Nick
Well-Known Member
- Joined
- Jul 25, 2017
- Messages
- 123
- Reaction score
- 3
Just the addition box.
Help Support House Repair Talk:
Just the addition box.
Nick
Well-Known Member
- Joined
- Jul 25, 2017
- Messages
- 123
- Reaction score
- 3
Where is the FRST.txt Log . Do it like you did it the first time with the the addition box checked, and post both logs .
O
oldognewtrick
Guest
Well, life got in the way before I could send the other log....
O
oldognewtrick
Guest
Might be a day or two, at the hospital with my mom. She broke her hip, waiting on surgery.
O
oldognewtrick
Guest
She broke her femur near the ball of the socket, they're doing a partial replacement at 1:00 tomorrow. Came home and finished daughters radiator replacement, that's one thing out of the way. Back up at 7:00 to meet with the anathiesoglist, its Miller Time...
O
oldognewtrick
Guest
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 31-07-2017
Ran by Administrator (14-08-2017 13:08:07)
Running from C:\Documents and Settings\Administrator\desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2011-08-16 22:44:22)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1715567821-2147082821-1417001333-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-1715567821-2147082821-1417001333-1003 - Limited - Enabled)
Guest (S-1-5-21-1715567821-2147082821-1417001333-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1715567821-2147082821-1417001333-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1715567821-2147082821-1417001333-1002 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Bitdefender Antivirus Free Edition (Disabled - Up to date) {9488E0FA-F058-4673-850E-E755F112BABC}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 26 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
ATI - Software Uninstall Utility (HKLM\...\All ATI Software) (Version: 6.14.10.1012 - )
ATI Control Panel (HKLM\...\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}) (Version: 6.14.10.5160 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.16-050713a1-025450C - )
Canon MG3100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3100_series) (Version: - )
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant AC-Link Audio (HKLM\...\CNXT_AUDIO) (Version: - )
Data Fax SoftModem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_3091103C) (Version: - )
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Earth (HKLM\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
ieSpell (HKLM\...\ieSpell) (Version: 2.6.4 (build 573) - Red Egg Software)
Intel(R) Integrated Performance Primitives Run-Time Installer 5.1 for Windows* on IA-32 Intel(R) Architecture (HKLM\...\{BAE06076-DB3F-4936-8864-249A7B2AA662}) (Version: 5.1.1.3 - Intel Corporation)
Java 7 Update 80 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217080FF}) (Version: 7.0.800 - Oracle)
Java 8 Update 101 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java 8 Update 144 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Java 8 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Java 8 Update 66 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.17 - Oracle Corporation)
Junk Mail filter update (HKLM\...\{8E5233E1-7495-44FB-8DEB-4BE906D59619}) (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
LibreOffice 3.3 (HKLM\...\{CD068533-1A20-47F6-B1A2-196725B1320F}) (Version: 3.3.401 - LibreOffice)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2656353) (HKLM\...\M2656353) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2656370) (HKLM\...\M2656370) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM\...\{172423F9-522A-483A-AD65-03600CE4CA4F}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Revo Uninstaller 2.0.3 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.3 - VS Revo Group, Ltd.)
RogueKiller version 12.11.8.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.8.0 - Adlice Software)
SafeZone Stable 1.48.2066.120 (HKLM\...\SafeZone 1.48.2066.120) (Version: 1.48.2066.120 - Avast Software) Hidden
SAMSUNG Intelli-studio (HKLM\...\Intelli-studio) (Version: 3.1.32.1 - Samsung Electronics Co., Ltd.)
Segoe UI (HKLM\...\{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}) (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.0.13.2 - Synaptics)
Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM\...\InstallShield_{AD7914E1-6453-4440-AEC7-02C72AD6FE5F}) (Version: 1.20.0000 - Texas Instruments Inc.)
TIPCI (HKLM\...\{AD7914E1-6453-4440-AEC7-02C72AD6FE5F}) (Version: 1.20.0000 - Texas Instruments Inc.) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
Ran by Administrator (14-08-2017 13:08:07)
Running from C:\Documents and Settings\Administrator\desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2011-08-16 22:44:22)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1715567821-2147082821-1417001333-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-1715567821-2147082821-1417001333-1003 - Limited - Enabled)
Guest (S-1-5-21-1715567821-2147082821-1417001333-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1715567821-2147082821-1417001333-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1715567821-2147082821-1417001333-1002 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Bitdefender Antivirus Free Edition (Disabled - Up to date) {9488E0FA-F058-4673-850E-E755F112BABC}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 26 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
ATI - Software Uninstall Utility (HKLM\...\All ATI Software) (Version: 6.14.10.1012 - )
ATI Control Panel (HKLM\...\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}) (Version: 6.14.10.5160 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.16-050713a1-025450C - )
Canon MG3100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3100_series) (Version: - )
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant AC-Link Audio (HKLM\...\CNXT_AUDIO) (Version: - )
Data Fax SoftModem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_3091103C) (Version: - )
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Earth (HKLM\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
ieSpell (HKLM\...\ieSpell) (Version: 2.6.4 (build 573) - Red Egg Software)
Intel(R) Integrated Performance Primitives Run-Time Installer 5.1 for Windows* on IA-32 Intel(R) Architecture (HKLM\...\{BAE06076-DB3F-4936-8864-249A7B2AA662}) (Version: 5.1.1.3 - Intel Corporation)
Java 7 Update 80 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217080FF}) (Version: 7.0.800 - Oracle)
Java 8 Update 101 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java 8 Update 144 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Java 8 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Java 8 Update 66 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.17 - Oracle Corporation)
Junk Mail filter update (HKLM\...\{8E5233E1-7495-44FB-8DEB-4BE906D59619}) (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
LibreOffice 3.3 (HKLM\...\{CD068533-1A20-47F6-B1A2-196725B1320F}) (Version: 3.3.401 - LibreOffice)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2656353) (HKLM\...\M2656353) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2656370) (HKLM\...\M2656370) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM\...\{172423F9-522A-483A-AD65-03600CE4CA4F}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Revo Uninstaller 2.0.3 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.3 - VS Revo Group, Ltd.)
