PDA

View Full Version : gmail hacked


steve100254
2015-03-28, 14:02
You guys were so successful at helping me last time...... :-) My gmail that was hacked is Edit Currently everything goes to Edit I have tried numerous routes supplied by google, but to no avail.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Compaq_Owner (administrator) on GOLDFARBSKY2 on 28-03-2015 07:42:11
Running from C:\Documents and Settings\Compaq_Owner\Desktop
Loaded Profiles: Compaq_Owner (Available profiles: Compaq_Owner)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 6 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(LG Electronics) C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(PFU LIMITED) C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Company) C:\WINDOWS\system\hpsysdrv.exe
(InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
(InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
(RealNetworks, Inc.) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
(HP) C:\WINDOWS\system32\HPZipm12.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(AVAST Software) C:\Documents and Settings\Compaq_Owner\Desktop\aswMBR.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16010240 2006-03-08] (Realtek Semiconductor Corp.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [nwiz] => nwiz.exe /install
HKLM\...\Run: [Recguard] => C:\WINDOWS\SMINST\RECGUARD.EXE [237568 2005-07-23] ()
HKLM\...\Run: [HPBootOp] => C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [249856 2006-02-16] (Hewlett-Packard Company)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Common Files\Real\Update_OB\realsched.exe [180269 2006-06-19] (RealNetworks, Inc.)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [623992 2008-01-11] (Adobe Systems Inc.)
HKLM\...\Run: [Adobe_ID0EYTHM] => C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe [1884160 2007-03-20] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2010-09-08] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421160 2010-09-24] (Apple Inc.)
HKLM\...\Run: [B2C_AGENT] => C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe [404568 2012-03-28] (LG Electronics)
HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-07-28] (InstallShield Software Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKU\S-1-5-21-3389789030-454535779-2402875703-1009\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2007-07-08] (Google Inc.)
HKU\S-1-5-21-3389789030-454535779-2402875703-1009\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_16_0_0_305_Plugin.exe [960688 2015-02-04] (Adobe Systems Incorporated)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
ShortcutTarget: Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ScanSnap Manager.lnk
ShortcutTarget: ScanSnap Manager.lnk -> C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk
ShortcutTarget: Status Monitor.lnk -> C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
Startup: C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files\ERUNT\AUTOBACK.EXE ()
Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk
ShortcutTarget: Pin.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3389789030-454535779-2402875703-1009\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
HKU\S-1-5-21-3389789030-454535779-2402875703-1009\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
HKU\S-1-5-21-3389789030-454535779-2402875703-1009\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
URLSearchHook: HKU\S-1-5-21-3389789030-454535779-2402875703-1009 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing.
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22] (Adobe Systems Incorporated)
BHO: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-16] (Adobe Systems Incorporated.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2012-02-26] (Sun Microsystems, Inc.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
BHO: hpWebHelper Class -> {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} -> C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll [2009-01-27] (TODO: <Company name>)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.10.11023.1534\swg.dll [2015-03-03] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-02-26] (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2012-02-26] (Sun Microsystems, Inc.)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated)
Toolbar: HKLM - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-16] (Adobe Systems Incorporated.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
Toolbar: HKU\S-1-5-21-3389789030-454535779-2402875703-1009 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
Toolbar: HKU\S-1-5-21-3389789030-454535779-2402875703-1009 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3389789030-454535779-2402875703-1009 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\ppk8xxwv.default
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
FF Homepage: hxxp://www.google.com
FF Keyword.URL: chrome://browser-region/locale/region.properties
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2010-09-22] ()
FF Plugin: @emusic.com/dlm-plugin -> C:\Program Files\eMusic Download Manager\plugin\npemusic.dll [2008-12-03] (eMusic.com)
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2010-10-28] (GARMIN Corp.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll [2012-02-26] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll [2011-10-04] (Google)
FF Plugin: @real.com/nppl3260;version=6.0.11.2321 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2006-06-19] (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.2.2379 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll [2006-06-19] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.1483 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll [2006-06-19] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-03-16] (VideoLAN)
FF Plugin HKU\S-1-5-21-3389789030-454535779-2402875703-1009: @emusic.com/dlm-plugin -> C:\Program Files\eMusic Download Manager\plugin\npemusic.dll [2008-12-03] (eMusic.com)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012-02-26] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2007-05-10] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2010-10-31] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2010-10-31] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2010-10-31] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2010-10-31] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2010-10-31] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2010-10-31] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2010-10-31] (Apple Inc.)
FF SearchPlugin: C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\ppk8xxwv.default\searchplugins\shareminercom.xml [2008-10-12]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2012-02-26]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-10-18]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [153792 2007-03-20] (Adobe Systems Incorporated)
R3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2008-09-03] (Macrovision Europe Ltd.) [File not signed]
S3 GSService; C:\WINDOWS\system32\GSService.exe [348160 2010-09-10] () [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2012-02-26] (Sun Microsystems, Inc.)
S3 jswpsapi; C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\WPS\jswpsapi.exe [360529 2011-08-17] (wireless) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [69632 2006-03-03] (HP) [File not signed]
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S3 SMServer; C:\WINDOWS\system32\snmvtsvc.exe [245760 2010-09-10] (SMServer) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [36352 2005-03-09] (Advanced Micro Devices)
R3 AR5416; C:\WINDOWS\System32\DRIVERS\athw.sys [1606976 2011-04-11] (Atheros Communications, Inc.) [File not signed]
S3 AR9271; C:\WINDOWS\System32\DRIVERS\athuw.sys [1763584 2011-07-28] (Atheros Communications, Inc.) [File not signed]
R0 bb-run; C:\WINDOWS\System32\DRIVERS\bb-run.sys [17408 2003-11-05] (Promise Technology, Inc.)
R0 ftsata2; C:\WINDOWS\System32\DRIVERS\ftsata2.sys [175104 2005-06-29] (Promise Technology, Inc.)
S3 grmnusb; C:\WINDOWS\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)
R3 JSWSCIMD; C:\WINDOWS\System32\DRIVERS\jswscimd.sys [57440 2011-08-17] (Atheros Communications, Inc.)
R2 npf; C:\WINDOWS\System32\drivers\npf.sys [35088 2010-07-15] (CACE Technologies, Inc.)
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [34176 2006-03-03] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [13056 2006-03-03] (NVIDIA Corporation)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [46080 2005-08-19] (Sonic Solutions) [File not signed]
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
R3 TuneConvertAudio; C:\WINDOWS\System32\drivers\TuneConvertAudio.sys [23608 2010-09-11] (Windows (R) Codename Longhorn DDK provider) [File not signed]
R3 WSIMD; C:\WINDOWS\System32\DRIVERS\wsimd.sys [58208 2011-08-17] (Atheros Communications, Inc.) [File not signed]
S3 catchme; \??\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\catchme.sys [X]
S2 DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 TlntSvr; No ImagePath
U3 aswMBR; \??\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\aswVmm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-28 07:42 - 2015-03-28 07:42 - 00020526 _____ () C:\Documents and Settings\Compaq_Owner\Desktop\FRST.txt
2015-03-28 07:42 - 2015-03-28 07:42 - 00000000 ____D () C:\FRST
2015-03-28 07:40 - 2015-03-28 07:40 - 01135104 _____ (Farbar) C:\Documents and Settings\Compaq_Owner\Desktop\FRST.exe
2015-03-28 07:31 - 2015-03-28 07:31 - 05198336 _____ (AVAST Software) C:\Documents and Settings\Compaq_Owner\Desktop\aswMBR.exe
2015-03-28 07:04 - 2015-03-28 07:04 - 00000000 ____D () C:\RegBackup
2015-03-22 12:32 - 2015-03-22 12:32 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-28 07:42 - 2014-01-11 16:54 - 00000000 ____D () C:\Documents and Settings\Compaq_Owner\Local Settings\temp
2015-03-28 07:41 - 2006-06-19 11:01 - 00235404 _____ () C:\hpWebHelper.log
2015-03-28 07:20 - 2014-04-29 11:45 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-03-28 07:04 - 2011-11-10 04:05 - 00887484 _____ () C:\WINDOWS\setupapi.log
2015-03-28 07:04 - 2005-12-06 13:50 - 00000000 ____D () C:\WINDOWS\repair
2015-03-28 07:04 - 2005-12-06 13:49 - 00000000 ____D () C:\WINDOWS\Registration
2015-03-28 07:02 - 2010-01-26 16:12 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-28 03:02 - 2005-12-05 03:05 - 00032582 _____ () C:\WINDOWS\SchedLgU.Txt
2015-03-27 12:17 - 2005-12-05 03:05 - 01645350 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-26 13:30 - 2009-04-08 20:29 - 00000868 _____ () C:\WINDOWS\Tasks\Google Software Updater.job
2015-03-26 11:02 - 2010-01-26 16:12 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-25 00:30 - 2014-01-11 15:10 - 00000616 _____ () C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2015-03-22 12:10 - 2006-09-20 17:29 - 00000246 _____ () C:\WINDOWS\system\hpsysdrv.dat
2015-03-22 12:09 - 2005-12-05 02:55 - 00524888 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-22 12:08 - 2012-05-20 18:53 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-22 12:08 - 2011-11-29 20:25 - 00002399 _____ () C:\WINDOWS\system32\lgAxconfig.ini
2015-03-22 12:06 - 2014-01-11 15:10 - 00000644 _____ () C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2015-03-22 12:05 - 2014-04-10 03:21 - 00000236 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-03-22 12:05 - 2006-06-19 10:32 - 00000000 ____D () C:\WINDOWS\system32\Lang
2015-03-22 12:05 - 2006-06-19 10:29 - 00043531 _____ () C:\WINDOWS\system32\nvapps.xml
2015-03-22 12:05 - 2005-12-04 18:46 - 00000157 _____ () C:\WINDOWS\wiadebug.log
2015-03-22 12:05 - 2005-12-04 18:46 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-03-22 12:04 - 2005-12-05 03:05 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-22 12:04 - 2005-12-05 02:53 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
2015-03-19 06:06 - 2014-01-11 15:09 - 00131072 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2015-03-19 06:05 - 2008-06-26 23:13 - 00000178 ___SH () C:\Documents and Settings\Compaq_Owner\ntuser.ini
2015-03-11 03:06 - 2013-08-24 03:04 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-03-11 03:00 - 2009-01-24 20:41 - 119837696 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2009-06-13 08:59 - 2009-12-26 14:16 - 0000268 _____ () C:\Documents and Settings\Compaq_Owner\Application Data\LMCPaper.dat
2009-04-27 21:44 - 2009-12-26 14:16 - 0003932 _____ () C:\Documents and Settings\Compaq_Owner\Application Data\LMLayout.dat
2007-07-23 20:05 - 2011-11-20 19:39 - 0001012 _____ () C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
2007-02-17 12:52 - 2014-12-04 20:49 - 0041472 _____ () C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2007-02-17 12:08 - 2007-02-17 12:08 - 0000135 _____ () C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\fusioncache.dat

