Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Used AdwCleaner, now have bigger problems


  • This topic is locked This topic is locked
32 replies to this topic

#1 tshobie

tshobie

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 11 February 2016 - 01:43 AM

Hello!  My daughter's XP had a ton of ad pop-ups and browser switching involving reimageplus.com.  I did some searching to see how to stop it and landed on bleepingcomputer and followed some instructions that included using AdwCleaner.  It scanned and listed 4 things.  Not knowing what they were, and not thinking the program would bring up something the computer needed with the option to delete, I deleted.  Big mistake.  Now Firefox will not load, box pops up that says Failed to read the configuration file. Please contact your system administrator.  And now the computer won't play videos, flash player problem now too.  Am able to open IE but it is slow and get 'not responding' a lot.  But no more pop-ads anyway.

 

I tried uninstalling firefox and reinstalling and get the same message when I try to open.  I tried updating flash player and could not also.

 

So AdwCleaner removed some things from the computer that were needed, I have no idea what or how to get them back.

 

Help?


Edited by tshobie, 11 February 2016 - 01:49 AM.


BC AdBot (Login to Remove)

 


#2 satchfan

satchfan

  • Malware Response Team
  • 2,661 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:03:28 AM

Posted 11 February 2016 - 06:05 AM

Hello tshobie and welcome to Bleeping Computer.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

AdwCleaner is not designed to alter any settings so it is very unlikely that it was the cause.

Let’s see what was deleted. Please post the Adwcleaner log which should beshould be located at C:\AdwCleaner[S1].txt

===================================================

Run Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


  • right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • press Scan button
  • it will produce a log called Frst.txt in the same directory the tool is run from
  • please copy and paste log back here.
  • the first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the Frst.txt into your reply.

Logs to include with next post:

AdwCleaner[S1].txt
Frst.txt
Addition.txt


Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#3 tshobie

tshobie
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 11 February 2016 - 06:35 PM

Thank you for your help!  Here we go:

 

AdwCleaner[S1].txt -

 

# AdwCleaner v5.033 - Logfile created 10/02/2016 at 20:45:23
# Updated 07/02/2016 by Xplode
# Database : 2016-02-07.2 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Administrator - HOME-6225A9E2BF
# Running from : C:\Documents and Settings\Administrator\My Documents\Downloads\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

Service Found : iSafeKrnlBoot
Service Found : iSafeNetFilter
Service Found : netfilter
Service Found : vToolbarUpdater40.2.5

***** [ Folders ] *****

Folder Found : C:\Documents and Settings\Administrator\Application Data\Elex-tech
Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\SmartWeb
Folder Found : C:\Documents and Settings\Administrator\Start Menu\Programs\YTDownloader
Folder Found : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Found : C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
Folder Found : C:\Documents and Settings\All Users\Application Data\0f8be51fc7a84a16a49ae00b238d2a95
Folder Found : C:\Documents and Settings\All Users\Application Data\28341ff220e0446c9fff27c4493d622e
Folder Found : C:\Documents and Settings\All Users\Application Data\ae7f7fb80000506c
Folder Found : C:\Documents and Settings\All Users\Application Data\Avg_Update_0116av
Folder Found : C:\Documents and Settings\All Users\Application Data\Avg_Update_0116tb
Folder Found : C:\Documents and Settings\All Users\Application Data\cf2c4b1e000012ad
Folder Found : C:\Documents and Settings\All Users\Application Data\e845d6de000003fb
Folder Found : C:\Documents and Settings\All Users\Application Data\{471f77dd-2dfa-6353-471f-f77dd2dfdf74}
Folder Found : C:\Documents and Settings\All Users\Application Data\{ff1fede6-3056-b846-ff1f-fede6305b798}
Folder Found : C:\Program Files\Elex-tech
Folder Found : C:\Program Files\Object Browser
Folder Found : C:\Program Files\YTDownloader
Folder Found : C:\Program Files\Common Files\AVG Secure Search

***** [ Files ] *****

File Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vcgng0gv.default\Extensions\Avg@toolbar.xpi
File Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vcgng0gv.default\searchplugins\avg-secure-search.xml
File Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vcgng0gv.default\user.js
File Found : C:\Program Files\Mozilla Firefox\cfg
File Found : C:\WINDOWS\Reimage.ini
File Found : C:\WINDOWS\updatesvc.exe
File Found : C:\WINDOWS\system32\drivers\netfilter.sys
File Found : C:\WINDOWS\system32\drivers\sp_rsdrv2.sys

***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

Task Found : YTDownloader
Task Found : YTDownloaderUpd
Task Found : LVMWRPOOPLDSHLFU
Task Found : STUAYCQHXY1
Task Found : WATRSCMCOHWDWVFK

***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\iSafeRKScan
Key Found : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\SOFTWARE\e095b65f-9a97-88d1-5dcf-a2a1ee80102d
Key Found : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Key Found : HKCU\Software\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}
Key Found : HKLM\SOFTWARE\Classes\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}
Key Found : HKLM\SOFTWARE\Classes\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}
Key Found : HKLM\SOFTWARE\Classes\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}
Key Found : HKLM\SOFTWARE\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A6D54287-7939-466A-8579-92546D946C8C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser [{10921475-03CE-4E04-90CE-E2E7EF20C814}]
Key Found : HKCU\Software\Reimage
Key Found : HKCU\Software\WEBAPP
Key Found : HKCU\Software\YTDownloader
Key Found : HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
Key Found : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Found : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Found : HKLM\SOFTWARE\Crossrider
Key Found : HKLM\SOFTWARE\Elex-tech
Key Found : HKLM\SOFTWARE\Reimage
Key Found : HKLM\SOFTWARE\WinPrograms
Key Found : HKLM\SOFTWARE\YTDownloader
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SU
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CE9793E8-C305-45AA-AE10-52EE0ADDED4F}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FlashBeat
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IminentToolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\iWebar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\s5mark
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Search Module Plus
Key Found : HKU\.DEFAULT\Software\YTDownloader
Key Found : HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GLOBALUPDATE.EXE
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Found : HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF
Key Found : HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg
Key Found : HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1
Key Found : HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2
Key Found : HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1
Key Found : HKLM\SOFTWARE\Classes\dream.capture

