# Windows XP Problem



## oldognewtrick (Jul 26, 2017)

I have a older Compaq Presario V2000 laptop that I keep in the garage. It has become difficult to start up and get on line. I use it mostly to source repair problems on cars or projects. Is there anything I can do to make the thing usable?


----------



## Nick (Jul 26, 2017)

Download and run Mem test to see if the memory is going bad .

http://www.majorgeeks.com/content/p...ks.com/&ref=www.google.com/&ss=3362j2145402j8

You can also download and run Win Sock to flush the DNS Cache , and renew the isp address .

WinSock XP Fix 1.2 
http://www.majorgeeks.com/content/p...ks.com/&ref=www.google.com/&ss=4804j4539992j8


Let me know if the memory is good . I will post new software to run .

It can be a software , or hardware problem, power pack can be going bad .


----------



## havasu (Jul 27, 2017)

We already know Tom's memory is going bad!


----------



## oldognewtrick (Jul 28, 2017)

havasu said:


> We already know Tom's memory is going bad!



That and a bunch of other things...


----------



## Nick (Jul 28, 2017)

Did you run the software Oldog ?


----------



## oldognewtrick (Jul 28, 2017)

Haven't had a chance, ill try and do it this afternoon.


----------



## Nick (Jul 28, 2017)

OK, Keep me posted ..


----------



## Angie (Jul 28, 2017)

I ought to fire up my old deskside and see if it still runs.   It's XP Pro.   It was a graphic machine with 4GB storage in 2003 and was a good machine for those days.
I need to pull photos off it and put on thumb drive or laptop.


----------



## Nick (Jul 28, 2017)

I have around 300 photos on i m g u r Angie , without the spacing .

It is a free online storage . Been using it for over five years with no problems .

No one can see them unless you want them to .


----------



## Nick (Jul 28, 2017)

PS: Not getting e mails on reply's to my posts .


----------



## oldognewtrick (Jul 28, 2017)

You will have to go into your control panel and change the notification setting.

I ran both programs, no problem found in the memory sectors and I reset the winsock32 with the restore program. No change. I can at least get the thing on line and access programs, but it's still slow.


----------



## Rusty (Jul 28, 2017)

Some of the old puters are just slow. I used a Dell w Vista for a few years. It was slow out of the box and never could speed it up.


----------



## oldognewtrick (Jul 28, 2017)

Rusty said:


> Some of the old puters are just slow. I used a Dell w Vista for a few years. It was slow out of the box and never could speed it up.



Sometimes, you just need a bigger hammer.


----------



## Nick (Jul 28, 2017)

Post it in the tech forum Oldog, ans run FSS and post the log ..


----------



## oldognewtrick (Jul 28, 2017)

I'll post the log, if I can find it, but, pretty sure this is the tech forum...either that, or I'm lost.


----------



## Nick (Jul 28, 2017)

Your in the tech forum. Just create a new post . Follow the instructions in the sticky .

FSS should make a log on your desktop in notepad .

Check edit - Select all. The page will turn Blue . Check edit and copy, or just right click on your mouse and check copy, then just right click the mouse and paste it in your post ..


----------



## Rusty (Jul 28, 2017)

" The page will turn Blue " Why is the page sad?


----------



## oldognewtrick (Jul 29, 2017)

I've tried and tried to attach the scan file, reply box won't accept a post more than 10,000 characters. Scan file is over 20k. What's the next step???


----------



## Nick (Jul 29, 2017)

Do half at a time on the log.
Need to see the log so i can see what is going on.


----------



## oldognewtrick (Jul 30, 2017)

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-07-2017
Ran by Administrator (administrator) on OWNER-7F5980B60 (28-07-2017 18:27:29)
Running from C:\Documents and Settings\Administrator\desktop
Loaded Profiles: Administrator (Available Profiles: Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(ATI Technologies, Inc.) C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPStart] => C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2007-09-15] (Synaptics, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [ATIPTA] => C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [344064 2005-07-13] (ATI Technologies, Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2005-07-14] (ATI Technologies Inc.)
HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-1715567821-2147082821-1417001333-500] => :0
AutoConfigURL: [S-1-5-21-1715567821-2147082821-1417001333-500] => :0
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{1847F907-36D7-46C7-8DF5-740892773AAE}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=hp-avast&type=agc511
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1715567821-2147082821-1417001333-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/
HKU\S-1-5-21-1715567821-2147082821-1417001333-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-1715567821-2147082821-1417001333-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {EBBF6A78-7880-4B4A-ABBB-2D9D4EC8B84E} URL = 
SearchScopes: HKU\.DEFAULT -> {EBBF6A78-7880-4B4A-ABBB-2D9D4EC8B84E} URL = 
SearchScopes: HKU\S-1-5-21-1715567821-2147082821-1417001333-500 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1715567821-2147082821-1417001333-500 -> {8F607A00-2F74-4E52-8295-49CDEB050B91} URL = hxxp://search.easyspeedtest.co/s?source=d-googledisplay-bb8&uid=728c2e8f-8ba1-453f-b175-fd2721b99d19&uc=20170726&ap=appfocus1&i_id=speedtest__1.30&query={searchTerms}
SearchScopes: HKU\S-1-5-21-1715567821-2147082821-1417001333-500 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={D28561DF-5157-4C6F-8BA3-D520E9709513}&mid=4a7850dafaec47d28578d15de3c923cf-020b6a8920d8efb8e8d0cf12a809635b34b0ff96&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-11-18 10:00:43&v=4.0.0.19&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1715567821-2147082821-1417001333-500 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-07-28] (Oracle Corporation)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-07-28] (Oracle Corporation)
BHO: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> No File
Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-1715567821-2147082821-1417001333-500 -> &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-1715567821-2147082821-1417001333-500 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1715567821-2147082821-1417001333-500 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iqr3k201.default-1440529984671 [2017-07-28]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-08-17] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-13] ()
FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-07-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-07-28] (Oracle Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-02] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-07-13] (Adobe Systems Incorporated) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3398608 2017-05-09] (Malwarebytes)


----------



## oldognewtrick (Jul 30, 2017)

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AmdPPM; C:\WINDOWS\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices)
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdriverx.sys [266976 2017-07-13] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidshx.sys [157384 2017-07-13] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswblogx.sys [276704 2017-07-13] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbunivx.sys [50352 2017-07-13] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [42824 2017-07-13] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [70840 2017-07-13] (AVAST Software)
S3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [202688 2017-07-13] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [296800 2017-07-13] (AVAST Software)
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [1391104 2008-10-23] (Broadcom Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae.sys [59936 2017-06-27] ()
R2 fssfltr; C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys [54760 2010-04-28] (Microsoft Corporation)
R3 HSFHWATI; C:\WINDOWS\System32\DRIVERS\HSFHWATI.sys [231424 2005-08-22] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [1035008 2005-08-22] (Conexant Systems, Inc.)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [147232 2017-07-26] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [40352 2017-07-28] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [221600 2017-07-28] (Malwarebytes)
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2008-04-13] (Realtek Semiconductor Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-28 18:12 - 2017-07-28 18:12 - 00000000 ____D C:\Program Files\Common Files\Java
2017-07-28 18:10 - 2017-07-28 18:10 - 00000000 ____D C:\Documents and Settings\Administrator\desktop\FRST-OlderVersion
2017-07-28 14:35 - 2017-07-28 18:17 - 00020371 _____ C:\Documents and Settings\Administrator\desktop\Addition.txt
2017-07-28 14:34 - 2017-07-28 18:27 - 00011497 _____ C:\Documents and Settings\Administrator\desktop\FRST.txt
2017-07-28 14:33 - 2017-07-28 18:10 - 01778176 _____ (Farbar) C:\Documents and Settings\Administrator\desktop\FRST.exe
2017-07-28 14:28 - 2017-07-28 14:28 - 00032279 _____ C:\Documents and Settings\Administrator\My Documents\Shortcut.txt
2017-07-28 14:24 - 2017-07-28 14:28 - 00020377 _____ C:\Documents and Settings\Administrator\My Documents\Addition.txt
2017-07-28 14:23 - 2017-07-28 18:27 - 00000000 ____D C:\FRST
2017-07-28 14:23 - 2017-07-28 14:28 - 00020871 _____ C:\Documents and Settings\Administrator\My Documents\FRST.txt
2017-07-28 14:22 - 2017-07-28 14:22 - 01778176 _____ (Farbar) C:\Documents and Settings\Administrator\My Documents\FRST.exe
2017-07-28 10:19 - 2017-07-28 10:19 - 00006303 _____ C:\WINDOWS\resetlog.txt
2017-07-28 09:16 - 2017-07-28 09:16 - 00170688 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-07-26 02:59 - 2017-07-26 10:54 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2017-07-26 02:56 - 2017-07-26 10:54 - 00000000 ____D C:\Documents and Settings\Administrator\desktop\mbar
2017-07-26 02:09 - 2017-07-26 02:09 - 00147232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-07-26 02:08 - 2017-07-28 18:03 - 00221600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-07-26 02:08 - 2017-07-28 18:03 - 00040352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-07-26 02:07 - 2017-07-26 02:07 - 00001715 ____C C:\Documents and Settings\All Users\desktop\Malwarebytes.lnk
2017-07-26 02:07 - 2017-07-26 02:07 - 00000000 ____D C:\Program Files\Malwarebytes
2017-07-26 02:07 - 2017-07-26 02:07 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes
2017-07-26 02:07 - 2017-06-27 12:06 - 00059936 _____ C:\WINDOWS\system32\Drivers\mbae.sys
2017-07-13 08:41 - 2017-07-13 08:41 - 00000000 ____D C:\2acf4b2db1bb22675c54b9
2017-07-13 08:35 - 2017-07-13 08:35 - 00055004 ____C C:\Documents and Settings\Administrator\My Documents\lisoskie, adrienne repair.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-28 18:27 - 2012-08-10 09:20 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\temp
2017-07-28 18:24 - 2015-08-25 14:58 - 00000886 ____C C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-07-28 18:12 - 2014-10-28 12:18 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java
2017-07-28 18:12 - 2011-08-17 16:52 - 00000000 ____D C:\Program Files\Java
2017-07-28 18:11 - 2015-03-05 16:51 - 00095808 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2017-07-28 18:11 - 2011-08-17 16:52 - 00160256 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2017-07-28 18:03 - 2017-05-15 12:08 - 00000480 ____C C:\WINDOWS\Tasks\SafeZone scheduled Autoupdate 1494868102.job
2017-07-28 18:02 - 2015-08-25 14:58 - 00000882 ____C C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-07-28 18:02 - 2011-08-16 17:51 - 00000006 ___HC C:\WINDOWS\Tasks\SA.DAT
2017-07-28 18:02 - 2004-08-04 04:00 - 00013646 ____C C:\WINDOWS\system32\wpa.dbl
2017-07-28 18:01 - 2016-09-21 08:39 - 00095296 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2017-07-28 18:01 - 2013-08-13 06:24 - 00032468 _____ C:\WINDOWS\Tasks\SCHEDLGU.TXT
2017-07-28 18:01 - 2011-08-16 17:51 - 00000178 __SHC C:\Documents and Settings\Administrator\ntuser.ini
2017-07-28 14:38 - 2012-05-11 05:52 - 00000830 ____C C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-07-26 12:28 - 2014-05-28 09:34 - 00065536 _____ C:\WINDOWS\system32\config\TuneUp.evt
2017-07-26 12:28 - 2011-08-17 15:41 - 00065536 _____ C:\WINDOWS\system32\config\WindowsPowerShell.evt
2017-07-26 12:28 - 2011-08-17 15:41 - 00065536 _____ C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2017-07-26 12:28 - 2011-08-16 18:14 - 00065536 _____ C:\WINDOWS\system32\config\Internet.evt
2017-07-26 11:10 - 2011-08-16 17:51 - 00000000 ____D C:\Documents and Settings\Administrator
2017-07-26 10:27 - 2016-09-11 14:46 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2017-07-26 10:24 - 2017-05-15 11:56 - 00000000 ____D C:\Program Files\AVAST Software
2017-07-26 10:24 - 2011-08-16 17:41 - 00002577 ____C C:\WINDOWS\system32\CONFIG.NT
2017-07-26 03:49 - 2011-08-16 17:40 - 00023392 ____C C:\WINDOWS\system32\nscompat.tlb
2017-07-26 03:49 - 2011-08-16 17:40 - 00016832 ____C C:\WINDOWS\system32\amcompat.tlb
2017-07-26 03:35 - 2013-12-06 11:03 - 00000000 ____D C:\Program Files\Google
2017-07-26 03:35 - 2011-08-17 16:50 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2017-07-26 03:35 - 2011-08-16 17:51 - 00000803 ____C C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
2017-07-26 03:26 - 2012-08-10 09:20 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2017-07-26 03:26 - 2011-08-16 17:51 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Temp
2017-07-26 02:34 - 2014-07-22 13:53 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\ParetoLogic
2017-07-26 02:34 - 2014-07-22 13:52 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ParetoLogic
2017-07-26 02:07 - 2011-09-15 16:22 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2017-07-26 01:57 - 2011-08-16 12:23 - 00000000 ____D C:\Documents and Settings
2017-07-13 10:38 - 2011-08-16 12:12 - 00000000 ___HD C:\WINDOWS\inf
2017-07-13 09:47 - 2012-05-11 05:51 - 00803328 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2017-07-13 09:47 - 2011-08-17 16:51 - 00144896 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2017-07-13 09:41 - 2011-08-16 17:38 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-07-13 09:11 - 2004-08-04 04:00 - 00448501 ___RC C:\WINDOWS\system32\Drivers\etc\hosts.bak
2017-07-13 08:19 - 2017-05-15 11:59 - 00296800 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-07-13 08:19 - 2017-05-15 11:59 - 00202688 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys
2017-07-13 08:19 - 2017-05-15 11:59 - 00070840 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-07-13 08:19 - 2017-05-15 11:59 - 00042824 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-07-13 08:11 - 2017-05-15 11:59 - 00276704 ____C (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswblogx.sys
2017-07-13 08:11 - 2017-05-15 11:59 - 00266976 ____C (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdriverx.sys
2017-07-13 08:11 - 2017-05-15 11:59 - 00157384 ____C (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidshx.sys
2017-07-13 08:11 - 2017-05-15 11:59 - 00050352 ____C (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbunivx.sys


