Solved WIN XP won't boot

elcajongunsfan · 2017/04/27

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-04-2017
Ran by Golden State (administrator) on MIKE (27-04-2017 18:19:24)
Running from C:\Documents and Settings\Golden State\Desktop
Loaded Profiles: Golden State (Available Profiles: Golden State & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() C:\Program Files\NetTime\NetTime.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe
() C:\Program Files\NetTime\NetTimeService.exe
(NVIDIA Corporation) C:\WINDOWS\System32\NVSVC32.EXE
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe
(Microsoft Corporation) C:\WINDOWS\System32\wscntfy.exe
(Microsoft Corporation) C:\WINDOWS\System32\taskmgr.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [nForce Tray Options] => sstray.exe /r
HKLM\...\Run: [NvMediaCenter] => RunDLL32.exe NvMCTray.dll,NvTaskbarInit
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [nwiz] => nwiz.exe /install
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM\...\Run: [NetTime] => C:\Program Files\NetTime\NetTime.exe [772096 2012-05-12] ()
HKLM\...\Run: [PSUAMain] => C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe [54520 2015-10-22] (Panda Security, S.L.)
HKU\S-1-5-21-1935655697-1417001333-839522115-1003\...\MountPoints2: {c9c95b8c-db96-11de-9c7e-00038a000015} - G:\LaunchU3.exe -a
HKU\S-1-5-18\...\RunOnce: [RunNarrator] => C:\WINDOWS\system32\Narrator.exe [53760 2008-04-13] (Microsoft Corporation)
Lsa: [Notification Packages] scecli scecli scecli
GroupPolicy: Restriction ? <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{57F9450A-3FC4-4DFA-973D-BB768F15CD6D}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{57F9450A-3FC4-4DFA-973D-BB768F15CD6D}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://yahoo.sbc.com/dsl
HKU\S-1-5-21-1935655697-1417001333-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl#spf=1
SearchScopes: HKU\S-1-5-21-1935655697-1417001333-839522115-1003 -> DefaultScope {38C48195-A606-46D1-BBFB-55B67FD72449} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
SearchScopes: HKU\S-1-5-21-1935655697-1417001333-839522115-1003 -> {38C48195-A606-46D1-BBFB-55B67FD72449} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03] (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-20] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-20] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1935655697-1417001333-839522115-1003 -> No Name - {C4069E3A-68F1-403E-B40E-20066696354B} - No File
DPF: {01113300-3E00-11D2-8470-0060089874ED} hxxp://support.cox.com/sdccommon/download/tgctlcm.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com/common/asusTek_sys_ctrl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {5852F5ED-8BF4-11D4-A245-0080C6F74284} hxxp://java.sun.com/products/plugin/autodl/jinstall-1_4_1-windows-i586.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093663370015
DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} hxxp://128.125.198.170/activex/AxisCamControl.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} hxxp://www.pandasoftware.com/activescan/as5/asinst.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} hxxp://download.yahoo.com/dl/installs/yab_af.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}
DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} hxxp://www.live365.com/players/play365.cab
DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} hxxp://ccon.futuremark.com/global/msc34.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} hxxp://76.253.32.98/activex/AMC.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} hxxps://lawson.sharp.com/dana-cached/setup/JuniperSetupSP1.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} hxxp://driveragent.com/files/driveragent.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: vscdqdnb.Default User
FF ProfilePath: C:\Documents and Settings\Golden State\Application Data\Mozilla\Firefox\Profiles\tki20kmd.default [2004-12-21]
FF SelectedSearchEngine: C:\Documents and Settings\Golden State\Application Data\Mozilla\Firefox\Profiles\tki20kmd.default -> Google
FF Homepage: C:\Documents and Settings\Golden State\Application Data\Mozilla\Firefox\Profiles\tki20kmd.default -> hxxp://www.aol.com
FF Extension: (PrivDog) - C:\Documents and Settings\Golden State\Application Data\Mozilla\Firefox\Profiles\tki20kmd.default\Extensions\PrivDog@AdTrustMedia.com.xpi [2014-04-24] [not signed]
FF ProfilePath: C:\Documents and Settings\Golden State\Application Data\Mozilla\Firefox\Profiles\vscdqdnb.Default User [2005-06-17]
FF SelectedSearchEngine: C:\Documents and Settings\Golden State\Application Data\Mozilla\Firefox\Profiles\vscdqdnb.Default User -> Google
FF Homepage: C:\Documents and Settings\Golden State\Application Data\Mozilla\Firefox\Profiles\vscdqdnb.Default User -> hxxps://www.google.com/?gws_rd=ssl
FF Extension: (Microsoft .NET Framework Assistant) - C:\Documents and Settings\Golden State\Application Data\Mozilla\Firefox\Profiles\vscdqdnb.Default User\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012-02-19] [not signed]
FF Extension: (Kaspersky URL Advisor) - C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak [2016-11-27] [not signed]
FF Extension: (Java Console) - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2016-11-27] [not signed]
FF Extension: (Java Console) - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2016-11-27] [not signed]
FF Extension: (Java Console) - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2016-11-27] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-06-11] [not signed]
FF HKLM\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\virtualKeyboard@kaspersky.ru => not found
FF HKLM\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\linkfilter@kaspersky.ru => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-30] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw.dll [2008-03-19] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-20] (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2008-11-20] (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-04-25] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-04-25] (Google Inc.)
FF Plugin: @yverinfo.yahoo.com/YahooVersionInfoPlugin;version=1.0.0.1 -> C:\Program Files\Yahoo!\Shared\npYVerInfo.dll [No File]
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-01-03] (Adobe Systems Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files\Yahoo!\Common\npyaxmpb.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npmozax.dll [2004-12-22] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npunagi2.dll [2007-08-21] (America Online, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np32dsw.dll [2008-03-19] (Adobe Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll [2009-02-06] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2012-01-03] (Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\activex.js [2005-05-13]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [cmaiofennmphjldldcpphcechfnnohja] - C:\Program Files\AdTrustMedia\PrivDog\PrivDog_chrome.crx <not found>
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 InCDsrv; C:\Program Files\Ahead\InCD\InCDsrv.exe [770100 2003-06-03] () [File not signed]
R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe [142072 2015-10-18] (Panda Security, S.L.)
R2 NetTimeSvc; C:\Program Files\NetTime\NetTimeService.exe [473088 2012-05-12] () [File not signed]
R2 PandaAgent; C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe [73176 2016-02-22] (Panda Security, S.L.) [File not signed]
S4 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [75064 2009-03-28] ()
S4 PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [215128 2009-12-19] ()
R2 PSUAService; C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-10-22] (Panda Security, S.L.)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 EL90Xbc; C:\WINDOWS\System32\DRIVERS\el90Xbc5.SYS [74338 2002-08-13] (3Com Corporation)
S3 ENTECH; C:\WINDOWS\System32\DRIVERS\ENTECH.SYS [20400 1999-10-21] (EnTech Taiwan) [File not signed]
R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation)
R4 InCDfs; C:\WINDOWS\system32\Drivers\InCDfs.sys [85360 2003-06-03] () [File not signed]
R1 InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [26816 2003-06-03] (Ahead Software) [File not signed]