Files to move or delete:
====================
C:\Documents and Settings\Compaq_Owner\GoToAssist_phone__317_en.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================



Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by Compaq_Owner at 2015-03-28 07:43:36
Running from C:\Documents and Settings\Compaq_Owner\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Add or Remove Adobe Creative Suite 3 Web Premium (HKLM\...\Adobe_247961ef275e20c5cb073c36394ac32) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Acrobat 8.1.2 Professional (HKLM\...\Adobe Acrobat 8 Professional) (Version: 8.1.2 - )
Adobe Acrobat 8.1.2 Security Update 1 (KB403742) (HKLM\...\{AC76BA86-1033-0000-7760-000000000003}_Adobe Acrobat 8 Professional) (Version: - )
Adobe Color Common Settings (HKLM\...\Adobe_6c8e2cb4fd241c55406016127a6ab2e) (Version: 1.0.1 - Adobe Systems Incorporated)
Adobe ExtendScript Toolkit 2 (HKLM\...\Adobe_3e054d2218e7aa282c2369d939e58ff) (Version: 2.0.2 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 9 ActiveX (HKLM\...\{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}) (Version: 9.0.45.0 - Adobe Systems, Inc.)
Adobe Reader 7.0.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A70500000002}) (Version: 7.0.5 - Adobe Systems Incorporated)
Agere Systems PCI-SV92PP Soft Modem (HKLM\...\Agere Systems Soft Modem) (Version: - )
AHV content for Acrobat and Flash (Version: 1 - Adobe Systems Incorporated) Hidden
Apple Application Support (HKLM\...\{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}) (Version: 1.3.2 - Apple Inc.)
Apple Software Update (HKLM\...\{C41300B9-185D-475E-BFEC-39EF732F19B1}) (Version: 2.1.2.120 - Apple Inc.)
ArcSoft PhotoStudio 5.5 (HKLM\...\{230CCBE9-14B0-4008-97AF-30C10F99E42C}) (Version: - )
BufferChm (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Canon CanoScan Toolbox 4.5 (HKLM\...\{143FB15C-0C48-41E3-9C30-F56FB69BF3D7}) (Version: - )
CP_AtenaShokunin1Config (Version: 70.0.170.000 - Hewlett-Packard) Hidden
CP_CalendarTemplates1 (Version: 70.0.170.000 - Hewlett-Packard) Hidden
cp_LightScribeConfig (Version: 70.0.170.000 - Hewlett-Packard) Hidden
cp_OnlineProjectsConfig (Version: 70.0.170.000 - Hewlett-Packard) Hidden
CP_Package_Basic1 (Version: 70.0.170.000 - Hewlett-Packard) Hidden
CP_Package_Variety1 (Version: 70.0.170.000 - Hewlett-Packard) Hidden
CP_Package_Variety2 (Version: 70.0.170.000 - Hewlett-Packard) Hidden
CP_Package_Variety3 (Version: 70.0.170.000 - Hewlett-Packard) Hidden
CP_Panorama1Config (Version: 70.0.170.000 - Hewlett-Packard) Hidden
cp_PosterPrintConfig (Version: 70.0.170.000 - Hewlett-Packard) Hidden
cp_UpdateProjectsConfig (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Crimson Editor (remove only) (HKLM\...\Crimson Editor) (Version: - )
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version: - Microsoft Corporation)
CueTour (Version: 70.0.170.000 - Hewlett-Packard) Hidden
CuteFTP 8 Home (HKLM\...\{949DBB22-2FB7-4de1-804C-23D495A988D8}) (Version: 8.0.7 - GlobalSCAPE)
Destinations (Version: 70.0.170.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
eMusic Download Manager 4.0.0.5 (HKLM\...\eMusic Download Manager) (Version: 4.0.0.5 - eMusic, Inc.)
ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version: - Lars Hederer)
Exact Audio Copy 0.99pb4 (HKLM\...\Exact Audio Copy) (Version: 0.99pb4 - Andre Wiethoff)
EZ Vinyl Converter by MixMeister 1.0.5 (HKLM\...\EZ Vinyl Converter by MixMeister_is1) (Version: - MixMeister Technology LLC)
ffdshow [rev 1972] [2008-05-24] (HKLM\...\ffdshow_is1) (Version: 1.0 - )
FullDPAppQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Garmin Communicator Plugin (HKLM\...\{B1EE1CC5-6CED-4801-BFFF-8454F21A245A}) (Version: 2.9.3 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation)
HP Boot Optimizer (HKLM\...\{1341D838-719C-4A05-B50F-49420CA1B4BB}) (Version: 3.0.0 - Hewlett-Packard)
HP DVD Play 2.1 (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: - )
HP Imaging Device Functions 7.0 (HKLM\...\HP Imaging Device Functions) (Version: 7.0 - HP)
HP Photosmart and Deskjet 7.0 Software (HKLM\...\{9D404F8F-05A1-4734-9550-6EC2FEE916B8}) (Version: 7.1 - HP)
HP Photosmart Premier Software 6.5 (HKLM\...\HP Photo & Imaging) (Version: 6.5 - HP)
HP Rhapsody (HKLM\...\HP Rhapsody) (Version: - )
HP Support Overview (HKLM\...\{D7DBA21A-CDE5-42EC-BB1C-AE4B3E616B9A}_is1) (Version: 1.0.0 - Hewlett-Packard Company)
HP Web Helper (HKLM\...\{DAAD5187-62C5-4AD6-A526-803C18C4944D}) (Version: - )
hph_ProductContext (Version: 70.0.185.000 - Hewlett-Packard) Hidden
hph_readme (Version: 70.0.185.000 - Hewlett-Packard) Hidden
hph_software (Version: 70.0.185.000 - Hewlett-Packard) Hidden
hph_software_req (Version: 70.0.185.000 - Hewlett-Packard) Hidden
HPPhotoSmartExpress (Version: 70.0.170.000 - Hewlett-Packard) Hidden
HpSdpAppCoreApp (Version: 3.00.0000 - Hewlett-Packard) Hidden
InstantShareDevices (Version: 70.0.170.000 - Hewlett-Packard) Hidden
InstantShareDevicesMFC (Version: 70.0.170.000 - Hewlett-Packard) Hidden
iTunes (HKLM\...\{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}) (Version: 10.0.1.22 - Apple Inc.)
J2SE Runtime Environment 5.0 Update 5 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150050}) (Version: 1.5.0.50 - Sun Microsystems, Inc.)
Java(TM) 6 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
Malwarebytes' Anti-Malware (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office 2003 Edition 60 Days Trial Welcome Tour (HKLM\...\{A01FC76F-CC09-4658-9E37-5C2F635EE708}) (Version: 1.0.0 - Microsoft)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Works (HKLM\...\{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}) (Version: 08.04.0623 - Microsoft Corporation)
Mozilla Firefox 36.0.4 (x86 en-US) (HKLM\...\Mozilla Firefox 36.0.4 (x86 en-US)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSN (HKLM\...\MSNINST) (Version: - )
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
OptionalContentQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
PanoStandAlone (Version: 70.0.170.000 - Hewlett-Packard) Hidden
PDF Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
PhotoGallery (Version: 70.0.170.000 - Hewlett-Packard) Hidden
PlayFLV (HKLM\...\FLVCodec) (Version: - )
Quicken 2006 (HKLM\...\{2818095F-FB6C-42C8-827E-0A406CC9AFF5}) (Version: 15.1.4.5 - Intuit)
QuickTime (HKLM\...\{E7004147-2CCA-431C-AA05-2AB166B9785D}) (Version: 7.68.75.0 - Apple Inc.)
RandMap (Version: 70.0.170.000 - Hewlett-Packard) Hidden
RealPlayer (HKLM\...\RealPlayer 6.0) (Version: - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - )
ScanSnap Manager (HKLM\...\{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}) (Version: V4.2L14 - PFU)
SkinsHP1 (Version: 70.0.170.000 - Hewlett-Packard) Hidden
SlideShow (Version: 70.0.170.000 - Hewlett-Packard) Hidden
SlideShowMusic (Version: 70.0.170.000 - Hewlett-Packard) Hidden
SONAR 6 LE (HKLM\...\SONARLE_is1) (Version: 15.0 - Cakewalk Music Software)
Sonic Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Sonic Solutions)
Sonic RecordNow Audio (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.6 - Sonic Solutions)
Sonic RecordNow Copy (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.6 - Sonic Solutions)
Sonic RecordNow Data (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.6 - Sonic Solutions)
Sonic Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Sonic Solutions)
Sonic_PrimoSDK (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
Status (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Studio365 1.3 (HKLM\...\Studio365 1.3) (Version: Studio365-Win 1.21 - Live365 Inc)
Studio365-Live (HKLM\...\{3274FB3A-A521-4B5C-8573-67B44CD67A19}) (Version: 42.42.5 - Live365, Inc.)
TL-WN822N/TL-WN821N Driver (HKLM\...\{62FE0726-9652-4CD2-9F09-C769D8699C21}) (Version: 1.0.0 - TP-LINK)
TL-WN851ND Driver (HKLM\...\{4BAE4C76-44C3-418F-B715-6BBF5A65323E}) (Version: 1.00.0000 - TP-LINK)
Toolbox (Version: 70.0.170.000 - Hewlett-Packard) Hidden
TP-LINK Wireless Configuration Utility (HKLM\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.0.0 - TP-LINK)
TrayApp (Version: 70.0.170.000 - Hewlett-Packard) Hidden
TuneConvert 7.4.0 (HKLM\...\TuneConvert_is1) (Version: - )
Unload (Version: 7.0.0 - Hewlett-Packard) Hidden
VLC media player 2.0.1 (HKLM\...\VLC media player) (Version: 2.0.1 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
Zoom ADSL Modem (HKLM\...\{030DA939-8C01-4240-BEFB-A0B6791A7E30}) (Version: - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

