Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC may have Virus, Malware, Trojans etc


  • This topic is locked This topic is locked
10 replies to this topic

#1 fastback

fastback

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:50 PM

Posted 23 January 2016 - 06:20 AM

Need help disinfecting, cleaning PC.

System
Microsoft Windows XP Professional
Version 2002
Service Pack 3

Computer
Intel ®
Pentium ® 4 CPU 1.70 GHZ
1.70 GHz 256 MB of Ram

BC AdBot (Login to Remove)

 


#2 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,660 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:50 AM

Posted 23 January 2016 - 02:08 PM

Hi fastback, :)

:welcome:

My name is Valinorum and I will be the acolyte today. Before we proceed, please, acknowledge yourself the following(s):
  • Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.
  • Please do not install any new software while we are working on this system as it may hinder our process.
  • Malware removal is a complicated process and so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
  • Please do not try to fix anything without being ask.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from internet and you will not always be able to access this thread.
  • Back up your data. I will not knowingly suggest you any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.
  • If you are confused about any instruction, stop and ask. Do not keep on going.
  • Do not repeat the steps if you face any problems.
  • I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.
  • Private Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication.
  • The fixes are for your system only. Please refrain from using these fixes on other system as it may do serious damage.
 
  • Step #1 Scan with Farbar Recovery Scan Tool
    • Please download Farbar Recovery Scan Tool by Farbar to your Desktop from the link below.
      Download link for 32 bit system
      Download link for 64 bit system
    • Right-click on the program and choose Run as administrator;
    • Put tick-mark on all boxes under Whitelist and Optional Scan;
    • Click on Scan;
    • After the scan two notepad files will be opened --
      • FRST.txt;
      • Addition.txt
    • Copy and Paste the contents of the logs in your next reply.
 
  • Required Log(s):
    • Farbar Logs--
      • FRST.txt
      • Addition.txt
Regards,
Valinorum

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#3 fastback

fastback
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:50 PM

Posted 23 January 2016 - 05:01 PM

New Farbar Recovery Scan Tool ran from desktop

 

Here is the FRST.TXT

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:18-01-2016
Ran by COMPAQ (administrator) on COMPAQ-275C6B92 (23-01-2016 15:43:40)
Running from C:\Documents and Settings\COMPAQ\Desktop
Loaded Profiles: COMPAQ (Available Profiles: COMPAQ & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Alcatel-Lucent) C:\Program Files\ATT-SST\McciTrayApp.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-10-14] (Hewlett-Packard)
HKLM\...\Run: [hpqSRMon] => [X]
HKLM\...\Run: [ATT-SST_McciTrayApp] => C:\Program Files\ATT-SST\McciTrayApp.exe [1577984 2009-10-21] (Alcatel-Lucent)
HKU\S-1-5-21-1078081533-113007714-1644491937-1003\...\Run: [DW6] => "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
HKU\S-1-5-21-1078081533-113007714-1644491937-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-1078081533-113007714-1644491937-1003\...\MountPoints2: {0b3d473e-7126-11e4-9117-000802331675} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1078081533-113007714-1644491937-1003\...\MountPoints2: {b4b4e59c-80da-11e4-911b-000802331675} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1078081533-113007714-1644491937-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\avastSS.scr [38848 2010-02-11] (ALWIL Software)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2010-04-26]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{19B7C91F-1700-462F-A9F6-9CF9FA97C887}: [NameServer] 4.2.2.1,4.2.2.2
Tcpip\..\Interfaces\{19B7C91F-1700-462F-A9F6-9CF9FA97C887}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-1078081533-113007714-1644491937-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.att.net
HKU\S-1-5-21-1078081533-113007714-1644491937-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-1078081533-113007714-1644491937-1003 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn10\yt.dll (Yahoo! Inc.)
URLSearchHook: HKU\S-1-5-21-1078081533-113007714-1644491937-1003 - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn10\yt.dll (Yahoo! Inc.)
SearchScopes: HKU\S-1-5-21-1078081533-113007714-1644491937-1003 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=chr-atty
BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn10\yt.dll [2015-09-19] (Yahoo! Inc.)
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2007-11-06] (Hewlett-Packard Co.)
BHO: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03] (Adobe Systems Incorporated)
BHO: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll [2011-11-17] (Yahoo! Inc)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06] (Hewlett-Packard Co.)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn10\yt.dll [2015-09-19] (Yahoo! Inc.)
Toolbar: HKU\S-1-5-21-1078081533-113007714-1644491937-1003 -> Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn10\yt.dll [2015-09-19] (Yahoo! Inc.)

FireFox:
========
FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\Common Files\Motive\npMotive.dll [2009-01-07] (Motive, Inc.)

Chrome:
=======
CHR Profile: C:\Documents and Settings\COMPAQ\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Documents and Settings\COMPAQ\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-03-22]
CHR Extension: (Google Search) - C:\Documents and Settings\COMPAQ\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-03-22]
CHR Extension: (Gmail) - C:\Documents and Settings\COMPAQ\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-03-22]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [120088 2013-10-10] (SUPERAntiSpyware.com)
S4 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-02-11] (ALWIL Software)
S4 avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-02-11] (ALWIL Software)
S4 avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-02-11] (ALWIL Software)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2008-03-07] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [319488 2009-08-14] (Alcatel-Lucent) [File not signed]
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 Aavmker4; C:\WINDOWS\system32\Drivers\Aavmker4.sys [28880 2010-02-11] (ALWIL Software)
R3 ac97intc; C:\WINDOWS\System32\drivers\ac97intc.sys [96256 2001-08-17] (Intel Corporation)
R2 aswFsBlk; C:\WINDOWS\system32\Drivers\aswFsBlk.sys [19024 2010-02-11] (ALWIL Software)
R2 aswMon2; C:\WINDOWS\system32\Drivers\aswMon2.sys [100432 2010-02-11] (ALWIL Software)
S3 aswRdr; C:\WINDOWS\system32\Drivers\aswRdr.sys [23376 2010-02-11] (ALWIL Software)
R1 aswSP; C:\WINDOWS\system32\Drivers\aswSP.sys [162512 2010-02-11] (ALWIL Software)
R1 aswTdi; C:\WINDOWS\system32\Drivers\aswTdi.sys [46672 2010-02-11] (ALWIL Software)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2007-01-17] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2007-01-17] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2007-01-17] (HP)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2009-10-21] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2009-10-21] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [50704 2009-10-20] (CACE Technologies, Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
U1 WS2IFSL; no ImagePath

========================== Drivers MD5 =======================

C:\WINDOWS\system32\Drivers\Aavmker4.sys 31A8AB3DEB93E3D90717AD8FB0974C3F
C:\WINDOWS\System32\drivers\ac97intc.sys 0F2D66D5F08EBE2F77BB904288DCF6F0
C:\WINDOWS\System32\DRIVERS\ACPI.sys 8FD99680A539792A30E97944FDAECF17
C:\WINDOWS\system32\Drivers\ACPIEC.sys 9859C0F6936E723E4892D7141B1327D5
C:\WINDOWS\System32\drivers\aec.sys 8BED39E3C35D6A489438B8141717A557
C:\WINDOWS\System32\drivers\afd.sys 1E44BC1E83D8FD2305F8D452DB109CF9
C:\WINDOWS\System32\DRIVERS\agp440.sys 08FD04AA961BDC77FB983F328334E3D7
C:\WINDOWS\system32\Drivers\aswFsBlk.sys A289930E70F3FA3B07DF80D2B052794E
C:\WINDOWS\system32\Drivers\aswMon2.sys 1ACA2B7EFE91CA68CEED9C904ED3310D
C:\WINDOWS\system32\Drivers\aswRdr.sys CC40B9C301AF5D145713B2764EEC3907
C:\WINDOWS\system32\Drivers\aswSP.sys 67DB88B01FC1D815968230458814EB8D
C:\WINDOWS\system32\Drivers\aswTdi.sys EC8EF1CE2D6CA1071BE8B7888FFA48C0
C:\WINDOWS\System32\DRIVERS\asyncmac.sys B153AFFAC761E7F5FCFA822B9C4E97BC
C:\WINDOWS\System32\DRIVERS\atapi.sys 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\System32\DRIVERS\atmarpc.sys 9916C1225104BA14794209CFA8012159
C:\WINDOWS\System32\DRIVERS\audstub.sys D9F724AA26C010A217C97606B160ED68
C:\WINDOWS\system32\Drivers\Beep.sys DA1F27D85E0D1525F6621372E7B685E9
C:\WINDOWS\system32\Drivers\cbidf2k.sys 90A673FC8E12A79AFBED2576F6A7AAF9
C:\WINDOWS\system32\Drivers\Cdaudio.sys C1B486A7658353D33A10CC15211A873B
C:\WINDOWS\system32\Drivers\Cdfs.sys C885B02847F5D2FD45A24E219ED93B32
C:\WINDOWS\System32\DRIVERS\cdrom.sys 1F4260CC5B42272D71F79E570A27A4FE
C:\WINDOWS\System32\DRIVERS\disk.sys 044452051F3E02E7963599FC8F4F3E25
C:\WINDOWS\System32\drivers\dmboot.sys D992FE1274BDE0F84AD826ACAE022A41
C:\WINDOWS\System32\drivers\dmio.sys 7C824CF7BBDE77D95C08005717A95F6F
C:\WINDOWS\System32\drivers\dmload.sys E9317282A63CA4D188C0DF5E09C6AC5F
C:\WINDOWS\System32\drivers\DMusic.sys 8A208DFCF89792A484E76C40E5F50B45
C:\WINDOWS\System32\drivers\drmkaud.sys 8F5FCFF8E8848AFAC920905FBD9D33C8
C:\WINDOWS\System32\DRIVERS\e100b325.sys 3FCA03CBCA11269F973B70FA483C88EF
C:\WINDOWS\system32\Drivers\Fastfat.sys 38D332A6D56AF32635675F132548343E
C:\WINDOWS\System32\DRIVERS\fdc.sys 92CDD60B6730B9F50F6A1A0C1F8CDC81
C:\WINDOWS\system32\Drivers\Fips.sys D45926117EB9FA946A6AF572FBE1CAA3
C:\WINDOWS\System32\DRIVERS\flpydisk.sys 9D27E7B80BFCDF1CDD9B555862D5E7F0
C:\WINDOWS\System32\DRIVERS\fltMgr.sys B2CF4B0786F8212CB92ED2B50C6DB6B0
C:\WINDOWS\system32\Drivers\Fs_Rec.sys 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A
C:\WINDOWS\System32\DRIVERS\ftdisk.sys 6AC26732762483366C3969C9E4D2259D
C:\WINDOWS\System32\DRIVERS\msgpc.sys 0A02C63C8B144BD8C86B103DEE7C86A2
C:\WINDOWS\System32\DRIVERS\hidusb.sys CCF82C5EC8A7326C3066DE870C06DAF1
C:\WINDOWS\System32\DRIVERS\HPZid412.sys D03D10F7DED688FECF50F8FBF1EA9B8A
C:\WINDOWS\System32\DRIVERS\HPZipr12.sys 89F41658929393487B6B7D13C8528CE3
C:\WINDOWS\System32\DRIVERS\HPZius12.sys ABCB05CCDBF03000354B9553820E39F8
C:\WINDOWS\System32\Drivers\HTTP.sys F80A415EF82CD06FFAF0D971528EAD38
C:\WINDOWS\System32\DRIVERS\i8042prt.sys 4A0B06AA8943C1E332520F7440C0AA30
C:\WINDOWS\System32\DRIVERS\imapi.sys 083A052659F5310DD8B6A6CB05EDCF8E
C:\WINDOWS\System32\DRIVERS\intelide.sys B5466A9250342A7AA0CD1FBA13420678
C:\WINDOWS\System32\DRIVERS\Ip6Fw.sys 3BB22519A194418D5FEC05D800A19AD0
C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys 731F22BA402EE4B62748ADAF6363C182
C:\WINDOWS\System32\DRIVERS\ipinip.sys B87AB476DCF76E72010632B5550955F5
C:\WINDOWS\System32\DRIVERS\ipnat.sys CC748EA12C6EFFDE940EE98098BF96BB
C:\WINDOWS\System32\DRIVERS\ipsec.sys 23C74D75E36E7158768DD63D92789A91
C:\WINDOWS\System32\DRIVERS\irenum.sys C93C9FF7B04D772627A3646D89F7BF89
C:\WINDOWS\System32\DRIVERS\isapnp.sys 05A299EC56E52649B1CF2FC52D20F2D7
C:\WINDOWS\System32\DRIVERS\kbdclass.sys 463C1EC80CD17420A542B7F36A36F128
C:\WINDOWS\System32\DRIVERS\kbdhid.sys 9EF487A186DEA361AA06913A75B3FA99
C:\WINDOWS\System32\drivers\kmixer.sys 692BCF44383D056AED41B045A323D378
C:\WINDOWS\system32\Drivers\KSecDD.sys B467646C54CC746128904E1654C750C1
C:\WINDOWS\system32\drivers\mbam.sys 4470E3C1E0C3378E4CAB137893C12C3A
C:\WINDOWS\system32\Drivers\mnmdd.sys 4AE068242760A1FB6E1A44BF4E16AFA6
C:\WINDOWS\system32\Drivers\Modem.sys DFCBAD3CEC1C5F964962AE10E0BCC8E1
C:\WINDOWS\System32\DRIVERS\mouclass.sys 35C9E97194C8CFB8430125F8DBC34D04
C:\WINDOWS\system32\Drivers\MountMgr.sys A80B9A0BAD1B73637DBCBBA7DF72D3FD
C:\Program Files\Common Files\Motive\MREMP50.sys 9BD4DCB5412921864A7AACDEDFBD1923
C:\Program Files\Common Files\Motive\MRESP50.sys 07C02C892E8E1A72D6BF35004F0E9C5E
C:\WINDOWS\System32\DRIVERS\mrxdav.sys 11D42BB6206F33FBB3BA0288D3EF81BD
C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 7D304A5EB4344EBEEAB53A2FE3FFB9F0
C:\WINDOWS\system32\Drivers\Msfs.sys C941EA2454BA8350021D774DAF0F1027
C:\WINDOWS\System32\drivers\MSKSSRV.sys D1575E71568F4D9E14CA56B7B0453BF1
C:\WINDOWS\System32\drivers\MSPCLOCK.sys 325BB26842FC7CCC1FCCE2C457317F3E
C:\WINDOWS\System32\drivers\MSPQM.sys BAD59648BA099DA4A17680B39730CB3D
C:\WINDOWS\System32\DRIVERS\mssmbios.sys AF5F4F3F14A8EA2C26DE30F7A1E17136
C:\WINDOWS\system32\Drivers\Mup.sys DE6A75F5C270E756C5508D94B6CF68F5
C:\WINDOWS\system32\Drivers\NDIS.sys 1DF7F42665C94B825322FAE71721130D
C:\WINDOWS\System32\DRIVERS\ndistapi.sys 0109C4F3850DFBAB279542515386AE22
C:\WINDOWS\System32\DRIVERS\ndisuio.sys F927A4434C5028758A842943EF1A3849
C:\WINDOWS\System32\DRIVERS\ndiswan.sys EDC1531A49C80614B2CFDA43CA8659AB
C:\WINDOWS\system32\Drivers\NDProxy.sys 2F597BB467E05B1FE3830EABD821B8E0
C:\WINDOWS\System32\DRIVERS\netbios.sys 5D81CF9A2F1A3A756B66CF684911CDF0
C:\WINDOWS\System32\DRIVERS\netbt.sys 74B2B2F5BEA5E9A3DC021D685551BD3D
C:\WINDOWS\System32\drivers\npf.sys B9730495E0CF674680121E34BD95A73B
C:\WINDOWS\system32\Drivers\Npfs.sys 3182D64AE053D6FB034F44B6DEF8034A
C:\WINDOWS\system32\Drivers\Ntfs.sys 78A08DD6A8D65E697C18E1DB01C5CDCA
C:\WINDOWS\system32\Drivers\Null.sys 73C1E1F395918BC2C6DD67AF7591A3AD
C:\WINDOWS\System32\DRIVERS\nv4_mini.sys 2B298519EDBFCF451D43E0F1E8F1006D
C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys B305F3FAD35083837EF46A0BBCE2FC57
C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys C99B3415198D1AAB7227F2C88FD664B9
C:\WINDOWS\System32\DRIVERS\parport.sys 5575FAF8F97CE5E713D108C2A58D7C7C
C:\WINDOWS\system32\Drivers\PartMgr.sys BEB3BA25197665D82EC7065B724171C6
C:\WINDOWS\system32\Drivers\ParVdm.sys 70E98B3FD8E963A6A46A2E6247E0BEA1
C:\WINDOWS\System32\DRIVERS\pci.sys A219903CCF74233761D92BEF471A07B1
C:\WINDOWS\system32\Drivers\Pcmcia.sys 9E89EF60E9EE05E3F2EEF2DA7397F1C1
C:\WINDOWS\System32\DRIVERS\raspptp.sys EFEEC01B1D3CF84F16DDD24D9D9D8F99
C:\WINDOWS\System32\DRIVERS\processr.sys A32BEBAF723557681BFC6BD93E98BD26
C:\WINDOWS\System32\DRIVERS\psched.sys 09298EC810B07E5D582CB3A3F9255424
C:\WINDOWS\System32\DRIVERS\ptilink.sys 80D317BD1C3DBC5D4FE7B1678C60CADD
C:\WINDOWS\System32\DRIVERS\rasacd.sys FE0D99D6F31E4FAD8159F690D68DED9C
C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 11B4A627BC9614B885C4969BFA5FF8A6
C:\WINDOWS\System32\DRIVERS\raspppoe.sys 5BC962F2654137C9909C3D4603587DEE
C:\WINDOWS\System32\DRIVERS\raspti.sys FDBB1D60066FCFBB7452FD8F9829B242
C:\WINDOWS\System32\DRIVERS\rdbss.sys 7AD224AD1A1437FE28D89CF22B17780A
C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 4912D5B403614CE99C28420F75353332
C:\WINDOWS\System32\DRIVERS\rdpdr.sys 15CABD0F7C00C47C70124907916AF3F1
C:\WINDOWS\system32\Drivers\RDPWD.sys 43AF5212BD8FB5BA6EED9754358BD8F7
C:\WINDOWS\System32\DRIVERS\redbook.sys F828DD7E1419B6653894A8F97A0094C5
C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 39763504067962108505BFF25F024345
C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 77B9FC20084B48408AD3E87570EB4A85
C:\WINDOWS\System32\DRIVERS\secdrv.sys ==> MD5 is legit
C:\WINDOWS\System32\DRIVERS\serenum.sys 0F29512CCD6BEAD730039FB4BD2C85CE
C:\WINDOWS\System32\DRIVERS\serial.sys CCA207A8896D4C6A0C9CE29A4AE411A7
C:\WINDOWS\system32\Drivers\Sfloppy.sys 8E6B8C671615D126FDC553D1E2DE5562
C:\WINDOWS\System32\drivers\splitter.sys AB8B92451ECB048A4D1DE7C3FFCB4A9F
C:\WINDOWS\System32\DRIVERS\sr.sys 76BB022C2FB6902FD5BDD4F78FC13A5D
C:\WINDOWS\System32\DRIVERS\srv.sys 47DDFC2F003F7F9F0592C6874962A2E7
C:\WINDOWS\System32\DRIVERS\swenum.sys 3941D127AEF12E93ADDF6FE6EE027E0F
C:\WINDOWS\System32\drivers\swmidi.sys 8CE882BCC6CF8A62F2B2323D95CB3D01
C:\WINDOWS\System32\drivers\sysaudio.sys 8B83F3ED0F1688B4958F77CD6D2BF290
C:\WINDOWS\System32\DRIVERS\tcpip.sys 9AEFA14BD6B182D61E3119FA5F436D3D
C:\WINDOWS\system32\Drivers\TDPIPE.sys 6471A66807F5E104E4885F5B67349397
C:\WINDOWS\system32\Drivers\TDTCP.sys C56B6D0402371CF3700EB322EF3AAF61
C:\WINDOWS\System32\DRIVERS\termdd.sys 88155247177638048422893737429D9E
C:\WINDOWS\system32\Drivers\Udfs.sys 5787B80C2E3C5E2F56C2A233D91FA2C9
C:\WINDOWS\System32\DRIVERS\update.sys 402DDC88356B1BAC0EE3DD1580C76A31
C:\WINDOWS\System32\DRIVERS\usbccgp.sys 1B611611C28D2DF25BC057D79C6F13FC
C:\WINDOWS\System32\DRIVERS\usbhub.sys 1AB3CDDE553B6E064D2E754EFE20285C
C:\WINDOWS\System32\DRIVERS\usbprint.sys A717C8721046828520C9EDF31288FC00
C:\WINDOWS\System32\DRIVERS\usbscan.sys F8EDE2B6928970DCE3D5614C27D9E7F6
C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS A32426D9B14A089EAA1D922E0C5801A9
C:\WINDOWS\System32\DRIVERS\usbuhci.sys 26496F9DEE2D787FC3E61AD54821FFE6
C:\WINDOWS\System32\drivers\vga.sys 0D3A8FAFCEACD8B7625CD549757A7DF1
C:\WINDOWS\system32\Drivers\VolSnap.sys 4C8FCB5CC53AAB716D810740FE59D025
C:\WINDOWS\System32\DRIVERS\wanarp.sys E20B95BAEDB550F32DD489265C1DA1F6
C:\WINDOWS\System32\drivers\wdmaud.sys 6768ACF64B18196494413695F0C3A00F