U1 InCDrec; C:\WINDOWS\system32\Drivers\InCDrec.sys [4976 2003-06-03] (Ahead Software AG) [File not signed]
S3 Intels51; C:\WINDOWS\System32\DRIVERS\Intels51.sys [670203 2003-05-22] (Intel Corporation)
R3 mf; C:\WINDOWS\System32\DRIVERS\mf.sys [63744 2008-04-13] (Microsoft Corporation)
R3 ms_mpu401; C:\WINDOWS\System32\drivers\msmpu401.sys [2944 2001-08-17] (Microsoft Corporation)
S3 MxlW2k; C:\WINDOWS\system32\Drivers\MxlW2k.sys [28164 2003-12-09] (MusicMatch, Inc.) [File not signed]
S3 nm; C:\WINDOWS\System32\DRIVERS\NMnt.sys [40320 2008-04-13] (Microsoft Corporation)
R1 nmserial; C:\WINDOWS\System32\DRIVERS\nmserial.sys [62080 2007-04-18] (Windows (R) 2000 DDK provider) [File not signed]
R1 NNSALPC; C:\WINDOWS\System32\DRIVERS\NNSAlpc.sys [87032 2015-07-09] (Panda Security, S.L.)
R1 NNSHTTP; C:\WINDOWS\System32\DRIVERS\NNSHttp.sys [202104 2015-07-09] (Panda Security, S.L.)
R1 NNSHTTPS; C:\WINDOWS\System32\DRIVERS\NNSHttps.sys [109688 2015-07-09] (Panda Security, S.L.)
R1 NNSIDS; C:\WINDOWS\System32\DRIVERS\NNSIds.sys [121720 2015-07-09] (Panda Security, S.L.)
R3 NNSNAHS; C:\WINDOWS\System32\DRIVERS\NNSNAHS.sys [55216 2015-05-20] (Panda Security, S.L.)
R1 NNSPICC; C:\WINDOWS\System32\DRIVERS\NNSPicc.sys [102264 2015-07-09] (Panda Security, S.L.)
R1 NNSPIHS; C:\WINDOWS\System32\DRIVERS\NNSPihs.sys [52088 2015-07-09] (Panda Security, S.L.)
R1 NNSPOP3; C:\WINDOWS\System32\DRIVERS\NNSPop3.sys [120568 2015-07-09] (Panda Security, S.L.)
R1 NNSPROT; C:\WINDOWS\System32\DRIVERS\NNSProt.sys [281720 2015-07-09] (Panda Security, S.L.)
R1 NNSPRV; C:\WINDOWS\System32\DRIVERS\NNSPrv.sys [209016 2015-07-09] (Panda Security, S.L.)
R1 NNSSMTP; C:\WINDOWS\System32\DRIVERS\NNSSmtp.sys [108408 2015-07-09] (Panda Security, S.L.)
R1 NNSSTRM; C:\WINDOWS\System32\DRIVERS\NNSStrm.sys [240376 2015-07-09] (Panda Security, S.L.)
R1 NNSTLSC; C:\WINDOWS\System32\DRIVERS\NNSTlsc.sys [94968 2015-07-09] (Panda Security, S.L.)
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R3 nvax; C:\WINDOWS\System32\drivers\nvax.sys [36864 2003-08-13] (NVIDIA Corporation)
R3 NVENET; C:\WINDOWS\System32\DRIVERS\NVENET.sys [80896 2002-09-22] (NVIDIA Corporation)
R3 nvnforce; C:\WINDOWS\System32\drivers\nvapu.sys [311552 2003-08-13] (NVIDIA Corporation)
R0 nv_agp; C:\WINDOWS\System32\DRIVERS\nv_agp.sys [13568 2002-09-05] (NVIDIA Corporation)
R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-13] (Microsoft Corporation)
R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2001-08-23] (Microsoft Corporation)
R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2001-08-23] (Microsoft Corporation)
S3 PnkBstrK; C:\WINDOWS\system32\drivers\PnkBstrK.sys [138384 2009-12-19] ()
R2 PSINAflt; C:\WINDOWS\System32\DRIVERS\PSINAflt.sys [140792 2015-07-19] (Panda Security, S.L.)
R2 PSINFile; C:\WINDOWS\System32\DRIVERS\PSINFile.sys [103288 2015-07-19] (Panda Security, S.L.)
R1 PSINKNC; C:\WINDOWS\System32\DRIVERS\psinknc.sys [172792 2015-07-19] (Panda Security, S.L.)
R2 PSINProc; C:\WINDOWS\System32\DRIVERS\PSINProc.sys [114680 2015-07-19] (Panda Security, S.L.)
R2 PSINProt; C:\WINDOWS\System32\DRIVERS\PSINProt.sys [125176 2015-07-19] (Panda Security, S.L.)
R2 PSINReg; C:\WINDOWS\System32\DRIVERS\PSINReg.sys [100600 2015-07-19] (Panda Security, S.L.)
U3 PSKMAD; C:\WINDOWS\System32\DRIVERS\PSKMAD.sys [50832 2015-05-22] (Panda Security, S.L.)
R0 si3112r; C:\WINDOWS\System32\drivers\si3112r.sys [102528 2006-01-12] (Silicon Image, Inc)
R0 SiFilter; C:\WINDOWS\System32\DRIVERS\SiWinAcc.sys [10368 2004-11-01] (Silicon Image, Inc.)
R2 tmcomm; C:\WINDOWS\system32\drivers\tmcomm.sys [76560 2006-10-07] (Trend Micro Inc.)
S3 TVICHW32; C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS [23600 2006-02-05] (EnTech Taiwan) [File not signed]
S3 UfasoftSnifDriver4; C:\Program Files\Ufasoft\Sniffer\usft_sn4.sys [15728 2006-06-15] (Ufasoft) [File not signed]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-27 18:19 - 2017-04-27 18:19 - 00000000 ____D C:\Documents and Settings\Golden State\Desktop\FRST-OlderVersion
2017-04-27 17:38 - 2017-04-27 17:53 - 00735144 _____ (Opera Software) C:\Documents and Settings\Golden State\Desktop\OperaSetupWinxpvista.exe
2017-04-27 17:18 - 2015-05-22 00:45 - 00050832 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\PSKMAD.sys
2017-04-27 17:12 - 2017-04-27 17:12 - 00002212 _____ C:\Documents and Settings\Golden State\Desktop\AdwCleaner[C0].txt
2017-04-27 16:58 - 2017-04-27 17:01 - 00184452 _____ C:\WINDOWS\ntbtlog.txt
2017-04-26 21:24 - 2017-04-26 21:25 - 00001733 _____ C:\Documents and Settings\Golden State\Desktop\rogue find.txt
2017-04-26 20:04 - 2017-04-26 20:04 - 00024688 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-04-26 20:04 - 2017-04-26 20:04 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\RogueKiller
2017-04-26 19:58 - 2017-04-26 19:58 - 00000631 _____ C:\Documents and Settings\All Users\Desktop\RogueKiller.lnk
2017-04-26 19:58 - 2017-04-26 19:58 - 00000000 ____D C:\Program Files\RogueKiller
2017-04-26 19:58 - 2017-04-26 19:58 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\RogueKiller
2017-04-26 19:55 - 2017-04-26 19:55 - 04089296 _____ C:\Documents and Settings\Golden State\Desktop\AdwCleaner.exe
2017-04-26 19:53 - 2017-04-26 19:54 - 60107896 _____ (Malwarebytes ) C:\Documents and Settings\Golden State\Desktop\mb3-setup-consumer-3.0.6.1469-10103.exe
2017-04-26 19:51 - 2017-04-26 19:51 - 00000000 ___RD C:\Documents and Settings\Golden State\My Documents
2017-04-26 19:50 - 2017-04-26 19:52 - 35357840 _____ (Adlice Software ) C:\Documents and Settings\Golden State\Desktop\setup.exe
2017-04-26 18:13 - 2017-04-26 18:13 - 00000000 __SHD C:\FOUND.003
2017-04-26 16:41 - 2017-04-26 16:44 - 00030528 _____ C:\Documents and Settings\Golden State\Desktop\Addition.txt
2017-04-26 16:40 - 2017-04-27 18:19 - 00017824 _____ C:\Documents and Settings\Golden State\Desktop\FRST.txt
2017-04-26 16:36 - 2017-04-27 18:19 - 01768448 _____ (Farbar) C:\Documents and Settings\Golden State\Desktop\FRST.exe
2017-04-26 00:22 - 2017-04-27 17:18 - 00000236 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2017-04-26 00:22 - 2017-04-25 21:23 - 00000230 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2017-04-24 20:16 - 2017-04-24 20:16 - 00000000 ____D C:\FRST
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-27 17:22 - 2010-01-07 17:43 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-04-27 17:18 - 2010-01-07 17:43 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-04-27 17:18 - 2006-09-10 17:01 - 00000008 _____ C:\WINDOWS\system32\nvapps.xml
2017-04-27 17:18 - 2005-07-24 13:47 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-04-27 17:16 - 2015-04-25 21:01 - 02162688 _____ C:\WINDOWS\system32\config\Nano.evt
2017-04-27 17:16 - 2007-06-18 22:24 - 00032616 _____ C:\WINDOWS\SchedLgU.Txt
2017-04-27 17:16 - 2003-12-09 14:17 - 00000278 ___SH C:\Documents and Settings\Golden State\ntuser.ini
2017-04-27 17:06 - 2016-11-27 16:26 - 00000885 _____ C:\Documents and Settings\Golden State\Desktop\JRT.txt
2017-04-27 17:01 - 2005-01-11 14:19 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2017-04-26 19:55 - 2016-04-22 19:05 - 01663672 _____ (Malwarebytes) C:\Documents and Settings\Golden State\Desktop\JRT.exe
2017-04-26 00:22 - 2003-12-09 13:43 - 00313968 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-04-25 21:23 - 2001-08-23 12:00 - 00002184 _____ C:\WINDOWS\system32\wpa.dbl
==================== Files in the root of some directories =======
2004-01-28 19:06 - 2004-01-28 19:06 - 0000135 ____N () C:\Documents and Settings\Golden State\Local Settings\Application Data\fusioncache.dat
2004-03-24 13:06 - 2016-08-21 15:03 - 0028672 _____ () C:\Documents and Settings\Golden State\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-08-24 22:46 - 2015-06-24 20:12 - 0000600 _____ () C:\Documents and Settings\Golden State\Local Settings\Application Data\PUTTY.RND
Some files in TEMP:
====================
2017-04-26 20:04 - 2010-12-09 07:15 - 0718336 _____ (Microsoft Corporation) C:\Documents and Settings\Golden State\Local Settings\Temp\dllnt_dump.dll
Some zero byte size files/folders:
==========================
C:\Windows\System32\Ultra.dll
C:\Windows\System32\pdc32hlisysb.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of FRST.txt ============================