28-12-2014 15:36:22 System Checkpoint
29-12-2014 16:21:25 System Checkpoint
30-12-2014 17:21:24 System Checkpoint
31-12-2014 18:21:24 System Checkpoint
01-01-2015 18:26:30 System Checkpoint
02-01-2015 19:21:25 System Checkpoint
03-01-2015 20:09:23 System Checkpoint
04-01-2015 20:09:32 System Checkpoint
05-01-2015 21:07:10 System Checkpoint
06-01-2015 21:09:33 System Checkpoint
07-01-2015 23:16:52 System Checkpoint
09-01-2015 00:38:43 System Checkpoint
10-01-2015 01:21:34 System Checkpoint
11-01-2015 02:21:35 System Checkpoint
12-01-2015 03:21:44 System Checkpoint
13-01-2015 03:38:47 System Checkpoint
14-01-2015 04:19:06 System Checkpoint
15-01-2015 04:00:18 Software Distribution Service 3.0
16-01-2015 04:21:45 System Checkpoint
17-01-2015 05:38:31 System Checkpoint
18-01-2015 06:21:46 System Checkpoint
19-01-2015 07:21:47 System Checkpoint
20-01-2015 08:21:47 System Checkpoint
21-01-2015 09:09:36 System Checkpoint
22-01-2015 10:38:33 System Checkpoint
23-01-2015 11:21:48 System Checkpoint
24-01-2015 12:21:47 System Checkpoint
25-01-2015 13:09:47 System Checkpoint
26-01-2015 13:24:32 System Checkpoint
27-01-2015 14:09:48 System Checkpoint
28-01-2015 15:36:38 System Checkpoint
29-01-2015 16:38:39 System Checkpoint
30-01-2015 18:38:35 System Checkpoint
31-01-2015 19:09:47 System Checkpoint
01-02-2015 19:21:51 System Checkpoint
02-02-2015 19:25:13 System Checkpoint
03-02-2015 19:37:15 System Checkpoint
04-02-2015 20:37:17 System Checkpoint
05-02-2015 21:54:17 System Checkpoint
08-02-2015 04:04:28 System Checkpoint
12-02-2015 04:00:18 Software Distribution Service 3.0
16-02-2015 13:58:43 System Checkpoint
17-02-2015 14:25:48 System Checkpoint
18-02-2015 15:25:48 System Checkpoint
19-02-2015 16:37:50 System Checkpoint
20-02-2015 17:37:51 System Checkpoint
21-02-2015 18:56:20 System Checkpoint
22-02-2015 19:37:50 System Checkpoint
23-02-2015 20:37:52 System Checkpoint
24-02-2015 21:25:50 System Checkpoint
25-02-2015 21:37:51 System Checkpoint
26-02-2015 22:54:37 System Checkpoint
27-02-2015 23:37:51 System Checkpoint
01-03-2015 00:37:51 System Checkpoint
02-03-2015 00:38:03 System Checkpoint
03-03-2015 01:55:03 System Checkpoint
04-03-2015 04:07:32 System Checkpoint
05-03-2015 04:38:03 System Checkpoint
06-03-2015 05:38:09 System Checkpoint
07-03-2015 06:55:44 System Checkpoint
08-03-2015 07:38:03 System Checkpoint
09-03-2015 07:55:03 System Checkpoint
10-03-2015 09:55:02 System Checkpoint
11-03-2015 03:00:18 Software Distribution Service 3.0
12-03-2015 03:38:11 System Checkpoint
13-03-2015 04:38:10 System Checkpoint
14-03-2015 05:38:11 System Checkpoint
15-03-2015 06:38:11 System Checkpoint
16-03-2015 06:38:21 System Checkpoint
17-03-2015 07:38:21 System Checkpoint
18-03-2015 08:38:21 System Checkpoint
22-03-2015 12:31:57 System Checkpoint
23-03-2015 12:40:27 System Checkpoint
24-03-2015 13:40:13 System Checkpoint
25-03-2015 15:40:13 System Checkpoint
26-03-2015 15:40:21 System Checkpoint
27-03-2015 16:23:28 System Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-04 07:00 - 2014-01-11 16:50 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe

==================== Loaded Modules (whitelisted) ==============

2006-06-19 10:29 - 2006-01-24 22:15 - 01466368 _____ () C:\WINDOWS\system32\nview.dll
2004-08-04 07:00 - 2008-04-13 20:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2004-08-04 07:00 - 2008-04-13 20:11 - 00498742 _____ () C:\WINDOWS\system32\dxmasf.dll
2014-01-11 15:08 - 2013-05-16 11:55 - 00113496 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-01-11 15:08 - 2013-05-16 11:55 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2006-06-19 10:29 - 2006-01-24 22:15 - 00466944 _____ () C:\WINDOWS\system32\nvshell.dll
2010-08-10 00:01 - 2010-08-10 00:01 - 00067872 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-03-17 08:55 - 2003-03-26 18:46 - 00135168 _____ () C:\Program Files\PFU\ScanSnap\Driver\PfuSsImgIO.dll
2013-03-17 08:55 - 2006-10-12 15:14 - 00036864 _____ () C:\Program Files\PFU\ScanSnap\Driver\PfuUpdater.dll
2013-03-17 08:55 - 2007-06-26 20:27 - 00167936 _____ () C:\Program Files\PFU\ScanSnap\Driver\SSsltsa.dll
2005-10-20 20:36 - 2005-10-20 20:36 - 00065536 ____R () C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll
2005-10-20 20:36 - 2005-10-20 20:36 - 00077824 ____R () C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3389789030-454535779-2402875703-1009\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.1.1 - 10.0.0.2

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-3389789030-454535779-2402875703-500 - Administrator - Enabled)
Compaq_Owner (S-1-5-21-3389789030-454535779-2402875703-1009 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Compaq_Owner
Guest (S-1-5-21-3389789030-454535779-2402875703-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-3389789030-454535779-2402875703-1008 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-3389789030-454535779-2402875703-1002 - Limited - Disabled)
SUPPORT_fddfa904 (S-1-5-21-3389789030-454535779-2402875703-1007 - Limited - Disabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/28/2015 07:42:54 AM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (03/28/2015 07:42:54 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (03/28/2015 07:42:51 AM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (03/28/2015 07:42:51 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (03/28/2015 07:42:51 AM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (03/28/2015 07:42:51 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (03/28/2015 07:42:46 AM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (03/28/2015 07:42:31 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (03/28/2015 07:42:31 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (03/28/2015 07:04:37 AM) (Source: COM+) (EventID: 4691) (User: )
Description: The run-time environment was unable to initialize for transactions required to support transactional components. Make sure that MS-DTC is running. (DtcGetTransactionManagerEx(): hr = 0x8004d027)


System errors:
=============
Error: (03/27/2015 05:52:49 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the Netman service.

Error: (03/27/2015 00:07:49 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the JavaQuickStarterService service.

Error: (03/27/2015 08:37:53 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the Netman service.

Error: (03/27/2015 02:52:53 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.

Error: (03/26/2015 06:22:49 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the JavaQuickStarterService service.

Error: (03/26/2015 01:22:53 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the Netman service.

Error: (03/25/2015 06:22:49 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.