----------



## oldognewtrick (Jul 30, 2017)

====================
(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-28 18:27 - 2012-08-10 09:20 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\temp
2017-07-28 18:24 - 2015-08-25 14:58 - 00000886 ____C C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-07-28 18:12 - 2014-10-28 12:18 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java
2017-07-28 18:12 - 2011-08-17 16:52 - 00000000 ____D C:\Program Files\Java
2017-07-28 18:11 - 2015-03-05 16:51 - 00095808 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2017-07-28 18:11 - 2011-08-17 16:52 - 00160256 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2017-07-28 18:03 - 2017-05-15 12:08 - 00000480 ____C C:\WINDOWS\Tasks\SafeZone scheduled Autoupdate 1494868102.job
2017-07-28 18:02 - 2015-08-25 14:58 - 00000882 ____C C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-07-28 18:02 - 2011-08-16 17:51 - 00000006 ___HC C:\WINDOWS\Tasks\SA.DAT
2017-07-28 18:02 - 2004-08-04 04:00 - 00013646 ____C C:\WINDOWS\system32\wpa.dbl
2017-07-28 18:01 - 2016-09-21 08:39 - 00095296 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2017-07-28 18:01 - 2013-08-13 06:24 - 00032468 _____ C:\WINDOWS\Tasks\SCHEDLGU.TXT
2017-07-28 18:01 - 2011-08-16 17:51 - 00000178 __SHC C:\Documents and Settings\Administrator\ntuser.ini
2017-07-28 14:38 - 2012-05-11 05:52 - 00000830 ____C C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-07-26 12:28 - 2014-05-28 09:34 - 00065536 _____ C:\WINDOWS\system32\config\TuneUp.evt
2017-07-26 12:28 - 2011-08-17 15:41 - 00065536 _____ C:\WINDOWS\system32\config\WindowsPowerShell.evt
2017-07-26 12:28 - 2011-08-17 15:41 - 00065536 _____ C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2017-07-26 12:28 - 2011-08-16 18:14 - 00065536 _____ C:\WINDOWS\system32\config\Internet.evt
2017-07-26 11:10 - 2011-08-16 17:51 - 00000000 ____D C:\Documents and Settings\Administrator
2017-07-26 10:27 - 2016-09-11 14:46 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2017-07-26 10:24 - 2017-05-15 11:56 - 00000000 ____D C:\Program Files\AVAST Software
2017-07-26 10:24 - 2011-08-16 17:41 - 00002577 ____C C:\WINDOWS\system32\CONFIG.NT
2017-07-26 03:49 - 2011-08-16 17:40 - 00023392 ____C C:\WINDOWS\system32\nscompat.tlb
2017-07-26 03:49 - 2011-08-16 17:40 - 00016832 ____C C:\WINDOWS\system32\amcompat.tlb
2017-07-26 03:35 - 2013-12-06 11:03 - 00000000 ____D C:\Program Files\Google
2017-07-26 03:35 - 2011-08-17 16:50 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2017-07-26 03:35 - 2011-08-16 17:51 - 00000803 ____C C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
2017-07-26 03:26 - 2012-08-10 09:20 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2017-07-26 03:26 - 2011-08-16 17:51 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Temp
2017-07-26 02:34 - 2014-07-22 13:53 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\ParetoLogic
2017-07-26 02:34 - 2014-07-22 13:52 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ParetoLogic
2017-07-26 02:07 - 2011-09-15 16:22 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2017-07-26 01:57 - 2011-08-16 12:23 - 00000000 ____D C:\Documents and Settings
2017-07-13 10:38 - 2011-08-16 12:12 - 00000000 ___HD C:\WINDOWS\inf
2017-07-13 09:47 - 2012-05-11 05:51 - 00803328 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2017-07-13 09:47 - 2011-08-17 16:51 - 00144896 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2017-07-13 09:41 - 2011-08-16 17:38 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-07-13 09:11 - 2004-08-04 04:00 - 00448501 ___RC C:\WINDOWS\system32\Drivers\etc\hosts.bak
2017-07-13 08:19 - 2017-05-15 11:59 - 00296800 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-07-13 08:19 - 2017-05-15 11:59 - 00202688 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys
2017-07-13 08:19 - 2017-05-15 11:59 - 00070840 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-07-13 08:19 - 2017-05-15 11:59 - 00042824 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-07-13 08:11 - 2017-05-15 11:59 - 00276704 ____C (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswblogx.sys
2017-07-13 08:11 - 2017-05-15 11:59 - 00266976 ____C (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdriverx.sys
2017-07-13 08:11 - 2017-05-15 11:59 - 00157384 ____C (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidshx.sys
2017-07-13 08:11 - 2017-05-15 11:59 - 00050352 ____C (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbunivx.sys

==================== Files in the root of some directories =======

2016-08-09 16:10 - 2016-08-09 16:10 - 0204388 ____C () C:\Documents and Settings\All Users\Application Data\1470776853.bdinstall.bin
2016-09-10 09:01 - 2016-09-10 09:01 - 0012731 ____C () C:\Documents and Settings\All Users\Application Data\1473516096.bdinstall.bin
2016-09-10 09:07 - 2016-09-10 09:07 - 0012735 ____C () C:\Documents and Settings\All Users\Application Data\1473516465.bdinstall.bin
2016-09-11 14:12 - 2016-09-11 14:12 - 0012782 ____C () C:\Documents and Settings\All Users\Application Data\1473621057.bdinstall.bin
2016-09-11 14:12 - 2016-09-11 14:12 - 0008608 ____C () C:\Documents and Settings\All Users\Application Data\1473621134.bdinstall.bin
2016-09-11 14:15 - 2016-09-11 14:15 - 0012783 ____C () C:\Documents and Settings\All Users\Application Data\1473621351.bdinstall.bin
2016-09-11 14:20 - 2016-09-11 14:20 - 0012782 ____C () C:\Documents and Settings\All Users\Application Data\1473621611.bdinstall.bin
2016-09-11 14:24 - 2016-09-11 14:24 - 0036955 ____C () C:\Documents and Settings\All Users\Application Data\1473621843.bdinstall.bin
2016-09-11 14:25 - 2016-09-11 14:25 - 0179331 ____C () C:\Documents and Settings\All Users\Application Data\1473621850.bdinstall.bin
2016-09-11 14:34 - 2016-09-11 14:34 - 0036096 ____C () C:\Documents and Settings\All Users\Application Data\1473622480.bdinstall.bin
2016-09-11 14:35 - 2016-09-11 14:35 - 0058578 ____C () C:\Documents and Settings\All Users\Application Data\1473622488.bdinstall.bin
2016-09-11 14:39 - 2016-09-11 14:39 - 0092522 ____C () C:\Documents and Settings\All Users\Application Data\1473622699.bdinstall.bin
2017-05-15 07:09 - 2017-05-15 07:09 - 0013163 ____C () C:\Documents and Settings\All Users\Application Data\agent.1494850163.bdinstall.bin

Some files in TEMP:
====================
2017-07-28 18:08 - 2017-07-28 18:08 - 0740416 _____ (Oracle Corporation) C:\Documents and Settings\Administrator\Local Settings\temp\jre-8u144-windows-au.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================


----------



## Nick (Jul 30, 2017)

Just put it all together , Will look through and post back .


----------



## havasu (Jul 30, 2017)

Im telling you Tom, It is all them girlie sites you view!


----------



## oldognewtrick (Jul 30, 2017)

havasu said:


> Im telling you Tom, It is all them girlie sites you view!



Isn't porn the reason the internet was invented?


----------



## Nick (Jul 30, 2017)

I still need second log from FRST. That should have come up under the first Notpad ..


----------



## Nick (Jul 31, 2017)

download Farbar Recovery Scan Tool and save it to your Desktop.

http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    Double-click to run it. When the tool opens click Yes to disclaimer.
    Press Scan button.
    It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    The first time the tool is run, it makes also another log (Addition.txt).

Post both logs .