elcajongunsfan · 2017/04/27

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-04-2017
Ran by Golden State (27-04-2017 18:21:34)
Running from C:\Documents and Settings\Golden State\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2003-12-09 21:55:06)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-1935655697-1417001333-839522115-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-1935655697-1417001333-839522115-1008 - Limited - Enabled)
Golden State (S-1-5-21-1935655697-1417001333-839522115-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Golden State
Guest (S-1-5-21-1935655697-1417001333-839522115-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-1935655697-1417001333-839522115-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1935655697-1417001333-839522115-1002 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Panda Free Antivirus (Enabled - Up to date) {5AD27692-540A-464E-B625-78275FA38393}
FW: Panda Firewall (Disabled) {1337562C-110A-4AF8-B12B-750C0B30E802}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ACDSee 5.0 PowerPack (HKLM\...\{5058B085-AA79-41E5-A726-681B4C4B846E}) (Version: 5.0.0 - ACD Systems Ltd)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Reader X (10.1.2) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.2 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\Adobe Shockwave Player) (Version: 11 - Adobe Systems, Inc.)
Ahead InCD (HKLM\...\InCD!UninstallKey) (Version: - )
ATI Control Panel (HKLM\...\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}) (Version: - )
AXIS Media Control Embedded (HKLM\...\AXIS Media Control Embedded) (Version: - )
Battlefield 2(TM) (HKLM\...\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}) (Version: - )
Boson Exam Environment (HKLM\...\{12F69331-DCBB-46D5-B475-6BFD0F9048B3}) (Version: 1.4.2 - Boson Software, LLC)
Canon i560 (HKLM\...\CANONBJ_Deinstall_CNMCP58.DLL) (Version: - )
Canon Utilities Easy-PhotoPrint (HKLM\...\Easy-PhotoPrint) (Version: - )
Canon Utilities Easy-PhotoPrint Plus (HKLM\...\Easy-PhotoPrint Plus) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 3.17 - Piriform)
Cisco Packet Tracer 5.2.1 (HKLM\...\Cisco Packet Tracer_is1) (Version: - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conflict Desert Storm II (HKLM\...\{190CB499-261D-43EB-BB7F-1C5A33E1DDDE}) (Version: - )
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version: - Microsoft Corporation)
Debugging Tools for Windows (HKLM\...\{5C741A01-05D6-4306-BA6A-DC8401285AE8}) (Version: 6.6.7.5 - Microsoft Corporation)
Desert Storm (HKLM\...\{EA7D60ED-9ED3-48F5-8F18-5B5B6663B229}) (Version: - )
DrawPlus 3.0 (HKLM\...\DrawPlus 3.0) (Version: - )
EVEREST Home Edition v2.20 (HKLM\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
e-Watch Camera Viewer (HKLM\...\{88EFC79A-2079-41B5-9FB7-EB0CA7463936}) (Version: - )
Fluke Networks Training: Version 2.1 (HKLM\...\Fluke Networks Training) (Version: - )
FTPShell Client 3.5 (HKLM\...\ROBOTFTP2002PRO_is1) (Version: 3.0 - FTPShell Software)
Futuremark Measurement Services Client (HKLM\...\Measurement Services Client) (Version: - )
GCalc 3 (HKU\S-1-5-21-1935655697-1417001333-839522115-1003\...\GCalc 3) (Version: - gcalc.net)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.32.7 - Google Inc.) Hidden
HighMAT Extension to Microsoft Windows XP CD Writing Wizard (HKLM\...\{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}) (Version: 1.1.1905.1 - Microsoft Corporation)
HijackThis 2.0.2 (HKLM\...\HijackThis) (Version: 2.0.2 - TrendMicro)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java SATARaid (HKLM\...\{BB533746-CF08-11D7-BCF1-005004748D87}) (Version: - )
Java Web Start (HKLM\...\Java Web Start) (Version: - )
JCreator LE 3.10 (HKLM\...\JCreator LE_is1) (Version: - Xinox Software)
Jing (HKLM\...\{7AB01508-C2B2-43C8-8B44-514801E7CCC9}) (Version: 2.6.12032.1 - TechSmith Corporation)
Juniper Networks Cache Cleaner 6.3.0 (HKU\S-1-5-21-1935655697-1417001333-839522115-1003\...\Juniper_Networks_Cache_Cleaner 6.3.0) (Version: 6.3.0.13881 - Juniper Networks)
Kiwi Syslog Server 9.2.1 (Standard Edition) (HKLM\...\Kiwi Syslog Server) (Version: 9.2.1 (Standard Edition) - hxxp://www.kiwisyslog.com)
Learn2 Player (Uninstall Only) (HKLM\...\StreetPlugin) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Data Access Components KB870669 (HKLM\...\KB870669) (Version: - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{91110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Web Publishing Wizard 1.52 (HKLM\...\WebPost) (Version: - )
Microsoft Windows Journal Viewer (HKLM\...\{43DCF766-6838-4F9A-8C91-D92DA586DFA7}) (Version: 1.5.2315.3 - Microsoft)
MosChip Multi-IO Controller (HKLM\...\MosChip Technology) (Version: - )
MUSICMATCH Jukebox (HKLM\...\MUSICMATCH Jukebox) (Version: - )
Nero - Burning Rom (HKLM\...\{A4D7B764-4140-11D4-88EB-0050DA3579C0}) (Version: 5.5.9 - ahead software gmbh)
NetMos Multi-IO Controller (HKLM\...\NetMos Technology) (Version: - )
NetTime (HKLM\...\NetTime_is1) (Version: - Mark Griffiths)
Nmap 6.25 (HKLM\...\Nmap) (Version: - )
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
NVIDIA nForce Utilities (HKLM\...\SSUtils) (Version: - )
NVIDIA Windows 2000/XP nForce Drivers (HKLM\...\NVIDIAnForce) (Version: - )
Oracle VM VirtualBox 4.2.10 (HKLM\...\{08FD61E2-0BCC-424D-8F26-4FC4864B0440}) (Version: 4.2.10 - Oracle Corporation)
Panda Devices Agent (Version: 1.03.07 - Panda Security) Hidden
Panda Devices Agent (Version: 1.06.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM\...\Panda Universal Agent Endpoint) (Version: 16.0.2 - Panda Security)
Panda Free Antivirus (Version: 8.04.00.0000 - Panda Security) Hidden
Pinball Master (HKLM\...\Pinball Master) (Version: - )
RogueKiller version 12.10.6.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.10.6.0 - Adlice Software)
SeaTools for Windows 1.4.0.4 (HKLM\...\SeaTools for Windows) (Version: 1.4.0.4 - Seagate Technology)
Shockwave (HKLM\...\Shockwave) (Version: - )
Spelling Dictionaries Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems)
SpywareBlaster 5.4 (HKLM\...\SpywareBlaster_is1) (Version: 5.4.0 - BrightFort LLC)
System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version: - )
Tera Term 4.85 (HKLM\...\Tera Term_is1) (Version: - )
Tweaking.com - Windows Repair (HKLM\...\Tweaking.com - Windows Repair) (Version: 3.8.6 - Tweaking.com)
Ufasoft Snif 4.1.116 (HKU\S-1-5-21-1935655697-1417001333-839522115-1003\...\UfasoftSniffer) (Version: - )
WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0036.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
WinZip (HKLM\...\WinZip) (Version: 9.0 (6028) - WinZip Computing, Inc.)
Wireshark 1.10.13 (32-bit) (HKLM\...\Wireshark) (Version: 1.10.13 - The Wireshark developer community, hxxp://www.wireshark.org)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\WGASetup.job => C:\WINDOWS\system32\KB905474\wgasetup.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Tweaking.com - Windows Repair Tray Icon.job => C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe C:\Program Files\Tweaking.com\Windows Repair (All in One) Tweaking.com - Windows Repair )Created By Tweaking.com
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2003-12-09 09:18 - 2002-05-14 18:22 - 00122880 _____ () C:\Program Files\WinRAR\rarext.dll
2014-12-31 19:34 - 2012-05-12 09:28 - 00772096 _____ () C:\Program Files\NetTime\NetTime.exe
2013-04-12 09:23 - 2013-04-12 09:23 - 00612664 _____ () C:\Program Files\Panda Security\Panda Security Protection\SQLite3.dll
2014-12-31 19:34 - 2012-05-12 01:27 - 00473088 _____ () C:\Program Files\NetTime\NetTimeService.exe
2006-08-11 21:43 - 2006-08-11 21:43 - 00196608 _____ () C:\WINDOWS\system32\nvapi.dll
==================== Alternate Data Streams (Whitelisted) =========
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\S-1-5-21-1935655697-1417001333-839522115-1003\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1935655697-1417001333-839522115-1003\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1935655697-1417001333-839522115-1003\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1935655697-1417001333-839522115-1003\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1935655697-1417001333-839522115-1003\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1935655697-1417001333-839522115-1003\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1935655697-1417001333-839522115-1003\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-1935655697-1417001333-839522115-1003\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-1935655697-1417001333-839522115-1003\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1935655697-1417001333-839522115-1003\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-1935655697-1417001333-839522115-1003\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1935655697-1417001333-839522115-1003\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1935655697-1417001333-839522115-1003\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1935655697-1417001333-839522115-1003\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1935655697-1417001333-839522115-1003\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1935655697-1417001333-839522115-1003\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1935655697-1417001333-839522115-1003\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1935655697-1417001333-839522115-1003\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1935655697-1417001333-839522115-1003\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1935655697-1417001333-839522115-1003\...\1001movie.com -> 1001movie.com
There are 6091 more sites.