RogueKiller version 12.11.8.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.8.0 - Adlice Software)
SafeZone Stable 1.48.2066.120 (HKLM\...\SafeZone 1.48.2066.120) (Version: 1.48.2066.120 - Avast Software) Hidden
SAMSUNG Intelli-studio (HKLM\...\Intelli-studio) (Version: 3.1.32.1 - Samsung Electronics Co., Ltd.)
Segoe UI (HKLM\...\{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}) (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.0.13.2 - Synaptics)
Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM\...\InstallShield_{AD7914E1-6453-4440-AEC7-02C72AD6FE5F}) (Version: 1.20.0000 - Texas Instruments Inc.)
TIPCI (HKLM\...\{AD7914E1-6453-4440-AEC7-02C72AD6FE5F}) (Version: 1.20.0000 - Texas Instruments Inc.) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
O
oldognewtrick
Guest
A
==================== Scheduled Tasks=============================C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\SafeZone scheduled Autoupdate 1494868102.job => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7849 more sites.
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\123simsen.com -> www.123simsen.com
There are 7847 more sites.
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2004-08-04 04:00 - 2017-08-01 21:34 - 000000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1715567821-2147082821-1417001333-500\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 75.75.75.75 - 75.75.76.76
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe] => Enabled:Windows Live Sync
DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\wlcsdk.exe] => Enabled:Windows Live Call
DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\msnmsgr.exe] => Enabled:Windows Live Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe] => Enabled:Windows Live Sync
StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\wlcsdk.exe] => Enabled:Windows Live Call
StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\msnmsgr.exe] => Enabled:Windows Live Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet
isabledxpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNetisabledxpsp2res.dll,-22008
===
==================== Scheduled Tasks=============================C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\SafeZone scheduled Autoupdate 1494868102.job => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7849 more sites.
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\123simsen.com -> www.123simsen.com
There are 7847 more sites.
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2004-08-04 04:00 - 2017-08-01 21:34 - 000000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1715567821-2147082821-1417001333-500\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 75.75.75.75 - 75.75.76.76
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe] => Enabled:Windows Live Sync
DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\wlcsdk.exe] => Enabled:Windows Live Call
DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\msnmsgr.exe] => Enabled:Windows Live Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe] => Enabled:Windows Live Sync
StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\wlcsdk.exe] => Enabled:Windows Live Call
StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\msnmsgr.exe] => Enabled:Windows Live Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet
isabledxpsp2res.dll,-22007StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet
isabledxpsp2res.dll,-22008===
O
oldognewtrick
Guest
Additi
==================== Restore Points =========================
28-07-2017 09:38:44 Revo Uninstaller's restore point - CCleaner
28-07-2017 21:46:00 Software Distribution Service 3.0
30-07-2017 09:12:26 Software Distribution Service 3.0
31-07-2017 10:11:20 System Checkpoint
01-08-2017 06:04:45 Software Distribution Service 3.0
01-08-2017 08:52:19 JRT Pre-Junkware Removal
01-08-2017 08:56:46 Software Distribution Service 3.0
01-08-2017 22:16:04 Software Distribution Service 3.0
02-08-2017 08:41:11 Software Distribution Service 3.0
02-08-2017 12:15:50 Software Distribution Service 3.0
02-08-2017 15:26:24 Software Distribution Service 3.0
02-08-2017 20:40:05 Software Distribution Service 3.0
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (08/02/2017 08:40:40 PM) (Source: NativeWrapper) (EventID: 5000) (User: )
Description: Event-ID 5000
Error: (08/02/2017 08:40:40 PM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 - Update '{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log.
Error: (08/02/2017 08:40:39 PM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1. The Windows installer cannot continue.
Error: (08/02/2017 03:27:07 PM) (Source: NativeWrapper) (EventID: 5000) (User: )
Description: Event-ID 5000
Error: (08/02/2017 03:27:06 PM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 - Update '{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log.
Error: (08/02/2017 03:27:05 PM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1. The Windows installer cannot continue.
