Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I don't know if its a virus


  • This topic is locked This topic is locked
11 replies to this topic

#1 Friscokid320

Friscokid320

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:27 PM

Posted 22 September 2014 - 07:00 PM

I have an old computer, about 8 years old and my wife uses it mainly.  She was complaining of it running real slow.  Because its XP, it is no longer supported by MS.  So, I downloaded a malware program, scanned the computer and had several viruses and malware issues.  I was able to clean up quite a bit but there is one bugger I can't find anything on it.  It eating up CPU.

 

Eisghraazniz.exe.  I did a google search and nothing.  Its filed in C:\WINDOWS\Prefetch.

 

Anyone ever heard of this?  The thing is never idle.  If something goes on top of it in the Task Manager, it shoves itself back to the top.  I have shut off the internet for fear someone is using my computer.

 

Any help would be appreciated.

 

 



BC AdBot (Login to Remove)

 


#2 Friscokid320

Friscokid320
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:27 PM

Posted 22 September 2014 - 07:05 PM

Another interesting tidbit is Google Chrome is trying to load and it is crashing.

#3 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:27 PM

Posted 22 September 2014 - 07:30 PM

Hi there,

this thing is malware for sure. But with its randomized filename it's impossible to tell what it is just from these information.
Let's have a closer look:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#4 Friscokid320

Friscokid320
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:27 PM

Posted 22 September 2014 - 07:35 PM

Another thing, this item has a IP. 206.51.231.110. Registered to hivelocity.net out of Hong Kong.

#5 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:27 PM

Posted 22 September 2014 - 07:53 PM

Ok, I think I know which malware this is. But let's wait for the FRST logs.