==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2001-08-23 12:00 - 2015-05-01 21:16 - 00000855 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1935655697-1417001333-839522115-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Golden State\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 8.8.8.8
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk => C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk => C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk => C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk => C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Java SATARaid.lnk => C:\WINDOWS\pss\Java SATARaid.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SATARaid.lnk => C:\WINDOWS\pss\SATARaid.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SBC Self Support Tool.lnk => C:\WINDOWS\pss\SBC Self Support Tool.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Start GeekBuddy.lnk => C:\WINDOWS\pss\Start GeekBuddy.lnkCommon Startup
MSCONFIG\startupfolder: C:^DOCUME~1^ALLUSE~1^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk => C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Photo Downloader => "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ATIPTA => C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
MSCONFIG\startupreg: gbrspcontrol => "C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
MSCONFIG\startupreg: HostManager => C:\Program Files\Common Files\AOL\1104710211\ee\AOLSoftware.exe
MSCONFIG\startupreg: InCD => C:\Program Files\Ahead\InCD\InCD.exe
MSCONFIG\startupreg: Logitech Utility => Logi_MwX.Exe
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: NeroCheck => C:\WINDOWS\system32\NeroCheck.exe
MSCONFIG\startupreg: PrivDogService => "C:\Program Files\AdTrustMedia\PrivDog\1.8.0.15\trustedadssvc.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: ROBOTFTPSCHED => C:\Program Files\FTPShell\botsched.exe
MSCONFIG\startupreg: TCASUTIEXE => TCAUDIAG.exe -on
MSCONFIG\startupreg: Tekx => C:\WINDOWS\System32\lоgonui.exe
MSCONFIG\startupreg: Yahoo! Pager => 1
MSCONFIG\startupreg: YOP => C:\PROGRA~1\YAHOO!\YOP\yop.exe /autostart
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
StandardProfile\AuthorizedApplications: [C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE] => Enabled:Yahoo! Messenger
StandardProfile\AuthorizedApplications: [C:\PROGRA~1\YAHOO!\MESSEN~1\yserver.exe] => Enabled:Yahoo! FT Server
StandardProfile\AuthorizedApplications: [C:\Program Files\Packet Tracer 5.2\bin\PacketTracer5.exe] => EnabledacketTracer5
StandardProfile\AuthorizedApplications: [C:\WINDOWS\Temp\CMC_DRAGON\restart_helper.exe] => Disabled:restart_helper.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Nmap\nmap.exe] => Enabled:Nmap
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Golden State\Local Settings\Temp\RarSFX0\x32\PcSfTool.exe] => EnabledcSfTool
StandardProfile\AuthorizedApplications: [C:\Program Files\Silicon Image\Java SATARaid\SiITray.exe] => Enabled:SiITray
StandardProfile\AuthorizedApplications: [C:\Program Files\Java\jre1.8.0_31\bin\javaw.exe] => Enabled:Java(TM) Platform SE binary
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabledxpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabledxpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabledxpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabledxpsp2res.dll,-22002
DomainProfile\GloballyOpenPorts: [3389:TCP] => Disabledxpsp2res.dll,-22009
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabledxpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabledxpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabledxpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabledxpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabledxpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabledxpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [3389:TCP] => Disabledxpsp2res.dll,-22009
==================== Restore Points =========================
Check "winmgmt" service or repair WMI.

==================== Faulty Device Manager Devices =============
Name: 1394 Net Adapter #2
Description: 1394 Net Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: NIC1394
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================
Application errors:
==================
Error: (04/27/2017 05:39:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application roguekiller.exe, version 12.10.6.0, faulting module roguekiller.exe, version 12.10.6.0, fault address 0x002b7820.
Processing media-specific event for [roguekiller.exe!ws!]
Error: (04/27/2017 05:00:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application roguekiller.exe, version 12.10.6.0, faulting module roguekiller.exe, version 12.10.6.0, fault address 0x002b7820.
Processing media-specific event for [roguekiller.exe!ws!]
Error: (04/27/2017 05:00:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application roguekiller.exe, version 12.10.6.0, faulting module roguekiller.exe, version 12.10.6.0, fault address 0x002b7820.
Processing media-specific event for [roguekiller.exe!ws!]
Error: (04/26/2017 09:26:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application roguekiller.exe, version 12.10.6.0, faulting module roguekiller.exe, version 12.10.6.0, fault address 0x002b7820.
Processing media-specific event for [roguekiller.exe!ws!]
Error: (04/26/2017 09:26:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application roguekiller.exe, version 12.10.6.0, faulting module roguekiller.exe, version 12.10.6.0, fault address 0x002b7820.
Processing media-specific event for [roguekiller.exe!ws!]
Error: (04/26/2017 08:02:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application updater.exe, version 2.4.0.0, faulting module updater.exe, version 2.4.0.0, fault address 0x00157370.
Processing media-specific event for [updater.exe!ws!]
Error: (04/26/2017 08:00:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application roguekiller.exe, version 12.10.6.0, faulting module roguekiller.exe, version 12.10.6.0, fault address 0x002b7820.
Processing media-specific event for [roguekiller.exe!ws!]
Error: (04/26/2017 07:59:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application roguekiller.exe, version 12.10.6.0, faulting module roguekiller.exe, version 12.10.6.0, fault address 0x002b7820.
Processing media-specific event for [roguekiller.exe!ws!]
Error: (04/26/2017 07:58:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application roguekiller.exe, version 12.10.6.0, faulting module roguekiller.exe, version 12.10.6.0, fault address 0x002b7820.
Processing media-specific event for [roguekiller.exe!ws!]
Error: (04/26/2017 07:58:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application roguekiller.exe, version 12.10.6.0, faulting module roguekiller.exe, version 12.10.6.0, fault address 0x002b7820.
Processing media-specific event for [roguekiller.exe!ws!]

System errors:
=============
Error: (04/27/2017 05:52:52 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Generate Activation Context failed for C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll.
Reference error message: The operation completed successfully.
.
Error: (04/27/2017 05:52:52 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Resolve Partial Assembly failed for Microsoft.VC90.CRT.
Reference error message: The directory name is invalid.
.
Error: (04/27/2017 05:40:20 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Generate Activation Context failed for C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll.
Reference error message: The operation completed successfully.
.
Error: (04/27/2017 05:40:20 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Resolve Partial Assembly failed for Microsoft.VC90.CRT.
Reference error message: The directory name is invalid.
.
Error: (04/27/2017 05:38:03 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Generate Activation Context failed for C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll.
Reference error message: The operation completed successfully.
.
Error: (04/27/2017 05:38:03 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Resolve Partial Assembly failed for Microsoft.VC90.CRT.
Reference error message: The directory name is invalid.
.
Error: (04/27/2017 05:36:15 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Generate Activation Context failed for C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll.
Reference error message: The operation completed successfully.
.
Error: (04/27/2017 05:36:15 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Resolve Partial Assembly failed for Microsoft.VC90.CRT.
Reference error message: The directory name is invalid.
.
Error: (04/27/2017 05:34:26 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Generate Activation Context failed for C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll.
Reference error message: The operation completed successfully.
.
Error: (04/27/2017 05:34:26 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Resolve Partial Assembly failed for Microsoft.VC90.CRT.
Reference error message: The directory name is invalid.
.