----------



## oldognewtrick (Jul 31, 2017)

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-07-2017
Ran by Administrator (28-07-2017 18:28:09)
Running from C:\Documents and Settings\Administrator\desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2011-08-16 22:44:22)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1715567821-2147082821-1417001333-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-1715567821-2147082821-1417001333-1003 - Limited - Enabled)
Guest (S-1-5-21-1715567821-2147082821-1417001333-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1715567821-2147082821-1417001333-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1715567821-2147082821-1417001333-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus Free Edition (Disabled - Up to date) {9488E0FA-F058-4673-850E-E755F112BABC}
AV: Malwarebytes (Enabled - Up to date) {D4AC7077-9720-47B0-8B38-DFAF3AA21DB6}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 26 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
ATI - Software Uninstall Utility (HKLM\...\All ATI Software) (Version: 6.14.10.1012 - )
ATI Control Panel (HKLM\...\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}) (Version: 6.14.10.5160 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.16-050713a1-025450C - )
Canon MG3100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3100_series) (Version:  - )
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant AC-Link Audio (HKLM\...\CNXT_AUDIO) (Version:  - )
Data Fax SoftModem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_3091103C) (Version:  - )
Google Earth (HKLM\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
ieSpell (HKLM\...\ieSpell) (Version: 2.6.4 (build 573) - Red Egg Software)
Intel(R) Integrated Performance Primitives Run-Time Installer 5.1 for Windows* on IA-32 Intel(R) Architecture (HKLM\...\{BAE06076-DB3F-4936-8864-249A7B2AA662}) (Version: 5.1.1.3 - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
Java 7 Update 80 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217080FF}) (Version: 7.0.800 - Oracle)
Java 8 Update 101 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java 8 Update 144 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Java 8 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Java 8 Update 66 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.17 - Oracle Corporation)
Junk Mail filter update (HKLM\...\{8E5233E1-7495-44FB-8DEB-4BE906D59619}) (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
LibreOffice 3.3 (HKLM\...\{CD068533-1A20-47F6-B1A2-196725B1320F}) (Version: 3.3.401 - LibreOffice)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2656353) (HKLM\...\M2656353) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2656370) (HKLM\...\M2656370) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM\...\{172423F9-522A-483A-AD65-03600CE4CA4F}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Revo Uninstaller 2.0.3 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.3 - VS Revo Group, Ltd.)
SafeZone Stable 1.48.2066.120 (HKLM\...\SafeZone 1.48.2066.120) (Version: 1.48.2066.120 - Avast Software) Hidden
SAMSUNG Intelli-studio (HKLM\...\Intelli-studio) (Version: 3.1.32.1 - Samsung Electronics Co., Ltd.)
Segoe UI (HKLM\...\{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}) (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.0.13.2 - Synaptics)
Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM\...\InstallShield_{AD7914E1-6453-4440-AEC7-02C72AD6FE5F}) (Version: 1.20.0000 - Texas Instruments Inc.)
TIPCI (HKLM\...\{AD7914E1-6453-4440-AEC7-02C72AD6FE5F}) (Version: 1.20.0000 - Texas Instruments Inc.) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)

==================== Scheduled Tasks=============================


----------



## oldognewtrick (Jul 31, 2017)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\SafeZone scheduled Autoupdate 1494868102.job => C:\Program Files\AVAST Software\SZBrowser\launcher.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============


==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7849 more sites.

IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\123simsen.com -> www.123simsen.com

There are 7849 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-04 04:00 - 2017-07-28 10:18 - 00000736 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1715567821-2147082821-1417001333-500\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 75.75.75.75 - 75.75.76.76
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Google Update => "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe] => Enabled:Windows Live Sync
DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\wlcsdk.exe] => Enabled:Windows Live Call
DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\msnmsgr.exe] => Enabled:Windows Live Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe] => Enabled:Windows Live Sync
StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\wlcsdk.exe] => Enabled:Windows Live Call
StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\msnmsgr.exe] => Enabled:Windows Live Messenger
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNetisabledxpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNetisabledxpsp2res.dll,-22008

==================== Restore Points =========================

28-07-2017 09:38:44 Revo Uninstaller's restore point - CCleaner

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/26/2017 12:27:53 PM) (Source: NativeWrapper) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (07/26/2017 12:27:51 PM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 - Update '{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log.

Error: (07/26/2017 12:27:50 PM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1.  The Windows installer cannot continue.


----------



## oldognewtrick (Jul 31, 2017)

System errors:
=============
Error: (07/28/2017 09:28:05 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

Error: (07/28/2017 09:28:05 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.

Error: (07/28/2017 09:28:00 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1053 = The service did not respond to the start or control request in a timely fashion." attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (07/26/2017 12:27:54 PM) (Source: Windows Update Agent) (EventID: 20) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2833941).


==================== Memory info =========================== 

Processor: AMD Turion(tm) 64 Mobile Technology ML-30
Percentage of memory in use: 54%
Total physical RAM: 894.48 MB
Available physical RAM: 410.74 MB
Total Virtual: 2165.68 MB
Available Virtual: 1806.92 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.52 GB) (Free:58.33 GB) NTFS ==>[drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: 95AA95AA)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


----------



## Nick (Jul 31, 2017)

Thanks , Will post back as soon as i go through it ..


----------



## Nick (Jul 31, 2017)

Download RogueKiller from one of the following links and save it to your Desktop:
http://www.google.com/url?sa=t&rct=...49mfq3FsHLbxLFGL0fuFeBg&bvm=bv.82001339,d.cWc


    Close all the running programs
    Double click on downloaded setup.exe file to install the program.
    Click on Start Scan button.
    Click on another Start Scan button.
    Wait until the Status box shows Scan Finished
    Click on Remove Selected.
    Wait until the Status box shows Deleting Finished.
    Click on Report and copy/paste the content of the Notepad into your next reply.
    RKreport.txt could also be found on your desktop.
    If more than one log is produced post all logs.

 Please download Malwarebytes to your desktop. 

http://www.malwarebytes.org/lp/lp4_r/?gclid=CLOYxbX44r8CFVQV7AodqW4A7Q

    Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
    Then click Finish.
    Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
    If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
    When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
    Restart your computer when prompted to do so.
    The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Please download AdwCleaner by Xplode and save to your Desktop.

https://www.google.com/url?q=http:/...ds-cse&usg=AFQjCNGutdN9wOdu8KZXx9wR_uuJypViDg

    Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
    The tool will start to update the database if one is required.
    Click on the Scan button.
    AdwCleaner will begin...be patient as the scan may take some time to complete.
    After the scan has finished, click on the Logfile button.
    A window will open which lists the logs of your scans.
    Click on the Scan tab.
    Double-click the most recent scan which will be at the top of the list....the log will appear.
    Review the results...see note below
    After reviewing the log, click on the Clean button.
    Press OK when asked to close all programs and follow the onscreen prompts.
    Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
    To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
    Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
    A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.


Please download Junkware Removal Tool to your desktop.

https://www.google.com/url?q=http:/...ds-cse&usg=AFQjCNHRNd33dPrs-cHoNHpoRrPrc0h7gg

    Shut down your protection software now to avoid potential conflicts.
    Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    Post the contents of JRT.txt into your next message. 

View attachment default_Have a nice day.gif


----------



## oldognewtrick (Aug 1, 2017)

RogueKiller V12.11.8.0 [Jul 24 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Administrator [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Scan -- Date : 08/01/2017 07:27:53 (Duration : 00:25:01)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 10 ¤¤¤
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} -> Found
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} -> Found
[PUP.Gen1] HKEY_LOCAL_MACHINE\Software\VBMZ -> Found
[PUP.Gen1] HKEY_USERS\S-1-5-21-1715567821-2147082821-1417001333-500\Software\Appscion -> Found
[PUP.Gen1] HKEY_USERS\S-1-5-21-1715567821-2147082821-1417001333-500\Software\IM -> Found
[PUP.Gen1] HKEY_USERS\S-1-5-21-1715567821-2147082821-1417001333-500\Software\ParetoLogic -> Found
[PUP.Gen0] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {21FA44EF-376D-4D53-9B0F-8A89D3229068} :   -> Found
[PUP.Gen0] HKEY_USERS\S-1-5-21-1715567821-2147082821-1417001333-500\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {21FA44EF-376D-4D53-9B0F-8A89D3229068} :   -> Found
[PUM.Proxy] HKEY_USERS\S-1-5-21-1715567821-2147082821-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : :0  -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-1715567821-2147082821-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 2  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 10 ¤¤¤
[PUP.Gen1][Folder] C:\Documents and Settings\Administrator\Application Data\DriverCure -> Found
[PUP.Gen1][Folder] C:\Documents and Settings\Administrator\Application Data\ParetoLogic -> Found
[PUP.Gen1][Folder] C:\Documents and Settings\Administrator\Local Settings\Application Data\PackageAware -> Found
[PUP.Gen1][Folder] C:\Documents and Settings\All Users\Application Data\ParetoLogic -> Found
[PUP.Gen1][Folder] C:\Program Files\Downloaded Installers -> Found
[PUP.Gen1][Folder] C:\Program Files\Instair -> Found
[PUP.Gen1][Folder] C:\Program Files\Yahoo!\Companion -> Found
[PUP.Gen1][Folder] C:\Documents and Settings\Administrator\Application Data\DriverCure -> Found
[PUP.Gen1][Folder] C:\Documents and Settings\Administrator\Application Data\ParetoLogic -> Found
[PUP.Gen1][Folder] C:\Documents and Settings\All Users\Application Data\ParetoLogic -> Found

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: FUJITSU MHV2080AT PL +++++
--- User ---
[MBR] bd659ad304365a5c1a63ead8bbaeceaf
[BSP] 0207e91ee81502746bb26c7bd4e16169 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 76308 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
User = LL2 ... OK


----------



## oldognewtrick (Aug 1, 2017)

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 8/1/17
Scan Time: 8:08 AM
Log File: 
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.160
Update Package Version: 1.0.2483
License: Trial

-System Information-
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: OWNER-7F5980B60\Administrator

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 228600
Threats Detected: 2
Threats Quarantined: 2
Time Elapsed: 16 min, 4 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 1
PUP.Optional.Spigot.Generic, HKU\S-1-5-21-1715567821-2147082821-1417001333-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{8F607A00-2F74-4E52-8295-49CDEB050B91}, Quarantined, [1858], [368913],1.0.2483

Registry Value: 1
PUP.Optional.Spigot.Generic, HKU\S-1-5-21-1715567821-2147082821-1417001333-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{8F607A00-2F74-4E52-8295-49CDEB050B91}|URL, Quarantined, [1858], [368913],1.0.2483

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)


----------



## oldognewtrick (Aug 1, 2017)

Adwcleaner won't run, says invalid file 32


----------



## oldognewtrick (Aug 1, 2017)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Microsoft Windows XP x86 
Ran by Administrator (Administrator) on Tue 08/01/2017 at  8:52:11.95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 11 

Successfully deleted: C:\Documents and Settings\Administrator\Application Data\fixcleaner (Folder) 
Successfully deleted: C:\WINDOWS\wininit.ini (File) 
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0IHGAZA6 (Temporary Internet Files Folder) 
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6403S24A (Temporary Internet Files Folder) 
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G6YLAHQB (Temporary Internet Files Folder) 
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\MYMHPK87 (Temporary Internet Files Folder) 
Successfully deleted: C:\Program Files\fixcleaner (Folder) 
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0IHGAZA6 (Temporary Internet Files Folder) 
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6403S24A (Temporary Internet Files Folder) 
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\G6YLAHQB (Temporary Internet Files Folder) 
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\MYMHPK87 (Temporary Internet Files Folder) 



Registry: 2 

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value) 




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 08/01/2017 at  8:53:08.54
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


----------



## Nick (Aug 1, 2017)

Running any better ? Will post back after i go through these logs .