Error: (03/25/2015 04:52:49 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the JavaQuickStarterService service.

Error: (03/25/2015 11:52:49 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the JavaQuickStarterService service.

Error: (03/24/2015 05:22:49 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: AMD Sempron(tm) Processor 3200+
Percentage of memory in use: 72%
Total physical RAM: 1214.48 MB
Available physical RAM: 335.72 MB
Total Pagefile: 1748.45 MB
Available Pagefile: 839.75 MB
Total Virtual: 2047.88 MB
Available Virtual: 1944.66 MB

==================== Drives ================================

Drive c: (PRESARIO) (Fixed) (Total:104.69 GB) (Free:25.49 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:14.9 GB) (Free:14.88 GB) FAT32
Drive e: (PRESARIO_RP) (Fixed) (Total:7.08 GB) (Free:0.37 GB) FAT32 ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 111.8 GB) (Disk ID: B2C028DB)
Partition 1: (Active) - (Size=104.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=7.1 GB) - (Type=0C)

========================================================
Disk: 1 (Size: 14.9 GB) (Disk ID: 21EDAD79)
Partition 1: (Not Active) - (Size=14.9 GB) - (Type=0C)

==================== End Of Log ============================

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Compaq_Owner (administrator) on GOLDFARBSKY2 on 28-03-2015 07:42:11
Running from C:\Documents and Settings\Compaq_Owner\Desktop
Loaded Profiles: Compaq_Owner (Available profiles: Compaq_Owner)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 6 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(LG Electronics) C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(PFU LIMITED) C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Company) C:\WINDOWS\system\hpsysdrv.exe
(InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
(InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
(RealNetworks, Inc.) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
(HP) C:\WINDOWS\system32\HPZipm12.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(AVAST Software) C:\Documents and Settings\Compaq_Owner\Desktop\aswMBR.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16010240 2006-03-08] (Realtek Semiconductor Corp.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [nwiz] => nwiz.exe /install
HKLM\...\Run: [Recguard] => C:\WINDOWS\SMINST\RECGUARD.EXE [237568 2005-07-23] ()
HKLM\...\Run: [HPBootOp] => C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [249856 2006-02-16] (Hewlett-Packard Company)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Common Files\Real\Update_OB\realsched.exe [180269 2006-06-19] (RealNetworks, Inc.)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [623992 2008-01-11] (Adobe Systems Inc.)
HKLM\...\Run: [Adobe_ID0EYTHM] => C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe [1884160 2007-03-20] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2010-09-08] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421160 2010-09-24] (Apple Inc.)
HKLM\...\Run: [B2C_AGENT] => C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe [404568 2012-03-28] (LG Electronics)
HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-07-28] (InstallShield Software Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKU\S-1-5-21-3389789030-454535779-2402875703-1009\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2007-07-08] (Google Inc.)
HKU\S-1-5-21-3389789030-454535779-2402875703-1009\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_16_0_0_305_Plugin.exe [960688 2015-02-04] (Adobe Systems Incorporated)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
ShortcutTarget: Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ScanSnap Manager.lnk
ShortcutTarget: ScanSnap Manager.lnk -> C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk
ShortcutTarget: Status Monitor.lnk -> C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
Startup: C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files\ERUNT\AUTOBACK.EXE ()
Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk
ShortcutTarget: Pin.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3389789030-454535779-2402875703-1009\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
HKU\S-1-5-21-3389789030-454535779-2402875703-1009\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
HKU\S-1-5-21-3389789030-454535779-2402875703-1009\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
URLSearchHook: HKU\S-1-5-21-3389789030-454535779-2402875703-1009 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing.
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22] (Adobe Systems Incorporated)
BHO: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-16] (Adobe Systems Incorporated.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2012-02-26] (Sun Microsystems, Inc.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
BHO: hpWebHelper Class -> {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} -> C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll [2009-01-27] (TODO: <Company name>)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.10.11023.1534\swg.dll [2015-03-03] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-02-26] (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2012-02-26] (Sun Microsystems, Inc.)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated)
Toolbar: HKLM - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-16] (Adobe Systems Incorporated.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
Toolbar: HKU\S-1-5-21-3389789030-454535779-2402875703-1009 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
Toolbar: HKU\S-1-5-21-3389789030-454535779-2402875703-1009 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3389789030-454535779-2402875703-1009 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\ppk8xxwv.default
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
FF Homepage: hxxp://www.google.com
FF Keyword.URL: chrome://browser-region/locale/region.properties
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2010-09-22] ()
FF Plugin: @emusic.com/dlm-plugin -> C:\Program Files\eMusic Download Manager\plugin\npemusic.dll [2008-12-03] (eMusic.com)
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2010-10-28] (GARMIN Corp.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll [2012-02-26] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll [2011-10-04] (Google)
FF Plugin: @real.com/nppl3260;version=6.0.11.2321 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2006-06-19] (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.2.2379 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll [2006-06-19] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.1483 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll [2006-06-19] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-03-16] (VideoLAN)