***** [ Web browsers ] *****

[C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vcgng0gv.default\prefs.js] [Preference] Found : user_pref("avg.wtu.ext.extParams", "{\"action\":\"extParams\",\"data\":{\"searchParams\":{\"pid\":\"wtu\",\"cid\":\"{2e2797f0-4d35-412e-8da2-f5129ee400c0}\",\"mid\":\"0981ca0e634c47cd8943d15f296b49d3-[...]
[C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vcgng0gv.default\prefs.js] [Preference] Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
[C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vcgng0gv.default\prefs.js] [Preference] Found : user_pref("network.hxxp.request.max-start-delay", 0);
[C:\Documents and Settings\Administrator\Local Settings\Application Data\Chromium\User Data\Default\Secure Preferences] [Homepage] Found : hxxp://www.dregol.com/?f=1&a=drg_cmi_15_21&cd=2XzuyEtN2Y1L1QzutDtDtCyCyC0Fzz0F0AtDtBtDtDtByB0EtN0D0Tzu0StCtBtAzytN1L2XzutAtFtCtDtFtCtDtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCtAzzzztD0CtByDtGtB0AtB0EtGtD0D0F0DtG0A0C0DyDtGtDtBtCyB0C0B0D0BtCyE0EtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBzy0F0DyEyEtByDtGzytA0EtCtGyEyEzz0BtGzzyE0FyCtGtB0DtBtDtD0DyBtAyByByBtD2QtN0A0LzuyE&cr=344887498&ir=&uref=chmm

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [10453 bytes] ##########

 

 

Frst.txt -

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:07-02-2016
Ran by Administrator (administrator) on HOME-6225A9E2BF (11-02-2016 16:23:58)
Running from C:\Documents and Settings\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare\ASCService.exe
() C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe
(Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare\ASCTray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(IObit) C:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3795880 2016-02-04] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\AtiExtEvent:
HKU\S-1-5-21-789336058-1085031214-1417001333-500\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6278424 2015-04-23] (Piriform Ltd)
HKU\S-1-5-21-789336058-1085031214-1417001333-500\...\Run: [Advanced SystemCare 9] => C:\Program Files\IObit\Advanced SystemCare\ASCTray.exe [2019616 2016-01-11] (IObit)
HKU\S-1-5-21-789336058-1085031214-1417001333-500\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-789336058-1085031214-1417001333-500\...\MountPoints2: {f25295c9-8dc4-11e4-aa11-faa7e5e504b4} - E:\o1o.exe
HKU\S-1-5-21-789336058-1085031214-1417001333-500\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\sstext3d.scr [679936 2008-04-14] (Microsoft Corporation)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2015\avgrsx.exe /sync /restart
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 208.180.42.68 208.180.42.100
Tcpip\..\Interfaces\{42DA9AAC-3532-424B-9F53-6A6B81A9C227}: [DhcpNameServer] 208.180.42.68 208.180.42.100

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-789336058-1085031214-1417001333-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=130893664555781250&GUID=B230C249-0D10-3BFC-218A-CA9D57FC52B9
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yahoo.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=130893664555937500&GUID=B230C249-0D10-3BFC-218A-CA9D57FC52B9
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yahoo.com
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=130893664555937500&GUID=B230C249-0D10-3BFC-218A-CA9D57FC52B9
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yahoo.com
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=130893664555937500&GUID=B230C249-0D10-3BFC-218A-CA9D57FC52B9
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yahoo.com
HKU\S-1-5-21-789336058-1085031214-1417001333-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/
HKU\S-1-5-21-789336058-1085031214-1417001333-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-789336058-1085031214-1417001333-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yahoo.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-789336058-1085031214-1417001333-500 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM - No Name - {10921475-03CE-4E04-90CE-E2E7EF20C814} -  No File
IE Session Restore: HKU\S-1-5-21-789336058-1085031214-1417001333-500 -> is enabled.
DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vcgng0gv.default
FF Homepage: www.yahoo.com
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-10] ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Extension: Adblock Plus Pop-up Addon - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vcgng0gv.default\extensions\adblockpopups@jessehakanen.net.xpi [2016-02-10]
FF Extension: MediaPlayer - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vcgng0gv.default\Extensions\jid1-gwOhHRRpNvLcnw@jetpack.xpi [2015-07-18] [not signed]
FF Extension: skip_compatibility_checksdrockingcom - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vcgng0gv.default\Extensions\skip_compatibility_check@sdrocking.com [2015-07-17] [not signed]
FF Extension: UIEnhancergirishsharmaec8030f7c20a464f9b0e13a3a9e97384 - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vcgng0gv.default\Extensions\UIEnhancer@girishsharma{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2015-05-29] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-07-20] [not signed]
FF ExtraCheck: C:\Program Files\mozilla firefox\browser\defaults\preferences\prefs.js [2015-07-17] <==== ATTENTION (Points to *.cfg file)

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdvancedSystemCareService9; C:\Program Files\IObit\Advanced SystemCare\ASCService.exe [446240 2016-01-05] (IObit)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3646888 2016-02-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [335656 2016-02-04] (AVG Technologies CZ, s.r.o.)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2945312 2016-01-14] (IObit)
S2 MBAMService; C:\Documents and Settings\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 WtuSystemSupport; C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe [1205832 2016-02-01] ()