Error: (08/02/2017 12:16:35 PM) (Source: NativeWrapper) (EventID: 5000) (User: )
Description: Event-ID 5000
Error: (08/02/2017 12:16:34 PM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 - Update '{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log.
Error: (08/02/2017 12:16:32 PM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1. The Windows installer cannot continue.
Error: (08/02/2017 08:42:20 AM) (Source: NativeWrapper) (EventID: 5000) (User: )
Description: Event-ID 5000
System errors:
=============
Error: (08/14/2017 01:03:00 PM) (Source: Schannel) (EventID: 4116) (User: )
Description: The certificate received from the remote server does not contain the expected name.
It is therefore not possible to determine whether we are connecting to the
correct server. The server name we were expecting is au.avastbrowser.com. The SSL connection request has
failed. The attached data contains the server certificate.
Error: (08/02/2017 08:40:41 PM) (Source: Windows Update Agent) (EventID: 20) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2833941).
Error: (08/02/2017 03:27:08 PM) (Source: Windows Update Agent) (EventID: 20) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2833941).
Error: (08/02/2017 01:25:23 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 10.0.0.11 for the Network Card with network address 0014A52DCA3C has been
denied by the DHCP server 172.20.20.1 (The DHCP Server sent a DHCPNACK message).
Error: (08/02/2017 12:16:36 PM) (Source: Windows Update Agent) (EventID: 20) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2833941).
Error: (08/02/2017 08:49:50 AM) (Source: Windows Update Agent) (EventID: 20) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2833941).
Error: (08/01/2017 10:18:13 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 172.20.20.20 for the Network Card with network address 0014A52DCA3C has been
denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
Error: (08/01/2017 10:16:45 PM) (Source: Windows Update Agent) (EventID: 20) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2833941).
Error: (08/01/2017 10:10:11 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 10.0.0.11 for the Network Card with network address 0014A52DCA3C has been
denied by the DHCP server 172.20.20.1 (The DHCP Server sent a DHCPNACK message).
Error: (08/01/2017 10:08:44 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
==================== Memory info ===========================
Processor: AMD Turion(tm) 64 Mobile Technology ML-30
Percentage of memory in use: 52%
Total physical RAM: 894.48 MB
Available physical RAM: 428.27 MB
Total Virtual: 2165.88 MB
Available Virtual: 1698.4 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:74.52 GB) (Free:57.3 GB) NTFS ==>[drive with boot components (Windows XP)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: 95AA95AA)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
==================== Restore Points =========================
28-07-2017 09:38:44 Revo Uninstaller's restore point - CCleaner
28-07-2017 21:46:00 Software Distribution Service 3.0
30-07-2017 09:12:26 Software Distribution Service 3.0
31-07-2017 10:11:20 System Checkpoint
01-08-2017 06:04:45 Software Distribution Service 3.0
01-08-2017 08:52:19 JRT Pre-Junkware Removal
01-08-2017 08:56:46 Software Distribution Service 3.0
01-08-2017 22:16:04 Software Distribution Service 3.0
02-08-2017 08:41:11 Software Distribution Service 3.0
02-08-2017 12:15:50 Software Distribution Service 3.0
02-08-2017 15:26:24 Software Distribution Service 3.0
02-08-2017 20:40:05 Software Distribution Service 3.0
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (08/02/2017 08:40:40 PM) (Source: NativeWrapper) (EventID: 5000) (User: )
Description: Event-ID 5000
Error: (08/02/2017 08:40:40 PM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 - Update '{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log.
Error: (08/02/2017 08:40:39 PM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1. The Windows installer cannot continue.
Error: (08/02/2017 03:27:07 PM) (Source: NativeWrapper) (EventID: 5000) (User: )
Description: Event-ID 5000
Error: (08/02/2017 03:27:06 PM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 - Update '{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log.
Error: (08/02/2017 03:27:05 PM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1. The Windows installer cannot continue.
Error: (08/02/2017 12:16:35 PM) (Source: NativeWrapper) (EventID: 5000) (User: )
Description: Event-ID 5000
Error: (08/02/2017 12:16:34 PM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 - Update '{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log.
Error: (08/02/2017 12:16:32 PM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1. The Windows installer cannot continue.
Error: (08/02/2017 08:42:20 AM) (Source: NativeWrapper) (EventID: 5000) (User: )
Description: Event-ID 5000
System errors:
=============
Error: (08/14/2017 01:03:00 PM) (Source: Schannel) (EventID: 4116) (User: )
Description: The certificate received from the remote server does not contain the expected name.
It is therefore not possible to determine whether we are connecting to the
correct server. The server name we were expecting is au.avastbrowser.com. The SSL connection request has
failed. The attached data contains the server certificate.
Error: (08/02/2017 08:40:41 PM) (Source: Windows Update Agent) (EventID: 20) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2833941).
Error: (08/02/2017 03:27:08 PM) (Source: Windows Update Agent) (EventID: 20) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2833941).
Error: (08/02/2017 01:25:23 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 10.0.0.11 for the Network Card with network address 0014A52DCA3C has been
denied by the DHCP server 172.20.20.1 (The DHCP Server sent a DHCPNACK message).
