Jump to content
Broken Club

[RESOLVED] Friends Laptop XP

Recommended Posts

older Compaq Presario V2000 laptop that I keep in the garage. It has become difficult to start up and get on line. I use it mostly to source repair problems on cars or projects. Is there anything I can do ? I got him online with Winsock.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-07-2017
Ran by Administrator (administrator) on OWNER-7F5980B60 (28-07-2017 18:27:29)
Running from C:\Documents and Settings\Administrator\desktop
Loaded Profiles: Administrator (Available Profiles: Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.5\GoogleCrashHandler.ex e
(ATI Technologies, Inc.) C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\Presen tationFontCache.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPStart] => C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2007-09-15] (Synaptics, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [ATIPTA] => C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [344064 2005-07-13] (ATI Technologies, Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2005-07-14] (ATI Technologies Inc.)
HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-1715567821-2147082821-1417001333-500] => :0
AutoConfigURL: [S-1-5-21-1715567821-2147082821-1417001333-500] => :0
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{1847F907-36D7-46C7-8DF5-740892773AAE}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=hp-avast&type=agc511
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1715567821-2147082821-1417001333-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/
HKU\S-1-5-21-1715567821-2147082821-1417001333-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-1715567821-2147082821-1417001333-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {EBBF6A78-7880-4B4A-ABBB-2D9D4EC8B84E} URL =
SearchScopes: HKU\.DEFAULT -> {EBBF6A78-7880-4B4A-ABBB-2D9D4EC8B84E} URL =
SearchScopes: HKU\S-1-5-21-1715567821-2147082821-1417001333-500 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1715567821-2147082821-1417001333-500 -> {8F607A00-2F74-4E52-8295-49CDEB050B91} URL = hxxp://search.easyspeedtest.co/s?source=d-googledisplay-bb8&uid=728c2e8f-8ba1-453f-b175-fd2721b99d19&uc=20170726&ap=appfocus1&i_id=speedte st__1.30&query={searchTerms}
SearchScopes: HKU\S-1-5-21-1715567821-2147082821-1417001333-500 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={D28561DF-5157-4C6F-8BA3-D520E9709513}&mid=4a7850dafaec47d28578d15de3c923cf-020b6a8920d8efb8e8d0cf12a809635b34b0ff96&lang=en&d s=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-11-18 10:00:43&v=4.0.0.19&pid=wtu&sg=&sap=dsp&q={searchT erms}
SearchScopes: HKU\S-1-5-21-1715567821-2147082821-1417001333-500 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-07-28] (Oracle Corporation)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-07-28] (Oracle Corporation)
BHO: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> No File
Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-1715567821-2147082821-1417001333-500 -> &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-1715567821-2147082821-1417001333-500 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-1715567821-2147082821-1417001333-500 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iqr3k201.default-1440529984671 [2017-07-28]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-08-17] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_26_0_0_ 137.dll [2017-07-13] ()
FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1 .dll [2017-07-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-07-28] (Oracle Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-02] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpda teService.exe [272384 2017-07-13] (Adobe Systems Incorporated) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3398608 2017-05-09] (Malwarebytes)

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AmdPPM; C:\WINDOWS\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices)
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdriverx.sys [266976 2017-07-13] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidshx.sys [157384 2017-07-13] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswblogx.sys [276704 2017-07-13] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbunivx.sys [50352 2017-07-13] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [42824 2017-07-13] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [70840 2017-07-13] (AVAST Software)
S3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [202688 2017-07-13] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [296800 2017-07-13] (AVAST Software)
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [1391104 2008-10-23] (Broadcom Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae.sys [59936 2017-06-27] ()
R2 fssfltr; C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys [54760 2010-04-28] (Microsoft Corporation)
R3 HSFHWATI; C:\WINDOWS\System32\DRIVERS\HSFHWATI.sys [231424 2005-08-22] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [1035008 2005-08-22] (Conexant Systems, Inc.)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [147232 2017-07-26] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [40352 2017-07-28] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [221600 2017-07-28] (Malwarebytes)
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2008-04-13] (Realtek Semiconductor Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-28 18:12 - 2017-07-28 18:12 - 00000000 ____D C:\Program Files\Common Files\Java
2017-07-28 18:10 - 2017-07-28 18:10 - 00000000 ____D C:\Documents and Settings\Administrator\desktop\FRST-OlderVersion
2017-07-28 14:35 - 2017-07-28 18:17 - 00020371 _____ C:\Documents and Settings\Administrator\desktop\Addition.txt
2017-07-28 14:34 - 2017-07-28 18:27 - 00011497 _____ C:\Documents and Settings\Administrator\desktop\FRST.txt
2017-07-28 14:33 - 2017-07-28 18:10 - 01778176 _____ (Farbar) C:\Documents and Settings\Administrator\desktop\FRST.exe
2017-07-28 14:28 - 2017-07-28 14:28 - 00032279 _____ C:\Documents and Settings\Administrator\My Documents\Shortcut.txt
2017-07-28 14:24 - 2017-07-28 14:28 - 00020377 _____ C:\Documents and Settings\Administrator\My Documents\Addition.txt
2017-07-28 14:23 - 2017-07-28 18:27 - 00000000 ____D C:\FRST
2017-07-28 14:23 - 2017-07-28 14:28 - 00020871 _____ C:\Documents and Settings\Administrator\My Documents\FRST.txt
2017-07-28 14:22 - 2017-07-28 14:22 - 01778176 _____ (Farbar) C:\Documents and Settings\Administrator\My Documents\FRST.exe
2017-07-28 10:19 - 2017-07-28 10:19 - 00006303 _____ C:\WINDOWS\resetlog.txt
2017-07-28 09:16 - 2017-07-28 09:16 - 00170688 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-07-26 02:59 - 2017-07-26 10:54 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2017-07-26 02:56 - 2017-07-26 10:54 - 00000000 ____D C:\Documents and Settings\Administrator\desktop\mbar
2017-07-26 02:09 - 2017-07-26 02:09 - 00147232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-07-26 02:08 - 2017-07-28 18:03 - 00221600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-07-26 02:08 - 2017-07-28 18:03 - 00040352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-07-26 02:07 - 2017-07-26 02:07 - 00001715 ____C C:\Documents and Settings\All Users\desktop\Malwarebytes.lnk
2017-07-26 02:07 - 2017-07-26 02:07 - 00000000 ____D C:\Program Files\Malwarebytes
2017-07-26 02:07 - 2017-07-26 02:07 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes
2017-07-26 02:07 - 2017-06-27 12:06 - 00059936 _____ C:\WINDOWS\system32\Drivers\mbae.sys
2017-07-13 08:41 - 2017-07-13 08:41 - 00000000 ____D C:\2acf4b2db1bb22675c54b9
2017-07-13 08:35 - 2017-07-13 08:35 - 00055004 ____C C:\Documents and Settings\Administrator\My Documents\lisoskie, adrienne repair.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-28 18:27 - 2012-08-10 09:20 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\temp
2017-07-28 18:24 - 2015-08-25 14:58 - 00000886 ____C C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-07-28 18:12 - 2014-10-28 12:18 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java
2017-07-28 18:12 - 2011-08-17 16:52 - 00000000 ____D C:\Program Files\Java
2017-07-28 18:11 - 2015-03-05 16:51 - 00095808 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2017-07-28 18:11 - 2011-08-17 16:52 - 00160256 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2017-07-28 18:03 - 2017-05-15 12:08 - 00000480 ____C C:\WINDOWS\Tasks\SafeZone scheduled Autoupdate 1494868102.job
2017-07-28 18:02 - 2015-08-25 14:58 - 00000882 ____C C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-07-28 18:02 - 2011-08-16 17:51 - 00000006 ___HC C:\WINDOWS\Tasks\SA.DAT
2017-07-28 18:02 - 2004-08-04 04:00 - 00013646 ____C C:\WINDOWS\system32\wpa.dbl
2017-07-28 18:01 - 2016-09-21 08:39 - 00095296 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2017-07-28 18:01 - 2013-08-13 06:24 - 00032468 _____ C:\WINDOWS\Tasks\SCHEDLGU.TXT
2017-07-28 18:01 - 2011-08-16 17:51 - 00000178 __SHC C:\Documents and Settings\Administrator\ntuser.ini
2017-07-28 14:38 - 2012-05-11 05:52 - 00000830 ____C C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-07-26 12:28 - 2014-05-28 09:34 - 00065536 _____ C:\WINDOWS\system32\config\TuneUp.evt
2017-07-26 12:28 - 2011-08-17 15:41 - 00065536 _____ C:\WINDOWS\system32\config\WindowsPowerShell.evt
2017-07-26 12:28 - 2011-08-17 15:41 - 00065536 _____ C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2017-07-26 12:28 - 2011-08-16 18:14 - 00065536 _____ C:\WINDOWS\system32\config\Internet.evt
2017-07-26 11:10 - 2011-08-16 17:51 - 00000000 ____D C:\Documents and Settings\Administrator
2017-07-26 10:27 - 2016-09-11 14:46 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2017-07-26 10:24 - 2017-05-15 11:56 - 00000000 ____D C:\Program Files\AVAST Software
2017-07-26 10:24 - 2011-08-16 17:41 - 00002577 ____C C:\WINDOWS\system32\CONFIG.NT
2017-07-26 03:49 - 2011-08-16 17:40 - 00023392 ____C C:\WINDOWS\system32\nscompat.tlb
2017-07-26 03:49 - 2011-08-16 17:40 - 00016832 ____C C:\WINDOWS\system32\amcompat.tlb
2017-07-26 03:35 - 2013-12-06 11:03 - 00000000 ____D C:\Program Files\Google
2017-07-26 03:35 - 2011-08-17 16:50 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2017-07-26 03:35 - 2011-08-16 17:51 - 00000803 ____C C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
2017-07-26 03:26 - 2012-08-10 09:20 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2017-07-26 03:26 - 2011-08-16 17:51 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Temp
2017-07-26 02:34 - 2014-07-22 13:53 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\ParetoLogic
2017-07-26 02:34 - 2014-07-22 13:52 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ParetoLogic
2017-07-26 02:07 - 2011-09-15 16:22 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2017-07-26 01:57 - 2011-08-16 12:23 - 00000000 ____D C:\Documents and Settings
2017-07-13 10:38 - 2011-08-16 12:12 - 00000000 ___HD C:\WINDOWS\inf
2017-07-13 09:47 - 2012-05-11 05:51 - 00803328 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2017-07-13 09:47 - 2011-08-17 16:51 - 00144896 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2017-07-13 09:41 - 2011-08-16 17:38 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-07-13 09:11 - 2004-08-04 04:00 - 00448501 ___RC C:\WINDOWS\system32\Drivers\etc\hosts.bak
2017-07-13 08:19 - 2017-05-15 11:59 - 00296800 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-07-13 08:19 - 2017-05-15 11:59 - 00202688 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys
2017-07-13 08:19 - 2017-05-15 11:59 - 00070840 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-07-13 08:19 - 2017-05-15 11:59 - 00042824 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-07-13 08:11 - 2017-05-15 11:59 - 00276704 ____C (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswblogx.sys
2017-07-13 08:11 - 2017-05-15 11:59 - 00266976 ____C (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdriverx.sys
2017-07-13 08:11 - 2017-05-15 11:59 - 00157384 ____C (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidshx.sys
2017-07-13 08:11 - 2017-05-15 11:59 - 00050352 ____C (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbunivx.sys