#6 Friscokid320

Friscokid320
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:27 PM

Posted 22 September 2014 - 07:57 PM

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-09-2014 01
Ran by Compaq_Administrator at 2014-09-22 19:49:56
Running from C:\Documents and Settings\Compaq_Administrator\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials (Disabled - Up to date) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.3.0.3670 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.3.0.3670 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.0.45.2 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader 7.0 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A70000000000}) (Version: 7.0.0 - Adobe Systems Incorporated)
AnswerWorks 5.0 English Runtime (HKLM\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
Apple Application Support (HKLM\...\{B2D328BE-45AD-4D92-96F9-2151490A203E}) (Version: 1.3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{85991ED2-010C-4930-96FA-52F43C2CE98A}) (Version: 3.1.0.62 - Apple Inc.)
Apple Software Update (HKLM\...\{C41300B9-185D-475E-BFEC-39EF732F19B1}) (Version: 2.1.2.120 - Apple Inc.)
ATI Control Panel (HKLM\...\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}) (Version: 6.14.10.5166 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.17-050813a1-029703C-HP - )
Bing Bar (HKLM\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bing Rewards Client Installer (Version: 16.0.345.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{0CB9668D-F979-4F31-B8B8-67FE90F929F8}) (Version: 2.0.2.0 - Apple Inc.)
BufferChm (Version: 60.0.155.000 - Hewlett-Packard) Hidden
Compaq Connections (remove only) (HKLM\...\HPOOVClient-5577497 Uninstaller) (Version: - )
Compaq Multimedia Keyboard Software (HKLM\...\KBD) (Version: - )
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
CP_AtenaShokunin1Config (Version: 60.0.155.000 - Hewlett-Packard) Hidden
CP_CalendarTemplates1 (Version: 60.0.155.000 - Hewlett-Packard) Hidden
cp_LightScribeConfig (Version: 60.0.155.000 - Hewlett-Packard) Hidden
cp_OnlineProjectsConfig (Version: 60.0.155.000 - Hewlett-Packard) Hidden
CP_Package_Basic1 (Version: 60.0.155.000 - Hewlett-Packard) Hidden
CP_Package_Variety1 (Version: 60.0.155.000 - Hewlett-Packard) Hidden
CP_Package_Variety2 (Version: 60.0.155.000 - Hewlett-Packard) Hidden
CP_Package_Variety3 (Version: 60.0.155.000 - Hewlett-Packard) Hidden
CP_Panorama1Config (Version: 60.0.155.000 - Hewlett-Packard) Hidden
cp_PosterPrintConfig (Version: 60.0.155.000 - Hewlett-Packard) Hidden
cp_UpdateProjectsConfig (Version: 60.0.155.000 - Hewlett-Packard) Hidden
CueTour (Version: 60.0.155.000 - Hewlett-Packard) Hidden
Customer Experience Enhancement (HKLM\...\InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}) (Version: Customer Experience Enhancement -1.0.0.1680 - Hewlett-Packard)
Customer Experience Enhancement (Version: Customer Experience Enhancement -1.0.0.1680 - Hewlett-Packard) Hidden
Data Fax SoftModem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1) (Version: - )
Destinations (Version: 60.0.155.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DISCover (HKLM\...\DISCover) (Version: 3.23 - )
Easy Internet Sign-up (HKLM\...\InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}) (Version: FE UI-4.1.0.1680 - Hewlett-Packard)
Easy Internet Sign-up (Version: FE UI-4.1.0.1680 - Hewlett-Packard) Hidden
FullDPAppQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
GemMaster Mystic (HKLM\...\12133444-BF36-4d4e-B7FB-A3424C645DE4) (Version: - )
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: - )
High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation)
HP Boot Optimizer (HKLM\...\{3BA95526-6AE0-4B87-A62D-17187EF565FC}) (Version: 2.0.5.1 - Hewlett-Packard Company)
HP DigitalMedia Archive (HKLM\...\{F80239D8-7811-4D5E-B033-0D0BBFE32920}) (Version: 2.0 - Hewlett-Packard)
HP Imaging Device Functions 6.0 (HKLM\...\HP Imaging Device Functions) (Version: 6.0 - HP)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{8EAB4100-B343-41AE-A880-418746998209}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{79ACC31A-87EA-472A-853E-5AC6A97CE569}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart Premier Software 6.0 (HKLM\...\HP Photo & Imaging) (Version: 6.0 - HP)
HP Support Overview (HKLM\...\{D7DBA21A-CDE5-42EC-BB1C-AE4B3E616B9A}_is1) (Version: 1.0.0 - Hewlett-Packard Company)
HP Update (HKLM\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
HP Web Helper (HKLM\...\{DAAD5187-62C5-4AD6-A526-803C18C4944D}) (Version: - )
HpSdpAppCoreApp (Version: 3.00.0000 - Hewlett-Packard) Hidden
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
InstantShareDevices (Version: 60.0.155.000 - Hewlett-Packard) Hidden
iTunes (HKLM\...\{7AB3A249-FB81-416B-917A-A2A10E74C503}) (Version: 9.2.0.61 - Apple Inc.)
J2SE Runtime Environment 5.0 Update 5 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150050}) (Version: 1.5.0.50 - Sun Microsystems, Inc.)
Java Auto Updater (Version: 2.0.3.1 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 24 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216024FF}) (Version: 6.0.240 - Oracle)
K-Lite Codec Pack 7.6.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 7.6.0 - )
LightScribe 1.4.62.1 (Version: 1.4.62.1 - http://www.lightscribe.com) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Marketsplash Shortcuts (HKLM\...\{16FCDD97-AE09-476B-88CD-261D852BD34C}) (Version: 1.0.1.7 - Hewlett-Packard)
Microsoft .NET Framework 1.0 Hotfix (KB2572066) (HKLM\...\KB2572066) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB2604042) (HKLM\...\KB2604042) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB2656378) (HKLM\...\KB2656378) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2698035) (HKLM\...\KB2698035) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2742607) (HKLM\...\KB2742607) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2833951) (HKLM\...\KB2833951) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2904878) (HKLM\...\KB2904878) (Version: - Microsoft Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Away Mode (HKLM\...\AwayMode160) (Version: 6.0.0160.0 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 (Version: - Microsoft Corporation) Hidden
Microsoft Money 2006 (HKLM\...\Money2006b) (Version: 15 - Microsoft)
Microsoft Office 2003 Edition 60 Days Trial Welcome Tour (HKLM\...\{A01FC76F-CC09-4658-9E37-5C2F635EE708}) (Version: 1.0.0 - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}) (Version: 08.04.0623 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 30.0 (x86 en-US) (HKLM\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB973686) (HKLM\...\{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}) (Version: 6.20.2003.0 - Microsoft Corporation)
Network Magic (HKLM\...\Network MagicUninstall) (Version: 5.5.9118.2 - Cisco Systems, Inc.)
OpenOffice.org 3.4.1 (HKLM\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
OptionalContentQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Otto (HKLM\...\B3EE3001-DC24-4cd1-8743-5692C716659F) (Version: - )
PC-Doctor 5 for Windows (HKLM\...\PC-Doctor 5 for Windows) (Version: 5.00.3311.03 - PC-Doctor, Inc.)
PDF Settings CS6 (Version: 11.0 - Adobe Systems Incorporated) Hidden
PhotoGallery (Version: 60.0.155.000 - Hewlett-Packard) Hidden
Pure Networks Platform (Version: 11.2.9117.0 - Pure Networks) Hidden