Error: (08/02/2017 12:16:36 PM) (Source: Windows Update Agent) (EventID: 20) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2833941).
Error: (08/02/2017 08:49:50 AM) (Source: Windows Update Agent) (EventID: 20) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2833941).
Error: (08/01/2017 10:18:13 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 172.20.20.20 for the Network Card with network address 0014A52DCA3C has been
denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
Error: (08/01/2017 10:16:45 PM) (Source: Windows Update Agent) (EventID: 20) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2833941).
Error: (08/01/2017 10:10:11 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 10.0.0.11 for the Network Card with network address 0014A52DCA3C has been
denied by the DHCP server 172.20.20.1 (The DHCP Server sent a DHCPNACK message).
Error: (08/01/2017 10:08:44 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
==================== Memory info ===========================
Processor: AMD Turion(tm) 64 Mobile Technology ML-30
Percentage of memory in use: 52%
Total physical RAM: 894.48 MB
Available physical RAM: 428.27 MB
Total Virtual: 2165.88 MB
Available Virtual: 1698.4 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:74.52 GB) (Free:57.3 GB) NTFS ==>[drive with boot components (Windows XP)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: 95AA95AA)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
O
oldognewtrick
Guest
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-07-2017
Ran by Administrator (administrator) on OWNER-7F5980B60 (14-08-2017 13:05:32)
Running from C:\Documents and Settings\Administrator\desktop
Loaded Profiles: Administrator (Available Profiles: Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(ATI Technologies, Inc.) C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPStart] => C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2007-09-15] (Synaptics, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [ATIPTA] => C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [344064 2005-07-13] (ATI Technologies, Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKLM\...\Run: [DWQueuedReporting] => c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2005-07-14] (ATI Technologies Inc.)
HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{1847F907-36D7-46C7-8DF5-740892773AAE}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=hp-avast&type=agc511
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1715567821-2147082821-1417001333-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/
HKU\S-1-5-21-1715567821-2147082821-1417001333-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1715567821-2147082821-1417001333-500 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1715567821-2147082821-1417001333-500 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-07-28] (Oracle Corporation)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-07-28] (Oracle Corporation)
BHO: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> No File
Toolbar: HKU\S-1-5-21-1715567821-2147082821-1417001333-500 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-1715567821-2147082821-1417001333-500 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iqr3k201.default-1440529984671 [2017-07-28]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-08-17] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-13] ()
FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-07-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-07-28] (Oracle Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-02] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default [2017-08-02]
CHR Extension: (Google Slides) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-08-02]
CHR Extension: (Google Docs) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-08-02]
CHR Extension: (Google Drive) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-02]
CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-02]
CHR Extension: (Google Sheets) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-08-02]
CHR Extension: (Google Docs Offline) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-02]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-02]
CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-02]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-07-13] (Adobe Systems Incorporated) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3398608 2017-05-09] (Malwarebytes)
===================== Drivers (Whitelisted) ======================
(I
Ran by Administrator (administrator) on OWNER-7F5980B60 (14-08-2017 13:05:32)
Running from C:\Documents and Settings\Administrator\desktop
Loaded Profiles: Administrator (Available Profiles: Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(ATI Technologies, Inc.) C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPStart] => C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2007-09-15] (Synaptics, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [ATIPTA] => C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [344064 2005-07-13] (ATI Technologies, Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKLM\...\Run: [DWQueuedReporting] => c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2005-07-14] (ATI Technologies Inc.)
HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{1847F907-36D7-46C7-8DF5-740892773AAE}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=hp-avast&type=agc511
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1715567821-2147082821-1417001333-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/
HKU\S-1-5-21-1715567821-2147082821-1417001333-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1715567821-2147082821-1417001333-500 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1715567821-2147082821-1417001333-500 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-07-28] (Oracle Corporation)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-07-28] (Oracle Corporation)
BHO: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> No File
Toolbar: HKU\S-1-5-21-1715567821-2147082821-1417001333-500 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-1715567821-2147082821-1417001333-500 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iqr3k201.default-1440529984671 [2017-07-28]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-08-17] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-13] ()
FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-07-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-07-28] (Oracle Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-02] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default [2017-08-02]
CHR Extension: (Google Slides) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-08-02]
CHR Extension: (Google Docs) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-08-02]
CHR Extension: (Google Drive) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-02]
CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-02]
CHR Extension: (Google Sheets) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-08-02]
CHR Extension: (Google Docs Offline) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-02]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-02]
CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-02]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-07-13] (Adobe Systems Incorporated) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3398608 2017-05-09] (Malwarebytes)
===================== Drivers (Whitelisted) ======================
(I
O
oldognewtrick
Guest
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 AmdPPM; C:\WINDOWS\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices)
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdriverx.sys [266976 2017-07-13] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidshx.sys [157384 2017-07-13] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswblogx.sys [276704 2017-07-13] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbunivx.sys [50352 2017-07-13] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [42824 2017-07-13] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [70840 2017-07-13] (AVAST Software)
S3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [202688 2017-07-13] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [296800 2017-07-13] (AVAST Software)
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [1391104 2008-10-23] (Broadcom Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae.sys [59936 2017-06-27] ()
R2 fssfltr; C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys [54760 2010-04-28] (Microsoft Corporation)
R3 HSFHWATI; C:\WINDOWS\System32\DRIVERS\HSFHWATI.sys [231424 2005-08-22] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [1035008 2005-08-22] (Conexant Systems, Inc.)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [147232 2017-08-14] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [221600 2017-08-14] (Malwarebytes)
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2008-04-13] (Realtek Semiconductor Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-08-02 18:25 - 2017-08-02 18:25 - 000000000 ____D C:\Documents and Settings\Administrator\desktop\FRST-OlderVersion
2017-08-02 11:57 - 2017-08-02 11:57 - 000001819 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome.lnk
2017-08-02 11:57 - 2017-08-02 11:57 - 000001813 _____ C:\Documents and Settings\All Users\desktop\Google Chrome.lnk
2017-08-01 22:04 - 2017-08-01 22:08 - 000090386 _____ C:\WINDOWS\ntbtlog.txt
2017-08-01 21:46 - 2017-08-01 21:46 - 012019984 _____ (OPSWAT, Inc.) C:\Documents and Settings\Administrator\desktop\AppRemover.exe
2017-08-01 21:36 - 2017-08-14 13:06 - 000000000 ____D C:\Documents and Settings\Administrator\Local Settings\temp
2017-08-01 21:36 - 2017-08-01 21:36 - 000012830 _____ C:\ComboFix.txt
2017-08-01 21:36 - 2017-08-01 21:36 - 000000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2017-08-01 21:36 - 2017-08-01 21:36 - 000000000 ____D C:\Documents and Settings\LocalService\Local Settings\temp
2017-08-01 21:25 - 2017-08-01 21:25 - 005659660 ____R (Swearware) C:\Documents and Settings\Administrator\desktop\ComboFix.exe
2017-08-01 08:53 - 2017-08-01 08:53 - 000002296 _____ C:\Documents and Settings\Administrator\desktop\JRT.txt