====================
(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-28 18:27 - 2012-08-10 09:20 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\temp
2017-07-28 18:24 - 2015-08-25 14:58 - 00000886 ____C C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-07-28 18:12 - 2014-10-28 12:18 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java
2017-07-28 18:12 - 2011-08-17 16:52 - 00000000 ____D C:\Program Files\Java
2017-07-28 18:11 - 2015-03-05 16:51 - 00095808 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2017-07-28 18:11 - 2011-08-17 16:52 - 00160256 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2017-07-28 18:03 - 2017-05-15 12:08 - 00000480 ____C C:\WINDOWS\Tasks\SafeZone scheduled Autoupdate 1494868102.job
2017-07-28 18:02 - 2015-08-25 14:58 - 00000882 ____C C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-07-28 18:02 - 2011-08-16 17:51 - 00000006 ___HC C:\WINDOWS\Tasks\SA.DAT
2017-07-28 18:02 - 2004-08-04 04:00 - 00013646 ____C C:\WINDOWS\system32\wpa.dbl
2017-07-28 18:01 - 2016-09-21 08:39 - 00095296 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2017-07-28 18:01 - 2013-08-13 06:24 - 00032468 _____ C:\WINDOWS\Tasks\SCHEDLGU.TXT
2017-07-28 18:01 - 2011-08-16 17:51 - 00000178 __SHC C:\Documents and Settings\Administrator\ntuser.ini
2017-07-28 14:38 - 2012-05-11 05:52 - 00000830 ____C C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-07-26 12:28 - 2014-05-28 09:34 - 00065536 _____ C:\WINDOWS\system32\config\TuneUp.evt
2017-07-26 12:28 - 2011-08-17 15:41 - 00065536 _____ C:\WINDOWS\system32\config\WindowsPowerShell.evt
2017-07-26 12:28 - 2011-08-17 15:41 - 00065536 _____ C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2017-07-26 12:28 - 2011-08-16 18:14 - 00065536 _____ C:\WINDOWS\system32\config\Internet.evt
2017-07-26 11:10 - 2011-08-16 17:51 - 00000000 ____D C:\Documents and Settings\Administrator
2017-07-26 10:27 - 2016-09-11 14:46 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2017-07-26 10:24 - 2017-05-15 11:56 - 00000000 ____D C:\Program Files\AVAST Software
2017-07-26 10:24 - 2011-08-16 17:41 - 00002577 ____C C:\WINDOWS\system32\CONFIG.NT
2017-07-26 03:49 - 2011-08-16 17:40 - 00023392 ____C C:\WINDOWS\system32\nscompat.tlb
2017-07-26 03:49 - 2011-08-16 17:40 - 00016832 ____C C:\WINDOWS\system32\amcompat.tlb
2017-07-26 03:35 - 2013-12-06 11:03 - 00000000 ____D C:\Program Files\Google
2017-07-26 03:35 - 2011-08-17 16:50 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2017-07-26 03:35 - 2011-08-16 17:51 - 00000803 ____C C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
2017-07-26 03:26 - 2012-08-10 09:20 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2017-07-26 03:26 - 2011-08-16 17:51 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Temp
2017-07-26 02:34 - 2014-07-22 13:53 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\ParetoLogic
2017-07-26 02:34 - 2014-07-22 13:52 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ParetoLogic
2017-07-26 02:07 - 2011-09-15 16:22 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2017-07-26 01:57 - 2011-08-16 12:23 - 00000000 ____D C:\Documents and Settings
2017-07-13 10:38 - 2011-08-16 12:12 - 00000000 ___HD C:\WINDOWS\inf
2017-07-13 09:47 - 2012-05-11 05:51 - 00803328 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2017-07-13 09:47 - 2011-08-17 16:51 - 00144896 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2017-07-13 09:41 - 2011-08-16 17:38 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-07-13 09:11 - 2004-08-04 04:00 - 00448501 ___RC C:\WINDOWS\system32\Drivers\etc\hosts.bak
2017-07-13 08:19 - 2017-05-15 11:59 - 00296800 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-07-13 08:19 - 2017-05-15 11:59 - 00202688 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys
2017-07-13 08:19 - 2017-05-15 11:59 - 00070840 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-07-13 08:19 - 2017-05-15 11:59 - 00042824 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-07-13 08:11 - 2017-05-15 11:59 - 00276704 ____C (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswblogx.sys
2017-07-13 08:11 - 2017-05-15 11:59 - 00266976 ____C (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdriverx.sys
2017-07-13 08:11 - 2017-05-15 11:59 - 00157384 ____C (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidshx.sys
2017-07-13 08:11 - 2017-05-15 11:59 - 00050352 ____C (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbunivx.sys