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Three Months Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-23 15:43 - 2016-01-23 15:44 - 00019738 _____ C:\Documents and Settings\COMPAQ\Desktop\FRST.txt
2016-01-23 15:42 - 2016-01-21 22:04 - 01721856 _____ (Farbar) C:\Documents and Settings\COMPAQ\Desktop\FRST.exe
2016-01-23 13:50 - 2016-01-23 13:51 - 00000000 ____D C:\FRST
2016-01-22 21:21 - 2016-01-22 21:21 - 00187432 _____ C:\Documents and Settings\COMPAQ\My Documents\mbam-log-2016-01-22 (20-11-47).txt
2015-11-22 18:05 - 2015-11-25 13:05 - 00000000 ____D C:\Program Files\Common Files\McAfee
2015-11-22 18:05 - 2015-11-24 20:19 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\McAfee
2015-11-22 18:05 - 2015-11-22 18:05 - 05157536 _____ (McAfee, Inc.) C:\Documents and Settings\COMPAQ\My Documents\McAfeeSetup-AutoLogin.exe

==================== Three Months Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-23 15:44 - 2010-04-07 13:01 - 00000000 ____D C:\Documents and Settings\COMPAQ\Local Settings\Temp
2016-01-23 15:42 - 1980-01-05 09:59 - 00000000 ____D C:\WINDOWS
2016-01-23 15:41 - 2010-06-23 11:49 - 00000424 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{8B98BA94-AD1A-4735-B310-FF5849E39087}.job
2016-01-23 14:36 - 2010-04-07 10:44 - 00032410 _____ C:\WINDOWS\SchedLgU.Txt
2016-01-23 14:00 - 2012-02-09 18:51 - 00000462 _____ C:\WINDOWS\Tasks\At4.job
2016-01-23 13:39 - 2003-03-31 06:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2016-01-23 13:38 - 2014-03-09 13:24 - 00000224 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2016-01-23 13:38 - 2010-04-07 10:44 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-23 02:10 - 2010-04-07 13:01 - 00000278 ___SH C:\Documents and Settings\COMPAQ\ntuser.ini
2016-01-22 21:53 - 2010-04-07 13:02 - 00000000 ___RD C:\Documents and Settings\COMPAQ\My Documents\My Pictures
2016-01-22 21:22 - 2010-06-10 07:58 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB978695_WM9$
2016-01-22 21:21 - 2010-04-07 13:01 - 00000000 ___RD C:\Documents and Settings\COMPAQ\My Documents
2016-01-22 20:40 - 2012-02-09 18:51 - 00000462 _____ C:\WINDOWS\Tasks\At2.job
2016-01-22 18:51 - 2012-02-09 18:51 - 00000462 _____ C:\WINDOWS\Tasks\At3.job
2016-01-22 10:10 - 2012-02-09 18:51 - 00000462 _____ C:\WINDOWS\Tasks\At1.job
2016-01-21 14:55 - 2012-02-09 18:52 - 00000000 ____D C:\Documents and Settings\COMPAQ\Application Data\HpUpdate
2016-01-19 19:11 - 2010-10-07 16:12 - 00000000 ____D C:\Documents and Settings\COMPAQ\Application Data\AdobeUM
2016-01-19 17:43 - 2015-02-02 13:02 - 00000000 ____D C:\Documents and Settings\COMPAQ\Application Data\visi_coupon
2016-01-13 03:10 - 2013-08-20 02:15 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-01-13 03:02 - 2010-06-07 07:39 - 141317472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-01-08 12:50 - 1980-01-05 09:59 - 00000000 ____D C:\WINDOWS\Network Diagnostic

==================== Files in the root of some directories =======

2010-04-26 09:22 - 2012-11-27 12:46 - 0001130 ____C () C:\Documents and Settings\All Users\Application Data\hpzinstall.log

Files to move or delete:
====================
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

 

 

Rerun of Additional Text from desktop

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:18-01-2016
Ran by COMPAQ (2016-01-23 15:45:11)
Running from C:\Documents and Settings\COMPAQ\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (1980-01-06 02:31:03)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1078081533-113007714-1644491937-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
COMPAQ (S-1-5-21-1078081533-113007714-1644491937-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\COMPAQ
Guest (S-1-5-21-1078081533-113007714-1644491937-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1078081533-113007714-1644491937-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1078081533-113007714-1644491937-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Out of date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 1.0.0 - Hewlett-Packard) Hidden
4660_4680_Help (Version: 1.00.0000 - Hewlett-Packard) Hidden
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.1.102.55 - Adobe Systems Incorporated)
Adobe Reader 6.0.2 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A00000000002}) (Version: 006.000.002 - Adobe Systems Incorporated)
AT&T Self Support Tool (HKLM\...\ATT-SST) (Version:  - )
att.net Internet Mail (HKLM\...\Yahoo! Mail) (Version:  - )
ATT-HSI (HKLM\...\ATT-HSI) (Version:  - )
avast! Free Antivirus (HKLM\...\avast5) (Version: 5.0.418.0 - Alwil Software)
BPD_HPSU (Version: 1.00.0000 - Hewlett-Packard) Hidden
bpd_scan (Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (Version: 50.0.165.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (Version: 100.0.170.000 - Hewlett-Packard) Hidden
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Destination Component (Version: 100.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 100.0.190.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DocMgr (Version: 100.0.201.000 - Hewlett-Packard) Hidden
DocProc (Version: 10.0.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Fax (Version: 100.0.272.000 - Hewlett-Packard) Hidden
GPBaseService (Version: 100.0.187.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 10.0 (HKLM\...\HPExtendedCapabilities) (Version: 10.0 - HP)
HP Document Manager 1.0 (HKLM\...\HP Document Manager) (Version: 1.0 - HP)
HP Imaging Device Functions 10.0 (HKLM\...\HP Imaging Device Functions) (Version: 10.0 - HP)
HP Officejet All-In-One Series (HKLM\...\{67335AB1-6341-4f87-A5B4-7FA92CEB77A4}) (Version: 1.0 - HP)
HP Officejet Pro 8500 A910 Basic Device Software (HKLM\...\{869D453C-53E8-4DE0-92EA-F574A22E82AE}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Officejet Pro 8500 A910 Help (HKLM\...\{13D324E9-9DB1-478D-944C-28BBE1BB80DC}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet Pro 8500 A910 Product Improvement Study (HKLM\...\{E3624DFE-B0AB-410A-9BDC-5D1681E5E388}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Photosmart Essential 2.5 (HKLM\...\HP Photosmart Essential) (Version: 2.5 - HP)
HP Smart Web Printing (HKLM\...\HP Smart Web Printing) (Version: 3.5 - HP)
HP Solution Center 10.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 10.0 - HP)
HP Update (HKLM\...\{787D1A33-A97B-4245-87C0-7174609A540C}) (Version: 5.002.005.003 - Hewlett-Packard)
HPProductAssistant (Version: 100.0.170.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 100.0.170.000 - Hewlett-Packard) Hidden
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4 - HP)
J4680 (Version: 50.0.165.000 - Hewlett-Packard) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MarketResearch (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Marketsplash Shortcuts (HKLM\...\{FB0C267C-8B4F-4867-8161-A6A3B66D42C1}) (Version: 1.0.0.9 - Hewlett-Packard)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Minute Menu Kids (HKLM\...\SkyHillKIDSforWindows_is1) (Version:  - Minute Menu Systems, LLC)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVMS7000 (HKLM\...\{D812B6DA-D179-45C2-B287-C13B7E449BD1}) (Version: 2.00.00.50 - company)
OCR Software by I.R.I.S. 10.0 (HKLM\...\HPOCR) (Version: 10.0 - HP)
ProductContext (Version: 50.0.165.000 - Hewlett-Packard) Hidden
PSSWCORE (Version: 2.02.0000 - Hewlett-Packard) Hidden
Scan (Version: 10.1.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 10.0 - HP)
SmartWebPrintingOC (Version: 100.0.189.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 100.0.175.000 - Hewlett-Packard) Hidden
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Status (Version: 100.0.272.000 - Hewlett-Packard) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1016 - SUPERAntiSpyware.com)
Toolbox (Version: 100.0.170.000 - Hewlett-Packard) Hidden
TrayApp (Version: 100.0.170.000 - Hewlett-Packard) Hidden
VideoToolkit01 (Version: 100.0.128.000 - Hewlett-Packard) Hidden
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
WinPcap 4.1.1 (HKLM\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\At1.job => C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At2.job => C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At3.job => C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At4.job => C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{8B98BA94-AD1A-4735-B310-FF5849E39087}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\att.net\att.net Mail.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> C:\PROGRA~1\Yahoo!\Common\Ymmapi.dll,OpenURL hxxp://mail.yahoo.com/?.redir=ymmapi11