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [132576 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [240048 2015-12-16] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [223152 2016-01-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [31664 2015-11-25] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [234416 2015-12-16] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [290272 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [193456 2016-01-22] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [35808 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [230832 2015-08-04] (AVG Technologies CZ, s.r.o.)
R3 GTIPCI21; C:\WINDOWS\System32\DRIVERS\gtipci21.sys [88192 2007-12-15] (Texas Instruments)
R3 HSFHWICH; C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys [208384 2005-05-03] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.SYS [1033728 2005-05-03] (Conexant Systems, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
R3 STAC97; C:\WINDOWS\System32\drivers\STAC97.sys [273168 2005-03-10] (SigmaTel, Inc.)
R3 w29n51; C:\WINDOWS\System32\DRIVERS\w29n51.sys [2216064 2009-11-10] (Intel® Corporation)
S3 cpuz134; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
S1 qbbxornp; \??\C:\WINDOWS\system32\drivers\qbbxornp.sys [X]
S1 SASDIFSV; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [X]
S1 SASKUTIL; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-11 16:23 - 2016-02-11 16:24 - 00010713 _____ C:\Documents and Settings\Administrator\Desktop\FRST.txt
2016-02-11 16:23 - 2016-02-11 16:23 - 00000000 ____D C:\FRST
2016-02-11 16:21 - 2016-02-11 16:22 - 01721344 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
2016-02-11 00:19 - 2015-01-04 21:01 - 00000803 _____ C:\Documents and Settings\Administrator\Desktop\Internet Explorer.lnk
2016-02-10 22:10 - 2016-02-10 22:10 - 00000000 ____D C:\WINDOWS\Tasks\ImCleanDisabled
2016-02-10 22:10 - 2016-02-10 22:10 - 00000000 ____D C:\WINDOWS\system32\winrm
2016-02-10 22:10 - 2016-02-10 22:10 - 00000000 ____D C:\WINDOWS\$NtUninstallKB968930$
2016-02-10 22:10 - 2016-02-10 22:10 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\IObit Uninstaller
2016-02-10 22:10 - 2016-02-10 22:10 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Advanced SystemCare
2016-02-10 22:10 - 2016-02-10 22:10 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98}
2016-02-10 22:10 - 2016-02-10 22:10 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2016-02-10 22:10 - 2016-02-10 22:10 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\ProductData
2016-02-10 21:26 - 2016-02-10 21:28 - 00113666 _____ C:\WINDOWS\ntbtlog.txt
2016-02-10 21:08 - 2016-02-10 22:12 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-02-10 21:08 - 2016-02-10 21:08 - 00000730 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2016-02-10 21:08 - 2016-02-10 21:08 - 00000724 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2016-02-10 20:43 - 2016-02-10 21:34 - 00000000 ____D C:\AdwCleaner
2016-02-10 20:25 - 2016-02-10 20:28 - 00002868 _____ C:\Documents and Settings\Administrator\Desktop\Rkill.txt
2016-02-10 02:38 - 2016-02-10 03:24 - 00065536 _____ C:\WINDOWS\system32\config\WindowsPowerShell.evt
2016-02-10 02:38 - 2016-02-10 03:24 - 00065536 _____ C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2016-02-10 02:37 - 2016-02-10 02:37 - 18853888 _____ C:\WINDOWS\system32\config\software.iodefrag.bak
2016-02-10 02:37 - 2016-02-10 02:37 - 00356352 _____ C:\WINDOWS\system32\config\default.iodefrag.bak
2016-02-10 02:37 - 2016-02-10 02:37 - 00065536 _____ C:\WINDOWS\system32\config\SECURITY.iodefrag.bak
2016-02-10 02:37 - 2016-02-10 02:37 - 00024576 _____ C:\WINDOWS\system32\config\SAM.iodefrag.bak
2016-02-10 01:58 - 2016-02-10 21:37 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2808679$
2016-02-10 01:55 - 2016-02-10 21:38 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2492386$
2016-02-10 01:55 - 2011-10-28 09:07 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SET121.tmp
2016-02-10 01:53 - 2016-02-10 02:36 - 00065536 _____ C:\WINDOWS\system32\config\Windows .evt
2016-02-10 01:53 - 2016-02-10 02:36 - 00065536 _____ C:\WINDOWS\system32\config\Microsof.evt
2016-02-10 01:52 - 2016-02-10 21:38 - 00000000 __HDC C:\WINDOWS\$968930Uinstall_KB968930$
2016-02-10 01:52 - 2016-02-10 01:52 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2016-02-10 01:51 - 2016-02-10 01:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallbasecsp$
2016-02-10 01:50 - 2014-10-16 10:27 - 00023840 _____ (IObit) C:\WINDOWS\system32\RegistryDefragBootTime.exe
2016-02-10 01:35 - 2016-02-10 01:35 - 18853888 _____ C:\WINDOWS\system32\config\software.iobit
2016-02-10 01:35 - 2016-02-10 01:35 - 00356352 _____ C:\WINDOWS\system32\config\default.iobit
2016-02-10 01:35 - 2016-02-10 01:35 - 00065536 _____ C:\WINDOWS\system32\config\SECURITY.iobit
2016-02-10 01:35 - 2016-02-10 01:35 - 00024576 _____ C:\WINDOWS\system32\config\SAM.iobit
2016-02-10 01:27 - 2016-02-10 21:38 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ProductData
2016-02-10 01:27 - 2016-02-10 01:27 - 00001795 _____ C:\Documents and Settings\All Users\Start Menu\Programs\IObit Uninstaller.lnk
2016-02-10 01:27 - 2016-02-10 01:27 - 00001789 _____ C:\Documents and Settings\All Users\Desktop\IObit Uninstaller.lnk
2016-02-10 01:25 - 2016-02-10 22:11 - 00000000 ____D C:\Program Files\Common Files\IObit
2016-02-10 01:24 - 2016-02-10 02:35 - 00001804 _____ C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 9.lnk
2016-02-10 01:20 - 2016-02-10 22:10 - 00000000 ____D C:\Program Files\IObit
2016-02-10 01:20 - 2016-02-10 21:38 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\IObit
2016-02-10 01:20 - 2016-02-10 21:38 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\IObit
2016-02-09 13:22 - 2016-02-09 13:18 - 00720085 _____ C:\Documents and Settings\Malwarebytes Anti-Malware\unins000.exe
2016-02-09 12:24 - 2016-02-09 12:24 - 00000702 _____ C:\Documents and Settings\All Users\Desktop\AVG 2015.lnk
2016-02-08 17:49 - 2016-02-10 22:11 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-02-06 14:47 - 2016-02-11 15:57 - 00000588 _____ C:\WINDOWS\Tasks\AVG-Secure-Search-Update_0116tb_rel.job
2016-02-06 14:36 - 2016-02-11 15:57 - 00000696 _____ C:\WINDOWS\Tasks\AVG_SYS_TASK_0116tb_VALID.job
2016-02-06 14:36 - 2016-02-11 15:57 - 00000502 _____ C:\WINDOWS\Tasks\AVG_SYS_TASK_0116tb_DELETE.job
2016-01-28 13:43 - 2016-01-28 17:51 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\AVG Web TuneUp
2016-01-28 13:41 - 2016-02-01 14:26 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG Web TuneUp
2016-01-28 13:40 - 2016-02-10 21:58 - 00000000 ____D C:\Program Files\AVG Web TuneUp
2016-01-25 21:39 - 2016-02-11 15:57 - 00000618 _____ C:\WINDOWS\Tasks\AVG_SYS_TASK_0116av.job
2016-01-25 21:36 - 2016-02-11 15:57 - 00000502 _____ C:\WINDOWS\Tasks\AVG_SYS_TASK_0116av_DELETE.job