----------



## oldognewtrick (Aug 1, 2017)

Yes, it is running better, but I have to hot the refresh button several times to get the complete page to load sometimes. The header will usually load but the body comes up as a blank page. After hitting refresh it will eventually load.


----------



## oldognewtrick (Aug 1, 2017)

Before. I could hardly get the thing to access a word program or even get on the net. Things load and I can access the web and sites. 

Thank you Nick for all your help, its greatly appreciated!


----------



## Nick (Aug 1, 2017)

My Pleasure . We are not finished yet. Please don't run any other cleaning software till i give the Ok.

Not getting your reply's in my e mail..


----------



## oldognewtrick (Aug 1, 2017)

Nick said:


> My Pleasure . We are not finished yet. Please don't run any other cleaning software till i give the Ok.
> *
> Not getting your reply's in my e mail.*.



I'll put an airmail stamp on them from now on...


----------



## Nick (Aug 1, 2017)

What Browser are you using oldog ?


----------



## Nick (Aug 1, 2017)

Please download ComboFix from Here, http://www.google.com/url?sa=t&rct=...IR0NKZdnds9Tmpf2EF1zxBQ&bvm=bv.82001339,d.cWc to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

    Never rename Combofix unless instructed.
    Close any open browsers.
    Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    Close any open browsers.
    WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
    Double click on combofix.exe & follow the prompts.

    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.

    When finished, it will produce a report for you.
    Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.majorgeeks.com/files/details/appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill ( http://www.majorgeeks.com/files/details/appremover.htmlto your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Restart computer in safe mode

    Double-click on the Rkill desktop icon to run the tool.
    If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
    A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    If not, delete the file, then download and use another .
    Do not reboot until instructed.
    If the tool does not run from any of the links provided, please let me know.


When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.


----------



## oldognewtrick (Aug 1, 2017)

Internet explorer


----------



## Nick (Aug 1, 2017)

Wish the text box was a little wider !!


----------



## Nick (Aug 1, 2017)

oldognewtrick said:


> Internet explorer



Thanks , Run those programs , if you are not sure of something. STOP, and post back ..


----------



## oldognewtrick (Aug 1, 2017)

ComboFix 17-07-31.01 - Administrator 08/01/2017  21:28:52.3.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.894.585 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Bitdefender Antivirus Free Edition *Disabled/Updated* {9488E0FA-F058-4673-850E-E755F112BABC}
AV: Malwarebytes *Disabled/Updated* {D4AC7077-9720-47B0-8B38-DFAF3AA21DB6}
FW:  *Enabled* {9488E0FA-F058-4673-850E-E755F112BABC}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\1470776853.bdinstall.bin
c:\documents and settings\All Users\Application Data\1473516096.bdinstall.bin
c:\documents and settings\All Users\Application Data\1473516465.bdinstall.bin
c:\documents and settings\All Users\Application Data\1473621057.bdinstall.bin
c:\documents and settings\All Users\Application Data\1473621134.bdinstall.bin
c:\documents and settings\All Users\Application Data\1473621351.bdinstall.bin
c:\documents and settings\All Users\Application Data\1473621611.bdinstall.bin
c:\documents and settings\All Users\Application Data\1473621843.bdinstall.bin
c:\documents and settings\All Users\Application Data\1473621850.bdinstall.bin
c:\documents and settings\All Users\Application Data\1473622480.bdinstall.bin
c:\documents and settings\All Users\Application Data\1473622488.bdinstall.bin
c:\documents and settings\All Users\Application Data\1473622699.bdinstall.bin
.
.
(((((((((((((((((((((((((   Files Created from 2017-07-02 to 2017-08-02  )))))))))))))))))))))))))))))))
.
.
2017-08-01 11:49 . 2017-08-01 12:27	24688	----a-w-	c:\windows\system32\drivers\TrueSight.sys
2017-08-01 11:49 . 2017-08-01 13:00	--------	d-----w-	c:\documents and settings\All Users\Application Data\RogueKiller
2017-08-01 11:49 . 2017-08-01 11:49	--------	d-----w-	c:\program files\RogueKiller
2017-08-01 11:48 . 2017-08-01 11:48	--------	d-----w-	C:\Documents
2017-07-28 23:12 . 2017-07-28 23:12	--------	d-----w-	c:\program files\Common Files\Java
2017-07-28 19:23 . 2017-07-28 23:31	--------	d-----w-	C:\FRST
2017-07-26 07:59 . 2017-07-29 02:40	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2017-07-26 07:09 . 2017-07-26 07:09	147232	----a-w-	c:\windows\system32\drivers\MBAMChameleon.sys
2017-07-26 07:08 . 2017-08-01 14:54	40352	----a-w-	c:\windows\system32\drivers\mbam.sys
2017-07-26 07:08 . 2017-08-01 14:54	221600	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-07-26 07:07 . 2017-06-27 17:06	59936	----a-w-	c:\windows\system32\drivers\mbae.sys
2017-07-26 07:07 . 2017-07-26 07:07	--------	d-----w-	c:\program files\Malwarebytes
2017-07-13 13:41 . 2017-07-13 13:41	--------	d-----w-	C:\2acf4b2db1bb22675c54b9
2017-07-04 00:38 . 2017-07-04 00:38	17406208	-c--a-w-	c:\program files\Common Files\Microsoft Shared\OFFICE12\MSO.DLL
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-07-28 23:11 . 2015-03-05 21:51	95808	-c--a-w-	c:\windows\system32\WindowsAccessBridge.dll
2017-07-28 23:11 . 2011-08-17 21:52	160256	-c--a-w-	c:\windows\system32\javacpl.cpl
2017-07-13 14:47 . 2012-05-11 10:51	803328	-c--a-w-	c:\windows\system32\FlashPlayerApp.exe
2017-07-13 14:47 . 2011-08-17 21:51	144896	-c--a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2017-07-13 13:19 . 2017-05-15 16:59	202688	-c--a-w-	c:\windows\system32\drivers\aswStmXP.sys
2017-07-13 13:19 . 2017-05-15 16:59	296800	-c--a-w-	c:\windows\system32\drivers\aswVmm.sys
2017-07-13 13:19 . 2017-05-15 16:59	70840	-c--a-w-	c:\windows\system32\drivers\aswRvrt.sys
2017-07-13 13:19 . 2017-05-15 16:59	42824	-c--a-w-	c:\windows\system32\drivers\aswHwid.sys
2017-07-13 13:11 . 2017-05-15 16:59	50352	-c--a-w-	c:\windows\system32\drivers\aswbunivx.sys
2017-07-13 13:11 . 2017-05-15 16:59	276704	-c--a-w-	c:\windows\system32\drivers\aswblogx.sys
2017-07-13 13:11 . 2017-05-15 16:59	157384	-c--a-w-	c:\windows\system32\drivers\aswbidshx.sys
2017-07-13 13:11 . 2017-05-15 16:59	266976	-c--a-w-	c:\windows\system32\drivers\aswbidsdriverx.sys
2017-05-15 12:09 . 2017-05-15 12:09	13163	-c--a-w-	c:\documents and settings\All Users\Application Data\agent.1494850163.bdinstall.bin
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-05-08 959904]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-07-14 344064]
"Malwarebytes TrayApp"="c:\program files\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe" [2017-05-09 3146704]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2017-07-22 587288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2014-05-08 13:48	959904	-c--a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2017-07-22 04:05	587288	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
.
R0 aswbidsh;aswbidsh;\SystemRoot\\SystemRoot\system32\drivers\aswbidshx.sys --> \SystemRoot\\SystemRoot\system32\drivers\aswbidshx.sys [?]
R0 aswblog;aswblog;\SystemRoot\\SystemRoot\system32\drivers\aswblogx.sys --> \SystemRoot\\SystemRoot\system32\drivers\aswblogx.sys [?]
R0 aswbuniv;aswbuniv;\SystemRoot\\SystemRoot\system32\drivers\aswbunivx.sys --> \SystemRoot\\SystemRoot\system32\drivers\aswbunivx.sys [?]
R0 aswRvrt;aswRvrt;\SystemRoot\\SystemRoot\system32\drivers\aswRvrt.sys --> \SystemRoot\\SystemRoot\system32\drivers\aswRvrt.sys [?]
R0 aswVmm;aswVmm;\SystemRoot\\SystemRoot\system32\drivers\aswVmm.sys --> \SystemRoot\\SystemRoot\system32\drivers\aswVmm.sys [?]
R1 aswbidsdriver;aswbidsdriver;c:\windows\system32\drivers\aswbidsdriverx.sys [5/15/2017 11:59 AM 266976]
R1 MBAMChameleon;MBAMChameleon;c:\windows\system32\drivers\MBAMChameleon.sys [7/26/2017 2:09 AM 147232]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [8/22/2005 4:06 PM 231424]
S2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\MBAMService.exe [7/26/2017 2:07 AM 3398608]
S3 aswHwid;aswHwid;c:\windows\system32\drivers\aswHwid.sys [5/15/2017 11:59 AM 42824]
S3 aswStmXP;aswStmXP;c:\windows\system32\drivers\aswStmXP.sys [5/15/2017 11:59 AM 202688]
S3 cpuz134;cpuz134;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - ESProtectionDriver
.
Contents of the 'Scheduled Tasks' folder
.
2017-08-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-11 14:48]
.
2017-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-08-25 19:58]
.
2017-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-08-25 19:58]
.
2016-03-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-27 01:59]
.
2017-08-01 c:\windows\Tasks\SafeZone scheduled Autoupdate 1494868102.job
- c:\program files\AVAST Software\SZBrowser\launcher.exe [2017-05-15 08:42]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.yahoo.com/
mStart Page = https://www.yahoo.com/?fr=hp-avast&type=agc511
mSearch Bar = https://www.yahoo.com/?fr=hp-avast&type=agc511
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.


----------



## oldognewtrick (Aug 1, 2017)

.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
MSConfigStartUp-Google Update - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2017-08-01 21:34
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,79,4f,8f,02,c9,7e,e0,47,97,7d,30,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,79,4f,8f,02,c9,7e,e0,47,97,7d,30,\
.
[HKEY_USERS\S-1-5-21-1715567821-2147082821-1417001333-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9f,96,d8,22,7d,0b,38,4b,ad,d2,b6,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9f,96,d8,22,7d,0b,38,4b,ad,d2,b6,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_26_0_0_137_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_26_0_0_137_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(552)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2017-08-01  21:36:38
ComboFix-quarantined-files.txt  2017-08-02 02:36
ComboFix2.txt  2012-08-09 17:23
.
Pre-Run: 62,226,706,432 bytes free
Post-Run: 62,261,723,136 bytes free
.
- - End Of File - - 413D67061B9E967DFE555B266F91EF4C
8F558EB6672622401DA993E1E865C861


----------



## oldognewtrick (Aug 1, 2017)

This program seems to have solved the loading of a web page problem I described.


----------



## Nick (Aug 1, 2017)

Reset Internet Explorer.
Download MIcrosoft FixIt file from here https://support.microsoft.com/en-us/help/2970908/how-to-use-microsoft-easy-fix-solutions

You can use ANY browser to download "FixIt" file.
Double click on downloaded MicrosoftFixit50195.msi file to run the fix. 

Someone fixed the e mail . Must have been Angie . Thanks .


----------



## havasu (Aug 2, 2017)

?? How can anyone know this stuff??

Nick, you're a genious.