2017-08-01 08:51 - 2017-08-01 08:51 - 001790024 _____ (Malwarebytes) C:\Documents and Settings\Administrator\desktop\JRT.exe
2017-08-01 08:37 - 2017-08-01 08:37 - 008185288 _____ (Malwarebytes) C:\Documents and Settings\Administrator\desktop\adwcleaner.exe
2017-08-01 06:49 - 2017-08-01 08:00 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\RogueKiller
2017-08-01 06:49 - 2017-08-01 07:27 - 000024688 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-08-01 06:49 - 2017-08-01 06:49 - 000000718 _____ C:\Documents and Settings\All Users\desktop\RogueKiller.lnk
2017-08-01 06:49 - 2017-08-01 06:49 - 000000000 ____D C:\Program Files\RogueKiller
2017-08-01 06:49 - 2017-08-01 06:49 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\RogueKiller
2017-08-01 06:46 - 2017-08-01 06:46 - 035709112 _____ (Adlice Software ) C:\Documents and Settings\Administrator\desktop\RogueKiller_setup_ref3.exe
2017-07-28 18:12 - 2017-07-28 18:12 - 000000000 ____D C:\Program Files\Common Files\Java
2017-07-28 14:35 - 2017-08-02 18:32 - 000024126 ____C C:\Documents and Settings\Administrator\desktop\Addition.txt
2017-07-28 14:34 - 2017-08-14 13:06 - 000011871 ____C C:\Documents and Settings\Administrator\desktop\FRST.txt
2017-07-28 14:33 - 2017-08-02 18:25 - 001777664 _____ (Farbar) C:\Documents and Settings\Administrator\desktop\FRST.exe
2017-07-28 14:28 - 2017-07-28 14:28 - 000032279 ____C C:\Documents and Settings\Administrator\My Documents\Shortcut.txt
2017-07-28 14:24 - 2017-07-28 14:28 - 000020377 ____C C:\Documents and Settings\Administrator\My Documents\Addition.txt
2017-07-28 14:23 - 2017-08-14 13:05 - 000000000 ____D C:\FRST
2017-07-28 14:23 - 2017-07-28 14:28 - 000020871 ____C C:\Documents and Settings\Administrator\My Documents\FRST.txt
2017-07-28 14:22 - 2017-07-28 14:22 - 001778176 ____C (Farbar) C:\Documents and Settings\Administrator\My Documents\FRST.exe
2017-07-28 10:19 - 2017-07-28 10:19 - 000006303 ____C C:\WINDOWS\resetlog.txt
2017-07-28 09:16 - 2017-07-28 09:16 - 000170688 ____C C:\WINDOWS\system32\FNTCACHE.DAT
2017-07-26 02:59 - 2017-07-28 21:40 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2017-07-26 02:56 - 2017-07-28 21:40 - 000000000 ____D C:\Documents and Settings\Administrator\desktop\mbar
2017-07-26 02:09 - 2017-08-14 13:02 - 000147232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-07-26 02:08 - 2017-08-14 13:03 - 000040352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-07-26 02:08 - 2017-08-14 13:02 - 000221600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-07-26 02:07 - 2017-07-26 02:07 - 000001715 ____C C:\Documents and Settings\All Users\desktop\Malwarebytes.lnk
2017-07-26 02:07 - 2017-07-26 02:07 - 000000000 ____D C:\Program Files\Malwarebytes
2017-07-26 02:07 - 2017-07-26 02:07 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes
2017-07-26 02:07 - 2017-06-27 12:06 - 000059936 _____ C:\WINDOWS\system32\Drivers\mbae.sys
==================== One Month Modified files and folders ========
(
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 AmdPPM; C:\WINDOWS\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices)
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdriverx.sys [266976 2017-07-13] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidshx.sys [157384 2017-07-13] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswblogx.sys [276704 2017-07-13] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbunivx.sys [50352 2017-07-13] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [42824 2017-07-13] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [70840 2017-07-13] (AVAST Software)
S3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [202688 2017-07-13] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [296800 2017-07-13] (AVAST Software)
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [1391104 2008-10-23] (Broadcom Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae.sys [59936 2017-06-27] ()
R2 fssfltr; C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys [54760 2010-04-28] (Microsoft Corporation)
R3 HSFHWATI; C:\WINDOWS\System32\DRIVERS\HSFHWATI.sys [231424 2005-08-22] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [1035008 2005-08-22] (Conexant Systems, Inc.)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [147232 2017-08-14] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [221600 2017-08-14] (Malwarebytes)
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2008-04-13] (Realtek Semiconductor Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-08-02 18:25 - 2017-08-02 18:25 - 000000000 ____D C:\Documents and Settings\Administrator\desktop\FRST-OlderVersion
2017-08-02 11:57 - 2017-08-02 11:57 - 000001819 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome.lnk
2017-08-02 11:57 - 2017-08-02 11:57 - 000001813 _____ C:\Documents and Settings\All Users\desktop\Google Chrome.lnk
2017-08-01 22:04 - 2017-08-01 22:08 - 000090386 _____ C:\WINDOWS\ntbtlog.txt
2017-08-01 21:46 - 2017-08-01 21:46 - 012019984 _____ (OPSWAT, Inc.) C:\Documents and Settings\Administrator\desktop\AppRemover.exe