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-11 16:24 - 2014-12-27 05:36 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
2016-02-11 16:15 - 2015-01-03 21:55 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-02-11 16:07 - 2004-08-04 04:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2016-02-11 15:57 - 2015-05-29 00:58 - 00001090 _____ C:\WINDOWS\Tasks\LBXmZ6lEKyj5aYlpNsN8GcmXU.job
2016-02-11 15:57 - 2015-05-23 02:51 - 00001752 _____ C:\WINDOWS\Tasks\YOXALEU.job
2016-02-11 15:57 - 2015-01-04 21:01 - 00000238 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2016-02-11 15:57 - 2014-12-27 05:35 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-11 15:51 - 2014-12-27 05:36 - 00000000 ____D C:\Documents and Settings\Administrator
2016-02-11 14:44 - 2015-05-29 00:44 - 00000588 _____ C:\WINDOWS\Tasks\QLSXP.job
2016-02-11 12:19 - 2014-12-27 05:35 - 00032248 _____ C:\WINDOWS\SchedLgU.Txt
2016-02-11 12:18 - 2014-12-27 05:36 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2016-02-11 12:15 - 2015-01-03 21:55 - 00796864 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-02-11 12:15 - 2015-01-03 21:55 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-02-11 12:08 - 2015-07-18 03:15 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2016-02-11 00:01 - 2015-05-28 23:23 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-02-10 22:11 - 2014-12-26 21:04 - 00000000 ___HD C:\WINDOWS\inf
2016-02-10 22:02 - 2015-07-18 03:21 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2016-02-10 21:44 - 2015-05-28 23:22 - 00000000 ____D C:\Documents and Settings\Malwarebytes Anti-Malware
2016-02-10 21:43 - 2015-07-20 13:53 - 00000000 ____D C:\Documents and Settings\Malwarebytes Anti-Malware\platforms
2016-02-10 21:43 - 2015-05-28 23:22 - 00000000 ____D C:\Documents and Settings\Malwarebytes Anti-Malware\Plugins
2016-02-10 21:43 - 2015-05-28 23:22 - 00000000 ____D C:\Documents and Settings\Malwarebytes Anti-Malware\imageformats
2016-02-10 21:43 - 2015-05-28 23:22 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2016-02-10 21:38 - 2014-12-26 21:04 - 00000000 RSHDC C:\WINDOWS\system32\dllcache
2016-02-10 21:34 - 2014-12-27 17:57 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\MPC-HC
2016-02-10 15:01 - 2015-01-17 02:20 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat
2016-02-10 02:37 - 2014-12-27 05:35 - 00000000 __SHD C:\Documents and Settings\LocalService
2016-02-10 02:37 - 2014-12-27 05:32 - 00000000 __SHD C:\Documents and Settings\NetworkService
2016-02-10 02:36 - 2014-12-26 21:04 - 00000000 ____D C:\WINDOWS\security
2016-02-10 01:56 - 2015-01-04 18:13 - 00000000 ____D C:\WINDOWS\ie8updates
2016-02-10 01:56 - 2015-01-01 05:04 - 00000000 ___HD C:\WINDOWS\$hf_mig$
2016-02-10 01:53 - 2014-12-26 21:04 - 00000000 ____D C:\WINDOWS\Help
2016-02-10 01:27 - 2015-07-10 23:02 - 00014120 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2016-02-10 00:21 - 2015-01-16 04:31 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-02-10 00:21 - 2015-01-04 18:08 - 144254680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-02-09 13:23 - 2015-05-28 23:22 - 00093318 _____ C:\Documents and Settings\Malwarebytes Anti-Malware\unins000.dat
2016-02-09 13:23 - 2015-05-28 23:22 - 00000772 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2016-02-09 13:23 - 2015-05-28 23:22 - 00000000 ____D C:\Documents and Settings\Malwarebytes Anti-Malware\Languages
2016-02-08 16:41 - 2015-01-04 21:01 - 00000232 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2016-01-28 17:47 - 2015-01-04 17:52 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2757638$
2016-01-22 12:56 - 2015-06-10 16:38 - 00193456 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgmfx86.sys
2016-01-13 13:04 - 2015-05-12 14:45 - 00223152 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidshx.sys