==================== Files in the root of some directories =======

2016-08-09 16:10 - 2016-08-09 16:10 - 0204388 ____C () C:\Documents and Settings\All Users\Application Data\1470776853.bdinstall.bin
2016-09-10 09:01 - 2016-09-10 09:01 - 0012731 ____C () C:\Documents and Settings\All Users\Application Data\1473516096.bdinstall.bin
2016-09-10 09:07 - 2016-09-10 09:07 - 0012735 ____C () C:\Documents and Settings\All Users\Application Data\1473516465.bdinstall.bin
2016-09-11 14:12 - 2016-09-11 14:12 - 0012782 ____C () C:\Documents and Settings\All Users\Application Data\1473621057.bdinstall.bin
2016-09-11 14:12 - 2016-09-11 14:12 - 0008608 ____C () C:\Documents and Settings\All Users\Application Data\1473621134.bdinstall.bin
2016-09-11 14:15 - 2016-09-11 14:15 - 0012783 ____C () C:\Documents and Settings\All Users\Application Data\1473621351.bdinstall.bin
2016-09-11 14:20 - 2016-09-11 14:20 - 0012782 ____C () C:\Documents and Settings\All Users\Application Data\1473621611.bdinstall.bin
2016-09-11 14:24 - 2016-09-11 14:24 - 0036955 ____C () C:\Documents and Settings\All Users\Application Data\1473621843.bdinstall.bin
2016-09-11 14:25 - 2016-09-11 14:25 - 0179331 ____C () C:\Documents and Settings\All Users\Application Data\1473621850.bdinstall.bin
2016-09-11 14:34 - 2016-09-11 14:34 - 0036096 ____C () C:\Documents and Settings\All Users\Application Data\1473622480.bdinstall.bin
2016-09-11 14:35 - 2016-09-11 14:35 - 0058578 ____C () C:\Documents and Settings\All Users\Application Data\1473622488.bdinstall.bin
2016-09-11 14:39 - 2016-09-11 14:39 - 0092522 ____C () C:\Documents and Settings\All Users\Application Data\1473622699.bdinstall.bin
2017-05-15 07:09 - 2017-05-15 07:09 - 0013163 ____C () C:\Documents and Settings\All Users\Application Data\agent.1494850163.bdinstall.bin

Some files in TEMP:
====================
2017-07-28 18:08 - 2017-07-28 18:08 - 0740416 _____ (Oracle Corporation) C:\Documents and Settings\Administrator\Local Settings\temp\jre-8u144-windows-au.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

Thanks

Share this post


Link to post
Share on other sites
Broni   

Please, observe following rules:

  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

==========================================

I still need second log from FRST.

Share this post


Link to post
Share on other sites

Posted earlier . didn't take .

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-07-2017
Ran by Administrator (28-07-2017 18:28:09)
Running from C:\Documents and Settings\Administrator\desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2011-08-16 22:44:22)
Boot Mode: Normal
================================================== ========


==================== Accounts: =============================

Administrator (S-1-5-21-1715567821-2147082821-1417001333-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-1715567821-2147082821-1417001333-1003 - Limited - Enabled)
Guest (S-1-5-21-1715567821-2147082821-1417001333-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1715567821-2147082821-1417001333-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1715567821-2147082821-1417001333-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus Free Edition (Disabled - Up to date) {9488E0FA-F058-4673-850E-E755F112BABC}
AV: Malwarebytes (Enabled - Up to date) {D4AC7077-9720-47B0-8B38-DFAF3AA21DB6}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 26 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
ATI - Software Uninstall Utility (HKLM\...\All ATI Software) (Version: 6.14.10.1012 - )
ATI Control Panel (HKLM\...\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}) (Version: 6.14.10.5160 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.16-050713a1-025450C - )
Canon MG3100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3100_series) (Version: - )
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant AC-Link Audio (HKLM\...\CNXT_AUDIO) (Version: - )
Data Fax SoftModem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_ 3091103C) (Version: - )
Google Earth (HKLM\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
ieSpell (HKLM\...\ieSpell) (Version: 2.6.4 (build 573) - Red Egg Software)
Intel(R) Integrated Performance Primitives Run-Time Installer 5.1 for Windows* on IA-32 Intel(R) Architecture (HKLM\...\{BAE06076-DB3F-4936-8864-249A7B2AA662}) (Version: 5.1.1.3 - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )
Java 7 Update 80 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217080FF}) (Version: 7.0.800 - Oracle)
Java 8 Update 101 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java 8 Update 144 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Java 8 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Java 8 Update 66 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.17 - Oracle Corporation)
Junk Mail filter update (HKLM\...\{8E5233E1-7495-44FB-8DEB-4BE906D59619}) (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
LibreOffice 3.3 (HKLM\...\{CD068533-1A20-47F6-B1A2-196725B1320F}) (Version: 3.3.401 - LibreOffice)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2656353) (HKLM\...\M2656353) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2656370) (HKLM\...\M2656370) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM\...\{172423F9-522A-483A-AD65-03600CE4CA4F}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Revo Uninstaller 2.0.3 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.3 - VS Revo Group, Ltd.)
SafeZone Stable 1.48.2066.120 (HKLM\...\SafeZone 1.48.2066.120) (Version: 1.48.2066.120 - Avast Software) Hidden
SAMSUNG Intelli-studio (HKLM\...\Intelli-studio) (Version: 3.1.32.1 - Samsung Electronics Co., Ltd.)
Segoe UI (HKLM\...\{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}) (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.0.13.2 - Synaptics)
Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM\...\InstallShield_{AD7914E1-6453-4440-AEC7-02C72AD6FE5F}) (Version: 1.20.0000 - Texas Instruments Inc.)
TIPCI (HKLM\...\{AD7914E1-6453-4440-AEC7-02C72AD6FE5F}) (Version: 1.20.0000 - Texas Instruments Inc.) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)

==================== Scheduled Tasks=============================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpda teService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\SafeZone scheduled Autoupdate 1494868102.job => C:\Program Files\AVAST Software\SZBrowser\launcher.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============


==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7849 more sites.

IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\123simsen.com -> www.123simsen.com

There are 7849 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-04 04:00 - 2017-07-28 10:18 - 00000736 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1715567821-2147082821-1417001333-500\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 75.75.75.75 - 75.75.76.76
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Google Update => "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe] => Enabled:Windows Live Sync
DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\wlcsdk.exe] => Enabled:Windows Live Call
DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\msnmsgr.exe] => Enabled:Windows Live Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe] => Enabled:Windows Live Sync
StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\wlcsdk.exe] => Enabled:Windows Live Call
StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\msnmsgr.exe] => Enabled:Windows Live Messenger
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNetbiggrin.gifisabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNetbiggrin.gifisabled:@xpsp2res.dll,-22008

==================== Restore Points =========================

28-07-2017 09:38:44 Revo Uninstaller's restore point - CCleaner

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/26/2017 12:27:53 PM) (Source: NativeWrapper) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (07/26/2017 12:27:51 PM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 - Update '{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log.

Error: (07/26/2017 12:27:50 PM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1. The Windows installer cannot continue.

Share this post


Link to post
Share on other sites

System errors:
=============
Error: (07/28/2017 09:28:05 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (07/28/2017 09:28:05 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.

Error: (07/28/2017 09:28:00 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1053 = The service did not respond to the start or control request in a timely fashion." attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (07/26/2017 12:27:54 PM) (Source: Windows Update Agent) (EventID: 20) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2833941).


==================== Memory info ===========================

Processor: AMD Turion(tm) 64 Mobile Technology ML-30
Percentage of memory in use: 54%
Total physical RAM: 894.48 MB
Available physical RAM: 410.74 MB
Total Virtual: 2165.68 MB
Available Virtual: 1806.92 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.52 GB) (Free:58.33 GB) NTFS ==>[drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

================================================== ======
Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: 95AA95AA)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Share this post


Link to post
Share on other sites
Broni   

p22002970.gif Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.

p22002970.gif Please download Malwarebytes to your desktop.

  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

p22002970.gif Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.


p22002970.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Share this post


Link to post
Share on other sites

RogueKiller V12.11.8.0 [Jul 24 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Administrator [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Scan -- Date : 08/01/2017 07:27:53 (Duration : 00:25:01)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 10 ¤¤¤
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} -> Found
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} -> Found
[PUP.Gen1] HKEY_LOCAL_MACHINE\Software\VBMZ -> Found
[PUP.Gen1] HKEY_USERS\S-1-5-21-1715567821-2147082821-1417001333-500\Software\Appscion -> Found
[PUP.Gen1] HKEY_USERS\S-1-5-21-1715567821-2147082821-1417001333-500\Software\IM -> Found
[PUP.Gen1] HKEY_USERS\S-1-5-21-1715567821-2147082821-1417001333-500\Software\ParetoLogic -> Found
[PUP.Gen0] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {21FA44EF-376D-4D53-9B0F-8A89D3229068} : -> Found
[PUP.Gen0] HKEY_USERS\S-1-5-21-1715567821-2147082821-1417001333-500\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {21FA44EF-376D-4D53-9B0F-8A89D3229068} : -> Found
[PUM.Proxy] HKEY_USERS\S-1-5-21-1715567821-2147082821-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings | ProxyServer : :0 -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-1715567821-2147082821-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Expl orer\Advanced | Start_ShowRecentDocs : 2 -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 10 ¤¤¤
[PUP.Gen1][Folder] C:\Documents and Settings\Administrator\Application Data\DriverCure -> Found
[PUP.Gen1][Folder] C:\Documents and Settings\Administrator\Application Data\ParetoLogic -> Found
[PUP.Gen1][Folder] C:\Documents and Settings\Administrator\Local Settings\Application Data\PackageAware -> Found
[PUP.Gen1][Folder] C:\Documents and Settings\All Users\Application Data\ParetoLogic -> Found
[PUP.Gen1][Folder] C:\Program Files\Downloaded Installers -> Found
[PUP.Gen1][Folder] C:\Program Files\Instair -> Found
[PUP.Gen1][Folder] C:\Program Files\Yahoo!\Companion -> Found
[PUP.Gen1][Folder] C:\Documents and Settings\Administrator\Application Data\DriverCure -> Found
[PUP.Gen1][Folder] C:\Documents and Settings\Administrator\Application Data\ParetoLogic -> Found
[PUP.Gen1][Folder] C:\Documents and Settings\All Users\Application Data\ParetoLogic -> Found

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: FUJITSU MHV2080AT PL +++++
--- User ---
[MBR] bd659ad304365a5c1a63ead8bbaeceaf
[BSP] 0207e91ee81502746bb26c7bd4e16169 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 76308 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
User = LL2 ... OK

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 8/1/17
Scan Time: 8:08 AM
Log File:
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.160
Update Package Version: 1.0.2483
License: Trial

-System Information-
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: OWNER-7F5980B60\Administrator

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 228600
Threats Detected: 2
Threats Quarantined: 2
Time Elapsed: 16 min, 4 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 1
PUP.Optional.Spigot.Generic, HKU\S-1-5-21-1715567821-2147082821-1417001333-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{8F607A00-2F74-4E52-8295-49CDEB050B91}, Quarantined, [1858], [368913],1.0.2483

Registry Value: 1
PUP.Optional.Spigot.Generic, HKU\S-1-5-21-1715567821-2147082821-1417001333-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{8F607A00-2F74-4E52-8295-49CDEB050B91}|URL, Quarantined, [1858], [368913],1.0.2483

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)
(end)
                                            Adwcleaner won't run, says invalid file 32
 
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Microsoft Windows XP x86
Ran by Administrator (Administrator) on Tue 08/01/2017 at 8:52:11.95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~

File System: 11

Successfully deleted: C:\Documents and Settings\Administrator\Application Data\fixcleaner (Folder)
Successfully deleted: C:\WINDOWS\wininit.ini (File)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0IHGAZA6 (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6403S24A (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G6YLAHQB (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\MYMHPK87 (Temporary Internet Files Folder)
Successfully deleted: C:\Program Files\fixcleaner (Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0IHGAZA6 (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6403S24A (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\G6YLAHQB (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\MYMHPK87 (Temporary Internet Files Folder)

Registry: 2

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~
Scan was completed on Tue 08/01/2017 at 8:53:08.54
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~
oldognewtrick is offlineReport Post IP    

Share this post


Link to post
Share on other sites

it is running better, but I have to hold the refresh button several times to get the complete page to load sometimes. The header will usually load but the body comes up as a blank page. After hitting refresh it will eventually load.

Share this post


Link to post
Share on other sites
Broni   

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.
  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.


When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

Share this post


Link to post
Share on other sites
Broni   

Reset Internet Explorer.
Download MIcrosoft FixIt file from here: http://go.microsoft.com/?linkid=9646978
You can use ANY browser to download "FixIt" file.
Double click on downloaded MicrosoftFixit50195.msi file to run the fix.
Make sure you follow ALL steps listed there.
Windows 8/8.1/10  users. Reset IE manually: https://support.microsoft.com/en-us/kb/923737

Then proceed with Combofix.

Share this post


Link to post
Share on other sites

He already ran Combo fix.  " This program seems to have solved the loading of a web page problem I described ".