==================== Memory info ===========================
Processor: AMD Athlon(tm) XP 3200+
Percentage of memory in use: 30%
Total physical RAM: 1791.48 MB
Available physical RAM: 1240.3 MB
Total Virtual: 5226.71 MB
Available Virtual: 4743.79 MB
==================== Drives ================================
Drive c: (DSK1_VOL1) (Fixed) (Total:50.01 GB) (Free:13.55 GB) FAT32 ==>[drive with boot components (Windows XP)]
Drive d: (DSK1_VOL2) (Fixed) (Total:26.29 GB) (Free:24.53 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 76.3 GB) (Disk ID: E695E695)
Partition 1: (Active) - (Size=50 GB) - (Type=0C)
Partition 2: (Not Active) - (Size=26.3 GB) - (Type=OF Extended)
==================== End of Addition.txt ============================

broni · 2017/04/27

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

elcajongunsfan · 2017/04/27

Fix result of Farbar Recovery Scan Tool (x86) Version: 27-04-2017
Ran by Golden State (27-04-2017 20:19:05) Run:2
Running from C:\Documents and Settings\Golden State\Desktop
Loaded Profiles: Golden State (Available Profiles: Golden State & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
HKU\S-1-5-21-1935655697-1417001333-839522115-1003\...\MountPoints2: {c9c95b8c-db96-11de-9c7e-00038a000015} - G:\LaunchU3.exe -a
GroupPolicy: Restriction ? <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}
FF Plugin: @yverinfo.yahoo.com/YahooVersionInfoPlugin;version=1.0.0.1 -> C:\Program Files\Yahoo!\Shared\npYVerInfo.dll [No File]
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files\Yahoo!\Common\npyaxmpb.dll [No File]
2004-01-28 19:06 - 2004-01-28 19:06 - 0000135 ____N () C:\Documents and Settings\Golden State\Local Settings\Application Data\fusioncache.dat
2004-03-24 13:06 - 2016-08-21 15:03 - 0028672 _____ () C:\Documents and Settings\Golden State\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-08-24 22:46 - 2015-06-24 20:12 - 0000600 _____ () C:\Documents and Settings\Golden State\Local Settings\Application Data\PUTTY.RND
2017-04-26 20:04 - 2010-12-09 07:15 - 0718336 _____ (Microsoft Corporation) C:\Documents and Settings\Golden State\Local Settings\Temp\dllnt_dump.dll
C:\Windows\System32\Ultra.dll
C:\Windows\System32\pdc32hlisysb.dll

*****************

HKU\S-1-5-21-1935655697-1417001333-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9c95b8c-db96-11de-9c7e-00038a000015} => key removed successfully.
HKCR\CLSID\{c9c95b8c-db96-11de-9c7e-00038a000015} => key not found.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
"C:\WINDOWS\system32\GroupPolicy\Machine" => not found.
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} => key removed successfully.
HKCR\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} => key not found.
HKLM\Software\MozillaPlugins\@yverinfo.yahoo.com/YahooVersionInfoPlugin;version=1.0.0.1 => key removed successfully.
HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 => key removed successfully.
C:\Documents and Settings\Golden State\Local Settings\Application Data\fusioncache.dat => moved successfully
C:\Documents and Settings\Golden State\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
C:\Documents and Settings\Golden State\Local Settings\Application Data\PUTTY.RND => moved successfully
C:\Documents and Settings\Golden State\Local Settings\Temp\dllnt_dump.dll => moved successfully
C:\Windows\System32\Ultra.dll => moved successfully
C:\Windows\System32\pdc32hlisysb.dll => moved successfully

The system needed a reboot.

==== End of Fixlog 20:19:07 ====

broni · 2017/04/27

Last scans...

Download Security Check from here or here and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

Internet Services

Windows Firewall

System Restore

Security Center

Windows Update

Windows Defender

Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

Double click the icon and select Run

Click Next

Select I accept the terms in this license agreement, then click Next twice

Click Install

Click Finish to launch the program

Once the virus database has been updated click Start Scanning

If any threats are found click Details, then View log file... (bottom left hand corner)

Copy and paste the results in your reply

Close the Notepad document, close the Threat Details screen, then click Start cleanup

Click Exit to close the program

elcajongunsfan · 2017/04/28

Panda kept flagging securitycheck as a virus and kept deleting it.. Finally got it to run