Python 2.2 pywin32 extensions (build 203) (HKLM\...\pywin32-py2.2) (Version: - )
Python 2.2.3 (HKLM\...\Python 2.2.3) (Version: 2.2.3 - PythonLabs at Zope Corporation)
Quicken 2010 (HKLM\...\{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}) (Version: 19.1.9.16 - Intuit)
RandMap (Version: 60.0.155.000 - Hewlett-Packard) Hidden
Registry Patrol (HKLM\...\Registry Patrol) (Version: - )
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.2300.0 - SAMSUNG Electronics Co., Ltd.)
Search Toolbar (HKLM\...\Search Toolbar) (Version: 1.2 - Zugo Ltd) <==== ATTENTION
ShopAtHome.com Helper (HKCU\...\ShopAtHome.com Helper) (Version: 7.10.0.5 - ShopAtHome.com) <==== ATTENTION
ShopAtHome.com Toolbar (HKCU\...\ShopAtHome.com Toolbar) (Version: 7.10.0.5 - ShopAtHome.com) <==== ATTENTION
SkinsHP1 (Version: 60.0.155.000 - Hewlett-Packard) Hidden
Sonic RecordNow Audio (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.4 - Sonic Solutions)
Sonic RecordNow Copy (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.4 - Sonic Solutions)
Sonic RecordNow Data (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.4 - Sonic Solutions)
Sonic Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Sonic Solutions)
Sonic_PrimoSDK (Version: 60.0.155.000 - Hewlett-Packard) Hidden
Unload (Version: 6.0.0 - Hewlett-Packard) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB980182) (HKLM\...\KB980182-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Media Player 10 (KB913800) (Version: - Microsoft Corporation) Hidden
Update for Windows Media Player 10 (KB926251) (Version: - Microsoft Corporation) Hidden
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676) (HKLM\...\KB2616676) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB953356) (HKLM\...\KB953356) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
Update Rollup 2 for Windows XP Media Center Edition 2005 (HKLM\...\KB900325) (Version: - Microsoft Corporation)
V1 Home 2.0 (HKLM\...\InstallShield_{E75594A0-B088-4635-B4F6-99654B5DDF96}) (Version: 2.02.43 - Interactive Frontiers)
V1 Home 2.0 (Version: 2.02.43 - Interactive Frontiers) Hidden
WebEx Support Manager for Internet Explorer (HKLM\...\{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}) (Version: 6.5.4917 - WebEx Communications Inc.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WildTangent Web Driver (HKLM\...\WildTangent CDA) (Version: - )
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Format 11 runtime (Version: - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows Media Player 11 (Version: - Microsoft Corporation) Hidden
Windows XP Media Center Edition 2005 KB2502898 (HKLM\...\KB2502898) (Version: - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2619340 (HKLM\...\KB2619340) (Version: - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2628259 (HKLM\...\KB2628259) (Version: - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB908250 (HKLM\...\KB908250) (Version: - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB973768 (HKLM\...\KB973768) (Version: - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
XML Paper Specification Shared Components Pack 1.0 (Version: - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-910680281-504878230-2222151190-1008_Classes\CLSID\{062D6B05-B83A-46DE-81AD-1750FB7C8DE5}\localserver32 -> C:\Documents and Settings\Compaq_Administrator\Application Data\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe (ShopAtHome.com)
CustomCLSID: HKU\S-1-5-21-910680281-504878230-2222151190-1008_Classes\CLSID\{08613A51-6E3E-43CC-9ECF-DD58B5837341}\localserver32 -> C:\Documents and Settings\Compaq_Administrator\Application Data\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe (ShopAtHome.com)
CustomCLSID: HKU\S-1-5-21-910680281-504878230-2222151190-1008_Classes\CLSID\{153EDC41-A2CC-4BEB-9EC8-008242389E50}\localserver32 -> C:\Documents and Settings\Compaq_Administrator\Application Data\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe (ShopAtHome.com)
CustomCLSID: HKU\S-1-5-21-910680281-504878230-2222151190-1008_Classes\CLSID\{188028B8-D91D-4BE2-BABA-68E32BDE4420}\localserver32 -> C:\Documents and Settings\Compaq_Administrator\Application Data\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe (ShopAtHome.com)
CustomCLSID: HKU\S-1-5-21-910680281-504878230-2222151190-1008_Classes\CLSID\{28E74F15-18C2-465E-B545-6CC738121C68}\localserver32 -> C:\Documents and Settings\Compaq_Administrator\Application Data\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe (ShopAtHome.com)
CustomCLSID: HKU\S-1-5-21-910680281-504878230-2222151190-1008_Classes\CLSID\{2BF6042B-B9B1-46D9-A3F8-9C987FADD4C6}\localserver32 -> C:\Documents and Settings\Compaq_Administrator\Application Data\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe (ShopAtHome.com)
CustomCLSID: HKU\S-1-5-21-910680281-504878230-2222151190-1008_Classes\CLSID\{40A222E2-93B1-45F9-9B07-0D1160A31A6C}\localserver32 -> C:\Documents and Settings\Compaq_Administrator\Application Data\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe (ShopAtHome.com)
CustomCLSID: HKU\S-1-5-21-910680281-504878230-2222151190-1008_Classes\CLSID\{6325A84C-E746-4007-A9C5-E4C1A50ED61F}\localserver32 -> C:\Documents and Settings\Compaq_Administrator\Application Data\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe (ShopAtHome.com)
CustomCLSID: HKU\S-1-5-21-910680281-504878230-2222151190-1008_Classes\CLSID\{92B0265C-B929-4D42-BA54-75AA39C99198}\localserver32 -> C:\Documents and Settings\Compaq_Administrator\Application Data\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe (ShopAtHome.com)
CustomCLSID: HKU\S-1-5-21-910680281-504878230-2222151190-1008_Classes\CLSID\{9BCA87A0-5B8F-4500-A5AF-EA1279714FDF}\localserver32 -> C:\Documents and Settings\Compaq_Administrator\Application Data\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe (ShopAtHome.com)
CustomCLSID: HKU\S-1-5-21-910680281-504878230-2222151190-1008_Classes\CLSID\{BB17DE65-B548-48C2-AC73-1FD1996C7261}\localserver32 -> C:\Documents and Settings\Compaq_Administrator\Application Data\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe (ShopAtHome.com)
CustomCLSID: HKU\S-1-5-21-910680281-504878230-2222151190-1008_Classes\CLSID\{C77D3EEF-FDCA-4D37-B0D2-5FF650E07825}\localserver32 -> C:\Documents and Settings\Compaq_Administrator\Application Data\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe (ShopAtHome.com)
CustomCLSID: HKU\S-1-5-21-910680281-504878230-2222151190-1008_Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}\InprocServer32 -> C:\Documents and Settings\Compaq_Administrator\Application Data\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe (ShopAtHome.com)
CustomCLSID: HKU\S-1-5-21-910680281-504878230-2222151190-1008_Classes\CLSID\{EA70EB31-CBAD-4862-AFDA-DCFCC32722ED}\localserver32 -> C:\Documents and Settings\Compaq_Administrator\Application Data\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe (ShopAtHome.com)
CustomCLSID: HKU\S-1-5-21-910680281-504878230-2222151190-1008_Classes\CLSID\{EC9100F8-5918-4F1B-9CC1-4D34A64E0FE0}\localserver32 -> C:\Documents and Settings\Compaq_Administrator\Application Data\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe (ShopAtHome.com)
CustomCLSID: HKU\S-1-5-21-910680281-504878230-2222151190-1008_Classes\CLSID\{F1A1ABE3-F454-4DD9-B520-01F2EEC5F0DD}\localserver32 -> C:\Documents and Settings\Compaq_Administrator\Application Data\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe (ShopAtHome.com)