FF Plugin HKU\S-1-5-21-3389789030-454535779-2402875703-1009: @emusic.com/dlm-plugin -> C:\Program Files\eMusic Download Manager\plugin\npemusic.dll [2008-12-03] (eMusic.com)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012-02-26] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2007-05-10] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2010-10-31] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2010-10-31] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2010-10-31] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2010-10-31] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2010-10-31] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2010-10-31] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2010-10-31] (Apple Inc.)
FF SearchPlugin: C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\ppk8xxwv.default\searchplugins\shareminercom.xml [2008-10-12]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2012-02-26]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-10-18]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [153792 2007-03-20] (Adobe Systems Incorporated)
R3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2008-09-03] (Macrovision Europe Ltd.) [File not signed]
S3 GSService; C:\WINDOWS\system32\GSService.exe [348160 2010-09-10] () [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2012-02-26] (Sun Microsystems, Inc.)
S3 jswpsapi; C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\WPS\jswpsapi.exe [360529 2011-08-17] (wireless) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [69632 2006-03-03] (HP) [File not signed]
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S3 SMServer; C:\WINDOWS\system32\snmvtsvc.exe [245760 2010-09-10] (SMServer) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [36352 2005-03-09] (Advanced Micro Devices)
R3 AR5416; C:\WINDOWS\System32\DRIVERS\athw.sys [1606976 2011-04-11] (Atheros Communications, Inc.) [File not signed]
S3 AR9271; C:\WINDOWS\System32\DRIVERS\athuw.sys [1763584 2011-07-28] (Atheros Communications, Inc.) [File not signed]
R0 bb-run; C:\WINDOWS\System32\DRIVERS\bb-run.sys [17408 2003-11-05] (Promise Technology, Inc.)
R0 ftsata2; C:\WINDOWS\System32\DRIVERS\ftsata2.sys [175104 2005-06-29] (Promise Technology, Inc.)
S3 grmnusb; C:\WINDOWS\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)
R3 JSWSCIMD; C:\WINDOWS\System32\DRIVERS\jswscimd.sys [57440 2011-08-17] (Atheros Communications, Inc.)
R2 npf; C:\WINDOWS\System32\drivers\npf.sys [35088 2010-07-15] (CACE Technologies, Inc.)
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [34176 2006-03-03] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [13056 2006-03-03] (NVIDIA Corporation)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [46080 2005-08-19] (Sonic Solutions) [File not signed]
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
R3 TuneConvertAudio; C:\WINDOWS\System32\drivers\TuneConvertAudio.sys [23608 2010-09-11] (Windows (R) Codename Longhorn DDK provider) [File not signed]
R3 WSIMD; C:\WINDOWS\System32\DRIVERS\wsimd.sys [58208 2011-08-17] (Atheros Communications, Inc.) [File not signed]
S3 catchme; \??\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\catchme.sys [X]
S2 DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 TlntSvr; No ImagePath
U3 aswMBR; \??\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\aswVmm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-28 07:42 - 2015-03-28 07:42 - 00020526 _____ () C:\Documents and Settings\Compaq_Owner\Desktop\FRST.txt
2015-03-28 07:42 - 2015-03-28 07:42 - 00000000 ____D () C:\FRST
2015-03-28 07:40 - 2015-03-28 07:40 - 01135104 _____ (Farbar) C:\Documents and Settings\Compaq_Owner\Desktop\FRST.exe
2015-03-28 07:31 - 2015-03-28 07:31 - 05198336 _____ (AVAST Software) C:\Documents and Settings\Compaq_Owner\Desktop\aswMBR.exe
2015-03-28 07:04 - 2015-03-28 07:04 - 00000000 ____D () C:\RegBackup
2015-03-22 12:32 - 2015-03-22 12:32 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-28 07:42 - 2014-01-11 16:54 - 00000000 ____D () C:\Documents and Settings\Compaq_Owner\Local Settings\temp
2015-03-28 07:41 - 2006-06-19 11:01 - 00235404 _____ () C:\hpWebHelper.log
2015-03-28 07:20 - 2014-04-29 11:45 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-03-28 07:04 - 2011-11-10 04:05 - 00887484 _____ () C:\WINDOWS\setupapi.log
2015-03-28 07:04 - 2005-12-06 13:50 - 00000000 ____D () C:\WINDOWS\repair
2015-03-28 07:04 - 2005-12-06 13:49 - 00000000 ____D () C:\WINDOWS\Registration
2015-03-28 07:02 - 2010-01-26 16:12 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-28 03:02 - 2005-12-05 03:05 - 00032582 _____ () C:\WINDOWS\SchedLgU.Txt
2015-03-27 12:17 - 2005-12-05 03:05 - 01645350 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-26 13:30 - 2009-04-08 20:29 - 00000868 _____ () C:\WINDOWS\Tasks\Google Software Updater.job
2015-03-26 11:02 - 2010-01-26 16:12 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-25 00:30 - 2014-01-11 15:10 - 00000616 _____ () C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2015-03-22 12:10 - 2006-09-20 17:29 - 00000246 _____ () C:\WINDOWS\system\hpsysdrv.dat
2015-03-22 12:09 - 2005-12-05 02:55 - 00524888 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-22 12:08 - 2012-05-20 18:53 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-22 12:08 - 2011-11-29 20:25 - 00002399 _____ () C:\WINDOWS\system32\lgAxconfig.ini
2015-03-22 12:06 - 2014-01-11 15:10 - 00000644 _____ () C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2015-03-22 12:05 - 2014-04-10 03:21 - 00000236 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-03-22 12:05 - 2006-06-19 10:32 - 00000000 ____D () C:\WINDOWS\system32\Lang
2015-03-22 12:05 - 2006-06-19 10:29 - 00043531 _____ () C:\WINDOWS\system32\nvapps.xml
2015-03-22 12:05 - 2005-12-04 18:46 - 00000157 _____ () C:\WINDOWS\wiadebug.log
2015-03-22 12:05 - 2005-12-04 18:46 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-03-22 12:04 - 2005-12-05 03:05 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-22 12:04 - 2005-12-05 02:53 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
2015-03-19 06:06 - 2014-01-11 15:09 - 00131072 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2015-03-19 06:05 - 2008-06-26 23:13 - 00000178 ___SH () C:\Documents and Settings\Compaq_Owner\ntuser.ini
2015-03-11 03:06 - 2013-08-24 03:04 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-03-11 03:00 - 2009-01-24 20:41 - 119837696 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2009-06-13 08:59 - 2009-12-26 14:16 - 0000268 _____ () C:\Documents and Settings\Compaq_Owner\Application Data\LMCPaper.dat
2009-04-27 21:44 - 2009-12-26 14:16 - 0003932 _____ () C:\Documents and Settings\Compaq_Owner\Application Data\LMLayout.dat
2007-07-23 20:05 - 2011-11-20 19:39 - 0001012 _____ () C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
2007-02-17 12:52 - 2014-12-04 20:49 - 0041472 _____ () C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2007-02-17 12:08 - 2007-02-17 12:08 - 0000135 _____ () C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\fusioncache.dat