==================== Files in the root of some directories =======

2015-04-14 09:28 - 2015-04-14 09:28 - 0004387 _____ () C:\Documents and Settings\Administrator\Application Data\LBXmZ6lEKyj5aYlpNsN8GcmXU
2015-03-09 14:30 - 2015-03-09 14:30 - 0005487 _____ () C:\Documents and Settings\Administrator\Application Data\YOXALEU
2015-05-24 23:02 - 2015-05-24 23:02 - 0000064 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\ab3acd04dfe0d0981345b5062bbe1323
2015-04-17 14:17 - 2016-01-04 03:54 - 0001324 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\d3d9caps.dat
2015-05-29 04:05 - 2015-09-10 04:02 - 0005632 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-29 04:13 - 2015-07-09 01:21 - 0000112 _____ () C:\Documents and Settings\All Users\Application Data\jQCqN3Y.dat

Files to move or delete:
====================
C:\Documents and Settings\Administrator\TempWmicBatchFile.bat
C:\Documents and Settings\Malwarebytes Anti-Malware\7z.dll
C:\Documents and Settings\Malwarebytes Anti-Malware\cloud-enumeration.dll
C:\Documents and Settings\Malwarebytes Anti-Malware\cloud.dll
C:\Documents and Settings\Malwarebytes Anti-Malware\mbam.dll
C:\Documents and Settings\Malwarebytes Anti-Malware\mbam.exe
C:\Documents and Settings\Malwarebytes Anti-Malware\mbamcore.dll
C:\Documents and Settings\Malwarebytes Anti-Malware\mbamdor.exe
C:\Documents and Settings\Malwarebytes Anti-Malware\mbamext.dll
C:\Documents and Settings\Malwarebytes Anti-Malware\mbampt.exe
C:\Documents and Settings\Malwarebytes Anti-Malware\mbamresearch.exe
C:\Documents and Settings\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Documents and Settings\Malwarebytes Anti-Malware\mbamservice.exe
C:\Documents and Settings\Malwarebytes Anti-Malware\mbamsrv.dll
C:\Documents and Settings\Malwarebytes Anti-Malware\msvcp100.dll
C:\Documents and Settings\Malwarebytes Anti-Malware\msvcr100.dll
C:\Documents and Settings\Malwarebytes Anti-Malware\Qt5Core.dll
C:\Documents and Settings\Malwarebytes Anti-Malware\Qt5Gui.dll
C:\Documents and Settings\Malwarebytes Anti-Malware\Qt5Network.dll
C:\Documents and Settings\Malwarebytes Anti-Malware\Qt5Widgets.dll
C:\Documents and Settings\Malwarebytes Anti-Malware\unins000.dat
C:\Documents and Settings\Malwarebytes Anti-Malware\unins000.exe


Some files in TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\sqlite3.dll
 

 

Addition.txt -

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:07-02-2016
Ran by Administrator (2016-02-11 16:25:39)
Running from C:\Documents and Settings\Administrator\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2014-12-27 12:30:57)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-789336058-1085031214-1417001333-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Guest (S-1-5-21-789336058-1085031214-1417001333-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-789336058-1085031214-1417001333-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-789336058-1085031214-1417001333-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 20 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Advanced SystemCare 9 (HKLM\...\Advanced SystemCare_is1) (Version: 9.1.0 - IObit)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6189 - AVG Technologies)
AVG 2015 (Version: 15.0.4522 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.6189 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM\...\AVG Web TuneUp) (Version: 4.2.5.441 - AVG Technologies)
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
C-Major Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 42xx - SigmaTel)
Conexant D110 MDC V.92 Modem (HKLM\...\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1) (Version:  - )
IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 5.2.1.126 - IObit)
Itibiti RTC (Version: 0.0.1 - Itibiti Inc) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 43.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 43.0.1 - Mozilla)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_0116tb_rel.job => C:\Documents and Settings\All Users\Application Data\Avg_Update_0116tb\AVG-Secure-Search-Update_0116tb.exe
Task: C:\WINDOWS\Tasks\AVG_SYS_TASK_0116av.job => C:\Documents and Settings\All Users\Application Data\Avg_Update_0116av\AVG-Secure-Search-Update_0116av.exe
Task: C:\WINDOWS\Tasks\AVG_SYS_TASK_0116av_DELETE.job => C:\Documents and Settings\All Users\Application Data\Avg_Update_0116av\AVG-Secure-Search-Update_0116av.exe
Task: C:\WINDOWS\Tasks\AVG_SYS_TASK_0116tb_DELETE.job => C:\Documents and Settings\All Users\Application Data\Avg_Update_0116tb\AVG-Secure-Search-Update_0116tb.exe
Task: C:\WINDOWS\Tasks\AVG_SYS_TASK_0116tb_VALID.job => C:\Documents and Settings\All Users\Application Data\Avg_Update_0116tb\AVG-Secure-Search-Update_0116tb.exe
Task: C:\WINDOWS\Tasks\LBXmZ6lEKyj5aYlpNsN8GcmXU.job => C:\Documents and Settings\Administrator\Application Data\LBXmZ6lEKyj5aYlpNsN8GcmXU.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\QLSXP.job => C:\Documents and Settings\All Users\Application Data\0f8be51fc7a84a16a49ae00b238d2a95\0f8be51fc7a84a16a49ae00b238d2a95.exe
Task: C:\WINDOWS\Tasks\YOXALEU.job => C:\Documents and Settings\Administrator\Application Data\YOXALEU.exe <==== ATTENTION

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-01-28 13:40 - 2016-02-01 14:22 - 01205832 _____ () C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe
2016-02-10 01:23 - 2015-12-28 13:50 - 00899872 _____ () C:\Program Files\IObit\Advanced SystemCare\webres.dll
2016-02-10 01:22 - 2015-12-28 13:49 - 00629536 _____ () C:\Program Files\IObit\Advanced SystemCare\ProductStatistics.dll
2016-02-10 01:27 - 2015-12-23 18:32 - 00355616 _____ () C:\Program Files\IObit\IObit Uninstaller\madExcept_.bpl
2016-02-10 01:27 - 2015-12-23 18:32 - 00190240 _____ () C:\Program Files\IObit\IObit Uninstaller\madBasic_.bpl
2016-02-10 01:27 - 2015-12-23 18:32 - 00057632 _____ () C:\Program Files\IObit\IObit Uninstaller\madDisAsm_.bpl