==================== Restore Points =========================

21-09-2014 18:11:47 Software Distribution Service 3.0
21-09-2014 19:42:11 Software Distribution Service 3.0
22-09-2014 12:30:13 System Checkpoint
22-09-2014 13:30:13 System Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2014-03-13 19:54 - 2014-03-13 19:54 - 00000822 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-YOUR-4DACD0EA75-Compaq_Administrator.job => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\At5.job => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At6.job => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At7.job => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At8.job => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At9.job => C:\DOCUME~1\COMPAQ~1\APPLIC~1\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Loaded Modules (whitelisted) =============

2006-02-22 00:06 - 2006-02-22 00:06 - 00061496 _____ () C:\Program Files\Compaq Connections\5577497\6.3.2.116-5577497\Program\clntutil.dll
2006-02-22 00:06 - 2006-02-22 00:06 - 00151589 _____ () C:\Program Files\Compaq Connections\5577497\6.3.2.116-5577497\Program\BWfiles.dll
2006-02-22 00:06 - 2006-02-22 00:06 - 00098339 _____ () C:\Program Files\Compaq Connections\5577497\6.3.2.116-5577497\Program\frext.dll
2006-02-22 00:06 - 2005-12-15 15:33 - 00126976 _____ () C:\Program Files\Compaq Connections\5577497\Program\HPClientExt.dll
2012-08-10 16:51 - 2012-09-06 08:18 - 00985088 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll
2014-09-15 11:07 - 2014-09-15 11:07 - 08537928 _____ () C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Downloaded Installations\byldmeshrdrp\yxyxiqpg\36.0.1985.143\pdf.dll
2014-09-15 11:07 - 2014-09-15 11:07 - 00353096 _____ () C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Downloaded Installations\byldmeshrdrp\yxyxiqpg\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-09-15 11:07 - 2014-09-15 11:07 - 01732936 _____ () C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Downloaded Installations\byldmeshrdrp\yxyxiqpg\36.0.1985.143\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:02C1CB6D
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0A73A758
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:6B6C2BDA
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:A2947BEA
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:B623B5B8
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:C811476A
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============

Name: Realtek RTL8139/810x Family Fast Ethernet NIC
Description: Realtek RTL8139/810x Family Fast Ethernet NIC
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Realtek Semiconductor Corp.
Service: RTL8023xp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/22/2014 06:35:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application nmsrvc.exe, version 11.0.8268.0, faulting module nmcore.dll, version 11.2.9117.0, fault address 0x001ddeb9.
Processing media-specific event for [nmsrvc.exe!ws!]