Files to move or delete:
====================
C:\Documents and Settings\Compaq_Owner\GoToAssist_phone__317_en.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

Also, I forgot to mention, I can send and receive messages from my PC, but I can only send messages from my iMac

Correction...I can send and receive From both PC and iMac in my Google account, I can only send from Apple mail.
I have initiated two-step verification to help thwart further hacking, but I'm pretty sure that Edit is still in the system.
Juliet
2015-03-29, 23:37
Hi and welcome

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)


https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG




start
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3389789030-454535779-2402875703-1009\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing.
Toolbar: HKU\S-1-5-21-3389789030-454535779-2402875703-1009 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
C:\Documents and Settings\Compaq_Owner\GoToAssist_phone__317_en.exe
EmptyTemp:
Hosts:
End


Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

http://i.imgur.com/BY4dvz9.png AdwCleaner

Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) and save the file to your Desktop.
Right-Click AdwCleaner.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Follow the prompts.
Click Scan.
Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate.
Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
Follow the prompts and allow your computer to reboot.
After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please download Malwarebytes Anti-Malware (http://downloads.malwarebytes.org/file/mbam) and save it to your desktop.

Double-click on the setup file (mbam-setup.exe), then click on Run to install.
Malwarebytes will automatically open to it's Dashboard. If you have never run this version, you should see a red note at the top indicating "A scan has never been run on your system"
Click on Update Now to download the current database definitions, then click the Scan Now >> button.
If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
You will be prompted to update Malwarebytes...click on the Update Now button.
The THREAT SCAN will automatically begin.
When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.
To complete any actions taken you will be prompted to restart your computer...click on Yes. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
After rebooting the computer, copy and paste the mbam.log in your next reply.