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmdb.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tammg119.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Itaampeafe => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\klmdb.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tammg119.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-789336058-1085031214-1417001333-500\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-789336058-1085031214-1417001333-500\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-789336058-1085031214-1417001333-500\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-789336058-1085031214-1417001333-500\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-789336058-1085031214-1417001333-500\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-789336058-1085031214-1417001333-500\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-789336058-1085031214-1417001333-500\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-789336058-1085031214-1417001333-500\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-789336058-1085031214-1417001333-500\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-789336058-1085031214-1417001333-500\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-789336058-1085031214-1417001333-500\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-789336058-1085031214-1417001333-500\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-789336058-1085031214-1417001333-500\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-789336058-1085031214-1417001333-500\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-789336058-1085031214-1417001333-500\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-789336058-1085031214-1417001333-500\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-789336058-1085031214-1417001333-500\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-789336058-1085031214-1417001333-500\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-789336058-1085031214-1417001333-500\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-789336058-1085031214-1417001333-500\...\100sexlinks.com -> 100sexlinks.com

There are 4788 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-04 04:00 - 2004-08-04 04:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-789336058-1085031214-1417001333-500\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 208.180.42.68 - 208.180.42.100
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2015\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2015\avgnsx.exe] => Enabled:Online Shield
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2015\avgdiagex.exe] => Enabled:AVG Diagnostics 2015
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2015\avgemcx.exe] => Enabled:Personal Email Scanner
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\GloballyOpenPorts: [5985:TCP] => Disabled:Windows Remote Management
StandardProfile\GloballyOpenPorts: [80:TCP] => Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

==================== Restore Points =========================

03-12-2015 22:17:57 System Checkpoint
06-12-2015 19:24:37 System Checkpoint
07-12-2015 23:05:05 System Checkpoint
08-12-2015 23:40:25 System Checkpoint
10-12-2015 00:00:18 Software Distribution Service 3.0
11-12-2015 00:30:31 System Checkpoint
12-12-2015 00:35:16 System Checkpoint
13-12-2015 01:39:25 System Checkpoint
14-12-2015 13:32:47 System Checkpoint
18-12-2015 03:21:44 System Checkpoint
19-12-2015 03:35:52 System Checkpoint
20-12-2015 03:36:05 System Checkpoint
21-12-2015 04:36:05 System Checkpoint
22-12-2015 05:47:28 System Checkpoint
24-12-2015 03:15:16 System Checkpoint
27-12-2015 23:50:26 System Checkpoint
29-12-2015 00:49:08 System Checkpoint
30-12-2015 01:36:07 System Checkpoint
31-12-2015 13:42:49 System Checkpoint
01-01-2016 14:36:32 System Checkpoint
02-01-2016 15:36:35 System Checkpoint
03-01-2016 16:34:50 System Checkpoint
04-01-2016 16:46:36 System Checkpoint
05-01-2016 16:51:16 System Checkpoint
06-01-2016 16:52:06 System Checkpoint
07-01-2016 17:52:06 System Checkpoint
08-01-2016 18:52:07 System Checkpoint
13-01-2016 04:34:27 System Checkpoint
14-01-2016 00:00:32 Software Distribution Service 3.0
15-01-2016 00:35:02 System Checkpoint
16-01-2016 00:49:42 System Checkpoint
18-01-2016 01:40:29 System Checkpoint
19-01-2016 02:01:17 System Checkpoint
20-01-2016 02:38:19 System Checkpoint
21-01-2016 03:38:19 System Checkpoint
22-01-2016 04:21:26 System Checkpoint
23-01-2016 04:38:20 System Checkpoint
24-01-2016 05:38:19 System Checkpoint
25-01-2016 06:38:19 System Checkpoint
26-01-2016 07:38:20 System Checkpoint
28-01-2016 09:02:26 System Checkpoint
29-01-2016 09:55:22 System Checkpoint
30-01-2016 10:11:51 System Checkpoint
31-01-2016 11:11:50 System Checkpoint
09-02-2016 15:04:04 System Checkpoint
10-02-2016 00:03:42 Software Distribution Service 3.0
10-02-2016 00:17:08 Software Distribution Service 3.0
10-02-2016 01:51:30 Installed %1 %2.
10-02-2016 01:52:47 Installed %1 %2.
10-02-2016 01:55:38 Installed Windows XP KB2492386.
10-02-2016 01:57:03 Installed Windows XP KB2632503.
10-02-2016 01:58:20 Installed Windows XP KB2808679.
10-02-2016 21:12:55 Restore Operation
10-02-2016 21:17:40 Restore Operation
10-02-2016 21:22:50 Restore Operation
10-02-2016 22:15:49 Restore Operation

==================== Faulty Device Manager Devices =============

Name: Video Controller (VGA Compatible)
Description: Video Controller (VGA Compatible)
Class Guid: {4D36E968-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : This device is not configured correctly. (Code1)
Resolution: You may be prompted to provide the path of the driver. Windows may have the driver built-in, or may still have the driver files installed from the last time that you set up the device. If you are asked for the driver and you do not have it, you can try to download the latest driver from the hardware vendor�s Web site.
In the device properties dialog box, click the "Driver" tab, and then click "Update Driver" to start the "Hardware Update Wizard". Follow the instructions to update the driver. If updating the driver does not work, see your hardware documentation for more information.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/20/2015 12:56:44 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (07/18/2015 08:24:58 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (07/16/2015 11:17:09 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (07/14/2015 05:15:03 PM) (Source: MsiInstaller) (EventID: 11704) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 4 Client Profile -- Error 1704. An installation for Microsoft .NET Framework 2.0 Service Pack 2 is currently suspended.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?(NULL)(NULL)(NULL)(NULL)