----------



## oldognewtrick (Aug 2, 2017)

I thought I was having a problem with windows, I couldn't get web pages to load, couldn't get the Fixit page to load...I downloaded Chrome and now there's no issues loading pages. I don't have a problem using chrome if you say it's ok. All other issues seem to have cleared up.


----------



## Chris (Aug 2, 2017)

I've been using chrome for years and love it.


----------



## Nick (Aug 2, 2017)

havasu said:


> ?? How can anyone know this stuff??
> 
> Nick, you're a genious.



Thanks Hav , Just a old dog though .


----------



## Nick (Aug 2, 2017)

oldognewtrick said:


> I thought I was having a problem with windows, I couldn't get web pages to load, couldn't get the Fixit page to load...I downloaded Chrome and now there's no issues loading pages. I don't have a problem using chrome if you say it's ok. All other issues seem to have cleared up.



Chrome is good , Still want you to fix IE. You can use chrome to do it .

Reset Internet Explorer.
Download MIcrosoft FixIt file from here https://support.microsoft.com/en-us/...-fix-solutions

You can use ANY browser to download "FixIt" file.
Double click on downloaded MicrosoftFixit50195.msi file to run the fix.

Post # 50


----------



## Nick (Aug 2, 2017)

*Re-run Farbar Recovery Scan Tool (FRST/FRST64) *you ran at the very beginning of this topic.

    Double click to run it.
    Make sure you checkmark Addition.txt box.
    Press Scan button.
    Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.


----------



## oldognewtrick (Aug 2, 2017)

I checked the addition box, what about the other boxes in the option section?


----------



## oldognewtrick (Aug 2, 2017)

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 31-07-2017
Ran by Administrator (02-08-2017 18:29:33)
Running from C:\Documents and Settings\Administrator\desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2011-08-16 22:44:22)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1715567821-2147082821-1417001333-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-1715567821-2147082821-1417001333-1003 - Limited - Enabled)
Guest (S-1-5-21-1715567821-2147082821-1417001333-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1715567821-2147082821-1417001333-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1715567821-2147082821-1417001333-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus Free Edition (Disabled - Up to date) {9488E0FA-F058-4673-850E-E755F112BABC}
AV: Malwarebytes (Disabled - Up to date) {D4AC7077-9720-47B0-8B38-DFAF3AA21DB6}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 26 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
ATI - Software Uninstall Utility (HKLM\...\All ATI Software) (Version: 6.14.10.1012 - )
ATI Control Panel (HKLM\...\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}) (Version: 6.14.10.5160 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.16-050713a1-025450C - )
Canon MG3100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3100_series) (Version:  - )
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant AC-Link Audio (HKLM\...\CNXT_AUDIO) (Version:  - )
Data Fax SoftModem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_3091103C) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Earth (HKLM\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
ieSpell (HKLM\...\ieSpell) (Version: 2.6.4 (build 573) - Red Egg Software)
Intel(R) Integrated Performance Primitives Run-Time Installer 5.1 for Windows* on IA-32 Intel(R) Architecture (HKLM\...\{BAE06076-DB3F-4936-8864-249A7B2AA662}) (Version: 5.1.1.3 - Intel Corporation)
Java 7 Update 80 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217080FF}) (Version: 7.0.800 - Oracle)
Java 8 Update 101 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java 8 Update 144 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Java 8 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Java 8 Update 66 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.17 - Oracle Corporation)
Junk Mail filter update (HKLM\...\{8E5233E1-7495-44FB-8DEB-4BE906D59619}) (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
LibreOffice 3.3 (HKLM\...\{CD068533-1A20-47F6-B1A2-196725B1320F}) (Version: 3.3.401 - LibreOffice)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2656353) (HKLM\...\M2656353) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2656370) (HKLM\...\M2656370) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM\...\{172423F9-522A-483A-AD65-03600CE4CA4F}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Revo Uninstaller 2.0.3 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.3 - VS Revo Group, Ltd.)
RogueKiller version 12.11.8.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.8.0 - Adlice Software)
SafeZone Stable 1.48.2066.120 (HKLM\...\SafeZone 1.48.2066.120) (Version: 1.48.2066.120 - Avast Software) Hidden
SAMSUNG Intelli-studio (HKLM\...\Intelli-studio) (Version: 3.1.32.1 - Samsung Electronics Co., Ltd.)
Segoe UI (HKLM\...\{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}) (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.0.13.2 - Synaptics)
Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM\...\InstallShield_{AD7914E1-6453-4440-AEC7-02C72AD6FE5F}) (Version: 1.20.0000 - Texas Instruments Inc.)
TIPCI (HKLM\...\{AD7914E1-6453-4440-AEC7-02C72AD6FE5F}) (Version: 1.20.0000 - Texas Instruments Inc.) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)


----------



## oldognewtrick (Aug 2, 2017)

Addi

==================== Scheduled Tasks=============================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\SafeZone scheduled Autoupdate 1494868102.job => C:\Program Files\AVAST Software\SZBrowser\launcher.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============


==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7849 more sites.

IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\123simsen.com -> www.123simsen.com

There are 7847 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-04 04:00 - 2017-08-01 21:34 - 000000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1715567821-2147082821-1417001333-500\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 75.75.75.75 - 75.75.76.76
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe] => Enabled:Windows Live Sync
DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\wlcsdk.exe] => Enabled:Windows Live Call
DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\msnmsgr.exe] => Enabled:Windows Live Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe] => Enabled:Windows Live Sync
StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\wlcsdk.exe] => Enabled:Windows Live Call
StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\msnmsgr.exe] => Enabled:Windows Live Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNetisabledxpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNetisabledxpsp2res.dll,-22008

==================== Restore Points =========================

28-07-2017 09:38:44 Revo Uninstaller's restore point - CCleaner
28-07-2017 21:46:00 Software Distribution Service 3.0
30-07-2017 09:12:26 Software Distribution Service 3.0
31-07-2017 10:11:20 System Checkpoint
01-08-2017 06:04:45 Software Distribution Service 3.0
01-08-2017 08:52:19 JRT Pre-Junkware Removal
01-08-2017 08:56:46 Software Distribution Service 3.0
01-08-2017 22:16:04 Software Distribution Service 3.0
02-08-2017 08:41:11 Software Distribution Service 3.0
02-08-2017 12:15:50 Software Distribution Service 3.0
02-08-2017 15:26:24 Software Distribution Service 3.0

==================== Faulty Device Manager Devices =============


----------



## oldognewtrick (Aug 2, 2017)

Additi

==================== Event log errors: =========================

Application errors:
==================
Error: (08/02/2017 03:27:07 PM) (Source: NativeWrapper) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (08/02/2017 03:27:06 PM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 - Update '{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log.

Error: (08/02/2017 03:27:05 PM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1.  The Windows installer cannot continue.

Error: (08/02/2017 12:16:35 PM) (Source: NativeWrapper) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (08/02/2017 12:16:34 PM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 - Update '{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log.

Error: (08/02/2017 12:16:32 PM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1.  The Windows installer cannot continue.

Error: (08/02/2017 08:42:20 AM) (Source: NativeWrapper) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (08/02/2017 08:42:19 AM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 - Update '{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log.

Error: (08/02/2017 08:42:18 AM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1.  The Windows installer cannot continue.

Error: (08/01/2017 10:16:44 PM) (Source: NativeWrapper) (EventID: 5000) (User: )
Description: Event-ID 5000


System errors:
=============
Error: (08/02/2017 03:27:08 PM) (Source: Windows Update Agent) (EventID: 20) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2833941).

Error: (08/02/2017 01:25:23 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 10.0.0.11 for the Network Card with network address 0014A52DCA3C has been
denied by the DHCP server 172.20.20.1 (The DHCP Server sent a DHCPNACK message).

Error: (08/02/2017 12:16:36 PM) (Source: Windows Update Agent) (EventID: 20) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2833941).

Error: (08/02/2017 08:49:50 AM) (Source: Windows Update Agent) (EventID: 20) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2833941).

Error: (08/01/2017 10:18:13 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 172.20.20.20 for the Network Card with network address 0014A52DCA3C has been
denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

Error: (08/01/2017 10:16:45 PM) (Source: Windows Update Agent) (EventID: 20) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2833941).

Error: (08/01/2017 10:10:11 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 10.0.0.11 for the Network Card with network address 0014A52DCA3C has been
denied by the DHCP server 172.20.20.1 (The DHCP Server sent a DHCPNACK message).

Error: (08/01/2017 10:08:44 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (08/01/2017 10:07:50 PM) (Source: DCOM) (EventID: 10005) (User: OWNER-7F5980B60)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (08/01/2017 10:06:40 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
AmdPPM
aswbidsdriver
aswbidsh
aswblog
aswbuniv
aswRvrt
aswVmm
ESProtectionDriver
Fips


==================== Memory info =========================== 

Processor: AMD Turion(tm) 64 Mobile Technology ML-30
Percentage of memory in use: 30%
Total physical RAM: 894.48 MB
Available physical RAM: 619.42 MB
Total Virtual: 2165.88 MB
Available Virtual: 1959.71 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.52 GB) (Free:57.33 GB) NTFS ==>[drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: 95AA95AA)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


----------



## Nick (Aug 3, 2017)

oldognewtrick said:


> I checked the addition box, what about the other boxes in the option section?



Just the addition box.


----------



## Nick (Aug 3, 2017)

oldognewtrick said:


> I checked the addition box, what about the other boxes in the option section?



Where is the FRST.txt Log . Do it like you did it the first time with the  the addition box checked, and post both logs .


----------



## oldognewtrick (Aug 3, 2017)

Well, life got in the way before I could send the other log....


----------



## Nick (Aug 3, 2017)

Not a problem . run it again so i can get a clean Addt txt log.

Working on giving you a new XP Confuser ..


----------



## oldognewtrick (Aug 3, 2017)

Might be a day or two, at the hospital with my mom. She broke her hip, waiting on surgery.


----------



## Nick (Aug 3, 2017)

Not a problem, Hope she gets well soon..


----------



## havasu (Aug 3, 2017)

Sorry to hear Tom. Make sure to bring a phone charger with you!


----------



## oldognewtrick (Aug 3, 2017)

She broke her femur near the ball of the socket, they're doing a partial replacement at 1:00 tomorrow. Came home and finished daughters radiator replacement, that's one thing out of the way. Back up at 7:00 to meet with the anathiesoglist, its Miller Time...


----------



## Nick (Aug 3, 2017)

Ouch! Give her the sites best ..


----------



## havasu (Aug 4, 2017)

Sorry to hear. Seems your days are gunna get busy for awhile.


----------



## Nick (Aug 6, 2017)

You get a chance Oldo Post that FSS scan , and the Addt scan so i can finish cleaning your confuser .

How is your mom doing ?