==================== Loaded Modules (Whitelisted) ==============


==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2003-03-31 06:00 - 2003-03-31 06:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1078081533-113007714-1644491937-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\COMPAQ\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 4.2.2.1 - 4.2.2.2
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: avast5 => C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [D:\setup\HPZNUI01.EXE] => Enabled:hpznui01.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\DeviceSetup.exe] => :LocalSubNet:Enabled:HP Device Setup
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicator.exe] => :LocalSubNet:Enabled:HP Network Communicator
StandardProfile\AuthorizedApplications: [C:\Program Files\NVMS-7000 Station\NVMS-7000\NVMS-7000 Client\StreamServer\StreamServerApp.exe] => Enabled:StreamServerApp

==================== Restore Points =========================

23-11-2015 12:01:26 System Checkpoint
24-11-2015 12:13:24 System Checkpoint
28-11-2015 13:57:45 System Checkpoint
30-11-2015 15:55:03 System Checkpoint
04-12-2015 13:27:33 System Checkpoint
05-12-2015 13:30:05 System Checkpoint
06-12-2015 14:30:00 System Checkpoint
07-12-2015 14:31:57 System Checkpoint
08-12-2015 14:43:09 System Checkpoint
09-12-2015 10:53:37 Software Distribution Service 3.0
10-12-2015 10:57:00 System Checkpoint
11-12-2015 11:57:01 System Checkpoint
12-12-2015 12:55:56 System Checkpoint
13-12-2015 14:07:40 System Checkpoint
14-12-2015 14:50:54 System Checkpoint
15-12-2015 15:18:04 System Checkpoint
16-12-2015 15:26:07 System Checkpoint
17-12-2015 16:26:06 System Checkpoint
18-12-2015 18:14:24 System Checkpoint
19-12-2015 18:48:37 System Checkpoint
20-12-2015 19:15:06 System Checkpoint
21-12-2015 20:15:13 System Checkpoint
22-12-2015 21:15:10 System Checkpoint
24-12-2015 14:24:11 System Checkpoint
29-12-2015 10:32:19 System Checkpoint
30-12-2015 11:04:48 System Checkpoint
31-12-2015 12:04:48 System Checkpoint
01-01-2016 13:04:48 System Checkpoint
02-01-2016 14:04:48 System Checkpoint
03-01-2016 15:04:48 System Checkpoint
04-01-2016 15:19:10 System Checkpoint
07-01-2016 14:46:45 System Checkpoint
11-01-2016 14:48:03 System Checkpoint
12-01-2016 15:29:37 System Checkpoint
13-01-2016 03:00:16 Software Distribution Service 3.0
14-01-2016 03:51:12 System Checkpoint
15-01-2016 03:52:13 System Checkpoint
18-01-2016 14:03:34 System Checkpoint
19-01-2016 16:36:54 System Checkpoint
20-01-2016 19:56:28 System Checkpoint
21-01-2016 20:53:57 System Checkpoint
22-01-2016 21:46:21 System Checkpoint

==================== Faulty Device Manager Devices =============

Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Class Guid: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/22/2016 10:02:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/22/2016 06:57:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/08/2015 03:31:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/28/2015 08:45:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/22/2015 02:03:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/22/2015 02:03:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/20/2015 09:39:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/20/2015 08:14:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/20/2015 08:04:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/20/2015 08:04:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (01/23/2016 02:00:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At4.job command failed to start due to the following error:
%%2147942405

Error: (01/23/2016 01:39:31 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The HP CUE DeviceDiscovery Service service hung on starting.

Error: (01/23/2016 12:34:25 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The HP CUE DeviceDiscovery Service service hung on starting.

Error: (01/23/2016 12:29:34 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The HP CUE DeviceDiscovery Service service hung on starting.

Error: (01/22/2016 10:06:02 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The HP CUE DeviceDiscovery Service service hung on starting.

Error: (01/22/2016 09:24:53 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The HP CUE DeviceDiscovery Service service hung on starting.

Error: (01/22/2016 09:23:23 PM) (Source: 0) (EventID: 1) (User: )
Description: 0xC0000001HarddiskVolume1

Error: (01/22/2016 08:40:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At2.job command failed to start due to the following error:
%%2147942405

Error: (01/22/2016 08:02:02 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.1.2 for the Network Card with network address 000802331675 has been
denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).

Error: (01/22/2016 07:49:59 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The HP CUE DeviceDiscovery Service service hung on starting.


==================== Memory info ===========================

Processor:  Intel® Pentium® 4 CPU 1.70GHz
Percentage of memory in use: 70%
Total physical RAM: 255.42 MB
Available physical RAM: 75.11 MB
Total Virtual: 618.15 MB
Available Virtual: 466.47 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:18.64 GB) (Free:12.22 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive e: (AUSTIN) (Removable) (Total:1.86 GB) (Free:1.82 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 18.6 GB) (Disk ID: 00090009)
Partition 1: (Active) - (Size=18.6 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: 9BCD84A4)
Partition 1: (Not Active) - (Size=1.9 GB) - (Type=0E)

==================== End of Addition.txt ============================

 

 

Shortcut Text

 

 

Users shortcut scan result (x86) Version:18-01-2016
Ran by COMPAQ (2016-01-23 15:45:41)
Running from C:\Documents and Settings\COMPAQ\Desktop
Boot Mode: Normal

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)