Error: (07/13/2015 11:25:23 PM) (Source: MsiInstaller) (EventID: 11705) (User: HOME-6225A9E2BF)
Description: Product: OpenOffice 4.1.1 -- Error 1705.A previous installation for this product is in progress.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?(NULL)(NULL)(NULL)(NULL)

Error: (07/12/2015 04:53:44 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (07/12/2015 02:59:44 PM) (Source: MsiInstaller) (EventID: 11704) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 2.0 Service Pack 2 -- Error 1704.An installation for Microsoft .NET Framework 4 Client Profile is currently suspended.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?(NULL)(NULL)(NULL)(NULL)

Error: (07/12/2015 02:13:44 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (07/11/2015 10:10:15 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (07/11/2015 09:19:49 PM) (Source: MsiInstaller) (EventID: 11704) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 4 Client Profile -- Error 1704. An installation for Microsoft .NET Framework 2.0 Service Pack 2 is currently suspended.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?(NULL)(NULL)(NULL)(NULL)


System errors:
=============
Error: (02/11/2016 03:58:02 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SASDIFSV
SASKUTIL

Error: (02/11/2016 12:20:08 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SASDIFSV
SASKUTIL

Error: (02/11/2016 11:52:42 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SASDIFSV
SASKUTIL

Error: (02/10/2016 11:36:03 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SASDIFSV
SASKUTIL

Error: (02/10/2016 11:18:25 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SASDIFSV
SASKUTIL

Error: (02/10/2016 11:10:35 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SASDIFSV
SASKUTIL

Error: (02/10/2016 10:15:18 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SASDIFSV
SASKUTIL

Error: (02/10/2016 09:32:06 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (02/10/2016 09:27:37 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AFD
Avgdiskx
AVGIDSDriverl
AVGIDSShim
Avgldx86
Avglogx
Avgtdix
Fips
intelppm
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
SASDIFSV
SASKUTIL
Tcpip
WS2IFSL

Error: (02/10/2016 09:27:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The AVGIDSAgent service depends on the AVGIDSDriverl service which failed to start because of the following error:
%%31


==================== Memory info ===========================

Processor:  Intel® Pentium® M processor 1.86GHz
Percentage of memory in use: 35%
Total physical RAM: 1535.36 MB
Available physical RAM: 982.72 MB
Total Virtual: 3431.29 MB
Available Virtual: 2907.01 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:37.26 GB) (Free:20.13 GB) NTFS ==>[drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 37.3 GB) (Disk ID: 38C738C7)
Partition 1: (Active) - (Size=37.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#4 tshobie

tshobie
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 12 February 2016 - 03:50 AM

PS - this was a used computer bought on ebay.  Whatever had been done to it prior to getting it, I don't know.  But it was always a problem to use, got it for back up for when my daughter's desktop was down.


Edited by tshobie, 12 February 2016 - 03:50 AM.


#5 satchfan

satchfan

  • Malware Response Team
  • 2,661 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:03:28 AM

Posted 12 February 2016 - 05:38 AM

this was a used computer bought on ebay

It’s always risky buying a used computer because you don’t know what has happened to it before.

AdwCleaner cleaned up quite a bit but let’s get this tidied up a bit more.


Uninstall Programs
 

CHR dev: Chrome dev build detected! <======= ATTENTION


Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things, this allows malware to install any extension it wants. Chrome needs to be uninstalled so we can deal with the infections present on your computer. After your computer is clean, Chrome can be reinstalled

First save all your bookmarks/favourites.

  • open Chrome, click on the 3 bars in the top right hand corner, select Bookmarks and then Bookmarks Manager
  • click on Organise and then select Export Bookmarks to HTML file, then choose Desktop to save it
  • again, click on the three bars in the top right hand corner and select Settings
  • in the list of Settings under “Sign in” click on Disconnect your Google Account – (if “Disconnect your Google Account” is not there, you will have to sign in using your Chrome username and password first to make it visible)
  • in the text of the next window click on “Google Dashboard” then, at the “Chrome sync” screen, click on Stop and Clear at the bottom
  • a box will open and ask for confirmation, click on OK (wait for this to complete before doing the next step)
  • when confirmation appears close that page and then click on Disconnect account
  • shut Google Chrome, then uninstall it from Control panel > programs and features.

Reboot the system and then reinstall Google Chrome from here

Repeat the process to reinstate your bookmarks by going to Bookmarks > Bookmarks Manager > Organise and select Import Bookmarks.

======================

Next

Advanced System Care

You have Advanced System Care by IObit. IObit is untrustworthy and although they have cleaned their act up somewhat, IObit’s Advanced SystemCare installs browser extensions/spyware without consent.– see here

To remove it:

  • click on Start, Settings, Control Panel
  • double-click Add or Remove Programs (it may take time for the list to appear, so be patient)
  • scroll down the list and look for any of the above entry:
  • click on the program name and then on Remove.

================================================

Run Farbar Recovery Scan Tool

Open notepad (Start >All Programs > Accessories > Notepad). Please copy the entire contents of the code box below and paste it into Notepad.