----------



## oldognewtrick (Aug 14, 2017)

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 31-07-2017
Ran by Administrator (14-08-2017 13:08:07)
Running from C:\Documents and Settings\Administrator\desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2011-08-16 22:44:22)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1715567821-2147082821-1417001333-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-1715567821-2147082821-1417001333-1003 - Limited - Enabled)
Guest (S-1-5-21-1715567821-2147082821-1417001333-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1715567821-2147082821-1417001333-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1715567821-2147082821-1417001333-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus Free Edition (Disabled - Up to date) {9488E0FA-F058-4673-850E-E755F112BABC}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 26 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
ATI - Software Uninstall Utility (HKLM\...\All ATI Software) (Version: 6.14.10.1012 - )
ATI Control Panel (HKLM\...\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}) (Version: 6.14.10.5160 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.16-050713a1-025450C - )
Canon MG3100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3100_series) (Version:  - )
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant AC-Link Audio (HKLM\...\CNXT_AUDIO) (Version:  - )
Data Fax SoftModem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_3091103C) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Earth (HKLM\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
ieSpell (HKLM\...\ieSpell) (Version: 2.6.4 (build 573) - Red Egg Software)
Intel(R) Integrated Performance Primitives Run-Time Installer 5.1 for Windows* on IA-32 Intel(R) Architecture (HKLM\...\{BAE06076-DB3F-4936-8864-249A7B2AA662}) (Version: 5.1.1.3 - Intel Corporation)
Java 7 Update 80 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217080FF}) (Version: 7.0.800 - Oracle)
Java 8 Update 101 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java 8 Update 144 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Java 8 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Java 8 Update 66 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.17 - Oracle Corporation)
Junk Mail filter update (HKLM\...\{8E5233E1-7495-44FB-8DEB-4BE906D59619}) (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
LibreOffice 3.3 (HKLM\...\{CD068533-1A20-47F6-B1A2-196725B1320F}) (Version: 3.3.401 - LibreOffice)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2656353) (HKLM\...\M2656353) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2656370) (HKLM\...\M2656370) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM\...\{172423F9-522A-483A-AD65-03600CE4CA4F}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Revo Uninstaller 2.0.3 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.3 - VS Revo Group, Ltd.)
RogueKiller version 12.11.8.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.8.0 - Adlice Software)
SafeZone Stable 1.48.2066.120 (HKLM\...\SafeZone 1.48.2066.120) (Version: 1.48.2066.120 - Avast Software) Hidden
SAMSUNG Intelli-studio (HKLM\...\Intelli-studio) (Version: 3.1.32.1 - Samsung Electronics Co., Ltd.)
Segoe UI (HKLM\...\{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}) (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.0.13.2 - Synaptics)
Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM\...\InstallShield_{AD7914E1-6453-4440-AEC7-02C72AD6FE5F}) (Version: 1.20.0000 - Texas Instruments Inc.)
TIPCI (HKLM\...\{AD7914E1-6453-4440-AEC7-02C72AD6FE5F}) (Version: 1.20.0000 - Texas Instruments Inc.) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)


----------



## oldognewtrick (Aug 14, 2017)

A

==================== Scheduled Tasks=============================C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\SafeZone scheduled Autoupdate 1494868102.job => C:\Program Files\AVAST Software\SZBrowser\launcher.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============


==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7849 more sites.

IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\123simsen.com -> www.123simsen.com

There are 7847 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-04 04:00 - 2017-08-01 21:34 - 000000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1715567821-2147082821-1417001333-500\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 75.75.75.75 - 75.75.76.76
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe] => Enabled:Windows Live Sync
DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\wlcsdk.exe] => Enabled:Windows Live Call
DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\msnmsgr.exe] => Enabled:Windows Live Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe] => Enabled:Windows Live Sync
StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\wlcsdk.exe] => Enabled:Windows Live Call
StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\msnmsgr.exe] => Enabled:Windows Live Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNetisabledxpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNetisabledxpsp2res.dll,-22008

===


----------



## oldognewtrick (Aug 14, 2017)

Additi
==================== Restore Points =========================

28-07-2017 09:38:44 Revo Uninstaller's restore point - CCleaner
28-07-2017 21:46:00 Software Distribution Service 3.0
30-07-2017 09:12:26 Software Distribution Service 3.0
31-07-2017 10:11:20 System Checkpoint
01-08-2017 06:04:45 Software Distribution Service 3.0
01-08-2017 08:52:19 JRT Pre-Junkware Removal
01-08-2017 08:56:46 Software Distribution Service 3.0
01-08-2017 22:16:04 Software Distribution Service 3.0
02-08-2017 08:41:11 Software Distribution Service 3.0
02-08-2017 12:15:50 Software Distribution Service 3.0
02-08-2017 15:26:24 Software Distribution Service 3.0
02-08-2017 20:40:05 Software Distribution Service 3.0

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/02/2017 08:40:40 PM) (Source: NativeWrapper) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (08/02/2017 08:40:40 PM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 - Update '{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log.

Error: (08/02/2017 08:40:39 PM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1.  The Windows installer cannot continue.

Error: (08/02/2017 03:27:07 PM) (Source: NativeWrapper) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (08/02/2017 03:27:06 PM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 - Update '{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log.

Error: (08/02/2017 03:27:05 PM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1.  The Windows installer cannot continue.

Error: (08/02/2017 12:16:35 PM) (Source: NativeWrapper) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (08/02/2017 12:16:34 PM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 - Update '{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log.

Error: (08/02/2017 12:16:32 PM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1.  The Windows installer cannot continue.

Error: (08/02/2017 08:42:20 AM) (Source: NativeWrapper) (EventID: 5000) (User: )
Description: Event-ID 5000


System errors:
=============
Error: (08/14/2017 01:03:00 PM) (Source: Schannel) (EventID: 4116) (User: )
Description: The certificate received from the remote server does not contain the expected name.
It is therefore not possible to determine whether we are connecting to the 
correct server. The server name we were expecting is au.avastbrowser.com. The SSL connection request has 
failed. The attached data contains the server certificate.

Error: (08/02/2017 08:40:41 PM) (Source: Windows Update Agent) (EventID: 20) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2833941).

Error: (08/02/2017 03:27:08 PM) (Source: Windows Update Agent) (EventID: 20) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2833941).

Error: (08/02/2017 01:25:23 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 10.0.0.11 for the Network Card with network address 0014A52DCA3C has been
denied by the DHCP server 172.20.20.1 (The DHCP Server sent a DHCPNACK message).

Error: (08/02/2017 12:16:36 PM) (Source: Windows Update Agent) (EventID: 20) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2833941).

Error: (08/02/2017 08:49:50 AM) (Source: Windows Update Agent) (EventID: 20) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2833941).

Error: (08/01/2017 10:18:13 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 172.20.20.20 for the Network Card with network address 0014A52DCA3C has been
denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

Error: (08/01/2017 10:16:45 PM) (Source: Windows Update Agent) (EventID: 20) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2833941).

Error: (08/01/2017 10:10:11 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 10.0.0.11 for the Network Card with network address 0014A52DCA3C has been
denied by the DHCP server 172.20.20.1 (The DHCP Server sent a DHCPNACK message).

Error: (08/01/2017 10:08:44 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}


==================== Memory info =========================== 

Processor: AMD Turion(tm) 64 Mobile Technology ML-30
Percentage of memory in use: 52%
Total physical RAM: 894.48 MB
Available physical RAM: 428.27 MB
Total Virtual: 2165.88 MB
Available Virtual: 1698.4 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.52 GB) (Free:57.3 GB) NTFS ==>[drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: 95AA95AA)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


----------



## oldognewtrick (Aug 14, 2017)

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-07-2017
Ran by Administrator (administrator) on OWNER-7F5980B60 (14-08-2017 13:05:32)
Running from C:\Documents and Settings\Administrator\desktop
Loaded Profiles: Administrator (Available Profiles: Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(ATI Technologies, Inc.) C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPStart] => C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2007-09-15] (Synaptics, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [ATIPTA] => C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [344064 2005-07-13] (ATI Technologies, Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKLM\...\Run: [DWQueuedReporting] => c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2005-07-14] (ATI Technologies Inc.)
HKU\S-1-5-21-1715567821-2147082821-1417001333-500\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{1847F907-36D7-46C7-8DF5-740892773AAE}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=hp-avast&type=agc511
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1715567821-2147082821-1417001333-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/
HKU\S-1-5-21-1715567821-2147082821-1417001333-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1715567821-2147082821-1417001333-500 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1715567821-2147082821-1417001333-500 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-07-28] (Oracle Corporation)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-07-28] (Oracle Corporation)
BHO: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> No File
Toolbar: HKU\S-1-5-21-1715567821-2147082821-1417001333-500 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1715567821-2147082821-1417001333-500 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iqr3k201.default-1440529984671 [2017-07-28]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-08-17] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-13] ()
FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-07-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-07-28] (Oracle Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-02] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)

Chrome: 
=======
CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default [2017-08-02]
CHR Extension: (Google Slides) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-08-02]
CHR Extension: (Google Docs) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-08-02]
CHR Extension: (Google Drive) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-02]
CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-02]
CHR Extension: (Google Sheets) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-08-02]
CHR Extension: (Google Docs Offline) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-02]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-02]
CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-02]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-07-13] (Adobe Systems Incorporated) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3398608 2017-05-09] (Malwarebytes)