Results of screen317's Security Check version 0.99.93
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Panda Free Antivirus
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Out of date HijackThis installed!
SpywareBlaster 5.4
HijackThis 2.0.2
CCleaner
Java 8 Update 31
Java SATARaid
Java version 32-bit out of Date!
Adobe Flash Player 21.0.0.242
Adobe Reader 8 Adobe Reader out of Date!
Adobe Reader 10.1.2 Adobe Reader out of Date!
Mozilla Firefox (48.0.2)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 10%
````````````````````End of Log``````````````````````

Farbar Service Scanner Version: 27-01-2016
Ran by Golden State (administrator) on 28-04-2017 at 17:28:28
Running from "C:\Documents and Settings\Golden State\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Policy:
========================

Security Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Disabled. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

Windows Autoupdate Disabled Policy:
============================

Other Services:
==============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\afd.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\netbt.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\tcpip.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\ipsec.sys => File is digitally signed
C:\WINDOWS\system32\dnsrslvr.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\ipnathlp.dll => File is digitally signed
C:\WINDOWS\system32\netman.dll => File is digitally signed
C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
C:\WINDOWS\system32\srsvc.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\sr.sys => File is digitally signed
C:\WINDOWS\system32\wscsvc.dll => File is digitally signed
C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
C:\WINDOWS\system32\wuauserv.dll => File is digitally signed
C:\WINDOWS\system32\qmgr.dll => File is digitally signed
C:\WINDOWS\system32\es.dll => File is digitally signed
C:\WINDOWS\system32\cryptsvc.dll => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed

Extra List:
=======
Gpc(3) IPSec(5) NetBT(5) NwlnkIpx(11) NwlnkNb(12) PSched(7) Tcpip(4) VBoxNetFlt(13)
0x0C0000000500000001000000020000000300000004000000060000000700000008000000090000000A0000000B0000000C000000
IpSec Tag value is correct.

**** End of log ****

elcajongunsfan · 2017/04/28

Sophos finished and said the system was clean

Thanks

broni · 2017/04/28

Update Firefox to the current version.

Update Adobe Flash Player: Adobe Flash Player Install for all versions
Make sure you UN-check Yes, install McAfee Security Scan Plus

NOTE 1: Beginning with Adobe Flash Version 11.3, the universal installer includes the 32-bit and 64-bit versions of the Flash Player.
NOTE 2: While installing make sure you UN-check any extra garbage which wants to install alongside.

Update your Java version here: Java Downloads for All Operating Systems
Alternate download: http://www.filehippo.com/search?q=java

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

========================================

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

Activate UAC (optional; some users prefer to keep it off)

Remove disinfection tools

Create registry backup

Purge System Restore

Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - Keep your Firefox healthy with a quick checkup
other browsers: Qualys BrowserCheck (click on "Scan without installing plugin" and then on "Scan now")

5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

6. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

7. Download and install Secunia Personal Software Inspector (PSI): Personal Software Inspector. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

8. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

9. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

10. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

11. Please, let me know, how your computer is doing.

broni · 2017/04/28

Update Firefox to the current version.

Update Adobe Flash Player: Adobe Flash Player Install for all versions
Make sure you UN-check Yes, install McAfee Security Scan Plus

NOTE 1: Beginning with Adobe Flash Version 11.3, the universal installer includes the 32-bit and 64-bit versions of the Flash Player.
NOTE 2: While installing make sure you UN-check any extra garbage which wants to install alongside.

Update your Java version here: Java Downloads for All Operating Systems
Alternate download: http://www.filehippo.com/search?q=java

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

========================================

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

Activate UAC (optional; some users prefer to keep it off)

Remove disinfection tools

Create registry backup

Purge System Restore

Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - Keep your Firefox healthy with a quick checkup
other browsers: Qualys BrowserCheck (click on "Scan without installing plugin" and then on "Scan now")

5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

6. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

7. Download and install Secunia Personal Software Inspector (PSI): Personal Software Inspector. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

8. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

9. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

10. Read:
How did I get infected?, With steps so it does not happen again!: How did I get infected? - Anti-Virus, Anti-Malware, and Privacy Software
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

11. Please, let me know, how your computer is doing.

elcajongunsfan · 2017/04/28

# DelFix v1.010 - Logfile created 28/04/2017 at 20:14:34
# Updated 26/04/2015 by Xplode
# Username : Golden State - MIKE
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\RegBackup
Deleted : C:\Documents and Settings\Golden State\Desktop\FRST-OlderVersion
Deleted : C:\Documents and Settings\Golden State\Desktop\Addition.txt
Deleted : C:\Documents and Settings\Golden State\Desktop\AdwCleaner.exe
Deleted : C:\Documents and Settings\Golden State\Desktop\AdwCleaner[C0].txt
Deleted : C:\Documents and Settings\Golden State\Desktop\Fixlog.txt
Deleted : C:\Documents and Settings\Golden State\Desktop\FRST.exe
Deleted : C:\Documents and Settings\Golden State\Desktop\FRST.txt
Deleted : C:\Documents and Settings\Golden State\Desktop\FSS.txt
Deleted : C:\Documents and Settings\Golden State\Desktop\FSS.exe
Deleted : C:\Documents and Settings\Golden State\Desktop\JRT.txt
Deleted : C:\Documents and Settings\Golden State\Desktop\JRT.exe