Error: (09/22/2014 11:31:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application nmsrvc.exe, version 11.0.8268.0, faulting module nmcore.dll, version 11.2.9117.0, fault address 0x001ddeb9.
Processing media-specific event for [nmsrvc.exe!ws!]

Error: (09/22/2014 11:27:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application nmsrvc.exe, version 11.0.8268.0, faulting module nmcore.dll, version 11.2.9117.0, fault address 0x001ddeb9.
Processing media-specific event for [nmsrvc.exe!ws!]

Error: (09/22/2014 11:20:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application eisghraazniz.exe, version 36.0.1985.143, faulting module avhoenyn.dll, version 7.0.4.453, fault address 0x00011eab.
Processing media-specific event for [eisghraazniz.exe!ws!]

Error: (09/22/2014 06:59:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application eisghraazniz.exe, version 36.0.1985.143, faulting module avhoenyn.dll, version 7.0.4.453, fault address 0x00011eab.
Processing media-specific event for [eisghraazniz.exe!ws!]

Error: (09/20/2014 05:34:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application eisghraazniz.exe, version 36.0.1985.143, faulting module avhoenyn.dll, version 7.0.4.453, fault address 0x00011eab.
Processing media-specific event for [eisghraazniz.exe!ws!]

Error: (09/20/2014 02:27:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application nmsrvc.exe, version 11.0.8268.0, faulting module nmcore.dll, version 11.2.9117.0, fault address 0x001ddeb9.
Processing media-specific event for [nmsrvc.exe!ws!]

Error: (09/19/2014 08:33:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module shdocvw.dll, version 6.0.2900.5512, fault address 0x0002425e.
Processing media-specific event for [explorer.exe!ws!]

Error: (09/19/2014 08:09:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application nmsrvc.exe, version 11.0.8268.0, faulting module nmcore.dll, version 11.2.9117.0, fault address 0x001ddeb9.
Processing media-specific event for [nmsrvc.exe!ws!]

Error: (09/19/2014 06:58:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application nmsrvc.exe, version 11.0.8268.0, faulting module nmcore.dll, version 11.2.9117.0, fault address 0x001ddeb9.
Processing media-specific event for [nmsrvc.exe!ws!]


System errors:
=============
Error: (09/22/2014 07:37:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At9.job command failed to start due to the following error:
%%2147942403

Error: (09/22/2014 06:46:25 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.185.728.0

Update Source: %NT AUTHORITY59

Update Stage: 4.5.0216.00

Source Path: 4.5.0216.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (09/22/2014 06:46:08 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.

Error: (09/22/2014 06:45:09 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.

Error: (09/22/2014 06:37:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At9.job command failed to start due to the following error:
%%2147942403

Error: (09/22/2014 06:36:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Pure Networks Platform Service service terminated unexpectedly. It has done this 1 time(s).

Error: (09/22/2014 06:36:31 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Pure Networks Platform Service service hung on starting.

Error: (09/22/2014 06:36:31 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (09/22/2014 06:35:08 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.

Error: (09/22/2014 05:37:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At9.job command failed to start due to the following error:
%%2147942403


Microsoft Office Sessions:
=========================
Error: (09/22/2014 06:35:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: nmsrvc.exe11.0.8268.0nmcore.dll11.2.9117.0001ddeb9

Error: (09/22/2014 11:31:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: nmsrvc.exe11.0.8268.0nmcore.dll11.2.9117.0001ddeb9

Error: (09/22/2014 11:27:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: nmsrvc.exe11.0.8268.0nmcore.dll11.2.9117.0001ddeb9

Error: (09/22/2014 11:20:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: eisghraazniz.exe36.0.1985.143avhoenyn.dll7.0.4.45300011eab

Error: (09/22/2014 06:59:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: eisghraazniz.exe36.0.1985.143avhoenyn.dll7.0.4.45300011eab

Error: (09/20/2014 05:34:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: eisghraazniz.exe36.0.1985.143avhoenyn.dll7.0.4.45300011eab

Error: (09/20/2014 02:27:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: nmsrvc.exe11.0.8268.0nmcore.dll11.2.9117.0001ddeb9

Error: (09/19/2014 08:33:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.0.2900.5512shdocvw.dll6.0.2900.55120002425e

Error: (09/19/2014 08:09:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: nmsrvc.exe11.0.8268.0nmcore.dll11.2.9117.0001ddeb9

Error: (09/19/2014 06:58:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: nmsrvc.exe11.0.8268.0nmcore.dll11.2.9117.0001ddeb9


==================== Memory info ===========================

Processor: AMD Athlon™ 64 Processor 3500+
Percentage of memory in use: 56%
Total physical RAM: 958.48 MB
Available physical RAM: 413.71 MB
Total Pagefile: 2312.45 MB
Available Pagefile: 1719.52 MB
Total Virtual: 2047.88 MB
Available Virtual: 1932.23 MB

==================== Drives ================================

Drive c: (PRESARIO) (Fixed) (Total:224.95 GB) (Free:80.25 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (PRESARIO_RP) (Fixed) (Total:7.91 GB) (Free:0.34 GB) FAT32 ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: CAB10BEE)
Partition 1: (Active) - (Size=224.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=7.9 GB) - (Type=0C)