2017-08-01 21:36 - 2017-08-14 13:06 - 000000000 ____D C:\Documents and Settings\Administrator\Local Settings\temp
2017-08-01 21:36 - 2017-08-01 21:36 - 000012830 _____ C:\ComboFix.txt
2017-08-01 21:36 - 2017-08-01 21:36 - 000000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2017-08-01 21:36 - 2017-08-01 21:36 - 000000000 ____D C:\Documents and Settings\LocalService\Local Settings\temp
2017-08-01 21:25 - 2017-08-01 21:25 - 005659660 ____R (Swearware) C:\Documents and Settings\Administrator\desktop\ComboFix.exe
2017-08-01 08:53 - 2017-08-01 08:53 - 000002296 _____ C:\Documents and Settings\Administrator\desktop\JRT.txt
2017-08-01 08:51 - 2017-08-01 08:51 - 001790024 _____ (Malwarebytes) C:\Documents and Settings\Administrator\desktop\JRT.exe
2017-08-01 08:37 - 2017-08-01 08:37 - 008185288 _____ (Malwarebytes) C:\Documents and Settings\Administrator\desktop\adwcleaner.exe
2017-08-01 06:49 - 2017-08-01 08:00 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\RogueKiller
2017-08-01 06:49 - 2017-08-01 07:27 - 000024688 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-08-01 06:49 - 2017-08-01 06:49 - 000000718 _____ C:\Documents and Settings\All Users\desktop\RogueKiller.lnk
2017-08-01 06:49 - 2017-08-01 06:49 - 000000000 ____D C:\Program Files\RogueKiller
2017-08-01 06:49 - 2017-08-01 06:49 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\RogueKiller
2017-08-01 06:46 - 2017-08-01 06:46 - 035709112 _____ (Adlice Software ) C:\Documents and Settings\Administrator\desktop\RogueKiller_setup_ref3.exe
2017-07-28 18:12 - 2017-07-28 18:12 - 000000000 ____D C:\Program Files\Common Files\Java
2017-07-28 14:35 - 2017-08-02 18:32 - 000024126 ____C C:\Documents and Settings\Administrator\desktop\Addition.txt
2017-07-28 14:34 - 2017-08-14 13:06 - 000011871 ____C C:\Documents and Settings\Administrator\desktop\FRST.txt
2017-07-28 14:33 - 2017-08-02 18:25 - 001777664 _____ (Farbar) C:\Documents and Settings\Administrator\desktop\FRST.exe
2017-07-28 14:28 - 2017-07-28 14:28 - 000032279 ____C C:\Documents and Settings\Administrator\My Documents\Shortcut.txt
2017-07-28 14:24 - 2017-07-28 14:28 - 000020377 ____C C:\Documents and Settings\Administrator\My Documents\Addition.txt
2017-07-28 14:23 - 2017-08-14 13:05 - 000000000 ____D C:\FRST
2017-07-28 14:23 - 2017-07-28 14:28 - 000020871 ____C C:\Documents and Settings\Administrator\My Documents\FRST.txt
2017-07-28 14:22 - 2017-07-28 14:22 - 001778176 ____C (Farbar) C:\Documents and Settings\Administrator\My Documents\FRST.exe
2017-07-28 10:19 - 2017-07-28 10:19 - 000006303 ____C C:\WINDOWS\resetlog.txt
2017-07-28 09:16 - 2017-07-28 09:16 - 000170688 ____C C:\WINDOWS\system32\FNTCACHE.DAT
2017-07-26 02:59 - 2017-07-28 21:40 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2017-07-26 02:56 - 2017-07-28 21:40 - 000000000 ____D C:\Documents and Settings\Administrator\desktop\mbar
2017-07-26 02:09 - 2017-08-14 13:02 - 000147232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-07-26 02:08 - 2017-08-14 13:03 - 000040352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-07-26 02:08 - 2017-08-14 13:02 - 000221600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-07-26 02:07 - 2017-07-26 02:07 - 000001715 ____C C:\Documents and Settings\All Users\desktop\Malwarebytes.lnk
2017-07-26 02:07 - 2017-07-26 02:07 - 000000000 ____D C:\Program Files\Malwarebytes
2017-07-26 02:07 - 2017-07-26 02:07 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes
2017-07-26 02:07 - 2017-06-27 12:06 - 000059936 _____ C:\WINDOWS\system32\Drivers\mbae.sys
==================== One Month Modified files and folders ========
(
O
oldognewtrick
Guest
Scan result of Farbar Rec
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-08-14 13:03 - 2017-05-15 12:08 - 000000480 ____C C:\WINDOWS\Tasks\SafeZone scheduled Autoupdate 1494868102.job
2017-08-14 13:03 - 2004-08-04 04:00 - 000013646 ____C C:\WINDOWS\system32\wpa.dbl
2017-08-14 13:02 - 2015-08-25 14:58 - 000000882 ____C C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-08-14 13:02 - 2011-08-16 17:51 - 000000006 ___HC C:\WINDOWS\Tasks\SA.DAT
2017-08-02 20:40 - 2016-09-21 08:39 - 000095296 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2017-08-02 20:40 - 2013-08-13 06:24 - 000032522 _____ C:\WINDOWS\Tasks\SCHEDLGU.TXT
2017-08-02 20:39 - 2011-08-16 17:51 - 000000178 __SHC C:\Documents and Settings\Administrator\ntuser.ini
2017-08-02 20:38 - 2012-05-11 05:52 - 000000830 ____C C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-08-02 20:24 - 2015-08-25 14:58 - 000000886 ____C C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-08-02 11:57 - 2013-12-06 11:03 - 000000000 ____D C:\Program Files\Google
2017-08-02 11:57 - 2011-08-17 16:50 - 000000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2017-08-01 22:00 - 2011-08-16 17:45 - 000000000 __SHD C:\Documents and Settings\NetworkService
2017-08-01 21:36 - 2012-08-09 12:03 - 000000000 ____D C:\Qoobox
2017-08-01 21:34 - 2004-08-04 04:00 - 000000245 _____ C:\WINDOWS\system.ini
2017-08-01 21:33 - 2011-08-17 16:56 - 000000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Temp
2017-08-01 07:58 - 2011-12-03 20:04 - 000000000 ____D C:\Program Files\Yahoo!