Deleted : C:\Documents and Settings\Golden State\Desktop\hijackthis.exe
Deleted : C:\Documents and Settings\Golden State\Desktop\TFC.exe
Deleted : C:\Documents and Settings\All Users\Desktop\RogueKiller.lnk
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Soeperman Enterprises Ltd.
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Hijackthis
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\HijackThis.exe

~ Creating registry backup ... OK

~ Cleaning system restore ...

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########

I still have a high CPU issue but other than that, you did bring it back to life, and I am grateful. I'm gonna run Tweaking.com tool and look around for the tool that tells me what program is
using CPU resources

Thanks for your service and you can close this thread!

broni · 2017/04/28

To see CPU usage...

Download Process Explorer: Process Explorer
Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
NOTE. Windows Vista, 7 and 8 users right click on procexp.exe, click "Run As Administrator".
Click on View > Select Colunms.
In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
Go File>Save As, and save the report as Procexp.txt.
Paste the content into your next reply.

elcajongunsfan · 2017/04/29

Same issue as Mbytes and RogueKiller "encountered a problem and needs to close" (safe mode also)

Thanks

broni · 2017/04/29

Possibly some OS issue.

Download Windows Repair (All in One) from this site

Install the program then run it.

NOTE 1. In Windows Vista, 7, 8 and 10 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.

Go to Step 3 and click on Check button next to 1. See If Check Disk Is Needed.
If the tool that the Check Disk is needed click on Do It button next to 2. Check Disk.
In that case make sure you restart computer.

Once the above is done go to Step 4 and allow it to run System File Check by clicking on Do It button:

Go to Step 5 and under "System Restore" click on Create button:

Go to Repairs tab and click Open Repairs button.

In next window....
Leave all checkmarks as they're.
Click on Start Repairs button.

Post Windows Repair log which is located in the following folder:
64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs

elcajongunsfan · 2017/04/30

The first time I ran tweaking, it stuck on IE for a couple of hours, so I stopped it , unchecked IE, and let it run all night.. It did some repairs but the high CPU remains. I think new HDs and a reinstall will fix it

Tweaking.com - Windows Repair v3.9.28
--------------------------------------------------------------------------------

System Variables
--------------------------------------------------------------------------------
OS: Microsoft Windows XP
OS Architecture: 32-bit
OS Version: 5.1.2600
OS Service Pack: Service Pack 3
Computer Name: MIKE
Windows Drive: C:\
Windows Path: C:\WINDOWS
Program Files: C:\Program Files
Current Profile: C:\Documents and Settings\Golden State
Current Profile SID: S-1-5-21-1935655697-1417001333-839522115-1003
Current Profile Classes: S-1-5-21-1935655697-1417001333-839522115-1003_Classes
Profiles Location: C:\Documents and Settings
Profiles Location 2: C:\WINDOWS\ServiceProfiles
Local Settings AppData: C:\Documents and Settings\Golden State\Local Settings\Application Data
--------------------------------------------------------------------------------

System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 03:17:14

Process Count: 32
Commit Total: 411.35 MB
Commit Limit: 5.10 GB
Commit Peak: 625.44 MB
Handle Count: 9909
Kernel Total: 97.49 MB
Kernel Paged: 67.83 MB
Kernel Non Paged: 29.66 MB
System Cache: 610.19 MB
Thread Count: 527
--------------------------------------------------------------------------------

Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 1.75 GB
Memory Used: 388.25 MB(21.6718%)
Memory Avail.: 1.37 GB
--------------------------------------------------------------------------------

Cleaning Memory Before Starting Repairs...

Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 1.75 GB
Memory Used: 302.85 MB(16.9048%)
Memory Avail.: 1.45 GB
--------------------------------------------------------------------------------

Starting Repairs...
Started at (4/29/2017 10:53:01 PM)

Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 0
01 - Reset Registry Permissions 01/02
HKEY_CURRENT_USER & Sub Keys
Start (4/29/2017 10:53:08 PM)

Running Repair Under Current User Account
Done (4/29/2017 10:53:17 PM)

01 - Reset Registry Permissions 02/02
HKEY_LOCAL_MACHINE & Sub Keys
Start (4/29/2017 10:53:17 PM)

Running Repair Under System Account
Done (4/29/2017 10:56:21 PM)

Reset File Permissions: C:
C: & Sub Folders
Start (4/29/2017 10:56:21 PM)

Running Repair Under Current User Account
Done (4/29/2017 10:58:32 PM)

Reset File Permissions: All Profiles
C:\Documents and Settings & Sub Folders
Start (4/29/2017 10:58:32 PM)

Running Repair Under Current User Account
Done (4/29/2017 10:58:56 PM)

Reset File Permissions: Current Profile
C:\Documents and Settings\Golden State & Sub Folders
Start (4/29/2017 10:58:56 PM)

Running Repair Under Current User Account
Done (4/29/2017 10:59:09 PM)

03 - Reset Service Permissions
Start (4/29/2017 10:59:09 PM)

Running Repair Under Current User Account
Running Repair Under System Account
Done (4/29/2017 11:00:27 PM)

04 - Register System Files
Start (4/29/2017 11:00:27 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (4/29/2017 11:09:12 PM)

05 - Repair WMI
Start (4/29/2017 11:09:12 PM)

Starting Security Center So We Can Export The Security Info.

Exporting Antivirus Info...
Panda Free Antivirus Exported.

Exporting 3rd Party Firewall Info...
Panda Firewall Exported.

Running Repair Under Current User Account
Done (4/29/2017 11:12:32 PM)

06 - Repair Windows Firewall
Start (4/29/2017 11:12:32 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (4/29/2017 11:12:53 PM)

08 - Repair MDAC/MS Jet
Start (4/29/2017 11:12:53 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (4/29/2017 11:13:58 PM)

09 - Repair Hosts File
Start (4/29/2017 11:13:58 PM)
Running Repair Under System Account
Done (4/29/2017 11:14:01 PM)

10 - Remove Policies Set By Infections
Start (4/29/2017 11:14:01 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (4/29/2017 11:14:08 PM)

11 - Repair Start Menu Icons Removed By Infections
Start (4/29/2017 11:14:08 PM)
Running Repair Under System Account
Done (4/29/2017 11:14:14 PM)

12 - Repair Icons
Start (4/29/2017 11:14:15 PM)
Running Repair Under Current User Account
Done (4/29/2017 11:14:37 PM)

13 - Repair Network