==================== End Of Log ============================

#7 Friscokid320

Friscokid320
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:27 PM

Posted 22 September 2014 - 07:59 PM

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-09-2014 01
Ran by Compaq_Administrator at 2014-09-22 19:49:56
Running from C:\Documents and Settings\Compaq_Administrator\Desktop
Boot Mode: Normal
==========================================================
 

==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials (Disabled - Up to date) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.3.0.3670 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.3.0.3670 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.0.45.2 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader 7.0 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A70000000000}) (Version: 7.0.0 - Adobe Systems Incorporated)
AnswerWorks 5.0 English Runtime (HKLM\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
Apple Application Support (HKLM\...\{B2D328BE-45AD-4D92-96F9-2151490A203E}) (Version: 1.3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{85991ED2-010C-4930-96FA-52F43C2CE98A}) (Version: 3.1.0.62 - Apple Inc.)
Apple Software Update (HKLM\...\{C41300B9-185D-475E-BFEC-39EF732F19B1}) (Version: 2.1.2.120 - Apple Inc.)
ATI Control Panel (HKLM\...\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}) (Version: 6.14.10.5166 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.17-050813a1-029703C-HP - )
Bing Bar (HKLM\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bing Rewards Client Installer (Version: 16.0.345.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{0CB9668D-F979-4F31-B8B8-67FE90F929F8}) (Version: 2.0.2.0 - Apple Inc.)
BufferChm (Version: 60.0.155.000 - Hewlett-Packard) Hidden
Compaq Connections (remove only) (HKLM\...\HPOOVClient-5577497 Uninstaller) (Version:  - )
Compaq Multimedia Keyboard Software (HKLM\...\KBD) (Version:  - )
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
CP_AtenaShokunin1Config (Version: 60.0.155.000 - Hewlett-Packard) Hidden
CP_CalendarTemplates1 (Version: 60.0.155.000 - Hewlett-Packard) Hidden
cp_LightScribeConfig (Version: 60.0.155.000 - Hewlett-Packard) Hidden
cp_OnlineProjectsConfig (Version: 60.0.155.000 - Hewlett-Packard) Hidden
CP_Package_Basic1 (Version: 60.0.155.000 - Hewlett-Packard) Hidden
CP_Package_Variety1 (Version: 60.0.155.000 - Hewlett-Packard) Hidden
CP_Package_Variety2 (Version: 60.0.155.000 - Hewlett-Packard) Hidden
CP_Package_Variety3 (Version: 60.0.155.000 - Hewlett-Packard) Hidden
CP_Panorama1Config (Version: 60.0.155.000 - Hewlett-Packard) Hidden
cp_PosterPrintConfig (Version: 60.0.155.000 - Hewlett-Packard) Hidden
cp_UpdateProjectsConfig (Version: 60.0.155.000 - Hewlett-Packard) Hidden
CueTour (Version: 60.0.155.000 - Hewlett-Packard) Hidden
Customer Experience Enhancement (HKLM\...\InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}) (Version: Customer Experience Enhancement -1.0.0.1680 - Hewlett-Packard)
Customer Experience Enhancement (Version: Customer Experience Enhancement -1.0.0.1680 - Hewlett-Packard) Hidden
Data Fax SoftModem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1) (Version:  - )
Destinations (Version: 60.0.155.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DISCover (HKLM\...\DISCover) (Version: 3.23 - )
Easy Internet Sign-up (HKLM\...\InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}) (Version: FE UI-4.1.0.1680 - Hewlett-Packard)
Easy Internet Sign-up (Version: FE UI-4.1.0.1680 - Hewlett-Packard) Hidden
FullDPAppQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
GemMaster Mystic (HKLM\...\12133444-BF36-4d4e-B7FB-A3424C645DE4) (Version:  - )
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version:  - )
High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation)
HP Boot Optimizer (HKLM\...\{3BA95526-6AE0-4B87-A62D-17187EF565FC}) (Version: 2.0.5.1 - Hewlett-Packard Company)
HP DigitalMedia Archive (HKLM\...\{F80239D8-7811-4D5E-B033-0D0BBFE32920}) (Version: 2.0 - Hewlett-Packard)
HP Imaging Device Functions 6.0 (HKLM\...\HP Imaging Device Functions) (Version: 6.0 - HP)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{8EAB4100-B343-41AE-A880-418746998209}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{79ACC31A-87EA-472A-853E-5AC6A97CE569}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart Premier Software 6.0 (HKLM\...\HP Photo & Imaging) (Version: 6.0 - HP)
HP Support Overview (HKLM\...\{D7DBA21A-CDE5-42EC-BB1C-AE4B3E616B9A}_is1) (Version: 1.0.0 - Hewlett-Packard Company)
HP Update (HKLM\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
HP Web Helper (HKLM\...\{DAAD5187-62C5-4AD6-A526-803C18C4944D}) (Version:  - )
HpSdpAppCoreApp (Version: 3.00.0000 - Hewlett-Packard) Hidden
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
InstantShareDevices (Version: 60.0.155.000 - Hewlett-Packard) Hidden
iTunes (HKLM\...\{7AB3A249-FB81-416B-917A-A2A10E74C503}) (Version: 9.2.0.61 - Apple Inc.)
J2SE Runtime Environment 5.0 Update 5 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150050}) (Version: 1.5.0.50 - Sun Microsystems, Inc.)
Java Auto Updater (Version: 2.0.3.1 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 24 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216024FF}) (Version: 6.0.240 - Oracle)
K-Lite Codec Pack 7.6.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 7.6.0 - )
LightScribe  1.4.62.1 (Version: 1.4.62.1 - http://www.lightscribe.com) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Marketsplash Shortcuts (HKLM\...\{16FCDD97-AE09-476B-88CD-261D852BD34C}) (Version: 1.0.1.7 - Hewlett-Packard)
Microsoft .NET Framework 1.0 Hotfix (KB2572066) (HKLM\...\KB2572066) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB2604042) (HKLM\...\KB2604042) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB2656378) (HKLM\...\KB2656378) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2698035) (HKLM\...\KB2698035) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2742607) (HKLM\...\KB2742607) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2833951) (HKLM\...\KB2833951) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2904878) (HKLM\...\KB2904878) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Away Mode (HKLM\...\AwayMode160) (Version: 6.0.0160.0 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 (Version:  - Microsoft Corporation) Hidden
Microsoft Money 2006 (HKLM\...\Money2006b) (Version: 15 - Microsoft)
Microsoft Office 2003 Edition 60 Days Trial Welcome Tour (HKLM\...\{A01FC76F-CC09-4658-9E37-5C2F635EE708}) (Version: 1.0.0 - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}) (Version: 08.04.0623 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 30.0 (x86 en-US) (HKLM\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB973686) (HKLM\...\{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}) (Version: 6.20.2003.0 - Microsoft Corporation)
Network Magic (HKLM\...\Network MagicUninstall) (Version: 5.5.9118.2 - Cisco Systems, Inc.)
OpenOffice.org 3.4.1 (HKLM\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
OptionalContentQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Otto (HKLM\...\B3EE3001-DC24-4cd1-8743-5692C716659F) (Version:  - )
PC-Doctor 5 for Windows (HKLM\...\PC-Doctor 5 for Windows) (Version: 5.00.3311.03 - PC-Doctor, Inc.)
PDF Settings CS6 (Version: 11.0 - Adobe Systems Incorporated) Hidden
PhotoGallery (Version: 60.0.155.000 - Hewlett-Packard) Hidden
Pure Networks Platform (Version: 11.2.9117.0 - Pure Networks) Hidden
Python 2.2 pywin32 extensions (build 203) (HKLM\...\pywin32-py2.2) (Version:  - )
Python 2.2.3 (HKLM\...\Python 2.2.3) (Version: 2.2.3 - PythonLabs at Zope Corporation)
Quicken 2010 (HKLM\...\{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}) (Version: 19.1.9.16 - Intuit)
RandMap (Version: 60.0.155.000 - Hewlett-Packard) Hidden
Registry Patrol (HKLM\...\Registry Patrol) (Version:  - )
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.2300.0 - SAMSUNG Electronics Co., Ltd.)
Search Toolbar (HKLM\...\Search Toolbar) (Version: 1.2 - Zugo Ltd) <==== ATTENTION
ShopAtHome.com Helper (HKCU\...\ShopAtHome.com Helper) (Version: 7.10.0.5 - ShopAtHome.com) <==== ATTENTION
ShopAtHome.com Toolbar (HKCU\...\ShopAtHome.com Toolbar) (Version: 7.10.0.5 - ShopAtHome.com) <==== ATTENTION
SkinsHP1 (Version: 60.0.155.000 - Hewlett-Packard) Hidden
Sonic RecordNow Audio (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.4 - Sonic Solutions)
Sonic RecordNow Copy (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.4 - Sonic Solutions)
Sonic RecordNow Data (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.4 - Sonic Solutions)
Sonic Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Sonic Solutions)
Sonic_PrimoSDK (Version: 60.0.155.000 - Hewlett-Packard) Hidden
Unload (Version: 6.0.0 - Hewlett-Packard) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB980182) (HKLM\...\KB980182-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Media Player 10 (KB913800) (Version:  - Microsoft Corporation) Hidden
Update for Windows Media Player 10 (KB926251) (Version:  - Microsoft Corporation) Hidden
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676) (HKLM\...\KB2616676) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB953356) (HKLM\...\KB953356) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
Update Rollup 2 for Windows XP Media Center Edition 2005 (HKLM\...\KB900325) (Version:  - Microsoft Corporation)
V1 Home 2.0 (HKLM\...\InstallShield_{E75594A0-B088-4635-B4F6-99654B5DDF96}) (Version: 2.02.43 - Interactive Frontiers)
V1 Home 2.0 (Version: 2.02.43 - Interactive Frontiers) Hidden
WebEx Support Manager for Internet Explorer (HKLM\...\{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}) (Version: 6.5.4917 - WebEx Communications Inc.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WildTangent Web Driver (HKLM\...\WildTangent CDA) (Version:  - )
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows XP Media Center Edition 2005 KB2502898 (HKLM\...\KB2502898) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2619340 (HKLM\...\KB2619340) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2628259 (HKLM\...\KB2628259) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB908250 (HKLM\...\KB908250) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB973768 (HKLM\...\KB973768) (Version:  - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-910680281-504878230-2222151190-1008_Classes\CLSID\{062D6B05-B83A-46DE-81AD-1750FB7C8DE5}\localserver32 -> C:\Documents and Settings\Compaq_Administrator\Application Data\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe (ShopAtHome.com)
CustomCLSID: HKU\S-1-5-21-910680281-504878230-2222151190-1008_Classes\CLSID\{08613A51-6E3E-43CC-9ECF-DD58B5837341}\localserver32 -> C:\Documents and Settings\Compaq_Administrator\Application Data\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe (ShopAtHome.com)
CustomCLSID: HKU\S-1-5-21-910680281-504878230-2222151190-1008_Classes\CLSID\{153EDC41-A2CC-4BEB-9EC8-008242389E50}\localserver32 -> C:\Documents and Settings\Compaq_Administrator\Application Data\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe (ShopAtHome.com)
CustomCLSID: HKU\S-1-5-21-910680281-504878230-2222151190-1008_Classes\CLSID\{188028B8-D91D-4BE2-BABA-68E32BDE4420}\localserver32 -> C:\Documents and Settings\Compaq_Administrator\Application Data\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe (ShopAtHome.com)
CustomCLSID: HKU\S-1-5-21-910680281-504878230-2222151190-1008_Classes\CLSID\{28E74F15-18C2-465E-B545-6CC738121C68}\localserver32 -> C:\Documents and Settings\Compaq_Administrator\Application Data\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe (ShopAtHome.com)
CustomCLSID: HKU\S-1-5-21-910680281-504878230-2222151190-1008_Classes\CLSID\{2BF6042B-B9B1-46D9-A3F8-9C987FADD4C6}\localserver32 -> C:\Documents and Settings\Compaq_Administrator\Application Data\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe (ShopAtHome.com)
CustomCLSID: HKU\S-1-5-21-910680281-504878230-2222151190-1008_Classes\CLSID\{40A222E2-93B1-45F9-9B07-0D1160A31A6C}\localserver32 -> C:\Documents and Settings\Compaq_Administrator\Application Data\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe (ShopAtHome.com)
CustomCLSID: HKU\S-1-5-21-910680281-504878230-2222151190-1008_Classes\CLSID\{6325A84C-E746-4007-A9C5-E4C1A50ED61F}\localserver32 -> C:\Documents and Settings\Compaq_Administrator\Application Data\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe (ShopAtHome.com)
CustomCLSID: HKU\S-1-5-21-910680281-504878230-2222151190-1008_Classes\CLSID\{92B0265C-B929-4D42-BA54-75AA39C99198}\localserver32 -> C:\Documents and Settings\Compaq_Administrator\Application Data\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe (ShopAtHome.com)
CustomCLSID: HKU\S-1-5-21-910680281-504878230-2222151190-1008_Classes\CLSID\{9BCA87A0-5B8F-4500-A5AF-EA1279714FDF}\localserver32 -> C:\Documents and Settings\Compaq_Administrator\Application Data\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe (ShopAtHome.com)
CustomCLSID: HKU\S-1-5-21-910680281-504878230-2222151190-1008_Classes\CLSID\{BB17DE65-B548-48C2-AC73-1FD1996C7261}\localserver32 -> C:\Documents and Settings\Compaq_Administrator\Application Data\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe (ShopAtHome.com)
CustomCLSID: HKU\S-1-5-21-910680281-504878230-2222151190-1008_Classes\CLSID\{C77D3EEF-FDCA-4D37-B0D2-5FF650E07825}\localserver32 -> C:\Documents and Settings\Compaq_Administrator\Application Data\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe (ShopAtHome.com)
CustomCLSID: HKU\S-1-5-21-910680281-504878230-2222151190-1008_Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}\InprocServer32 -> C:\Documents and Settings\Compaq_Administrator\Application Data\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe (ShopAtHome.com)
CustomCLSID: HKU\S-1-5-21-910680281-504878230-2222151190-1008_Classes\CLSID\{EA70EB31-CBAD-4862-AFDA-DCFCC32722ED}\localserver32 -> C:\Documents and Settings\Compaq_Administrator\Application Data\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe (ShopAtHome.com)
CustomCLSID: HKU\S-1-5-21-910680281-504878230-2222151190-1008_Classes\CLSID\{EC9100F8-5918-4F1B-9CC1-4D34A64E0FE0}\localserver32 -> C:\Documents and Settings\Compaq_Administrator\Application Data\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe (ShopAtHome.com)
CustomCLSID: HKU\S-1-5-21-910680281-504878230-2222151190-1008_Classes\CLSID\{F1A1ABE3-F454-4DD9-B520-01F2EEC5F0DD}\localserver32 -> C:\Documents and Settings\Compaq_Administrator\Application Data\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe (ShopAtHome.com)
 