Shortcut: C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\WINDOWS\system32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Notepad.lnk -> C:\WINDOWS\system32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Synchronize.lnk -> C:\WINDOWS\system32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Tour Windows XP.lnk -> C:\WINDOWS\system32\tourstart.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk -> C:\WINDOWS\system32\magnify.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\WINDOWS\system32\narrator.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\WINDOWS\system32\osk.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Administrator\Desktop\Spybot - Search & Destroy.lnk -> C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited)
Shortcut: C:\Documents and Settings\All Users\Start Menu\HP Solution Center.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqdirec.exe (Hewlett-Packard Company)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Windows Update.lnk -> C:\WINDOWS\system32\wupdmgr.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 6.0.lnk -> C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A00000000002}\SC_Reader_PMX.ico ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\I.R.I.S. OCR Registration.lnk -> C:\Program Files\HP\IrisOCR_12.3.4\regipe.exe (I.R.I.S. Image Recognition Integarted Systems)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk -> C:\Program Files\MSN\MSNCoreFiles\Install\msnsusii.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk -> C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk -> C:\Program Files\Movie Maker\moviemk.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\WinPcap\Uninstall WinPcap 4.1.1.lnk -> C:\Program Files\WinPcap\uninstall.exe (CACE Technologies, Inc.)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware\BootSafe.lnk -> C:\Program Files\SUPERAntiSpyware\BootSafe.exe (SUPERAdBlocker.com)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Alternate Start.lnk -> C:\Program Files\SUPERAntiSpyware\RUNSAS.EXE (SUPERAdBlocker.com and SUPERAntiSpyware.com)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Free Edition.lnk -> C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Help.lnk -> C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.chm ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\PrintMe Internet Printing\Download Driver.lnk -> C:\Program Files\Adobe\Acrobat 6.0\Reader\plug_ins\Printme\ConsoleApp.exe ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\PrintMe Internet Printing\Learn More.lnk -> C:\Program Files\Adobe\Acrobat 6.0\Reader\plug_ins\Printme\PMAdobeIndex.url ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\NVMS-7000 Station\NVMS-7000\NVMS-7000 Quick Start Guide.lnk -> C:\Program Files\NVMS-7000 Station\NVMS-7000\NVMS-7000 Client\NVMS-7000 Quick Operation Guide.pdf ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\NVMS-7000 Station\NVMS-7000\NVMS-7000 User Guide.lnk -> C:\Program Files\NVMS-7000 Station\NVMS-7000\NVMS-7000 Client\NVMS-7000 User Manual.pdf ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\NVMS-7000 Station\NVMS-7000\Uninstall NVMS-7000.lnk -> C:\Program Files\InstallShield Installation Information\{D812B6DA-D179-45C2-B287-C13B7E449BD1}\setup.exe (company)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\MM Kids\Minute Menu Kids.lnk -> C:\Program Files\MM Kids\kids.exe ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office\Microsoft Office Access 2003.lnk -> C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office\Microsoft Office Excel 2003.lnk -> C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office\Microsoft Office InfoPath 2003.lnk -> C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office\Microsoft Office Outlook 2003.lnk -> C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office\Microsoft Office PowerPoint 2003.lnk -> C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office\Microsoft Office Publisher 2003.lnk -> C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office\Microsoft Office Word 2003.lnk -> C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Digital Certificate for VBA Projects.lnk -> C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Clip Organizer.lnk -> C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2003 Language Settings.lnk -> C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Access Snapshot Viewer.lnk -> C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Document Imaging.lnk -> C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Document Scanning.lnk -> C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Picture Manager.lnk -> C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\HP\HP Document Manager.lnk -> C:\WINDOWS\Installer\{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}\NewShortcut3.1AAA2B88_1AC4_48A8_BD29_EFBA85C2472A.exe (InstallShield Software Corp.)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\HP\HP Solution Center.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqdirec.exe (Hewlett-Packard Company)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\HP\HP Update.lnk -> C:\Program Files\HP\HP Software Update\hpwucli.exe (Hewlett-Packard)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\HP\Shop for HP Supplies.lnk -> C:\Program Files\HP\Digital Imaging\hpqSSupply.exe (Hewlett-Packard Development Company L.P.)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\HP\Officejet J4680 Series\Help.lnk -> C:\Program Files\HP\Digital Imaging\Help\inkjet14.chm ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\HP\Officejet J4680 Series\Product Support Website.lnk -> C:\Program Files\HP\Digital Imaging\HP Officejet J4680 Series\help\HP Product Support Website.url ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\HP\Officejet J4680 Series\Readme.lnk -> C:\Program Files\HP\Digital Imaging\{67335AB1-6341-4f87-A5B4-7FA92CEB77A4}\help\readme.html ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\HP\HP Smart Web Printing\HP Smart Web Printing Help.lnk -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\Help\hpsmartprint.chm ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\HP\HP Photosmart Essential 2.5\HP Photosmart Essential 2.5.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe (Hewlett-Packard Development Co. L.P.)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\HP\HP Officejet Pro 8500 A910\Connect a New Printer.lnk -> C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\DeviceSetupLauncher.exe (Hewlett-Packard Co.)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\HP\HP Officejet Pro 8500 A910\Help.lnk -> C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HelpViewer\hpqlpvwr.exe (Hewlett-Packard Co.)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\HP\HP Officejet Pro 8500 A910\HP Officejet Pro 8500 A910.lnk -> C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HP Officejet Pro 8500 A910.exe (Hewlett-Packard Co.)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\HP\HP Officejet Pro 8500 A910\HP Scan.lnk -> C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPScan.exe (Hewlett-Packard Co.)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\HP\HP Officejet Pro 8500 A910\Product Support Website.lnk -> C:\Program Files\HP\HP Officejet Pro 8500 A910\ProductSupportShortcut.url ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\HP\HP Officejet Pro 8500 A910\Shop for Supplies.lnk -> C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpqDTSS.exe (Hewlett-Packard Co.)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Games\Freecell.lnk -> C:\WINDOWS\system32\freecell.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Games\Hearts.lnk -> C:\WINDOWS\system32\mshearts.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Games\Internet Backgammon.lnk -> C:\Program Files\MSN Gaming Zone\Windows\bckgzm.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Games\Internet Checkers.lnk -> C:\Program Files\MSN Gaming Zone\Windows\chkrzm.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Games\Internet Hearts.lnk -> C:\Program Files\MSN Gaming Zone\Windows\hrtzzm.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Games\Internet Reversi.lnk -> C:\Program Files\MSN Gaming Zone\Windows\Rvsezm.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Games\Internet Spades.lnk -> C:\Program Files\MSN Gaming Zone\Windows\shvlzm.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Games\Minesweeper.lnk -> C:\WINDOWS\system32\winmine.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Games\Pinball.lnk -> C:\Program Files\Windows NT\Pinball\PINBALL.EXE (Cinematronics)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Games\Solitaire.lnk -> C:\WINDOWS\system32\sol.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Games\Spider Solitaire.lnk -> C:\WINDOWS\system32\spider.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus\avast! Free Antivirus.lnk -> C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\WINDOWS\system32\Com\comexp.msc ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\WINDOWS\system32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Calculator.lnk -> C:\WINDOWS\system32\calc.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Paint.lnk -> C:\WINDOWS\system32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\WINDOWS\system32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\WordPad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Backup.lnk -> C:\WINDOWS\system32\ntbackup.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\WINDOWS\system32\charmap.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\WINDOWS\system32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Disk Defragmenter.lnk -> C:\WINDOWS\system32\dfrg.msc ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Files and Settings Transfer Wizard.lnk -> C:\WINDOWS\system32\usmt\migwiz.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Security Center.lnk -> C:\WINDOWS\system32\wscui.cpl (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\WINDOWS\system32\Restore\rstrui.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Entertainment\Sound Recorder.lnk -> C:\WINDOWS\system32\sndrec32.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Entertainment\Volume Control.lnk -> C:\WINDOWS\system32\sndvol32.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\HyperTerminal.lnk -> C:\Program Files\Windows NT\hypertrm.exe (Hilgraeve, Inc.)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Accessibility\Accessibility Wizard.lnk -> C:\WINDOWS\system32\accwiz.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\All Users\Desktop\Adobe Reader 6.0.lnk -> C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
Shortcut: C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk -> C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
Shortcut: C:\Documents and Settings\All Users\Desktop\HP Document Manager.lnk -> C:\WINDOWS\Installer\{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}\NewShortcut31.1AAA2B88_1AC4_48A8_BD29_EFBA85C2472A.exe (InstallShield Software Corp.)
Shortcut: C:\Documents and Settings\All Users\Desktop\HP ePrintCenter - HP Officejet Pro 8500 A910.lnk -> C:\Program Files\HP\HP Officejet Pro 8500 A910\ePrintCenterShortcut.url ()
Shortcut: C:\Documents and Settings\All Users\Desktop\HP Officejet Pro 8500 A910 Scan.lnk -> C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPScan.exe (Hewlett-Packard Co.)
Shortcut: C:\Documents and Settings\All Users\Desktop\HP Officejet Pro 8500 A910.lnk -> C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HP Officejet Pro 8500 A910.exe (Hewlett-Packard Co.)
Shortcut: C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential 2.5.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe (Hewlett-Packard Development Co. L.P.)
Shortcut: C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqdirec.exe (Hewlett-Packard Company)
Shortcut: C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk -> C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
Shortcut: C:\Documents and Settings\All Users\Desktop\NVMS-7000 Client.lnk -> C:\Program Files\NVMS-7000 Station\NVMS-7000\NVMS-7000 Client\NVMS-7000.exe ()
Shortcut: C:\Documents and Settings\All Users\Desktop\Shop for HP Supplies.lnk -> C:\Program Files\HP\Digital Imaging\hpqSSupply.exe (Hewlett-Packard Development Company L.P.)
Shortcut: C:\Documents and Settings\All Users\Desktop\Shop for Supplies - HP Officejet Pro 8500 A910.lnk -> C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpqDTSS.exe (Hewlett-Packard Co.)
Shortcut: C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk -> C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
Shortcut: C:\Documents and Settings\COMPAQ\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\COMPAQ\Start Menu\Programs\Outlook Express.lnk -> C:\Program Files\Outlook Express\msimn.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\COMPAQ\Start Menu\Programs\Accessories\Address Book.lnk -> C:\Program Files\Outlook Express\wab.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\COMPAQ\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\WINDOWS\system32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\COMPAQ\Start Menu\Programs\Accessories\Notepad.lnk -> C:\WINDOWS\system32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\COMPAQ\Start Menu\Programs\Accessories\Synchronize.lnk -> C:\WINDOWS\system32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\COMPAQ\Start Menu\Programs\Accessories\Tour Windows XP.lnk -> C:\WINDOWS\system32\tourstart.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\COMPAQ\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\COMPAQ\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk -> C:\WINDOWS\system32\magnify.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\COMPAQ\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\WINDOWS\system32\narrator.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\COMPAQ\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\WINDOWS\system32\osk.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\COMPAQ\My Documents\My Pictures\Sample Pictures.lnk -> C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures ()
Shortcut: C:\Documents and Settings\COMPAQ\My Documents\My Music\Sample Music.lnk -> C:\Documents and Settings\All Users\Documents\My Music\Sample Music ()
Shortcut: C:\Documents and Settings\COMPAQ\Desktop\HP ePrintCenter - HP Officejet Pro 8500 A910.lnk -> C:\Program Files\HP\HP Officejet Pro 8500 A910\ePrintCenterShortcut.url ()
Shortcut: C:\Documents and Settings\COMPAQ\Desktop\Microsoft Office Word 2003.lnk -> C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe ()
Shortcut: C:\Documents and Settings\COMPAQ\Desktop\Minute Menu Kids.lnk -> C:\Program Files\MM Kids\kids.exe ()
Shortcut: C:\Documents and Settings\COMPAQ\Desktop\NVMS-7000 Client.lnk -> C:\Program Files\NVMS-7000 Station\NVMS-7000\NVMS-7000 Client\NVMS-7000.exe ()
Shortcut: C:\Documents and Settings\COMPAQ\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\WINDOWS\system32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Notepad.lnk -> C:\WINDOWS\system32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Synchronize.lnk -> C:\WINDOWS\system32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Tour Windows XP.lnk -> C:\WINDOWS\system32\tourstart.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk -> C:\WINDOWS\system32\magnify.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\WINDOWS\system32\narrator.exe (Microsoft Corporation)
Shortcut: C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\WINDOWS\system32\osk.exe (Microsoft Corporation)


ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\att.net\att.net Mail.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> C:\PROGRA~1\Yahoo!\Common\Ymmapi.dll,OpenURL hxxp://mail.yahoo.com/?.redir=ymmapi11


ShortcutWithArgument: C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk -> C:\WINDOWS\system32\rcimlby.exe (Microsoft Corporation) -> -LaunchRA
ShortcutWithArgument: C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Entertainment\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk -> C:\WINDOWS\system32\utilman.exe (Microsoft Corporation) -> /start
ShortcutWithArgument: C:\Documents and Settings\Administrator\Favorites\helpme_att.lnk -> C:\Program Files\ATT-SST\McciBrowser.exe (Alcatel-Lucent) -> "-AppKey=ATT-SST -URL=file:\\C:\Program Files\ATT-SST\OCB\8af0227b-7a4f-4041-bef2-cde1cea71270\Start.htm?VendorID=ATT-SST,isHidden=false,ConnectivityRequired=true,flowId=escalator,FlowParams="
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk -> C:\WINDOWS\system32\control.exe (Microsoft Corporation) -> appwiz.cpl,,3
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Registration-Activation.lnk -> C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware) ->  /register
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2003 Save My Settings Wizard.lnk -> C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe () -> /u
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Application Recovery.lnk -> C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe () -> -c
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\HP\Officejet J4680 Series\Product Registration.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe (Hewlett-Packard Co.) -> "Officejet J4680 Series"
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\HP\Officejet J4680 Series\Reconfigure Network Settings.lnk -> C:\Program Files\HP\Digital Imaging\{67335AB1-6341-4f87-A5B4-7FA92CEB77A4}\setup\hpzcdl01.exe (Hewlett-Packard) -> -m ConfigureUSBDevice
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\HP\Officejet J4680 Series\Uninstall.lnk -> C:\Program Files\HP\Digital Imaging\{67335AB1-6341-4f87-A5B4-7FA92CEB77A4}\setup\hpzscr01.exe (Hewlett-Packard) -> -datfile hpwscr20.dat -onestop
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\HP\HP Officejet Pro 8500 A910\HP Product Improvement Study.lnk -> C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe (Hewlett-Packard Co.) -> /changesettings /UA 9.0 /DDV 0x0805
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\HP\HP Officejet Pro 8500 A910\Uninstall.lnk -> C:\WINDOWS\system32\msiexec.exe (Microsoft Corporation) -> /qb /x {869D453C-53E8-4DE0-92EA-F574A22E82AE}
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\AT&T\AT&T Self Support Tool.lnk -> C:\Program Files\ATT-SST\McciBrowser.exe (Alcatel-Lucent) -> "-AppKey=ATT-SST -URL=file:\\C:\Program Files\ATT-SST\OCB\8af0227b-7a4f-4041-bef2-cde1cea71270\Start.htm?VendorID=ATT-SST,isHidden=false,ConnectivityRequired=true,flowId=HOMEPAGE,FlowParams= -windowcontext=ATT-SST"
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\WINDOWS\system32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\WINDOWS\system32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Local Security Policy.lnk -> C:\WINDOWS\system32\secpol.msc () -> /s
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Performance.lnk -> C:\WINDOWS\system32\perfmon.msc () -> /s
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk -> C:\WINDOWS\system32\services.msc () -> /s
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Scanner and Camera Wizard.lnk -> C:\WINDOWS\system32\wiaacmgr.exe (Microsoft Corporation) -> -SelectDevice
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Scheduled Tasks.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation) -> ::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\::{21EC2020-3AEA-1069-A2DD-08002B30309D}\::{D6277990-4C6A-11CF-8D87-00AA0060F5BF}
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\Network Connections.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation) -> ::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\::{21EC2020-3AEA-1069-A2DD-08002B30309D}\::{7007acc7-3202-11d1-aad2-00805fc1270e}
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\Network Setup Wizard.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> hnetwiz.dll,HomeNetWizardRunDll
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\New Connection Wizard.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> netshell.dll,StartNCW
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\Wireless Network Setup Wizard.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> shell32.dll,Control_RunDLL NetSetup.cpl,@0,WNSW
ShortcutWithArgument: C:\Documents and Settings\All Users\Favorites\helpme_att.lnk -> C:\Program Files\ATT-SST\McciBrowser.exe (Alcatel-Lucent) -> "-AppKey=ATT-SST -URL=file:\\C:\Program Files\ATT-SST\OCB\8af0227b-7a4f-4041-bef2-cde1cea71270\Start.htm?VendorID=ATT-SST,isHidden=false,ConnectivityRequired=true,flowId=escalator,FlowParams="
ShortcutWithArgument: C:\Documents and Settings\All Users\Desktop\AT&T Self Support Tool.lnk -> C:\Program Files\ATT-SST\McciBrowser.exe (Alcatel-Lucent) -> "-AppKey=ATT-SST -URL=file:\\C:\Program Files\ATT-SST\OCB\8af0227b-7a4f-4041-bef2-cde1cea71270\Start.htm?VendorID=ATT-SST,isHidden=false,ConnectivityRequired=true,flowId=HOMEPAGE,FlowParams= -windowcontext=ATT-SST"
ShortcutWithArgument: C:\Documents and Settings\COMPAQ\Start Menu\Programs\Remote Assistance.lnk -> C:\WINDOWS\system32\rcimlby.exe (Microsoft Corporation) -> -LaunchRA
ShortcutWithArgument: C:\Documents and Settings\COMPAQ\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Documents and Settings\COMPAQ\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ->  -extoff
ShortcutWithArgument: C:\Documents and Settings\COMPAQ\Start Menu\Programs\Accessories\Entertainment\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Documents and Settings\COMPAQ\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk -> C:\WINDOWS\system32\utilman.exe (Microsoft Corporation) -> /start
ShortcutWithArgument: C:\Documents and Settings\COMPAQ\Favorites\helpme_att.lnk -> C:\Program Files\ATT-SST\McciBrowser.exe (Alcatel-Lucent) -> "-AppKey=ATT-SST -URL=file:\\C:\Program Files\ATT-SST\OCB\8af0227b-7a4f-4041-bef2-cde1cea71270\Start.htm?VendorID=ATT-SST,isHidden=false,ConnectivityRequired=true,flowId=escalator,FlowParams="
ShortcutWithArgument: C:\Documents and Settings\COMPAQ\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Documents and Settings\Default User\Start Menu\Programs\Remote Assistance.lnk -> C:\WINDOWS\system32\rcimlby.exe (Microsoft Corporation) -> -LaunchRA
ShortcutWithArgument: C:\Documents and Settings\Default User\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Entertainment\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk -> C:\WINDOWS\system32\utilman.exe (Microsoft Corporation) -> /start
ShortcutWithArgument: C:\Documents and Settings\Default User\Favorites\helpme_att.lnk -> C:\Program Files\ATT-SST\McciBrowser.exe (Alcatel-Lucent) -> "-AppKey=ATT-SST -URL=file:\\C:\Program Files\ATT-SST\OCB\8af0227b-7a4f-4041-bef2-cde1cea71270\Start.htm?VendorID=ATT-SST,isHidden=false,ConnectivityRequired=true,flowId=escalator,FlowParams="


InternetURL: C:\Documents and Settings\All Users\Start Menu\Programs\WinPcap\WinPcap Web Site.url -> hxxp://www.winpcap.org/
InternetURL: C:\Documents and Settings\COMPAQ\Favorites\ArbiterSports - Home.url -> hxxp://www.arbitersports.com/front/100999/Site/PageContent/Home
InternetURL: C:\Documents and Settings\COMPAQ\Favorites\Benefits Overview - Alliance for Affordable Services.url -> hxxp://www.affordableservices.org/Benefits/BenefitsOverview.aspx
InternetURL: C:\Documents and Settings\COMPAQ\Favorites\Chase Online - Logon.url -> hxxps://chaseonline.chase.com/Logon.aspx
InternetURL: C:\Documents and Settings\COMPAQ\Favorites\Chase Online -banking.url -> hxxps://chaseonline.chase.com/Secure/Interstitial.aspx
InternetURL: C:\Documents and Settings\COMPAQ\Favorites\chase online banking - Bing.url -> hxxp://www.bing.com/search?q=chase+online+banking&form=QBRE&qs=AS&sk=AS2&pq=chase&sp=3&sc=8-5
InternetURL: C:\Documents and Settings\COMPAQ\Favorites\Christian Children's Songs and Prayers Quiz - Bible for Kids.url -> hxxp://www.funtrivia.com/trivia-quiz/ForChildren/Christian-Childrens-Songs--and-Prayers-260123.html
InternetURL: C:\Documents and Settings\COMPAQ\Favorites\Crystal Stairs.url -> hxxp://www.crystalstairs.com/
InternetURL: C:\Documents and Settings\COMPAQ\Favorites\Google.url -> hxxp://www.google.com/
InternetURL: C:\Documents and Settings\COMPAQ\Favorites\LAUNITBASKETBALL.ORG - Bing.url -> hxxp://www.bing.com/search?q=LAUNITBASKETBALL.ORG&src=IE-SearchBox&FORM=IE8SRC
InternetURL: C:\Documents and Settings\COMPAQ\Favorites\Minute Menu food program.url -> hxxp://www.minutemenu.com/web/index.html
InternetURL: C:\Documents and Settings\COMPAQ\Favorites\MSN.com.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=IStart
InternetURL: C:\Documents and Settings\COMPAQ\Favorites\Quiz Results.url -> hxxp://www.funtrivia.com/newflash/process.cfm
InternetURL: C:\Documents and Settings\COMPAQ\Favorites\Radio Station Guide.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=windows&sbp=mediaplayer&plcid=&pver=6.1&os=&over=&olcid=&clcid=&ar=Media&sba=RadioBar&o1=&o2=&o3=
InternetURL: C:\Documents and Settings\COMPAQ\Favorites\Welcome to vonscu.com.url -> hxxp://www.vonscreditunion.org/
InternetURL: C:\Documents and Settings\COMPAQ\Favorites\Microsoft Websites\IE Add-on site.url -> hxxp://go.microsoft.com/fwlink/?LinkId=50893
InternetURL: C:\Documents and Settings\COMPAQ\Favorites\Microsoft Websites\IE site on Microsoft.com.url -> hxxp://go.microsoft.com/fwlink/?linkid=44661
InternetURL: C:\Documents and Settings\COMPAQ\Favorites\Microsoft Websites\Microsoft At Home.url -> hxxp://go.microsoft.com/fwlink/?linkid=55424
InternetURL: C:\Documents and Settings\COMPAQ\Favorites\Microsoft Websites\Microsoft At Work.url -> hxxp://go.microsoft.com/fwlink/?linkid=68920
InternetURL: C:\Documents and Settings\COMPAQ\Favorites\Microsoft Websites\Microsoft Store.url -> hxxp://go.microsoft.com/fwlink/?linkid=140813
InternetURL: C:\Documents and Settings\COMPAQ\Favorites\Links\ArbiterSports - Home (2).url -> hxxp://www.arbitersports.com/front/100999/Site/PageContent/Home
InternetURL: C:\Documents and Settings\COMPAQ\Favorites\Links\ArbiterSports - Home.url -> hxxp://www.arbitersports.com/front/100999/Site/PageContent/Home
InternetURL: C:\Documents and Settings\COMPAQ\Favorites\Links\ATT.NET - Email, News, Sports, Entertainment and Games.url -> hxxp://att.my.yahoo.com/
InternetURL: C:\Documents and Settings\COMPAQ\Favorites\Links\Benefits Overview - Alliance for Affordable Services.url -> hxxp://www.affordableservices.org/Benefits/BenefitsOverview.aspx
InternetURL: C:\Documents and Settings\COMPAQ\Favorites\Links\CBOA - California Basketball Officials Association (2).url -> hxxp://www.cboa.net/topLevel.cgi
InternetURL: C:\Documents and Settings\COMPAQ\Favorites\Links\CBOA - California Basketball Officials Association.url -> hxxp://www.cboa.net/losangeles/
InternetURL: C:\Documents and Settings\COMPAQ\Favorites\Links\Chase Online - Logon.url -> hxxps://chaseonline.chase.com/Logon.aspx
InternetURL: C:\Documents and Settings\COMPAQ\Favorites\Links\Chase Online -.url -> hxxps://chaseonline.chase.com/Secure/Interstitial.aspx
InternetURL: C:\Documents and Settings\COMPAQ\Favorites\Links\Free Hotmail.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=hotmail
InternetURL: C:\Documents and Settings\COMPAQ\Favorites\Links\LAUNITBASKETBALL.ORG - Bing.url -> hxxp://www.bing.com/search?q=LAUNITBASKETBALL.ORG&src=IE-SearchBox&FORM=IE8SRC
InternetURL: C:\Documents and Settings\COMPAQ\Favorites\Links\Minute Menu (3).url -> hxxp://www.minutemenu.com/web/index.html
InternetURL: C:\Documents and Settings\COMPAQ\Favorites\Links\Minute Menu WebKids.url -> hxxps://www.minutemenu.com/content/frm301LoginBrowserDetect.aspx?credential_0=321001214&credential_1=d8aj2ax6&credential_2=0&l=0
InternetURL: C:\Documents and Settings\COMPAQ\Favorites\Links\My Account Home  Time Warner Cable.url -> hxxps://myservices.timewarnercable.com/myservices/account/index
InternetURL: C:\Documents and Settings\COMPAQ\Favorites\Links\Suggested Sites.url -> hxxps://ieonline.microsoft.com/#ieslice
InternetURL: C:\Documents and Settings\COMPAQ\Favorites\Links\Tropical Fish for Freshwater Aquariums Pictus Cat.url -> hxxp://www.liveaquaria.com/product/prod_display.cfm?c=830+1163+933&pcatid=933
InternetURL: C:\Documents and Settings\COMPAQ\Favorites\Links\Web Slice Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315
InternetURL: C:\Documents and Settings\COMPAQ\Favorites\Links\Welcome to vonscu.url -> hxxp://www.vonscreditunion.org/
InternetURL: C:\Documents and Settings\COMPAQ\Favorites\AT&T\AT&T Chat Support.url -> hxxp://support.att.com/chat
InternetURL: C:\Documents and Settings\COMPAQ\Favorites\AT&T\AT&T High Speed Internet New User Website.url -> hxxp://www.att.com/startdsl
InternetURL: C:\Documents and Settings\COMPAQ\Favorites\AT&T\AT&T High Speed Internet Support.url -> hxxp://www.att.com/esupport/main.jsp?cv=801
InternetURL: C:\Documents and Settings\COMPAQ\Favorites\AT&T\AT&T Internet Home.url -> hxxp://www.att.net
InternetURL: C:\Documents and Settings\COMPAQ\Favorites\AT&T\AT&T Manage My Account AT&T Member Services.url -> hxxp://att.yahoo.com/membercenter
InternetURL: C:\Documents and Settings\COMPAQ\Favorites\AT&T\AT&T Webmail.url -> hxxp://mail.yahoo.com
InternetURL: C:\Documents and Settings\COMPAQ\Desktop\AT&T Internet.url -> hxxp://www.att.net
InternetURL: C:\Documents and Settings\COMPAQ\Desktop\AT&T Webmail.url -> hxxp://mail.yahoo.com

==================== End of Shortcut.txt =============================
 


Edited by fastback, 23 January 2016 - 07:08 PM.


#4 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,660 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:50 AM

Posted 23 January 2016 - 11:39 PM

You should be aware that the support for the Microsoft Windows XP and 8 has been ended and you should upgrade to mitigate security vulnerabilities. You may uninstall Spybot - Search & Destroy, and SUPERAntiSpyware.


 
  • Step #2 Fix with FRST
    Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.
    • Open Notepad.exe. Do not use any other text editor software;
    • Copy and Paste the contents inside the code-box to your Notepad --
      Start
      CreateRestorePoint:
      CloseProcesses:
      EmptyTemp:
      URLSearchHook: HKU\S-1-5-21-1078081533-113007714-1644491937-1003 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn10\yt.dll (Yahoo! Inc.)
      URLSearchHook: HKU\S-1-5-21-1078081533-113007714-1644491937-1003 - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn10\yt.dll (Yahoo! Inc.)
      C:\Windows\Tasks\At*.job
      2015-11-22 18:05 - 2015-11-25 13:05 - 00000000 ____D C:\Program Files\Common Files\McAfee
      2015-11-22 18:05 - 2015-11-24 20:19 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\McAfee
      2015-11-22 18:05 - 2015-11-22 18:05 - 05157536 _____ (McAfee, Inc.) C:\Documents and Settings\COMPAQ\My Documents\McAfeeSetup-AutoLogin.exe
      End
    • Click on File > Save as...
      • Inside the File Name box type fixlist.txt;
      • From the Save as type drop down list, choose All Files
    • Save the file to your Desktop;
    • Re-run FRST.exe and click Fix;
      • Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.
    • After the completion, a log will be produced;
    • Copy and Paste the contents of the log in your next reply.
 