Start (4/29/2017 11:14:37 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (4/29/2017 11:15:04 PM)

14 - Remove Temp Files
Start (4/29/2017 11:15:04 PM)
Running Repair Under System Account
Done (4/29/2017 11:15:08 PM)

15 - Repair Proxy Settings
Start (4/29/2017 11:15:08 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (4/29/2017 11:15:13 PM)

Unhide Non System Files
Start (4/29/2017 11:15:13 PM)
C:\ - Total Files Unhidden: 1207 out of 81088 searched. - Check Unhidden_Files.txt for list of files unhidden
D:\ - Total Files Unhidden: 2 out of 121 searched. - Check Unhidden_Files.txt for list of files unhidden
Done (4/29/2017 11:15:30 PM)

17 - Repair Windows Updates
Start (4/29/2017 11:15:31 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.
Done (4/29/2017 11:16:29 PM)

18 - Repair CD/DVD Missing/Not Working
Start (4/29/2017 11:16:29 PM)
iTunes or GEARAspiWDM.sys not found, not applying UpperFilters iTunes Reg Key
Done (4/29/2017 11:16:30 PM)

19 - Repair Volume Shadow Copy Service
Start (4/29/2017 11:16:30 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (4/29/2017 11:17:10 PM)

20 - Repair Windows Sidebar/Gadgets
Skipping Repair.
Repair is for Windows v6.0 (Vista & Newer) or higher.
Current version: 5.1.2600

21 - Repair MSI (Windows Installer)
Start (4/29/2017 11:17:10 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (4/29/2017 11:17:28 PM)

22 - Repair Windows Snipping Tool
Skipping Repair.
Repair is for Windows v6.0 (Vista & Newer) or higher.
Current version: 5.1.2600

23.01 - Repair bat Association
Start (4/29/2017 11:17:28 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (4/29/2017 11:17:32 PM)

23.02 - Repair cmd Association
Start (4/29/2017 11:17:32 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (4/29/2017 11:17:35 PM)

23.03 - Repair com Association
Start (4/29/2017 11:17:35 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (4/29/2017 11:17:38 PM)

23.04 - Repair Directory Association
Start (4/29/2017 11:17:38 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (4/29/2017 11:17:42 PM)

23.05 - Repair Drive Association
Start (4/29/2017 11:17:42 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (4/29/2017 11:17:45 PM)

23.06 - Repair exe Association
Start (4/29/2017 11:17:45 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (4/29/2017 11:17:48 PM)

23.07 - Repair Folder Association
Start (4/29/2017 11:17:48 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (4/29/2017 11:17:52 PM)

23.08 - Repair inf Association
Start (4/29/2017 11:17:52 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (4/29/2017 11:17:55 PM)

23.09 - Repair lnk (Shortcuts) Association
Start (4/29/2017 11:17:55 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (4/29/2017 11:17:58 PM)

23.10 - Repair msc Association
Start (4/29/2017 11:17:58 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (4/29/2017 11:18:02 PM)

23.11 - Repair reg Association
Start (4/29/2017 11:18:02 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (4/29/2017 11:18:05 PM)

23.12 - Repair scr Association
Start (4/29/2017 11:18:05 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (4/29/2017 11:18:08 PM)

24 - Repair Windows Safe Mode
Start (4/29/2017 11:18:08 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (4/29/2017 11:18:12 PM)

25 - Repair Print Spooler
Start (4/29/2017 11:18:12 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (4/29/2017 11:18:24 PM)

26 - Restore Important Windows Services
Start (4/29/2017 11:18:24 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (4/29/2017 11:18:39 PM)

27 - Set Windows Services To Default Startup
Start (4/29/2017 11:18:39 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (4/29/2017 11:18:56 PM)

28.01 - Repair Windows 8/10 App Store
Skipping Repair.
Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
Current version: 5.1.2600

29 - Repair Windows 8/10 Component Store
Skipping Repair.
Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
Current version: 5.1.2600

30 - Restore Windows 8/10 COM+ Unmarshalers
Skipping Repair.
Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
Current version: 5.1.2600

31 - Repair Windows 'New' Submenu
Start (4/29/2017 11:18:56 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (4/29/2017 11:19:00 PM)

32 - Restore UAC (User Account Control) Settings
Skipping Repair.
Repair is for Windows v6 (Windows Vista & Newer) or higher.
Current version: 5.1.2600

33 - Repair Performance Counters
Start (4/29/2017 11:19:00 PM)
Running Repair Under Current User Account
Done (4/29/2017 11:19:01 PM)

Cleaning up empty logs...

All Selected Repairs Done.
Done at (4/29/2017 11:19:01 PM)
Total Repair Time: 00:26:02

...YOU MUST RESTART YOUR SYSTEM...

Here's the high CPU issue

This screen suggests nothing is wrong

broni · 2017/04/30

At this point...

In this forum, we make sure, your computer is free of malware and your computer is clean
Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
You'll get more attention.

Good luck

elcajongunsfan · 2017/04/30

Thanks for the good work.

broni · 2017/04/30

You're very welcome

Log in or Sign up

Solved WIN XP won't boot

elcajongunsfan Well-Known Member Thread Starter

elcajongunsfan Well-Known Member Thread Starter

broni Moderator Malware Analyst

Attached Files:

fixlist.txt

elcajongunsfan Well-Known Member Thread Starter

broni Moderator Malware Analyst

elcajongunsfan Well-Known Member Thread Starter

elcajongunsfan Well-Known Member Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

elcajongunsfan Well-Known Member Thread Starter

broni Moderator Malware Analyst

elcajongunsfan Well-Known Member Thread Starter

broni Moderator Malware Analyst

elcajongunsfan Well-Known Member Thread Starter

broni Moderator Malware Analyst

elcajongunsfan Well-Known Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved WIN XP won't boot

elcajongunsfan Well-Known Member Thread Starter

elcajongunsfan Well-Known Member Thread Starter

broni Moderator Malware Analyst

Attached Files:

fixlist.txt

elcajongunsfan Well-Known Member Thread Starter

broni Moderator Malware Analyst

elcajongunsfan Well-Known Member Thread Starter

elcajongunsfan Well-Known Member Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

elcajongunsfan Well-Known Member Thread Starter

broni Moderator Malware Analyst

elcajongunsfan Well-Known Member Thread Starter

broni Moderator Malware Analyst

elcajongunsfan Well-Known Member Thread Starter

broni Moderator Malware Analyst

elcajongunsfan Well-Known Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches