 18:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2017-06-07 22:05 - 2010-08-22 22:42 - 00000178 ___SH C:\Documents and Settings\dave\ntuser.ini
2017-06-07 20:12 - 2010-08-21 09:32 - 00000327 __RSH C:\boot.ini
2017-06-07 20:12 - 2008-04-13 18:00 - 00000507 _____ C:\WINDOWS\win.ini
2017-06-07 20:12 - 2008-04-13 18:00 - 00000227 _____ C:\WINDOWS\system.ini
2017-06-07 19:56 - 2016-09-24 06:52 - 00277063 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-57989841-179605362-1644491937-1004-0.dat
2017-06-07 19:56 - 2016-09-19 16:45 - 00151982 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2017-06-07 19:56 - 2010-08-22 00:14 - 00000178 ___SH C:\Documents and Settings\dean\ntuser.ini
2017-06-07 19:56 - 2010-08-21 21:47 - 00032574 _____ C:\WINDOWS\SchedLgU.Txt
2017-06-07 19:56 - 2010-08-21 21:47 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-06-07 19:37 - 2010-10-18 21:03 - 00000982 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-179605362-1644491937-1003UA.job
2017-06-07 19:11 - 2016-08-11 12:33 - 00000400 _____ C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1470936737.job
2017-06-07 19:11 - 2016-08-11 12:32 - 00000000 ____D C:\Program Files\Opera
2017-06-07 18:18 - 2014-03-26 18:25 - 00000220 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2017-06-07 18:15 - 2016-08-12 22:06 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-06-07 18:15 - 2010-08-21 21:40 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-06-06 20:04 - 2010-08-22 03:20 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat
2017-06-04 15:08 - 2016-09-19 12:37 - 00000000 ____D C:\Program Files\NirSoft
2017-06-04 09:49 - 2012-03-29 22:25 - 00000000 __SHD C:\WINDOWS\CSC
2017-06-01 11:14 - 2010-08-21 21:47 - 00000000 __SHD C:\Documents and Settings\NetworkService
2017-05-31 11:48 - 2012-03-29 22:30 - 00000000 ____D C:\Qoobox
2017-05-31 11:48 - 2010-08-21 21:47 - 00000000 __SHD C:\Documents and Settings\LocalService
2017-05-31 11:48 - 2010-08-21 09:33 - 00000000 ___HD C:\Documents and Settings\Default User
2017-05-31 11:37 - 2012-03-29 22:30 - 00000000 ____D C:\WINDOWS\ERDNT
2017-05-31 11:37 - 2010-08-21 09:33 - 00262144 _____ C:\WINDOWS\system32\config\SECURITY.bak
2017-05-31 11:37 - 2010-08-21 09:33 - 00028672 _____ C:\WINDOWS\system32\config\SAM.bak
2017-05-31 11:37 - 2010-08-21 09:32 - 27394048 _____ C:\WINDOWS\system32\config\software.bak
2017-05-31 11:37 - 2010-08-21 09:32 - 06815744 _____ C:\WINDOWS\system32\config\system.bak
2017-05-31 11:37 - 2010-08-21 09:32 - 00516096 _____ C:\WINDOWS\system32\config\default.bak
2017-05-31 10:44 - 2010-08-22 22:42 - 00000000 ___RD C:\Documents and Settings\dave\My Documents
2017-05-24 19:29 - 2016-12-25 14:21 - 00000000 ____D C:\Documents and Settings\dean\My Documents\GEICO Damage Inspection Cancellation Confirmation_files
2017-05-24 19:29 - 2016-12-18 10:12 - 00000000 ____D C:\Documents and Settings\dean\My Documents\Gold Nugget Army Surplus Invoice 11876_files
2017-05-24 19:29 - 2010-08-22 00:14 - 00000000 ___RD C:\Documents and Settings\dean\My Documents\My Music
2017-05-24 17:58 - 2016-11-04 20:24 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-05-24 17:58 - 2012-05-04 23:00 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-05-24 10:37 - 2010-10-18 21:03 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-179605362-1644491937-1003Core.job
2017-05-23 19:03 - 2016-09-19 15:27 - 00000000 ____D C:\Program Files\Bitdefender
2017-05-23 12:24 - 2010-08-22 22:42 - 00000000 ____D C:\Documents and Settings\dave
2017-05-23 12:24 - 2010-08-22 00:14 - 00000000 ____D C:\Documents and Settings\dean
2017-05-23 12:24 - 2010-08-21 21:49 - 00000000 ____D C:\Documents and Settings\steveo
2017-05-23 12:24 - 2010-08-21 21:39 - 00000000 ____D C:\WINDOWS\Registration
2017-05-22 12:08 - 2010-08-21 23:33 - 00000000 ____D C:\Documents and Settings\steveo\Application Data\Adobe
2017-05-22 12:01 - 2014-05-18 22:33 - 00000000 ____D C:\Program Files\TDSSkiller
2017-05-22 10:42 - 2010-08-21 22:02 - 00000000 ____D C:\Documents and Settings\steveo\Application Data\Mozilla
2017-05-22 10:32 - 2010-08-23 18:30 - 00000000 ____D C:\Program Files\Google
2017-05-22 10:28 - 2010-08-21 22:17 - 00000000 ____D C:\Documents and Settings\steveo\Application Data\Apple Computer
==================== Files in the root of some directories =======
2016-10-05 20:25 - 2016-10-05 20:26 - 48013312 _____ () C:\Program Files\AdbeRdrUpd11017.msp
2016-09-19 14:10 - 2016-09-19 14:15 - 0196944 _____ () C:\Program Files\Antivirus_Free_Edition.exe
2016-09-19 15:11 - 2016-09-19 15:11 - 10056744 _____ () C:\Program Files\Antivirus_Free_Edition_x86.exe
2016-09-18 11:48 - 2016-09-18 11:48 - 8244656 _____ (Piriform Ltd) C:\Program Files\ccsetup522.exe
2016-09-05 13:54 - 2016-09-05 13:54 - 1718016 _____ ( ) C:\Program Files\cpu-z_1.77-en.exe
2016-09-07 16:08 - 2016-09-07 16:08 - 0473291 _____ () C:\Program Files\Everything-1.3.4.686.x86-Setup.exe
2016-09-19 09:39 - 2016-09-19 09:39 - 0146112 _____ () C:\Program Files\regscanner_setup.exe
2011-12-09 15:04 - 2011-12-09 15:07 - 0000112 _____ () C:\Documents and Settings\All Users\Application Data\0sJT3AhC.dat
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-05-2017
Ran by dave (08-06-2017 06:53:41)
Running from C:\Documents and Settings\dave\My Documents\Downloads
Microsoft Windows XP Professional Service Pack 3 (X86) (2010-08-22 02:46:34)
Boot Mode: Safe Mode (with Networking)
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-57989841-179605362-1644491937-500 - Administrator - Enabled)
ASPNET (S-1-5-21-57989841-179605362-1644491937-1006 - Limited - Enabled)
dave (S-1-5-21-57989841-179605362-1644491937-1005 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\dave
dean (S-1-5-21-57989841-179605362-1644491937-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\dean
Guest (S-1-5-21-57989841-179605362-1644491937-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-57989841-179605362-1644491937-1000 - Limited - Disabled)
steveo (S-1-5-21-57989841-179605362-1644491937-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\steveo
SUPPORT_388945a0 (S-1-5-21-57989841-179605362-1644491937-1002 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Bitdefender Antivirus Free Edition (Enabled - Up to date) {9488E0FA-F058-4673-850E-E755F112BABC}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 4.32 (HKLM\...\7-Zip) (Version: - )
Adobe Flash Player 23 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.17) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.17 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{85991ED2-010C-4930-96FA-52F43C2CE98A}) (Version: 3.1.0.62 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
BCM V.92 56K Modem (HKLM\...\BCM V.92 56K Modem) (Version: - )
Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1109 - Bitdefender)
Bonjour (HKLM\...\{0CB9668D-F979-4F31-B8B8-67FE90F929F8}) (Version: 2.0.2.0 - Apple Inc.)
Broadcom 440x 10/100 Integrated Controller (HKLM\...\InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}) (Version: 3.29 - Broadcom)
Broadcom 440x 10/100 Integrated Controller (Version: 3.29 - Broadcom) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.22 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CPUID CPU-Z 1.77 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
Diamond Xtreme Audio (HKLM\...\C-Media PCI Sound) (Version: - )
EMET 5.0 (HKLM\...\{FDDEBC40-9491-4978-8EF7-3FABA86595FB}) (Version: 5.0 - Microsoft Corporation)
eMusic Download Manager 4.1.4 (HKLM\...\eMusic Download Manager) (Version: 4.1.4 - eMusic, Inc.)
Everything 1.3.4.686 (x86) (HKLM\...\Everything) (Version: - )
Google Chrome (HKU\S-1-5-21-57989841-179605362-1644491937-1003\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Talk Plugin (HKLM\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Intel® Extreme Graphics Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: - )
iTunes (HKLM\...\{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}) (Version: 9.2.1.5 - Apple Inc.)
Java 8 Update 111 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Mahjongg Dimensions Deluxe (HKLM\...\am-mahjonggdimensionsdeluxe) (Version: - )
Malwarebytes Anti-Exploit version 1.9.1.1410 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.9.1.1410 - Malwarebytes)
Malwarebytes Anti-Malware version 1.60.1.1000 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.60.1.1000 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Mozilla Firefox 52.1.2 ESR (x86 en-US) (HKLM\...\Mozilla Firefox 52.1.2 ESR (x86 en-US)) (Version: 52.1.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.1.2.6346 - Mozilla)
Mozilla Thunderbird (3.1.20) (HKLM\...\Mozilla Thunderbird (3.1.20)) (Version: 3.1.20 (en-US) - Mozilla)
NirSoft RegScanner (HKLM\...\NirSoft RegScanner) (Version: - )
NirSoft ShellExView (HKLM\...\NirSoft ShellExView) (Version: - )
Octoshape add-in for Adobe Flash Player (HKU\S-1-5-21-57989841-179605362-1644491937-1003\...\Octoshape add-in for Adobe Flash Player) (Version: - )
OpenOffice.org 3.2 (HKLM\...\{5A13987D-55F4-4271-A40E-76AC9B1B38FD}) (Version: 3.2.9502 - OpenOffice.org)
Opera Stable 36.0.2130.80 (HKLM\...\Opera 36.0.2130.80) (Version: 36.0.2130.80 - Opera Software)
Panda Cloud Cleaner (HKLM\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.1.10 - Panda Security)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plants vs. Zombies (HKLM\...\am-plantsvszombiestm) (Version: - )
Qwest Installer (HKLM\...\{C96FF998-45BD-411E-9253-B7F2660FE280}) (Version: 1.0 - Qwest Communications International Inc.)
Qwest Personal Digital Vault™ (HKLM\...\{746FB02B-1D03-43B7-917A-E1341AB69A00}) (Version: 1.0.0002 - Qwest)
Qwest QuickAssist Desktop Tools (HKLM\...\{A63E18AC-B504-4045-AFE6-A279BBABB988}) (Version: 23 - SupportSoft)
Qwest Quickcare 2.7 (HKLM\...\QwestQuickCare_is1) (Version: 2.7.1002.1512 - Qwest)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Rhapsody (HKLM\...\Rhapsody) (Version: - )
Roads of Rome (HKLM\...\am-roadsofrome) (Version: - )
VLC media player 1.1.3 (HKLM\...\VLC media player) (Version: 1.1.3 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - Microsoft Corporation)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
HKU\S-1-5-21-57989841-179605362-1644491937-1003\...\ChromeHTML: -> C:\Documents and Settings\steveo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-57989841-179605362-1644491937-1003_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Documents and Settings\steveo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-57989841-179605362-1644491937-1003_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Documents and Settings\steveo\Local Settings\Application Data\Google\Update\1.3.21.69\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-57989841-179605362-1644491937-1003_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Documents and Settings\steveo\Local Settings\Application Data\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-57989841-179605362-1644491937-1003_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Documents and Settings\steveo\Local Settings\Application Data\Google\Update\1.2.183.39\goopdate.dll => No File
CustomCLSID: HKU\S-1-5-21-57989841-179605362-1644491937-1003_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Documents and Settings\steveo\Local Settings\Application Data\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-57989841-179605362-1644491937-1003_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Documents and Settings\steveo\Local Settings\Application Data\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-57989841-179605362-1644491937-1003_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Documents and Settings\steveo\Local Settings\Application Data\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-57989841-179605362-1644491937-1003_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Documents and Settings\steveo\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.125\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-57989841-179605362-1644491937-1003_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Documents and Settings\steveo\Local Settings\Application Data\Google\Update\1.3.21.153\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-57989841-179605362-1644491937-1003_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Documents and Settings\steveo\Local Settings\Application Data\Google\Update\1.3.24.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-57989841-179605362-1644491937-1003_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Documents and Settings\steveo\Local Settings\Application Data\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-57989841-179605362-1644491937-1003_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Documents and Settings\steveo\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-57989841-179605362-1644491937-1003_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Documents and Settings\steveo\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-57989841-179605362-1644491937-1003_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Documents and Settings\steveo\Local Settings\Application Data\Google\Update\1.3.21.115\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-57989841-179605362-1644491937-1003_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Documents and Settings\steveo\Local Settings\Application Data\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-57989841-179605362-1644491937-1003_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Documents and Settings\steveo\Local Settings\Application Data\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-57989841-179605362-1644491937-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Documents and Settings\steveo\Local Settings\Application Data\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-57989841-179605362-1644491937-1003_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Documents and Settings\steveo\Local Settings\Application Data\Google\Update\1.3.21.111\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-57989841-179605362-1644491937-1005_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Program Files\Windows Desktop Search\deskbar.dll => No File