I'll post it , or do you want him to run it again after resetting IE ?

Edited by Broken Club

Share this post


Link to post
Share on other sites

I posted it yesterday . Editor was hiding It ..

 

ComboFix 17-07-31.01 - Administrator 08/01/2017 21:28:52.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.585 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Bitdefender Antivirus Free Edition *Disabled/Updated* {9488E0FA-F058-4673-850E-E755F112BABC}
AV: Malwarebytes *Disabled/Updated* {D4AC7077-9720-47B0-8B38-DFAF3AA21DB6}
FW: *Enabled* {9488E0FA-F058-4673-850E-E755F112BABC}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\1470776853.bdinstall.bin
c:\documents and settings\All Users\Application Data\1473516096.bdinstall.bin
c:\documents and settings\All Users\Application Data\1473516465.bdinstall.bin
c:\documents and settings\All Users\Application Data\1473621057.bdinstall.bin
c:\documents and settings\All Users\Application Data\1473621134.bdinstall.bin
c:\documents and settings\All Users\Application Data\1473621351.bdinstall.bin
c:\documents and settings\All Users\Application Data\1473621611.bdinstall.bin
c:\documents and settings\All Users\Application Data\1473621843.bdinstall.bin
c:\documents and settings\All Users\Application Data\1473621850.bdinstall.bin
c:\documents and settings\All Users\Application Data\1473622480.bdinstall.bin
c:\documents and settings\All Users\Application Data\1473622488.bdinstall.bin
c:\documents and settings\All Users\Application Data\1473622699.bdinstall.bin
.
.
((((((((((((((((((((((((( Files Created from 2017-07-02 to 2017-08-02 )))))))))))))))))))))))))))))))
.
.
2017-08-01 11:49 . 2017-08-01 12:27 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2017-08-01 11:49 . 2017-08-01 13:00 -------- d-----w- c:\documents and settings\All Users\Application Data\RogueKiller
2017-08-01 11:49 . 2017-08-01 11:49 -------- d-----w- c:\program files\RogueKiller
2017-08-01 11:48 . 2017-08-01 11:48 -------- d-----w- C:\Documents
2017-07-28 23:12 . 2017-07-28 23:12 -------- d-----w- c:\program files\Common Files\Java
2017-07-28 19:23 . 2017-07-28 23:31 -------- d-----w- C:\FRST
2017-07-26 07:59 . 2017-07-29 02:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2017-07-26 07:09 . 2017-07-26 07:09 147232 ----a-w- c:\windows\system32\drivers\MBAMChameleon.sys
2017-07-26 07:08 . 2017-08-01 14:54 40352 ----a-w- c:\windows\system32\drivers\mbam.sys
2017-07-26 07:08 . 2017-08-01 14:54 221600 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-07-26 07:07 . 2017-06-27 17:06 59936 ----a-w- c:\windows\system32\drivers\mbae.sys
2017-07-26 07:07 . 2017-07-26 07:07 -------- d-----w- c:\program files\Malwarebytes
2017-07-13 13:41 . 2017-07-13 13:41 -------- d-----w- C:\2acf4b2db1bb22675c54b9
2017-07-04 00:38 . 2017-07-04 00:38 17406208 -c--a-w- c:\program files\Common Files\Microsoft Shared\OFFICE12\MSO.DLL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2017-07-28 23:11 . 2015-03-05 21:51 95808 -c--a-w- c:\windows\system32\WindowsAccessBridge.dll
2017-07-28 23:11 . 2011-08-17 21:52 160256 -c--a-w- c:\windows\system32\javacpl.cpl
2017-07-13 14:47 . 2012-05-11 10:51 803328 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
2017-07-13 14:47 . 2011-08-17 21:51 144896 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2017-07-13 13:19 . 2017-05-15 16:59 202688 -c--a-w- c:\windows\system32\drivers\aswStmXP.sys
2017-07-13 13:19 . 2017-05-15 16:59 296800 -c--a-w- c:\windows\system32\drivers\aswVmm.sys
2017-07-13 13:19 . 2017-05-15 16:59 70840 -c--a-w- c:\windows\system32\drivers\aswRvrt.sys
2017-07-13 13:19 . 2017-05-15 16:59 42824 -c--a-w- c:\windows\system32\drivers\aswHwid.sys
2017-07-13 13:11 . 2017-05-15 16:59 50352 -c--a-w- c:\windows\system32\drivers\aswbunivx.sys
2017-07-13 13:11 . 2017-05-15 16:59 276704 -c--a-w- c:\windows\system32\drivers\aswblogx.sys
2017-07-13 13:11 . 2017-05-15 16:59 157384 -c--a-w- c:\windows\system32\drivers\aswbidshx.sys
2017-07-13 13:11 . 2017-05-15 16:59 266976 -c--a-w- c:\windows\system32\drivers\aswbidsdriverx.sys
2017-05-15 12:09 . 2017-05-15 12:09 13163 -c--a-w- c:\documents and settings\All Users\Application Data\agent.1494850163.bdinstall.bin
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-05-08 959904]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-07-14 344064]
"Malwarebytes TrayApp"="c:\program files\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe" [2017-05-09 3146704]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2017-07-22 587288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2014-05-08 13:48 959904 -c--a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2017-07-22 04:05 587288 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
.
R0 aswbidsh;aswbidsh;\SystemRoot\\SystemRoot\system32 \drivers\aswbidshx.sys --> \SystemRoot\\SystemRoot\system32\drivers\aswbidshx .sys [?]
R0 aswblog;aswblog;\SystemRoot\\SystemRoot\system32\d rivers\aswblogx.sys --> \SystemRoot\\SystemRoot\system32\drivers\aswblogx. sys [?]
R0 aswbuniv;aswbuniv;\SystemRoot\\SystemRoot\system32 \drivers\aswbunivx.sys --> \SystemRoot\\SystemRoot\system32\drivers\aswbunivx .sys [?]
R0 aswRvrt;aswRvrt;\SystemRoot\\SystemRoot\system32\d rivers\aswRvrt.sys --> \SystemRoot\\SystemRoot\system32\drivers\aswRvrt.s ys [?]
R0 aswVmm;aswVmm;\SystemRoot\\SystemRoot\system32\dri vers\aswVmm.sys --> \SystemRoot\\SystemRoot\system32\drivers\aswVmm.sy s [?]
R1 aswbidsdriver;aswbidsdriver;c:\windows\system32\dr ivers\aswbidsdriverx.sys [5/15/2017 11:59 AM 266976]
R1 MBAMChameleon;MBAMChameleon;c:\windows\system32\dr ivers\MBAMChameleon.sys [7/26/2017 2:09 AM 147232]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFH WATI.sys [8/22/2005 4:06 PM 231424]
S2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\MBAMService.exe [7/26/2017 2:07 AM 3398608]
S3 aswHwid;aswHwid;c:\windows\system32\drivers\aswHwi d.sys [5/15/2017 11:59 AM 42824]
S3 aswStmXP;aswStmXP;c:\windows\system32\drivers\aswS tmXP.sys [5/15/2017 11:59 AM 202688]
S3 cpuz134;cpuz134;\??\c:\docume~1\ADMINI~1\LOCALS~1\ Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz134\cpuz134 _x32.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - ESProtectionDriver
.
Contents of the 'Scheduled Tasks' folder
.
2017-08-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe [2012-05-11 14:48]
.
2017-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-08-25 19:58]
.
2017-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-08-25 19:58]
.
2016-03-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-27 01:59]
.
2017-08-01 c:\windows\Tasks\SafeZone scheduled Autoupdate 1494868102.job
- c:\program files\AVAST Software\SZBrowser\launcher.exe [2017-05-15 08:42]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.yahoo.com/
mStart Page = https://www.yahoo.com/?fr=hp-avast&type=agc511
mSearch Bar = https://www.yahoo.com/?fr=hp-avast&type=agc511
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
MSConfigStartUp-Google Update - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2017-08-01 21:34
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:0 1,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,79,4f,8f ,02,c9,7e,e0,47,97,7d,30,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:0 1,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,79,4f,8f ,02,c9,7e,e0,47,97,7d,30,\
.
[HKEY_USERS\S-1-5-21-1715567821-2147082821-1417001333-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:0 1,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9f,96,d8 ,22,7d,0b,38,4b,ad,d2,b6,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:0 1,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9f,96,d8 ,22,7d,0b,38,4b,ad,d2,b6,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3B F-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macrome d\\Flash\\FlashUtil32_26_0_0_137_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3B F-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3B F-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUt il32_26_0_0_137_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3B F-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299 817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299 817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299 817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(552)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2017-08-01 21:36:38
ComboFix-quarantined-files.txt 2017-08-02 02:36
ComboFix2.txt 2012-08-09 17:23
.
Pre-Run: 62,226,706,432 bytes free
Post-Run: 62,261,723,136 bytes free
.
- - End Of File - - 413D67061B9E967DFE555B266F91EF4C
8F558EB6672622401DA993E1E865C861