===================== Drivers (Whitelisted) ======================

(I


----------



## oldognewtrick (Aug 14, 2017)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AmdPPM; C:\WINDOWS\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices)
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdriverx.sys [266976 2017-07-13] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidshx.sys [157384 2017-07-13] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswblogx.sys [276704 2017-07-13] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbunivx.sys [50352 2017-07-13] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [42824 2017-07-13] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [70840 2017-07-13] (AVAST Software)
S3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [202688 2017-07-13] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [296800 2017-07-13] (AVAST Software)
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [1391104 2008-10-23] (Broadcom Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae.sys [59936 2017-06-27] ()
R2 fssfltr; C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys [54760 2010-04-28] (Microsoft Corporation)
R3 HSFHWATI; C:\WINDOWS\System32\DRIVERS\HSFHWATI.sys [231424 2005-08-22] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [1035008 2005-08-22] (Conexant Systems, Inc.)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [147232 2017-08-14] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [221600 2017-08-14] (Malwarebytes)
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2008-04-13] (Realtek Semiconductor Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-02 18:25 - 2017-08-02 18:25 - 000000000 ____D C:\Documents and Settings\Administrator\desktop\FRST-OlderVersion
2017-08-02 11:57 - 2017-08-02 11:57 - 000001819 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome.lnk
2017-08-02 11:57 - 2017-08-02 11:57 - 000001813 _____ C:\Documents and Settings\All Users\desktop\Google Chrome.lnk
2017-08-01 22:04 - 2017-08-01 22:08 - 000090386 _____ C:\WINDOWS\ntbtlog.txt
2017-08-01 21:46 - 2017-08-01 21:46 - 012019984 _____ (OPSWAT, Inc.) C:\Documents and Settings\Administrator\desktop\AppRemover.exe
2017-08-01 21:36 - 2017-08-14 13:06 - 000000000 ____D C:\Documents and Settings\Administrator\Local Settings\temp
2017-08-01 21:36 - 2017-08-01 21:36 - 000012830 _____ C:\ComboFix.txt
2017-08-01 21:36 - 2017-08-01 21:36 - 000000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2017-08-01 21:36 - 2017-08-01 21:36 - 000000000 ____D C:\Documents and Settings\LocalService\Local Settings\temp
2017-08-01 21:25 - 2017-08-01 21:25 - 005659660 ____R (Swearware) C:\Documents and Settings\Administrator\desktop\ComboFix.exe
2017-08-01 08:53 - 2017-08-01 08:53 - 000002296 _____ C:\Documents and Settings\Administrator\desktop\JRT.txt
2017-08-01 08:51 - 2017-08-01 08:51 - 001790024 _____ (Malwarebytes) C:\Documents and Settings\Administrator\desktop\JRT.exe
2017-08-01 08:37 - 2017-08-01 08:37 - 008185288 _____ (Malwarebytes) C:\Documents and Settings\Administrator\desktop\adwcleaner.exe
2017-08-01 06:49 - 2017-08-01 08:00 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\RogueKiller
2017-08-01 06:49 - 2017-08-01 07:27 - 000024688 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-08-01 06:49 - 2017-08-01 06:49 - 000000718 _____ C:\Documents and Settings\All Users\desktop\RogueKiller.lnk
2017-08-01 06:49 - 2017-08-01 06:49 - 000000000 ____D C:\Program Files\RogueKiller
2017-08-01 06:49 - 2017-08-01 06:49 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\RogueKiller
2017-08-01 06:46 - 2017-08-01 06:46 - 035709112 _____ (Adlice Software ) C:\Documents and Settings\Administrator\desktop\RogueKiller_setup_ref3.exe
2017-07-28 18:12 - 2017-07-28 18:12 - 000000000 ____D C:\Program Files\Common Files\Java
2017-07-28 14:35 - 2017-08-02 18:32 - 000024126 ____C C:\Documents and Settings\Administrator\desktop\Addition.txt
2017-07-28 14:34 - 2017-08-14 13:06 - 000011871 ____C C:\Documents and Settings\Administrator\desktop\FRST.txt
2017-07-28 14:33 - 2017-08-02 18:25 - 001777664 _____ (Farbar) C:\Documents and Settings\Administrator\desktop\FRST.exe
2017-07-28 14:28 - 2017-07-28 14:28 - 000032279 ____C C:\Documents and Settings\Administrator\My Documents\Shortcut.txt
2017-07-28 14:24 - 2017-07-28 14:28 - 000020377 ____C C:\Documents and Settings\Administrator\My Documents\Addition.txt
2017-07-28 14:23 - 2017-08-14 13:05 - 000000000 ____D C:\FRST
2017-07-28 14:23 - 2017-07-28 14:28 - 000020871 ____C C:\Documents and Settings\Administrator\My Documents\FRST.txt
2017-07-28 14:22 - 2017-07-28 14:22 - 001778176 ____C (Farbar) C:\Documents and Settings\Administrator\My Documents\FRST.exe
2017-07-28 10:19 - 2017-07-28 10:19 - 000006303 ____C C:\WINDOWS\resetlog.txt
2017-07-28 09:16 - 2017-07-28 09:16 - 000170688 ____C C:\WINDOWS\system32\FNTCACHE.DAT
2017-07-26 02:59 - 2017-07-28 21:40 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2017-07-26 02:56 - 2017-07-28 21:40 - 000000000 ____D C:\Documents and Settings\Administrator\desktop\mbar
2017-07-26 02:09 - 2017-08-14 13:02 - 000147232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-07-26 02:08 - 2017-08-14 13:03 - 000040352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-07-26 02:08 - 2017-08-14 13:02 - 000221600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-07-26 02:07 - 2017-07-26 02:07 - 000001715 ____C C:\Documents and Settings\All Users\desktop\Malwarebytes.lnk
2017-07-26 02:07 - 2017-07-26 02:07 - 000000000 ____D C:\Program Files\Malwarebytes
2017-07-26 02:07 - 2017-07-26 02:07 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes
2017-07-26 02:07 - 2017-06-27 12:06 - 000059936 _____ C:\WINDOWS\system32\Drivers\mbae.sys

==================== One Month Modified files and folders ========

(


----------



## oldognewtrick (Aug 14, 2017)

Scan result of Farbar Rec

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-14 13:03 - 2017-05-15 12:08 - 000000480 ____C C:\WINDOWS\Tasks\SafeZone scheduled Autoupdate 1494868102.job
2017-08-14 13:03 - 2004-08-04 04:00 - 000013646 ____C C:\WINDOWS\system32\wpa.dbl
2017-08-14 13:02 - 2015-08-25 14:58 - 000000882 ____C C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-08-14 13:02 - 2011-08-16 17:51 - 000000006 ___HC C:\WINDOWS\Tasks\SA.DAT
2017-08-02 20:40 - 2016-09-21 08:39 - 000095296 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2017-08-02 20:40 - 2013-08-13 06:24 - 000032522 _____ C:\WINDOWS\Tasks\SCHEDLGU.TXT
2017-08-02 20:39 - 2011-08-16 17:51 - 000000178 __SHC C:\Documents and Settings\Administrator\ntuser.ini
2017-08-02 20:38 - 2012-05-11 05:52 - 000000830 ____C C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-08-02 20:24 - 2015-08-25 14:58 - 000000886 ____C C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-08-02 11:57 - 2013-12-06 11:03 - 000000000 ____D C:\Program Files\Google
2017-08-02 11:57 - 2011-08-17 16:50 - 000000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2017-08-01 22:00 - 2011-08-16 17:45 - 000000000 __SHD C:\Documents and Settings\NetworkService
2017-08-01 21:36 - 2012-08-09 12:03 - 000000000 ____D C:\Qoobox
2017-08-01 21:34 - 2004-08-04 04:00 - 000000245 _____ C:\WINDOWS\system.ini
2017-08-01 21:33 - 2011-08-17 16:56 - 000000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Temp
2017-08-01 07:58 - 2011-12-03 20:04 - 000000000 ____D C:\Program Files\Yahoo!
2017-07-28 18:12 - 2014-10-28 12:18 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java
2017-07-28 18:12 - 2011-08-17 16:52 - 000000000 ____D C:\Program Files\Java
2017-07-28 18:11 - 2015-03-05 16:51 - 000095808 ____C (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2017-07-28 18:11 - 2011-08-17 16:52 - 000160256 ____C (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2017-07-26 12:28 - 2014-05-28 09:34 - 000065536 _____ C:\WINDOWS\system32\config\TuneUp.evt
2017-07-26 12:28 - 2011-08-17 15:41 - 000065536 _____ C:\WINDOWS\system32\config\WindowsPowerShell.evt
2017-07-26 12:28 - 2011-08-17 15:41 - 000065536 _____ C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2017-07-26 12:28 - 2011-08-16 18:14 - 000065536 _____ C:\WINDOWS\system32\config\Internet.evt
2017-07-26 11:10 - 2011-08-16 17:51 - 000000000 ____D C:\Documents and Settings\Administrator
2017-07-26 10:27 - 2016-09-11 14:46 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2017-07-26 10:24 - 2017-05-15 11:56 - 000000000 ____D C:\Program Files\AVAST Software
2017-07-26 10:24 - 2011-08-16 17:41 - 000002577 ____C C:\WINDOWS\system32\CONFIG.NT
2017-07-26 03:49 - 2011-08-16 17:40 - 000023392 ____C C:\WINDOWS\system32\nscompat.tlb
2017-07-26 03:49 - 2011-08-16 17:40 - 000016832 ____C C:\WINDOWS\system32\amcompat.tlb
2017-07-26 03:35 - 2011-08-16 17:51 - 000000803 ____C C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
2017-07-26 02:07 - 2011-09-15 16:22 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2017-07-26 01:57 - 2011-08-16 12:23 - 000000000 ____D C:\Documents and Settings

==================== Files in the root of some directories =======

2017-05-15 07:09 - 2017-05-15 07:09 - 000013163 ____C () C:\Documents and Settings\All Users\Application Data\agent.1494850163.bdinstall.bin

Some files in TEMP:
====================
2017-08-02 20:17 - 2010-12-09 10:15 - 000718336 _____ (Microsoft Corporation) C:\Documents and Settings\Administrator\Local Settings\temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================


----------



## Chris (Aug 14, 2017)

You guys are speaking French?


----------



## oldognewtrick (Aug 14, 2017)

It's all Nick, I'm lost in space...


----------



## Nick (Aug 14, 2017)

Will post back later after i go through all this .


----------



## Rusty (Aug 14, 2017)

Chris said:


> You guys are speaking French?



I was young, but sounds like the language on the mother ship.


----------



## Nick (Aug 14, 2017)

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.


http://www.majorgeeks.com/files/details/farbar_recovery_scan_tool_64_bit.html


----------



## oldognewtrick (Aug 15, 2017)

The smart computing link is password protected and doesn't give me accesses


----------



## Nick (Aug 15, 2017)

Will fix.


----------



## Nick (Aug 15, 2017)

O, PM me your e mail, I'll send it to you as a attachment .


----------



## oldognewtrick (Aug 17, 2017)

I cant get frst64 to run, says not valid win 32


----------



## Nick (Aug 17, 2017)

Sorry , You need to run Frst 32 bit .

http://www.majorgeeks.com/files/details/farbar_recovery_scan_tool.html


----------



## oldognewtrick (Aug 18, 2017)

Sc

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-17 13:22 - 2017-08-17 13:22 - 000000672 _____ C:\Documents and Settings\Administrator\desktop\Shortcut to FRST64.lnk
2017-08-17 11:58 - 2017-08-17 11:58 - 000000714 _____ C:\Documents and Settings\Administrator\desktop\fixlist.txt
2017-08-14 14:05 - 2017-08-14 14:05 - 000032472 ____C C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2017-08-14 14:04 - 2017-08-14 14:04 - 000215828 ____C C:\Documents and Settings\All Users\Application Data\1502737275.bdinstall.bin
2017-08-14 14:04 - 2017-08-14 14:04 - 000001867 ____C C:\Documents and Settings\All Users\desktop\Bitdefender Antivirus Free Edition.lnk
2017-08-14 14:04 - 2017-08-14 14:04 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus Free Edition
2017-08-14 14:03 - 2013-04-17 13:59 - 000633344 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avc3.sys
2017-08-14 14:03 - 2013-04-17 13:59 - 000486536 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avckf.sys
2017-08-14 14:03 - 2012-11-02 13:17 - 000242504 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avchv.sys
2017-08-14 14:02 - 2017-08-14 14:04 - 000000000 ____D C:\Program Files\Bitdefender
2017-08-14 14:02 - 2017-08-14 14:03 - 000016135 _____ C:\Report 2017-08-14 14.02.29.txt
2017-08-14 14:01 - 2013-05-28 11:11 - 000355744 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\Drivers\trufos.sys
2017-08-14 14:01 - 2013-04-22 12:20 - 000164952 _____ (BitDefender LLC) C:\WINDOWS\system32\Drivers\gzflt.sys
2017-08-14 13:54 - 2017-08-14 13:54 - 000014115 ____C C:\Documents and Settings\All Users\Application Data\agent.1502736858.bdinstall.bin
2017-08-02 18:25 - 2017-08-02 18:25 - 000000000 ____D C:\Documents and Settings\Administrator\desktop\FRST-OlderVersion
2017-08-02 11:57 - 2017-08-02 11:57 - 000001819 ____C C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome.lnk
2017-08-02 11:57 - 2017-08-02 11:57 - 000001813 ____C C:\Documents and Settings\All Users\desktop\Google Chrome.lnk
2017-08-01 22:04 - 2017-08-01 22:08 - 000090386 ____C C:\WINDOWS\ntbtlog.txt
2017-08-01 21:46 - 2017-08-01 21:46 - 012019984 ____C (OPSWAT, Inc.) C:\Documents and Settings\Administrator\desktop\AppRemover.exe
2017-08-01 21:36 - 2017-08-18 08:13 - 000000000 ____D C:\Documents and Settings\Administrator\Local Settings\temp
2017-08-01 21:36 - 2017-08-01 21:36 - 000012830 _____ C:\ComboFix.txt
2017-08-01 21:36 - 2017-08-01 21:36 - 000000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2017-08-01 21:36 - 2017-08-01 21:36 - 000000000 ____D C:\Documents and Settings\LocalService\Local Settings\temp
2017-08-01 21:25 - 2017-08-01 21:25 - 005659660 ___RC (Swearware) C:\Documents and Settings\Administrator\desktop\ComboFix.exe
2017-08-01 08:53 - 2017-08-01 08:53 - 000002296 ____C C:\Documents and Settings\Administrator\desktop\JRT.txt
2017-08-01 08:51 - 2017-08-01 08:51 - 001790024 ____C (Malwarebytes) C:\Documents and Settings\Administrator\desktop\JRT.exe
2017-08-01 08:37 - 2017-08-15 07:21 - 008185288 ____C (Malwarebytes) C:\Documents and Settings\Administrator\desktop\adwcleaner.exe
2017-08-01 06:49 - 2017-08-01 08:00 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\RogueKiller
2017-08-01 06:49 - 2017-08-01 07:27 - 000024688 ____C C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-08-01 06:49 - 2017-08-01 06:49 - 000000718 ____C C:\Documents and Settings\All Users\desktop\RogueKiller.lnk
2017-08-01 06:49 - 2017-08-01 06:49 - 000000000 ____D C:\Program Files\RogueKiller
2017-08-01 06:49 - 2017-08-01 06:49 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\RogueKiller
2017-08-01 06:46 - 2017-08-01 06:46 - 035709112 ____C (Adlice Software ) C:\Documents and Settings\Administrator\desktop\RogueKiller_setup_ref3.exe
2017-07-28 18:12 - 2017-07-28 18:12 - 000000000 ____D C:\Program Files\Common Files\Java
2017-07-28 14:35 - 2017-08-14 13:12 - 000024266 ____C C:\Documents and Settings\Administrator\desktop\Addition.txt
2017-07-28 14:34 - 2017-08-14 13:12 - 000020997 ____C C:\Documents and Settings\Administrator\desktop\FRST.txt
2017-07-28 14:33 - 2017-08-02 18:25 - 001777664 ____C (Farbar) C:\Documents and Settings\Administrator\desktop\FRST.exe
2017-07-28 14:28 - 2017-07-28 14:28 - 000032279 ____C C:\Documents and Settings\Administrator\My Documents\Shortcut.txt
2017-07-28 14:24 - 2017-07-28 14:28 - 000020377 ____C C:\Documents and Settings\Administrator\My Documents\Addition.txt
2017-07-28 14:23 - 2017-08-18 08:12 - 000000000 ____D C:\FRST
2017-07-28 14:23 - 2017-07-28 14:28 - 000020871 ____C C:\Documents and Settings\Administrator\My Documents\FRST.txt
2017-07-28 14:22 - 2017-07-28 14:22 - 001778176 ____C (Farbar) C:\Documents and Settings\Administrator\My Documents\FRST.exe
2017-07-28 10:19 - 2017-07-28 10:19 - 000006303 ____C C:\WINDOWS\resetlog.txt
2017-07-28 09:16 - 2017-07-28 09:16 - 000170688 ____C C:\WINDOWS\system32\FNTCACHE.DAT
2017-07-26 02:59 - 2017-07-28 21:40 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2017-07-26 02:56 - 2017-07-28 21:40 - 000000000 ____D C:\Documents and Settings\Administrator\desktop\mbar
2017-07-26 02:09 - 2017-08-14 13:02 - 000147232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-07-26 02:08 - 2017-08-17 12:12 - 000221600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-07-26 02:08 - 2017-08-14 13:03 - 000040352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-07-26 02:07 - 2017-07-26 02:07 - 000001715 ____C C:\Documents and Settings\All Users\desktop\Malwarebytes.lnk
2017-07-26 02:07 - 2017-07-26 02:07 - 000000000 ____D C:\Program Files\Malwarebytes
2017-07-26 02:07 - 2017-07-26 02:07 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes
2017-07-26 02:07 - 2017-06-27 12:06 - 000059936 _____ C:\WINDOWS\system32\Drivers\mbae.sys

==================== One Month Modified files and folders ========


----------



## havasu (Aug 18, 2017)

Tom, I goofed on a forward message and wiped out your data. Can you repost?


----------



## Nick (Aug 18, 2017)

That was a fixlist.txt log that opens in Notepad . Can't be recreated .

Please , Only the person with the computer issue post in this forum.

 Thanks. 

View attachment signature_1.gif


----------



## oldognewtrick (Aug 19, 2017)

Fix result of Farbar Recovery Scan Tool (x86) Version: 17-08-2017
Ran by Administrator (18-08-2017 08:27:21) Run:2
Running from C:\Documents and Settings\Administrator\desktop
Loaded Profiles: Administrator (Available Profiles: Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> No File
Toolbar: HKU\S-1-5-21-1715567821-2147082821-1417001333-500 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-1715567821-2147082821-1417001333-500 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
2017-05-15 07:09 - 2017-05-15 07:09 - 000013163 ____C () C:\Documents and Settings\All Users\Application Data\agent.1494850163.bdinstall.bin
2017-08-02 20:17 - 2010-12-09 10:15 - 000718336 _____ (Microsoft Corporation) C:\Documents and Settings\Administrator\Local Settings\temp\dllnt_dump.dll

*****************

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6} => key not found. 
HKLM\Software\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} => key not found. 
HKLM\Software\Classes\CLSID\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} => key not found. 
HKU\S-1-5-21-1715567821-2147082821-1417001333-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value not found.
HKLM\Software\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found. 
HKU\S-1-5-21-1715567821-2147082821-1417001333-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value not found.
HKLM\Software\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found. 
"C:\Documents and Settings\All Users\Application Data\agent.1494850163.bdinstall.bin" => not found.
"C:\Documents and Settings\Administrator\Local Settings\temp\dllnt_dump.dll" => not found.

==== End of Fixlog 08:27:49 ====


----------



## oldognewtrick (Aug 19, 2017)

Do you also need the other logs? If so can I email them, it's a pain having to abide by the 10k limit.


----------



## Nick (Aug 19, 2017)

What other logs are we speaking of ?


----------



## oldognewtrick (Aug 19, 2017)

I don't know...remember, only thing I know about computers is how to turn them on and break them....


----------



## Nick (Aug 19, 2017)

Last scans....

Download Security Check from here https://www.google.com/url?q=http:/...ds-cse&usg=AFQjCNENO4w5me--YcEHPWGvs4xVWVOVSw  and save it to your Desktop.

    Double-click SecurityCheck.exe
    Follow the onscreen instructions inside of the black box.
    A Notepad document should open automatically called checkup.txt; please post the contents of that document.



NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.  http://www.majorgeeks.com/files/details/farbar_service_scanner.html'

Make sure the following options are checked:

    Internet Services
    Windows Firewall
    System Restore
    Security Center
    Windows Update
    Windows Defender
    Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


 Download Temp File Cleaner (TFC)


    Double click on TFC.exe to run the program.
    Click on Start button to begin cleaning process.
    TFC will close all running programs, and it may ask you to restart computer.

http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/

 Download Sophos Free Virus Removal Tool and save it to your desktop.

http://www.majorgeeks.com/files/details/sophos_virus_removal_tool.html

    Double click the icon and select Run
    Click Next
    Select I accept the terms in this license agreement, then click Next twice
    Click Install
    Click Finish to launch the program
    Once the virus database has been updated click Start Scanning
    If any threats are found click Details, then View log file... (bottom left hand corner)
    Copy and paste the results in your reply
    Close the Notepad document, close the Threat Details screen, then click Start cleanup
    Click Exit to close the program


----------



## oldognewtrick (Aug 20, 2017)

Results of screen317's Security Check version 0.99.93  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
*``````````````Antivirus/Firewall Check:``````````````* 
 Windows Firewall Enabled!  
Bitdefender Antivirus Free Edition   
 Antivirus up to date!  
*`````````Anti-malware/Other Utilities Check:`````````* 
 Java 7 Update 80  
 Java 8 Update 101  
 Java 8 Update 144  
 Java 8 Update 40  
 Java 8 Update 45  
 Java 8 Update 51  
 Java 8 Update 66  
*Java version 32-bit out of Date!* 
 Adobe Flash Player 	26.0.0.151  
 Adobe Reader XI  
 Google Chrome (49.0.2623.112) 
*````````Process Check: objlist.exe by Laurent````````* 
 Malwarebytes Anti-Malware mbamservice.exe  
 Bitdefender Antivirus Free Edition gzserv.exe  
 Bitdefender Antivirus Free Edition gziface.exe  
 Malwarebytes Anti-Malware mbamtray.exe  
*`````````````````System Health check`````````````````* 
 Total Fragmentation on Drive C:: 0% 
*````````````````````End of Log``````````````````````*


----------



## oldognewtrick (Aug 20, 2017)

Farbar Service Scanner Version: 27-01-2016
Ran by Administrator (administrator) on 20-08-2017 at 15:28:54
Running from "C:\Documents and Settings\Administrator\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Policy: 
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Other Services:
==============


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\afd.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\netbt.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\tcpip.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\ipsec.sys => File is digitally signed
C:\WINDOWS\system32\dnsrslvr.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\ipnathlp.dll => File is digitally signed
C:\WINDOWS\system32\netman.dll => File is digitally signed
C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
C:\WINDOWS\system32\srsvc.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\sr.sys => File is digitally signed
C:\WINDOWS\system32\wscsvc.dll => File is digitally signed
C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
C:\WINDOWS\system32\wuauserv.dll => File is digitally signed
C:\WINDOWS\system32\qmgr.dll => File is digitally signed
C:\WINDOWS\system32\es.dll => File is digitally signed
C:\WINDOWS\system32\cryptsvc.dll => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed

Extra List:
=======
fssfltr(8) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4) 
0x0F00000005000000010000000200000003000000040000000A000000090000000B0000000E0000000C0000000D00000010000000060000000700000008000000
IpSec Tag value is correct.

**** End of log ****


----------



## oldognewtrick (Aug 20, 2017)

Sophos scan results, NO Threats Found.


----------



## Nick (Aug 21, 2017)

Your computer is clean . 

View attachment Mr Clean.jpg


----------



## Nick (Aug 21, 2017)

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
delfix.pngDelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles. http://redirect.viglink.com/?format...<strong class="bbc">DelFix by Xplode</strong>

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

    Activate UAC (optional; some users prefer to keep it off)
    Remove disinfection tools
    Create registry backup
    Purge System Restore
    Reset system settings


Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!
4. Check if your browser plugins are up to date.
5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

6 Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

7  Download and install Secunia Personal Software Inspector (PSI):  The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly. 
http://www.google.com/url?sa=t&rct=...=vbc8qk_3pofy6HdWfINOOQ&bvm=bv.77880786,d.aWw

8 (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker. http://filehippo.com/download_app_manager
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

9 When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

Please, let me know, how your computer is doing.


----------



## oldognewtrick (Aug 23, 2017)

Thanks again Nick for all your help and time you spent walking me through the process. It works a ton better than before for a old machine that gets used for mainly garage related stuff. Makes it so much easier than having to go upstairs or read stuff on a smart phone.


----------



## Nick (Aug 23, 2017)

.... 

View attachment Your Welcome.gif


----------