==================== Restore Points  =========================
 
21-09-2014 18:11:47 Software Distribution Service 3.0
21-09-2014 19:42:11 Software Distribution Service 3.0
22-09-2014 12:30:13 System Checkpoint
22-09-2014 13:30:13 System Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2014-03-13 19:54 - 2014-03-13 19:54 - 00000822 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost
 
==================== Scheduled Tasks (whitelisted) =============
 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-YOUR-4DACD0EA75-Compaq_Administrator.job => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\At5.job => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At6.job => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At7.job => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At8.job => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At9.job => C:\DOCUME~1\COMPAQ~1\APPLIC~1\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
 
==================== Loaded Modules (whitelisted) =============
 
2006-02-22 00:06 - 2006-02-22 00:06 - 00061496 _____ () C:\Program Files\Compaq Connections\5577497\6.3.2.116-5577497\Program\clntutil.dll
2006-02-22 00:06 - 2006-02-22 00:06 - 00151589 _____ () C:\Program Files\Compaq Connections\5577497\6.3.2.116-5577497\Program\BWfiles.dll
2006-02-22 00:06 - 2006-02-22 00:06 - 00098339 _____ () C:\Program Files\Compaq Connections\5577497\6.3.2.116-5577497\Program\frext.dll
2006-02-22 00:06 - 2005-12-15 15:33 - 00126976 _____ () C:\Program Files\Compaq Connections\5577497\Program\HPClientExt.dll
2012-08-10 16:51 - 2012-09-06 08:18 - 00985088 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll
2014-09-15 11:07 - 2014-09-15 11:07 - 08537928 _____ () C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Downloaded Installations\byldmeshrdrp\yxyxiqpg\36.0.1985.143\pdf.dll
2014-09-15 11:07 - 2014-09-15 11:07 - 00353096 _____ () C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Downloaded Installations\byldmeshrdrp\yxyxiqpg\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-09-15 11:07 - 2014-09-15 11:07 - 01732936 _____ () C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Downloaded Installations\byldmeshrdrp\yxyxiqpg\36.0.1985.143\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:02C1CB6D
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0A73A758
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:6B6C2BDA
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:A2947BEA
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:B623B5B8
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:C811476A
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 

==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 

==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 

==================== Faulty Device Manager Devices =============
 
Name: Realtek RTL8139/810x Family Fast Ethernet NIC
Description: Realtek RTL8139/810x Family Fast Ethernet NIC
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Realtek Semiconductor Corp.
Service: RTL8023xp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 

==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/22/2014 06:35:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application nmsrvc.exe, version 11.0.8268.0, faulting module nmcore.dll, version 11.2.9117.0, fault address 0x001ddeb9.
Processing media-specific event for [nmsrvc.exe!ws!]
 
Error: (09/22/2014 11:31:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application nmsrvc.exe, version 11.0.8268.0, faulting module nmcore.dll, version 11.2.9117.0, fault address 0x001ddeb9.
Processing media-specific event for [nmsrvc.exe!ws!]
 
Error: (09/22/2014 11:27:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application nmsrvc.exe, version 11.0.8268.0, faulting module nmcore.dll, version 11.2.9117.0, fault address 0x001ddeb9.
Processing media-specific event for [nmsrvc.exe!ws!]
 
Error: (09/22/2014 11:20:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application eisghraazniz.exe, version 36.0.1985.143, faulting module avhoenyn.dll, version 7.0.4.453, fault address 0x00011eab.
Processing media-specific event for [eisghraazniz.exe!ws!]
 