Share this post


Link to post
Share on other sites
Broni   

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

Share this post


Link to post
Share on other sites

Finally, His mom broke her hip a few days ago . He stayed in the hospital with her .

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-07-2017
Ran by Administrator (administrator) on OWNER-7F5980B60 (14-08-2017 13:05:32)
Running from C:\Documents and Settings\Administrator\desktop
Loaded Profiles: Administrator (Available Profiles: Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.5\GoogleCrashHandler.ex e
(ATI Technologies, Inc.) C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\Presen tationFontCache.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPStart] => C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2007-09-15] (Synaptics, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [ATIPTA] => C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [344064 2005-07-13] (ATI Technologies, Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKLM\...\Run: [DWQueuedReporting] => c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2005-07-14] (ATI Technologies Inc.)
HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{1847F907-36D7-46C7-8DF5-740892773AAE}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=hp-avast&type=agc511
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1715567821-2147082821-1417001333-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/
HKU\S-1-5-21-1715567821-2147082821-1417001333-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1715567821-2147082821-1417001333-500 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1715567821-2147082821-1417001333-500 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-07-28] (Oracle Corporation)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-07-28] (Oracle Corporation)
BHO: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> No File
Toolbar: HKU\S-1-5-21-1715567821-2147082821-1417001333-500 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-1715567821-2147082821-1417001333-500 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iqr3k201.default-1440529984671 [2017-07-28]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-08-17] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_26_0_0_ 137.dll [2017-07-13] ()
FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1 .dll [2017-07-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-07-28] (Oracle Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-02] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default [2017-08-02]
CHR Extension: (Google Slides) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhon fmgoek [2017-08-02]
CHR Extension: (Google Docs) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfi lokake [2017-08-02]
CHR Extension: (Google Drive) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf [2017-08-02]
CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo [2017-08-02]
CHR Extension: (Google Sheets) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpeb giejap [2017-08-02]
CHR Extension: (Google Docs Offline) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdl olhkhi [2017-08-02]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2017-08-02]
CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia [2017-08-02]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpda teService.exe [272384 2017-07-13] (Adobe Systems Incorporated) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3398608 2017-05-09] (Malwarebytes)

===================== Drivers (Whitelisted) ======================
 

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AmdPPM; C:\WINDOWS\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices)
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdriverx.sys [266976 2017-07-13] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidshx.sys [157384 2017-07-13] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswblogx.sys [276704 2017-07-13] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbunivx.sys [50352 2017-07-13] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [42824 2017-07-13] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [70840 2017-07-13] (AVAST Software)
S3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [202688 2017-07-13] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [296800 2017-07-13] (AVAST Software)
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [1391104 2008-10-23] (Broadcom Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae.sys [59936 2017-06-27] ()
R2 fssfltr; C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys [54760 2010-04-28] (Microsoft Corporation)
R3 HSFHWATI; C:\WINDOWS\System32\DRIVERS\HSFHWATI.sys [231424 2005-08-22] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [1035008 2005-08-22] (Conexant Systems, Inc.)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [147232 2017-08-14] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [221600 2017-08-14] (Malwarebytes)
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2008-04-13] (Realtek Semiconductor Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-02 18:25 - 2017-08-02 18:25 - 000000000 ____D C:\Documents and Settings\Administrator\desktop\FRST-OlderVersion
2017-08-02 11:57 - 2017-08-02 11:57 - 000001819 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome.lnk
2017-08-02 11:57 - 2017-08-02 11:57 - 000001813 _____ C:\Documents and Settings\All Users\desktop\Google Chrome.lnk
2017-08-01 22:04 - 2017-08-01 22:08 - 000090386 _____ C:\WINDOWS\ntbtlog.txt
2017-08-01 21:46 - 2017-08-01 21:46 - 012019984 _____ (OPSWAT, Inc.) C:\Documents and Settings\Administrator\desktop\AppRemover.exe
2017-08-01 21:36 - 2017-08-14 13:06 - 000000000 ____D C:\Documents and Settings\Administrator\Local Settings\temp
2017-08-01 21:36 - 2017-08-01 21:36 - 000012830 _____ C:\ComboFix.txt
2017-08-01 21:36 - 2017-08-01 21:36 - 000000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2017-08-01 21:36 - 2017-08-01 21:36 - 000000000 ____D C:\Documents and Settings\LocalService\Local Settings\temp
2017-08-01 21:25 - 2017-08-01 21:25 - 005659660 ____R (Swearware) C:\Documents and Settings\Administrator\desktop\ComboFix.exe
2017-08-01 08:53 - 2017-08-01 08:53 - 000002296 _____ C:\Documents and Settings\Administrator\desktop\JRT.txt
2017-08-01 08:51 - 2017-08-01 08:51 - 001790024 _____ (Malwarebytes) C:\Documents and Settings\Administrator\desktop\JRT.exe
2017-08-01 08:37 - 2017-08-01 08:37 - 008185288 _____ (Malwarebytes) C:\Documents and Settings\Administrator\desktop\adwcleaner.exe
2017-08-01 06:49 - 2017-08-01 08:00 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\RogueKiller
2017-08-01 06:49 - 2017-08-01 07:27 - 000024688 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-08-01 06:49 - 2017-08-01 06:49 - 000000718 _____ C:\Documents and Settings\All Users\desktop\RogueKiller.lnk
2017-08-01 06:49 - 2017-08-01 06:49 - 000000000 ____D C:\Program Files\RogueKiller
2017-08-01 06:49 - 2017-08-01 06:49 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\RogueKiller
2017-08-01 06:46 - 2017-08-01 06:46 - 035709112 _____ (Adlice Software ) C:\Documents and Settings\Administrator\desktop\RogueKiller_setup_r ef3.exe
2017-07-28 18:12 - 2017-07-28 18:12 - 000000000 ____D C:\Program Files\Common Files\Java
2017-07-28 14:35 - 2017-08-02 18:32 - 000024126 ____C C:\Documents and Settings\Administrator\desktop\Addition.txt
2017-07-28 14:34 - 2017-08-14 13:06 - 000011871 ____C C:\Documents and Settings\Administrator\desktop\FRST.txt
2017-07-28 14:33 - 2017-08-02 18:25 - 001777664 _____ (Farbar) C:\Documents and Settings\Administrator\desktop\FRST.exe
2017-07-28 14:28 - 2017-07-28 14:28 - 000032279 ____C C:\Documents and Settings\Administrator\My Documents\Shortcut.txt
2017-07-28 14:24 - 2017-07-28 14:28 - 000020377 ____C C:\Documents and Settings\Administrator\My Documents\Addition.txt
2017-07-28 14:23 - 2017-08-14 13:05 - 000000000 ____D C:\FRST
2017-07-28 14:23 - 2017-07-28 14:28 - 000020871 ____C C:\Documents and Settings\Administrator\My Documents\FRST.txt
2017-07-28 14:22 - 2017-07-28 14:22 - 001778176 ____C (Farbar) C:\Documents and Settings\Administrator\My Documents\FRST.exe
2017-07-28 10:19 - 2017-07-28 10:19 - 000006303 ____C C:\WINDOWS\resetlog.txt
2017-07-28 09:16 - 2017-07-28 09:16 - 000170688 ____C C:\WINDOWS\system32\FNTCACHE.DAT
2017-07-26 02:59 - 2017-07-28 21:40 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2017-07-26 02:56 - 2017-07-28 21:40 - 000000000 ____D C:\Documents and Settings\Administrator\desktop\mbar
2017-07-26 02:09 - 2017-08-14 13:02 - 000147232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-07-26 02:08 - 2017-08-14 13:03 - 000040352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-07-26 02:08 - 2017-08-14 13:02 - 000221600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-07-26 02:07 - 2017-07-26 02:07 - 000001715 ____C C:\Documents and Settings\All Users\desktop\Malwarebytes.lnk
2017-07-26 02:07 - 2017-07-26 02:07 - 000000000 ____D C:\Program Files\Malwarebytes
2017-07-26 02:07 - 2017-07-26 02:07 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes
2017-07-26 02:07 - 2017-06-27 12:06 - 000059936 _____ C:\WINDOWS\system32\Drivers\mbae.sys