  • Step #3 Scan with Malwarebytes' Anti-Malware
    • Download Malwarebytes' Anti-Malware from the suitable link below --
    • Double-click on mbam-setup-version-number.exe to install the application.
    • Before clicking Finish perform the following actions --
      • Un-check the box beside Enable free trial of Malwarebytes Anti-Malware Premium.
      • Check the box beside Launch Malwarebytes Anti-Malware
    • Once the program has loaded, The MBAM dashboard will appear with an alert to update - click the green button Update Now;
      • Navigate to the Settings tab Detection and Protection and check all the boxes under Detection Options
    • From the Dashboard click on Scan Now;
    • If threats are detected, make sure everything is set to Quarantine and click on Apply actions. If the program asks to reboot your PC, let it do so;
    • On completion of the scan click on History > Application Log. After that click on the top Scan Log > Export, select Text File and save the log to your Desktop;
    • Copy and Paste the contents of the log in your next reply.
 
  • Step #4 ESET Online Scanner
    Disable your security programs which includes but not limited to anti-virus, anti-malware, anti-spyware et cetera. Peruse this for additional information.
    • Download esetsmartinstaller_enu.exe by clicking here.
    • Right-click on the program and choose Run as administrator.
    • Accept their terms and condition and proceed.
    • Install Add-On/Active X if prompted.
    • From the Computer Scan Setting check the following box --
      • Enable detection for potentially unwanted programs
    • Click on Advanced Setting --
      • Check the box beside Remove Found Threats;
      • Check the box beside Scan archives
      • Check the box beside Scan for potentially unsafe applications
      • Check the box beside Enable Anti-Stealth Technology
    • Click on Start and wait for the virus signature database to update.
    • The online scan will begin automatically and can take several hours.
      • Note: Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
    • After the Scan finishes --
      • If no threats were found:
        • Put a checkmark in Uninstall application on close.
        • Close the program and report that nothing was found
      • If threats were found:
        • Open the file located in C:\Program Files\ESET\ESET Online Scanner\log.txt (32-bit) or C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt (64-bit).
        • Copy and Paste contents of the log file in your next reply.
    Note: Enable your security programs afterwards.
 
  • Required Log(s):
    • FRST Fix Log
    • Malwarebytes' Anti-Malware Fix Log
    • ESET Log
Regards,
Valinorum

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#5 fastback

fastback
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:50 PM

Posted 24 January 2016 - 03:27 AM

Okay all done. I uninstalled Spybot - Search & Destroy, and SUPERAntiSpyware. Then ran FRST. After

running FRST it prompted to reboot the pc. After rebooting a prompt came up stating new hardware was

found and windows was searching for the drivers and could not find it.

 

I checked the Device Manager and noticed the following:

? Other Devices (in yellow)

     ? Unknown Device

 

I checked the Device Properties and noticed the following:

 

The driver for this device are not installed (code 28)

To reinstall the drivers for this Device, click Reinstall Driver

 

I checked the Details Tab and noticed the following:

ROOT\LEGACY_SASKUTIL\0000

 

Not sure what's going on with that. Windows internet explorer still having some issues

It seems to freeze for a moment when first loading the home page. Also when loading

bleepingcomputer.com, I get a tab if you may, which states,

 

"To help protect your security, Internet Explorer has blocked this website from displayin

content with security certificate errors. Click for options..."

 

After clicking allow, Internet Explorer becomes unresponsive, hanging with an hour glass displayed

for a moment. Still working a little sluggish.

 

Also I was considering uninstalling Avast and trying out Microsoft Security Essentials or do you

have any suggestions for a free security program for this PC?

 

Okay anyway here are the reports. There is no report for ESET. It did not find anything.

 

 

Fix result of Farbar Recovery Scan Tool (x86) Version:18-01-2016
Ran by COMPAQ (2016-01-23 21:04:58) Run:1
Running from C:\Documents and Settings\COMPAQ\Desktop
Loaded Profiles: COMPAQ (Available Profiles: COMPAQ & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
EmptyTemp:
URLSearchHook: HKU\S-1-5-21-1078081533-113007714-1644491937-1003 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn10\yt.dll (Yahoo! Inc.)
URLSearchHook: HKU\S-1-5-21-1078081533-113007714-1644491937-1003 - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn10\yt.dll (Yahoo! Inc.)
C:\Windows\Tasks\At*.job
2015-11-22 18:05 - 2015-11-25 13:05 - 00000000 ____D C:\Program Files\Common Files\McAfee
2015-11-22 18:05 - 2015-11-24 20:19 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\McAfee
2015-11-22 18:05 - 2015-11-22 18:05 - 05157536 _____ (McAfee, Inc.) C:\Documents and Settings\COMPAQ\My Documents\McAfeeSetup-AutoLogin.exe
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-1078081533-113007714-1644491937-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => value removed successfully.
"HKCR\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}" => key removed successfully.
HKU\S-1-5-21-1078081533-113007714-1644491937-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} => value removed successfully.
"HKCR\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}" => key removed successfully.

=========== "C:\Windows\Tasks\At*.job" ==========

C:\Windows\Tasks\At1.job => moved successfully
C:\Windows\Tasks\At2.job => moved successfully
C:\Windows\Tasks\At3.job => moved successfully
C:\Windows\Tasks\At4.job => moved successfully

========= End -> "C:\Windows\Tasks\At*.job" ========

C:\Program Files\Common Files\McAfee => moved successfully
C:\Documents and Settings\All Users\Application Data\McAfee => moved successfully
C:\Documents and Settings\COMPAQ\My Documents\McAfeeSetup-AutoLogin.exe => moved successfully
EmptyTemp: => 123.4 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 21:08:45 ====

 

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/23/2016
Scan Time: 9:34:12 PM
Logfile: MWB_ScanLog.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.01.24.01
Rootkit Database: v2016.01.20.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: COMPAQ

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 326732
Time Elapsed: 31 min, 25 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


Edited by fastback, 24 January 2016 - 03:36 AM.


#6 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,660 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:50 AM

Posted 24 January 2016 - 09:41 AM

The driver is from SUPERAntiSpyware. Do not worry.

Not sure what's going on with that. Windows internet explorer still having some issues

It seems to freeze for a moment when first loading the home page. Also when loading

bleepingcomputer.com, I get a tab if you may, which states,

"To help protect your security, Internet Explorer has blocked this website from displayin

content with security certificate errors. Click for options..."


Does this happen with every browser? Please try to reset Internet Explorer.

Also I was considering uninstalling Avast and trying out Microsoft Security Essentials or do you

have any suggestions for a free security program for this PC?

avast! itself is an excellent choice but you may encounter sluggishness due to low memory. Have you considered upgrading your RAM? You may move on to Microsoft Security Essential if you incline to use low memory.


 
  • Step #5 Fix with AdwCleaner
    • Download AdwCleaner by Xplode to your Desktop from the following link.
    • Right-click on AdwCleaner.exe and choose Run as administrator;
    • Click on Option and put a tick mark on everything;
    • Click on Scan and let the program run unhindered;
    • When done, click on Clean and allow the system to reboot after it is done;
    • A log will be opened automatically after the restart. If not, it is located in C:\AdwCleaner\AdwCleaner[CX].txt, where X is replaced with a number;
    • Copy and Paste the contents of this log in your reply.
 
  • Required Log(s):
    • AdwCleaner Log
Regards,
Valinorum

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#7 fastback

fastback
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:50 PM

Posted 24 January 2016 - 12:41 PM

Here is the AdwCleaner Log

 

 

# AdwCleaner v5.030 - Logfile created 24/01/2016 at 09:32:09
# Updated 17/01/2016 by Xplode
# Database : 2016-01-19.2 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : COMPAQ - COMPAQ-275C6B92
# Running from : C:\Documents and Settings\COMPAQ\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : YahooAUService

***** [ Folders ] *****

[-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[-] Folder Deleted : C:\Documents and Settings\COMPAQ\Application Data\HPAppData
[-] Folder Deleted : C:\Documents and Settings\COMPAQ\Application Data\visi_coupon
[-] Folder Deleted : C:\Documents and Settings\COMPAQ\Application Data\Yahoo!\Companion
[-] Folder Deleted : C:\Documents and Settings\COMPAQ\Application Data\YahooCouponAddOn
[-] Folder Deleted : C:\Program Files\Yahoo!\Companion

***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\YMERemote.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B722ED8B-0B38-408E-BB89-260C73BCF3D4}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
[-] Key Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Yahoo! Companion
[-] Key Deleted : HKU\.DEFAULT\Software\Yahoo\Companion
[-] Key Deleted : HKU\.DEFAULT\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\shopathome.com

***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Proxy settings cleared
:: Winsock settings cleared
:: TCP/IP settings cleared
:: Firewall settings cleared
:: IPSec settings cleared
:: BITS queue cleared
:: Chrome policies deleted

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4262 bytes] ##########
 



#8 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,660 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:50 AM

Posted 24 January 2016 - 10:57 PM

How is your PC performing?

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#9 fastback

fastback
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:50 PM

Posted 24 January 2016 - 11:54 PM

Seems better, I haven't reset Internet Explorer yet. I was waiting to see if we were done or not.

Is there anything else I should do?


Edited by fastback, 25 January 2016 - 12:00 AM.


#10 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,660 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:50 AM

Posted 25 January 2016 - 12:03 AM

Is Internet Explorer still causing issues?

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#11 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,660 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:50 AM

Posted 27 January 2016 - 10:14 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users