Error: (09/22/2014 06:59:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application eisghraazniz.exe, version 36.0.1985.143, faulting module avhoenyn.dll, version 7.0.4.453, fault address 0x00011eab.
Processing media-specific event for [eisghraazniz.exe!ws!]
 
Error: (09/20/2014 05:34:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application eisghraazniz.exe, version 36.0.1985.143, faulting module avhoenyn.dll, version 7.0.4.453, fault address 0x00011eab.
Processing media-specific event for [eisghraazniz.exe!ws!]
 
Error: (09/20/2014 02:27:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application nmsrvc.exe, version 11.0.8268.0, faulting module nmcore.dll, version 11.2.9117.0, fault address 0x001ddeb9.
Processing media-specific event for [nmsrvc.exe!ws!]
 
Error: (09/19/2014 08:33:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module shdocvw.dll, version 6.0.2900.5512, fault address 0x0002425e.
Processing media-specific event for [explorer.exe!ws!]
 
Error: (09/19/2014 08:09:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application nmsrvc.exe, version 11.0.8268.0, faulting module nmcore.dll, version 11.2.9117.0, fault address 0x001ddeb9.
Processing media-specific event for [nmsrvc.exe!ws!]
 
Error: (09/19/2014 06:58:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application nmsrvc.exe, version 11.0.8268.0, faulting module nmcore.dll, version 11.2.9117.0, fault address 0x001ddeb9.
Processing media-specific event for [nmsrvc.exe!ws!]
 

System errors:
=============
Error: (09/22/2014 07:37:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At9.job command failed to start due to the following error:
%%2147942403
 
Error: (09/22/2014 06:46:25 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
 New Signature Version:
 
 Previous Signature Version: 1.185.728.0
 
 Update Source: %NT AUTHORITY59
 
 Update Stage: 4.5.0216.00
 
 Source Path: 4.5.0216.01
 
 Signature Type: %NT AUTHORITY602
 
 Update Type: %NT AUTHORITY604
 
 User: NT AUTHORITY\SYSTEM
 
 Current Engine Version: %NT AUTHORITY605
 
 Previous Engine Version: %NT AUTHORITY606
 
 Error code: %NT AUTHORITY607
 
 Error description: %NT AUTHORITY608
 
Error: (09/22/2014 06:46:08 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.
 
Error: (09/22/2014 06:45:09 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.
 
Error: (09/22/2014 06:37:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At9.job command failed to start due to the following error:
%%2147942403
 
Error: (09/22/2014 06:36:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Pure Networks Platform Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (09/22/2014 06:36:31 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Pure Networks Platform Service service hung on starting.
 
Error: (09/22/2014 06:36:31 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060
 
Error: (09/22/2014 06:35:08 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.
 
Error: (09/22/2014 05:37:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At9.job command failed to start due to the following error:
%%2147942403
 

Microsoft Office Sessions:
=========================
Error: (09/22/2014 06:35:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: nmsrvc.exe11.0.8268.0nmcore.dll11.2.9117.0001ddeb9
 
Error: (09/22/2014 11:31:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: nmsrvc.exe11.0.8268.0nmcore.dll11.2.9117.0001ddeb9
 
Error: (09/22/2014 11:27:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: nmsrvc.exe11.0.8268.0nmcore.dll11.2.9117.0001ddeb9
 
Error: (09/22/2014 11:20:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: eisghraazniz.exe36.0.1985.143avhoenyn.dll7.0.4.45300011eab
 
Error: (09/22/2014 06:59:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: eisghraazniz.exe36.0.1985.143avhoenyn.dll7.0.4.45300011eab
 
Error: (09/20/2014 05:34:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: eisghraazniz.exe36.0.1985.143avhoenyn.dll7.0.4.45300011eab
 
Error: (09/20/2014 02:27:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: nmsrvc.exe11.0.8268.0nmcore.dll11.2.9117.0001ddeb9
 
Error: (09/19/2014 08:33:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.0.2900.5512shdocvw.dll6.0.2900.55120002425e
 
Error: (09/19/2014 08:09:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: nmsrvc.exe11.0.8268.0nmcore.dll11.2.9117.0001ddeb9
 
Error: (09/19/2014 06:58:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: nmsrvc.exe11.0.8268.0nmcore.dll11.2.9117.0001ddeb9
 

==================== Memory info ===========================
 
Processor: AMD Athlon™ 64 Processor 3500+
Percentage of memory in use: 56%
Total physical RAM: 958.48 MB
Available physical RAM: 413.71 MB
Total Pagefile: 2312.45 MB
Available Pagefile: 1719.52 MB
Total Virtual: 2047.88 MB
Available Virtual: 1932.23 MB
 
==================== Drives ================================
 
Drive c: (PRESARIO) (Fixed) (Total:224.95 GB) (Free:80.25 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (PRESARIO_RP) (Fixed) (Total:7.91 GB) (Free:0.34 GB) FAT32 ==>[Drive with boot components (Windows XP)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: CAB10BEE)
Partition 1: (Active) - (Size=224.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=7.9 GB) - (Type=0C)
 
==================== End Of Log ============================


#8 Friscokid320

Friscokid320
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:27 PM

Posted 22 September 2014 - 08:11 PM

For some reason I can't seem to get the FRST scan results posted here.  I have to email them to another computer and then try to post them here.



#9 Friscokid320

Friscokid320
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:27 PM

Posted 22 September 2014 - 08:34 PM

The only way was attaching the file.Attached File  FRST.txt   33.46KB   5 downloads



#10 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:27 PM

Posted 23 September 2014 - 01:19 PM

Ok.


Step 1

Please uninstall some programs:
  • Click on the Start Menu button, open Control Panel and click Uninstall a program.
  • Search and select the following programs one by one and click on Uninstall:

    Search Toolbar
    ShopAtHome.com Helper
    ShopAtHome.com Toolbar

  • Reboot your computer.


Step 2

Please download this attached Attached File  fixlist.txt   7.49KB   1 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


Step 3

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#11 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:27 PM

Posted 29 September 2014 - 09:22 AM

I haven't heard from you for some time.
Do you still need help?

#12 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:27 PM

Posted 04 October 2014 - 09:28 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users