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)

Open Malwarebytes Anti-Malware.
Click the History Tab at the top and select Application Logs.
Select (check) the box next to Scan Log. Choose the most current scan.
Click the View button.
Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)

Open Malwarebytes Anti-Malware.
Click the Scan Tab at the top.
Click the View detailed log link on the right.
Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd



please post
Fixlog.txt
C:\AdwCleaner.txt
Malwarebytes Anti-Malware\Logs
steve100254
2015-03-30, 19:54
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by Compaq_Owner at 2015-03-30 11:25:55 Run:1
Running from C:\Documents and Settings\Compaq_Owner\Desktop
Loaded Profiles: Compaq_Owner (Available profiles: Compaq_Owner)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3389789030-454535779-2402875703-1009\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing.
Toolbar: HKU\S-1-5-21-3389789030-454535779-2402875703-1009 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
C:\Documents and Settings\Compaq_Owner\GoToAssist_phone__317_en.exe
EmptyTemp:
Hosts:
End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-3389789030-454535779-2402875703-1009\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKU\S-1-5-21-3389789030-454535779-2402875703-1009\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} => value deleted successfully.
HKCR\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825} => Key not found.
C:\Documents and Settings\Compaq_Owner\GoToAssist_phone__317_en.exe => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 1.5 GB temporary data.


The system needed a reboot.

==== End of Fixlog 11:26:47 ====
steve100254
2015-03-30, 19:56
# AdwCleaner v4.200 - Logfile created 30/03/2015 at 11:42:42
# Updated 29/03/2015 by Xplode
# Database : 2015-03-29.1 [Local]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Compaq_Owner - GOLDFARBSKY2
# Running from : C:\Documents and Settings\Compaq_Owner\Desktop\adwcleaner_4.200.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : GSService

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\Coupons
Folder Deleted : C:\Documents and Settings\Compaq_Owner\My Documents\Updater
File Deleted : C:\WINDOWS\system32\GSService.exe
File Deleted : C:\Documents and Settings\Compaq_Owner\Favorites\eBay.lnk

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BF0118D4-63FF-4138-9327-F3028FB1A578}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A2D81E70-2A98-4A08-A628-94388B063C5E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v6.0.2900.5512


-\\ Mozilla Firefox v36.0.4 (x86 en-US)

[ppk8xxwv.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
[ppk8xxwv.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "Ask.com");
[ppk8xxwv.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Ask.com");

*************************

AdwCleaner[R1].txt - [1985 bytes] - [30/03/2015 11:39:51]
AdwCleaner[S0].txt - [1971 bytes] - [30/03/2015 11:42:42]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2030 bytes] ##########
steve100254
2015-03-30, 20:07
Malwarebytes Anti-Malware
www.malwarebytes.org


Update, 3/30/2015 11:56:18 AM, SYSTEM, GOLDFARBSKY2, Manual, Rootkit Database, 2015.2.25.1, 2015.3.26.1,
Update, 3/30/2015 11:56:33 AM, SYSTEM, GOLDFARBSKY2, Manual, Malware Database, 2015.3.9.5, 2015.3.30.6,
Scan, 3/30/2015 12:51:54 PM, SYSTEM, GOLDFARBSKY2, Manual, Start:3/30/2015 11:57:19 AM, Duration:40 min 30 sec, Threat Scan, Completed, 2 Malware Detections, 2 Non-Malware Detections,
Error, 3/30/2015 12:58:22 PM, SYSTEM, GOLDFARBSKY2, Protection, IsLicensed, 13,
Protection, 3/30/2015 12:58:22 PM, SYSTEM, GOLDFARBSKY2, Protection, Malware Protection, Stopping,
Protection, 3/30/2015 12:58:22 PM, SYSTEM, GOLDFARBSKY2, Protection, Malware Protection, Stopped,

(end)
Juliet
2015-03-30, 21:34
Malwarebytes Anti-Malware
www.malwarebytes.org


Update, 3/30/2015 11:56:18 AM, SYSTEM, GOLDFARBSKY2, Manual, Rootkit Database, 2015.2.25.1, 2015.3.26.1,
Update, 3/30/2015 11:56:33 AM, SYSTEM, GOLDFARBSKY2, Manual, Malware Database, 2015.3.9.5, 2015.3.30.6,
Scan, 3/30/2015 12:51:54 PM, SYSTEM, GOLDFARBSKY2, Manual, Start:3/30/2015 11:57:19 AM, Duration:40 min 30 sec, Threat Scan, Completed, 2 Malware Detections, 2 Non-Malware Detections,
Error, 3/30/2015 12:58:22 PM, SYSTEM, GOLDFARBSKY2, Protection, IsLicensed, 13,
Protection, 3/30/2015 12:58:22 PM, SYSTEM, GOLDFARBSKY2, Protection, Malware Protection, Stopping,
Protection, 3/30/2015 12:58:22 PM, SYSTEM, GOLDFARBSKY2, Protection, Malware Protection, Stopped,

(end)

This is the update log and not the found/quarantine log.

Threat Scan, Completed, 2 Malware Detections, 2 Non-Malware Detections,

Open Malwarebytes Anti-Malware.
Click the Scan Tab at the top.
Click the View detailed log link on the right.
Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.


Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd

I also forgot to mention, anytime you suspect an infection, please go to a known clean computer and change your password.
steve100254
2015-03-31, 21:07
<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2015/03/31 12:37:41 -0400</date>
<logfile>mbam-log-2015-03-31 (12-37-13).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.01.4.1018</version>
<malware-database>v2015.03.31.06</malware-database>
<rootkit-database>v2015.03.26.01</rootkit-database>
<license>free</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows XP Service Pack 3</osversion>
<arch>x86</arch>
<username>Compaq_Owner</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>330850</objects>
<time>2408</time>
<processes>0</processes>
<modules>0</modules>
<keys>0</keys>
<values>0</values>
<datas>0</datas>
<folders>0</folders>
<files>0</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
</items>
</mbam-log>


I have several computers and some work better than others. This is a clean computer. I did some rooting around the gmail site on one of the other computers and found the bad link under the settings which i subsequently changed to the good gmail.
Juliet
2015-03-31, 22:54
That was the protection log....not the log that shows what was found.