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_23_0_0_207_pepper.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-179605362-1644491937-1003Core.job => C:\Documents and Settings\steveo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-179605362-1644491937-1003UA.job => C:\Documents and Settings\steveo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\jucheck.job => C:\Program Files\Common Files\Java\Java Update\jucheck.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1470936737.job => C:\Program Files\Opera\launcher.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2017-05-24 15:19 - 2016-09-12 11:28 - 04649488 _____ () C:\Program Files\Panda Security\Panda Cloud Cleaner\PCloudCleaner.exe
2017-05-24 15:19 - 2013-07-24 17:33 - 00930784 _____ () C:\Program Files\Panda Security\Panda Cloud Cleaner\libxml2.dll
2017-05-24 15:19 - 2015-11-17 13:46 - 00218360 _____ () C:\Program Files\Panda Security\Panda Cloud Cleaner\PRSBLib.dll
2017-05-24 15:19 - 2010-03-30 21:29 - 00279955 _____ () C:\Program Files\Panda Security\Panda Cloud Cleaner\libidn-11.dll
2017-05-24 15:19 - 2013-06-22 18:23 - 00113166 _____ () C:\Program Files\Panda Security\Panda Cloud Cleaner\zlib1.dll
2008-04-13 18:00 - 2013-01-02 01:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Program Files\Antivirus_Free_Edition.exe:SummaryInformation [43]
AlternateDataStreams: C:\Program Files\Antivirus_Free_Edition.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\WINDOWS\$NtUninstallKB26929$:SummaryInformation [0]
AlternateDataStreams: C:\Documents and Settings\dean\My Documents\K20 Truck Parts List.rtf:SummaryInformation [43]
AlternateDataStreams: C:\Documents and Settings\dean\My Documents\K20 Truck Parts List.rtf:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
e"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SupportSoft RemoteAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2012-03-29 22:52 - 2017-05-31 11:44 - 00000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-57989841-179605362-1644491937-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\steveo\Application Data\Mozilla\Firefox\Desktop Background.bmp
HKU\S-1-5-21-57989841-179605362-1644491937-1004\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-57989841-179605362-1644491937-1005\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Bliss.bmp
DNS Servers: 192.168.0.1 - 205.171.3.25
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Qwest Personal Digital Vault => "C:\Program Files\Qwest Personal Digital Vault\QwestPersonalDigitalVault.exe" /m
MSCONFIG\startupreg: QwestTouchPointAgent => "C:\Program Files\Qwest\Desktop\QwestTouchPointAgent.exe" /autostart
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
StandardProfile\AuthorizedApplications: [C:\WINDOWS\Network Diagnostic\xpnetdiag.exe] => Enabled:Network Diagnostic for Windows XP
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\steveo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe] => Enabled:WebKit
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
==================== Restore Points =========================
07-06-2017 14:28:31 System Checkpoint
==================== Faulty Device Manager Devices =============
Name: Multimedia Audio Controller
Description: Multimedia Audio Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Error: (06/07/2017 10:08:27 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
avc3
bdftdif
bdselfpr
ESProtectionDriver
Fips
gzflt
intelppm
trufos
Error: (06/07/2017 10:07:13 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Error: (06/07/2017 10:05:58 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Error: (06/07/2017 08:04:29 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Error: (06/07/2017 07:59:08 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
avc3
bdftdif
bdselfpr
ESProtectionDriver
Fips
gzflt
intelppm
trufos
Error: (06/07/2017 02:09:05 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
Access is denied.
Error: (06/07/2017 02:06:27 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Error: (06/06/2017 08:48:09 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
avc3
bdftdif
bdselfpr
ESProtectionDriver
Fips
gzflt
intelppm
trufos
Error: (06/06/2017 08:46:54 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Error: (06/06/2017 08:40:29 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
==================== Memory info ===========================
Processor: Intel® Pentium® 4 CPU 2.20GHz
Percentage of memory in use: 66%
Total physical RAM: 759 MB
Available physical RAM: 255.56 MB
Total Virtual: 1853.38 MB
Available Virtual: 1253.96 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:74.47 GB) (Free:55.51 GB) NTFS ==>[drive with boot components (Windows XP)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: 9DC96E9E)
Partition 1: (Not Active) - (Size=31 MB) - (Type=DE)
Partition 2: (Active) - (Size=74.5 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================