==================== One Month Modified files and folders ========
 

Scan result of Farbar Rec

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-14 13:03 - 2017-05-15 12:08 - 000000480 ____C C:\WINDOWS\Tasks\SafeZone scheduled Autoupdate 1494868102.job
2017-08-14 13:03 - 2004-08-04 04:00 - 000013646 ____C C:\WINDOWS\system32\wpa.dbl
2017-08-14 13:02 - 2015-08-25 14:58 - 000000882 ____C C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-08-14 13:02 - 2011-08-16 17:51 - 000000006 ___HC C:\WINDOWS\Tasks\SA.DAT
2017-08-02 20:40 - 2016-09-21 08:39 - 000095296 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2017-08-02 20:40 - 2013-08-13 06:24 - 000032522 _____ C:\WINDOWS\Tasks\SCHEDLGU.TXT
2017-08-02 20:39 - 2011-08-16 17:51 - 000000178 __SHC C:\Documents and Settings\Administrator\ntuser.ini
2017-08-02 20:38 - 2012-05-11 05:52 - 000000830 ____C C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-08-02 20:24 - 2015-08-25 14:58 - 000000886 ____C C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-08-02 11:57 - 2013-12-06 11:03 - 000000000 ____D C:\Program Files\Google
2017-08-02 11:57 - 2011-08-17 16:50 - 000000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2017-08-01 22:00 - 2011-08-16 17:45 - 000000000 __SHD C:\Documents and Settings\NetworkService
2017-08-01 21:36 - 2012-08-09 12:03 - 000000000 ____D C:\Qoobox
2017-08-01 21:34 - 2004-08-04 04:00 - 000000245 _____ C:\WINDOWS\system.ini
2017-08-01 21:33 - 2011-08-17 16:56 - 000000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Temp
2017-08-01 07:58 - 2011-12-03 20:04 - 000000000 ____D C:\Program Files\Yahoo!
2017-07-28 18:12 - 2014-10-28 12:18 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java
2017-07-28 18:12 - 2011-08-17 16:52 - 000000000 ____D C:\Program Files\Java
2017-07-28 18:11 - 2015-03-05 16:51 - 000095808 ____C (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2017-07-28 18:11 - 2011-08-17 16:52 - 000160256 ____C (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2017-07-26 12:28 - 2014-05-28 09:34 - 000065536 _____ C:\WINDOWS\system32\config\TuneUp.evt
2017-07-26 12:28 - 2011-08-17 15:41 - 000065536 _____ C:\WINDOWS\system32\config\WindowsPowerShell.evt
2017-07-26 12:28 - 2011-08-17 15:41 - 000065536 _____ C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2017-07-26 12:28 - 2011-08-16 18:14 - 000065536 _____ C:\WINDOWS\system32\config\Internet.evt
2017-07-26 11:10 - 2011-08-16 17:51 - 000000000 ____D C:\Documents and Settings\Administrator
2017-07-26 10:27 - 2016-09-11 14:46 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2017-07-26 10:24 - 2017-05-15 11:56 - 000000000 ____D C:\Program Files\AVAST Software
2017-07-26 10:24 - 2011-08-16 17:41 - 000002577 ____C C:\WINDOWS\system32\CONFIG.NT
2017-07-26 03:49 - 2011-08-16 17:40 - 000023392 ____C C:\WINDOWS\system32\nscompat.tlb
2017-07-26 03:49 - 2011-08-16 17:40 - 000016832 ____C C:\WINDOWS\system32\amcompat.tlb
2017-07-26 03:35 - 2011-08-16 17:51 - 000000803 ____C C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
2017-07-26 02:07 - 2011-09-15 16:22 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2017-07-26 01:57 - 2011-08-16 12:23 - 000000000 ____D C:\Documents and Settings

==================== Files in the root of some directories =======

2017-05-15 07:09 - 2017-05-15 07:09 - 000013163 ____C () C:\Documents and Settings\All Users\Application Data\agent.1494850163.bdinstall.bin

Some files in TEMP:
====================
2017-08-02 20:17 - 2010-12-09 10:15 - 000718336 _____ (Microsoft Corporation) C:\Documents and Settings\Administrator\Local Settings\temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 31-07-2017
Ran by Administrator (14-08-2017 13:08:07)
Running from C:\Documents and Settings\Administrator\desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2011-08-16 22:44:22)
Boot Mode: Normal
================================================== ========