2017-07-28 18:12 - 2014-10-28 12:18 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java
2017-07-28 18:12 - 2011-08-17 16:52 - 000000000 ____D C:\Program Files\Java
2017-07-28 18:11 - 2015-03-05 16:51 - 000095808 ____C (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2017-07-28 18:11 - 2011-08-17 16:52 - 000160256 ____C (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2017-07-26 12:28 - 2014-05-28 09:34 - 000065536 _____ C:\WINDOWS\system32\config\TuneUp.evt
2017-07-26 12:28 - 2011-08-17 15:41 - 000065536 _____ C:\WINDOWS\system32\config\WindowsPowerShell.evt
2017-07-26 12:28 - 2011-08-17 15:41 - 000065536 _____ C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2017-07-26 12:28 - 2011-08-16 18:14 - 000065536 _____ C:\WINDOWS\system32\config\Internet.evt
2017-07-26 11:10 - 2011-08-16 17:51 - 000000000 ____D C:\Documents and Settings\Administrator
2017-07-26 10:27 - 2016-09-11 14:46 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2017-07-26 10:24 - 2017-05-15 11:56 - 000000000 ____D C:\Program Files\AVAST Software
2017-07-26 10:24 - 2011-08-16 17:41 - 000002577 ____C C:\WINDOWS\system32\CONFIG.NT
2017-07-26 03:49 - 2011-08-16 17:40 - 000023392 ____C C:\WINDOWS\system32\nscompat.tlb
2017-07-26 03:49 - 2011-08-16 17:40 - 000016832 ____C C:\WINDOWS\system32\amcompat.tlb
2017-07-26 03:35 - 2011-08-16 17:51 - 000000803 ____C C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
2017-07-26 02:07 - 2011-09-15 16:22 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2017-07-26 01:57 - 2011-08-16 12:23 - 000000000 ____D C:\Documents and Settings
==================== Files in the root of some directories =======
2017-05-15 07:09 - 2017-05-15 07:09 - 000013163 ____C () C:\Documents and Settings\All Users\Application Data\agent.1494850163.bdinstall.bin
Some files in TEMP:
====================
2017-08-02 20:17 - 2010-12-09 10:15 - 000718336 _____ (Microsoft Corporation) C:\Documents and Settings\Administrator\Local Settings\temp\dllnt_dump.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of FRST.txt ============================
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-08-14 13:03 - 2017-05-15 12:08 - 000000480 ____C C:\WINDOWS\Tasks\SafeZone scheduled Autoupdate 1494868102.job
2017-08-14 13:03 - 2004-08-04 04:00 - 000013646 ____C C:\WINDOWS\system32\wpa.dbl
2017-08-14 13:02 - 2015-08-25 14:58 - 000000882 ____C C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-08-14 13:02 - 2011-08-16 17:51 - 000000006 ___HC C:\WINDOWS\Tasks\SA.DAT
2017-08-02 20:40 - 2016-09-21 08:39 - 000095296 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2017-08-02 20:40 - 2013-08-13 06:24 - 000032522 _____ C:\WINDOWS\Tasks\SCHEDLGU.TXT
2017-08-02 20:39 - 2011-08-16 17:51 - 000000178 __SHC C:\Documents and Settings\Administrator\ntuser.ini
2017-08-02 20:38 - 2012-05-11 05:52 - 000000830 ____C C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-08-02 20:24 - 2015-08-25 14:58 - 000000886 ____C C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-08-02 11:57 - 2013-12-06 11:03 - 000000000 ____D C:\Program Files\Google
2017-08-02 11:57 - 2011-08-17 16:50 - 000000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2017-08-01 22:00 - 2011-08-16 17:45 - 000000000 __SHD C:\Documents and Settings\NetworkService
2017-08-01 21:36 - 2012-08-09 12:03 - 000000000 ____D C:\Qoobox
2017-08-01 21:34 - 2004-08-04 04:00 - 000000245 _____ C:\WINDOWS\system.ini
2017-08-01 21:33 - 2011-08-17 16:56 - 000000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Temp
2017-08-01 07:58 - 2011-12-03 20:04 - 000000000 ____D C:\Program Files\Yahoo!
2017-07-28 18:12 - 2014-10-28 12:18 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java
2017-07-28 18:12 - 2011-08-17 16:52 - 000000000 ____D C:\Program Files\Java
2017-07-28 18:11 - 2015-03-05 16:51 - 000095808 ____C (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2017-07-28 18:11 - 2011-08-17 16:52 - 000160256 ____C (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2017-07-26 12:28 - 2014-05-28 09:34 - 000065536 _____ C:\WINDOWS\system32\config\TuneUp.evt
2017-07-26 12:28 - 2011-08-17 15:41 - 000065536 _____ C:\WINDOWS\system32\config\WindowsPowerShell.evt
2017-07-26 12:28 - 2011-08-17 15:41 - 000065536 _____ C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2017-07-26 12:28 - 2011-08-16 18:14 - 000065536 _____ C:\WINDOWS\system32\config\Internet.evt
2017-07-26 11:10 - 2011-08-16 17:51 - 000000000 ____D C:\Documents and Settings\Administrator
2017-07-26 10:27 - 2016-09-11 14:46 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2017-07-26 10:24 - 2017-05-15 11:56 - 000000000 ____D C:\Program Files\AVAST Software
2017-07-26 10:24 - 2011-08-16 17:41 - 000002577 ____C C:\WINDOWS\system32\CONFIG.NT
2017-07-26 03:49 - 2011-08-16 17:40 - 000023392 ____C C:\WINDOWS\system32\nscompat.tlb
2017-07-26 03:49 - 2011-08-16 17:40 - 000016832 ____C C:\WINDOWS\system32\amcompat.tlb
2017-07-26 03:35 - 2011-08-16 17:51 - 000000803 ____C C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
2017-07-26 02:07 - 2011-09-15 16:22 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2017-07-26 01:57 - 2011-08-16 12:23 - 000000000 ____D C:\Documents and Settings
==================== Files in the root of some directories =======
2017-05-15 07:09 - 2017-05-15 07:09 - 000013163 ____C () C:\Documents and Settings\All Users\Application Data\agent.1494850163.bdinstall.bin
Some files in TEMP:
====================
2017-08-02 20:17 - 2010-12-09 10:15 - 000718336 _____ (Microsoft Corporation) C:\Documents and Settings\Administrator\Local Settings\temp\dllnt_dump.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of FRST.txt ============================
O
oldognewtrick
Guest
It's all Nick, I'm lost in space...