Let's continue

Run MBAM again and if it finds anything please allow it to quarantine what it detects.

~~~~~~~~~~~~~~~~~~~~~~~~~~~

What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.


http://i.imgur.com/GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.


Please run a free online scan with the ESET Online Scanner

US Link: http://www.eset.com/us/online-scanner/
EU Link: http://www.eset.eu/online-scanner/

Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.

Turn off the real time scanner of any existing antivirus program while performing the online scan.
Click the blue Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
Click on Advanced Settings
Make sure that the option Remove found threats is unticked.
Ensure these options are ticked

Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology


Under "Current Scan Targets" > click "change" and ensure all your drives are selected
Click Start
Wait for the scan to finish
When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
Save that text file on your desktop. Attach the log as a reply to your next reply..
Close the ESET online scan, and let me know how things are now.



Please also tell me how the computer is at the moment.
steve100254
2015-04-03, 02:43
I downloaded ESET and ran it. I can't find these instructions anywhere:

Make sure that the option Remove found threats is unticked.
Ensure these options are ticked
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

Under "Current Scan Targets" > click "change" and ensure all your drives are selected
Click Start
Wait for the scan to finish
When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
Save that text file on your desktop. Attach the log as a reply to your next reply..
Close the ESET online scan, and let me know how things are now.

THREATS FOUND! did come up but there was nowhere to click "Export to text file..."

There were/was logs but I seem to have lost them

This computer was never a problem.. It was always my mail in iMac. It's still a problem in my iMac. All my PC's work fine with gmail.............now. Thank you for all your help.
Juliet
2015-04-03, 14:33
See if the logfile is located at C:\Program Files\Eset\Eset Online Scanner\log.txt

https://www.apple.com/support/imac/intel/mail/
try the above link for your iMac

I have no idea if the tools we use will work on a iMac.
steve100254
2015-04-04, 14:18
See if the logfile is located at C:\Program Files\Eset\Eset Online Scanner\log.txt

https://www.apple.com/support/imac/intel/mail/
try the above link for your iMac

I have no idea if the tools we use will work on a iMac.

Did a search. Found what I believe is the file:

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=70ac46421e9fe44b90792241d186a9cd
# engine=23190
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-04-01 06:18:54
# local_time=2015-04-01 02:18:54 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# scanned=193265
# found=1
# cleaned=1
# scan_time=4459
sh=93134BBB2CDB87B87358D86972942DA86028F20B ft=1 fh=7a6c0bb011a96b28 vn="Win32/Adware.MarketScore.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\Compaq_Owner\Desktop\avi2video_install.exe"

Btw that support apple site is worthless for this mail problem. I had already been around the barn with them. There's never a live tech unless you have a subscription or want to pay $40 every time you connect with them which would be...what...about $200 so far if you guys charged like that? Criminey, the imac was free.
Currently running ESET for mac on the iMac. It won't send or receive email now. I have backed up my account with two-step verification, but interestingly, when I was going through the log files of the date i was hacked, there are quite a few entries dealing with DISABLE TWO STEP VERIFICATION. I didn't have it at the time, but the hacker's program sure had the disable codes.
Juliet
2015-04-04, 15:40
I know your frustrated and I'm sorry but windows is my forte'

read over these links I researched to see if it will help

http://www.sevenforums.com/tutorials/286925-microsoft-account-two-step-verification-turn-off.html
Two-step Verification" - Turn On or Off

https://productforums.google.com/forum/#!topic/gmail/YippQvXaY8s[1-25]

https://support.google.com/accounts/answer/1064203?hl=en
steve100254
2015-04-04, 23:15
Hey! Thanks for all your help. I'm now on the Gmail for AppleMail users forum. Maybe someone on there will have an idea. It's not like I cant access Gmail, it's just that the mail app doesnt work the way it's supposed to. At some point I will probably just live with it.

Oh, hey....I ran the ESET Cyber on my iMac and it came back with 0 threats, so that's a good thing!

Oh...one other thing....when my gmail got hacked I went into the files to see how the hacker had jumped around from ISP to ISP and how he turned two-step on and off, and how he used a phone #, then cancelled the phone #. Google tracks all this as well, but the strange thing for me was I found a name and phone number from Arizona deep in the program files that wasn't part of the Google detail. the origin # was Nigeria. I called the AZ # and left a message, but no one got back to me. What do you think?
Juliet
2015-04-05, 01:40
Hey! Thanks for all your help. I'm now on the Gmail for AppleMail users forum. Maybe someone on there will have an idea. It's not like I cant access Gmail, it's just that the mail app doesnt work the way it's supposed to. At some point I will probably just live with it.

Oh, hey....I ran the ESET Cyber on my iMac and it came back with 0 threats, so that's a good thing!
I hope that forum can shed some light as to what might help :)
Might be theres an application that can be downloaded that will make it work right?


Oh, hey....I ran the ESET Cyber on my iMac and it came back with 0 threats, so that's a good thing!
good deal


Oh...one other thing....when my gmail got hacked I went into the files to see how the hacker had jumped around from ISP to ISP and how he turned two-step on and off, and how he used a phone #, then cancelled the phone #. Google tracks all this as well, but the strange thing for me was I found a name and phone number from Arizona deep in the program files that wasn't part of the Google detail. the origin # was Nigeria. I called the AZ # and left a message, but no one got back to me. What do you think?
I find that your good at detective work and that you might get a harassing phone call back?
Check those settings often, might save you another rainy day in the future.

We have seen many scams and alerts come out of Nigeria (heaven help me I'm not the next target now for saying Nigeria)

Let's remove tools and quarantine folders now.

DelFix

Please download DelFix (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/9-delfix)
or from here http://www.bleepingcomputer.com/download/delfix/ and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:

Activate UAC
Remove disinfection tools


Click the Run button.

-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).



Answers to common security questions - Best Practices (http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/) by quietman7, MVP
How Malware Spreads - How did I get infected? (http://www.bleepingcomputer.com/forums/t/287710/how-malware-spreads-how-did-i-get-infected/) by quietman7, MVP
Simple and easy ways to keep your computer safe and secure on the Internet (http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/) by Lawrence Abrams, MVP
How to Prevent Malware (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) by miekiemoes, MVP
How to backup and restore your data using Cobian Backup (http://www.bleepingcomputer.com/tutorials/backup-and-restore-data-with-cobian-backup/) by YourHighness
Slow Computer/browser? It May Not Be Malware (http://www.bleepingcomputer.com/forums/t/87058/slow-computerbrowser-check-here-first;-it-may-not-be-malware/) by quietman7, MVP


The following programmes come highly recommended in the security community.

http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xKsUqI5A.png.pagespeed.ic.vn1Hlvqi8h.jpgAdBlock (https://adblockplus.org/en/firefox) is a browser add-on that blocks annoying banners, pop-ups and video ads.
http://i.imgur.com/E8I37RF.pngCryptoPrevent (https://www.foolishit.com/) places policy restrictions on loading points for ransomware (eg.CryptoPrevent), preventing your files from being encrypted.
http://i.imgur.com/EG85Vjt.png Malwarebytes Anti-Exploit (https://www.malwarebytes.org/antiexploit/) (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/x6YRrgUC.png.pagespeed.ic.HjgFxjvw2Z.jpgMalwarebytes Anti-Malware Premium (https://www.malwarebytes.org/) (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xjv4nhMJ.png.pagespeed.ic.A5YbWn1eDO.png NoScript (http://noscript.net/) is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
http://i.imgur.com/3O8r9Uq.png (http://www.sandboxie.com/) Sandboxie (http://www.sandboxie.com/) isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/DgW1XL2.png.pagespeed.ce.v1OlJl_ZAS.png Secuina PSI (http://secunia.com/vulnerability_scanning/personal/) will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xj1OLIec.png.pagespeed.ic.k6hhwopU0q.jpg SpywareBlaster (https://www.brightfort.com/spywareblaster.html) is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xJEP5iWI.png.pagespeed.ic.4tmM1lM7DQ.pngWeb of Trust (https://www.mywot.com/) (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.


Want to help others? Join the ClassRoom (http://forums.whatthetech.com/What_the_Tech_Classroom_t80368.html) and learn how.
Juliet
2015-04-07, 14:09
Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif

Since this issue appears resolved ... this Topic is closed.