==================== Accounts: =============================

Administrator (S-1-5-21-1715567821-2147082821-1417001333-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-1715567821-2147082821-1417001333-1003 - Limited - Enabled)
Guest (S-1-5-21-1715567821-2147082821-1417001333-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1715567821-2147082821-1417001333-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1715567821-2147082821-1417001333-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus Free Edition (Disabled - Up to date) {9488E0FA-F058-4673-850E-E755F112BABC}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 26 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
ATI - Software Uninstall Utility (HKLM\...\All ATI Software) (Version: 6.14.10.1012 - )
ATI Control Panel (HKLM\...\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}) (Version: 6.14.10.5160 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.16-050713a1-025450C - )
Canon MG3100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3100_series) (Version: - )
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant AC-Link Audio (HKLM\...\CNXT_AUDIO) (Version: - )
Data Fax SoftModem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_ 3091103C) (Version: - )
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Earth (HKLM\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
ieSpell (HKLM\...\ieSpell) (Version: 2.6.4 (build 573) - Red Egg Software)
Intel(R) Integrated Performance Primitives Run-Time Installer 5.1 for Windows* on IA-32 Intel(R) Architecture (HKLM\...\{BAE06076-DB3F-4936-8864-249A7B2AA662}) (Version: 5.1.1.3 - Intel Corporation)
Java 7 Update 80 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217080FF}) (Version: 7.0.800 - Oracle)
Java 8 Update 101 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java 8 Update 144 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Java 8 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Java 8 Update 66 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.17 - Oracle Corporation)
Junk Mail filter update (HKLM\...\{8E5233E1-7495-44FB-8DEB-4BE906D59619}) (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
LibreOffice 3.3 (HKLM\...\{CD068533-1A20-47F6-B1A2-196725B1320F}) (Version: 3.3.401 - LibreOffice)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2656353) (HKLM\...\M2656353) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2656370) (HKLM\...\M2656370) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM\...\{172423F9-522A-483A-AD65-03600CE4CA4F}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Revo Uninstaller 2.0.3 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.3 - VS Revo Group, Ltd.)
RogueKiller version 12.11.8.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.8.0 - Adlice Software)
SafeZone Stable 1.48.2066.120 (HKLM\...\SafeZone 1.48.2066.120) (Version: 1.48.2066.120 - Avast Software) Hidden
SAMSUNG Intelli-studio (HKLM\...\Intelli-studio) (Version: 3.1.32.1 - Samsung Electronics Co., Ltd.)
Segoe UI (HKLM\...\{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}) (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.0.13.2 - Synaptics)
Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM\...\InstallShield_{AD7914E1-6453-4440-AEC7-02C72AD6FE5F}) (Version: 1.20.0000 - Texas Instruments Inc.)
TIPCI (HKLM\...\{AD7914E1-6453-4440-AEC7-02C72AD6FE5F}) (Version: 1.20.0000 - Texas Instruments Inc.) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)

A

==================== Scheduled Tasks=============================C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpda teService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\SafeZone scheduled Autoupdate 1494868102.job => C:\Program Files\AVAST Software\SZBrowser\launcher.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============


==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7849 more sites.

IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\123simsen.com -> www.123simsen.com

There are 7847 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-04 04:00 - 2017-08-01 21:34 - 000000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1715567821-2147082821-1417001333-500\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 75.75.75.75 - 75.75.76.76
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe] => Enabled:Windows Live Sync
DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\wlcsdk.exe] => Enabled:Windows Live Call
DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\msnmsgr.exe] => Enabled:Windows Live Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe] => Enabled:Windows Live Sync
StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\wlcsdk.exe] => Enabled:Windows Live Call
StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\msnmsgr.exe] => Enabled:Windows Live Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNetbiggrin.gifisabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNetbiggrin.gifisabled:@xpsp2res.dll,-22008
 

Additi
==================== Restore Points =========================

28-07-2017 09:38:44 Revo Uninstaller's restore point - CCleaner
28-07-2017 21:46:00 Software Distribution Service 3.0
30-07-2017 09:12:26 Software Distribution Service 3.0
31-07-2017 10:11:20 System Checkpoint
01-08-2017 06:04:45 Software Distribution Service 3.0
01-08-2017 08:52:19 JRT Pre-Junkware Removal
01-08-2017 08:56:46 Software Distribution Service 3.0
01-08-2017 22:16:04 Software Distribution Service 3.0
02-08-2017 08:41:11 Software Distribution Service 3.0
02-08-2017 12:15:50 Software Distribution Service 3.0
02-08-2017 15:26:24 Software Distribution Service 3.0
02-08-2017 20:40:05 Software Distribution Service 3.0

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/02/2017 08:40:40 PM) (Source: NativeWrapper) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (08/02/2017 08:40:40 PM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 - Update '{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log.

Error: (08/02/2017 08:40:39 PM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1. The Windows installer cannot continue.

Error: (08/02/2017 03:27:07 PM) (Source: NativeWrapper) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (08/02/2017 03:27:06 PM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 - Update '{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log.

Error: (08/02/2017 03:27:05 PM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1. The Windows installer cannot continue.

Error: (08/02/2017 12:16:35 PM) (Source: NativeWrapper) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (08/02/2017 12:16:34 PM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 - Update '{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log.

Error: (08/02/2017 12:16:32 PM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1. The Windows installer cannot continue.

Error: (08/02/2017 08:42:20 AM) (Source: NativeWrapper) (EventID: 5000) (User: )
Description: Event-ID 5000


System errors:
=============
Error: (08/14/2017 01:03:00 PM) (Source: Schannel) (EventID: 4116) (User: )
Description: The certificate received from the remote server does not contain the expected name.
It is therefore not possible to determine whether we are connecting to the
correct server. The server name we were expecting is au.avastbrowser.com. The SSL connection request has
failed. The attached data contains the server certificate.

Error: (08/02/2017 08:40:41 PM) (Source: Windows Update Agent) (EventID: 20) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2833941).

Error: (08/02/2017 03:27:08 PM) (Source: Windows Update Agent) (EventID: 20) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2833941).

Error: (08/02/2017 01:25:23 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 10.0.0.11 for the Network Card with network address 0014A52DCA3C has been
denied by the DHCP server 172.20.20.1 (The DHCP Server sent a DHCPNACK message).

Error: (08/02/2017 12:16:36 PM) (Source: Windows Update Agent) (EventID: 20) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2833941).

Error: (08/02/2017 08:49:50 AM) (Source: Windows Update Agent) (EventID: 20) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2833941).

Error: (08/01/2017 10:18:13 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 172.20.20.20 for the Network Card with network address 0014A52DCA3C has been
denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

Error: (08/01/2017 10:16:45 PM) (Source: Windows Update Agent) (EventID: 20) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2833941).

Error: (08/01/2017 10:10:11 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 10.0.0.11 for the Network Card with network address 0014A52DCA3C has been
denied by the DHCP server 172.20.20.1 (The DHCP Server sent a DHCPNACK message).

Error: (08/01/2017 10:08:44 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}


==================== Memory info ===========================

Processor: AMD Turion(tm) 64 Mobile Technology ML-30
Percentage of memory in use: 52%
Total physical RAM: 894.48 MB
Available physical RAM: 428.27 MB
Total Virtual: 2165.88 MB
Available Virtual: 1698.4 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.52 GB) (Free:57.3 GB) NTFS ==>[drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

================================================== ======
Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: 95AA95AA)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

 

 

Share this post


Link to post
Share on other sites
Broni   

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

fixlist.txt

Share this post


Link to post
Share on other sites

Sent him link to fislist .

Reply : The smart computing link is password protected and doesn't give me accesses .

If i copy the contents of Fislist.txt  and have him save it into notepad, and save as Fislist.exe . Would that work ? 

Share this post


Link to post
Share on other sites
Broni   

Download attached file and email it to him as an attachment.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


  • Recently Browsing   0 members

    No registered users viewing this page.

×