(IObit) C:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare\ASCTray.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare\ASCService.exe
HKU\S-1-5-21-789336058-1085031214-1417001333-500\...\Run: [Advanced SystemCare 9] => C:\Program Files\IObit\Advanced SystemCare\ASCTray.exe [2019616 2016-01-11] (IObit)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-789336058-1085031214-1417001333-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-789336058-1085031214-1417001333-500 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM - No Name - {10921475-03CE-4E04-90CE-E2E7EF20C814} -  No File
FF ExtraCheck: C:\Program Files\mozilla firefox\browser\defaults\preferences\prefs.js [2015-07-17] <==== ATTENTION (Points to *.cfg file)
CHR dev: Chrome dev build detected! <======= ATTENTION
R2 AdvancedSystemCareService9; C:\Program Files\IObit\Advanced SystemCare\ASCService.exe [446240 2016-01-05] (IObit)
S3 cpuz134; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
S1 qbbxornp; \??\C:\WINDOWS\system32\drivers\qbbxornp.sys [X]
S1 SASDIFSV; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [X]
S1 SASKUTIL; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [X]
2016-02-10 22:10 - 2016-02-10 22:10 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Advanced SystemCare
2016-02-10 22:10 - 2016-02-10 22:10 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98}
2016-02-10 22:10 - 2016-02-10 22:10 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2016-02-10 22:10 - 2016-02-10 22:10 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\ProductData
2016-02-10 01:25 - 2016-02-10 22:11 - 00000000 ____D C:\Program Files\Common Files\IObit
2016-02-10 01:24 - 2016-02-10 02:35 - 00001804 _____ C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 9.lnk
2016-02-10 01:20 - 2016-02-10 22:10 - 00000000 ____D C:\Program Files\IObit
2016-02-10 01:20 - 2016-02-10 21:38 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\IObit
2016-02-10 01:20 - 2016-02-10 21:38 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\IObit
2016-02-11 15:57 - 2015-05-29 00:58 - 00001090 _____ C:\WINDOWS\Tasks\LBXmZ6lEKyj5aYlpNsN8GcmXU.job
2016-02-11 15:57 - 2015-05-23 02:51 - 00001752 _____ C:\WINDOWS\Tasks\YOXALEU.job
2015-04-14 09:28 - 2015-04-14 09:28 - 0004387 _____ () C:\Documents and Settings\Administrator\Application Data\LBXmZ6lEKyj5aYlpNsN8GcmXU
2015-03-09 14:30 - 2015-03-09 14:30 - 0005487 _____ () C:\Documents and Settings\Administrator\Application Data\YOXALEU
2015-05-24 23:02 - 2015-05-24 23:02 - 0000064 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\ab3acd04dfe0d0981345b5062bbe1323
Task: C:\WINDOWS\Tasks\LBXmZ6lEKyj5aYlpNsN8GcmXU.job => C:\Documents and Settings\Administrator\Application Data\LBXmZ6lEKyj5aYlpNsN8GcmXU.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\QLSXP.job => C:\Documents and Settings\All Users\Application Data\0f8be51fc7a84a16a49ae00b238d2a95\0f8be51fc7a84a16a49ae00b238d2a95.exe
Task: C:\WINDOWS\Tasks\YOXALEU.job => C:\Documents and Settings\Administrator\Application Data\YOXALEU.exe <==== ATTENTION
EmptyTemp:

NOTE: this script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
  • run FRST then click Fix just once and wait
  • it will create a log (Fixlog.txt); please post it to your reply.

================================================

Please run FRST again and make sure there is a checkmark next to "Addition.txt" before you hit “Scan”.

Logs to include with next post:

Fixlog.txt
New Frst.txt
New Addition.txt


Thanks

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#6 tshobie

tshobie
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 13 February 2016 - 05:36 AM

Hi Satchfan,

 

I wasn't able to do this today/night, family things going on.  I do have a question, I don't fully understand what I'm supposed to do here -

 

Run Farbar Recovery Scan Tool

Open notepad (Start >All Programs > Accessories > Notepad). Please copy the entire contents of the code box below and paste it into Notepad.

 

  • save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
  • run FRST then click Fix just once and wait
  • it will create a log (Fixlog.txt); please post it to your reply.

Question, I open notepad and copy/paste the contents of the code box in your message into notepad.  Then what do I do with that in notepad?  I save that as fixlist.txt?    I'm confused on the folders.  What I have is 3 separate notepad of these -

 

AdwCleaner[S1].txt
Frst.txt
Addition.txt

 

No folders.  I know how to run FRST but don't know what you mean by run Fix.  Sorry - this is all new to me.  Also, while I run FRST on the problem computer itself, I'm copying the notepad stuff to a usb flashdrive to upload here, since getting around the internet on that computer right now is not that easy.



#7 satchfan

satchfan

  • Malware Response Team
  • 2,661 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:03:28 AM

Posted 13 February 2016 - 10:41 AM

No problem with the delay, I too have had family stuff to see to today but thanks for letting me know.

 

I open notepad and copy/paste the contents of the code box in your message into notepad.  Then what do I do with that in notepad?  I save that as fixlist.txt?

 

Yes.

 

What we are trying to achieve is that a file named Fixlist.txt ends up on your desktop as well as the FRST program.

 

To save confusion, delete all the other Notepad, (.txt), files from your desktop first.

 

Then copy/paste the contents of the code box into Notepad and save it as fixlist.txt making sure that it is saved to your desktop - you will then see FRST and fixlist.txt both on the desktop.

 

Next, run FRST and when it opens, click on Fix. Hope that is a bit clearer.

 

After you've done that, please complete the rest of the instructions.

 

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#8 tshobie

tshobie
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 14 February 2016 - 05:59 AM

I uninstalled the IObit programs but I couldn't find chrome.  I didn't install it since it's not something we use.  It's not in the add or remove programs and it's not in programs.  I did a search in files and folders and found these -

 

ChromeGuardRes -       C:/Program Files\AVG Web TuneUp

ChromeRes -                 C:\Program Files\AVG Web TuneUp

ChromeGuadDsp -        C:\Program Files\AVG Web TuneUp

chrome.manifest -         C:\Program Files\Mozilla Firefox\browser

chrome.manifest  -        C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

Chrome_jar.3643236F_FBB8C70_11D3_A536_0090278A1BB8 -      C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft.NET Framework 3.5 SP1\vs_setup.cab

Chrome_manifest.3643236F_FC70_11D3_A536_0090278A -            C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft.NET Framework 3.5 SP1\vs_setup.cab

chrome -                        C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

chrome.manifest -          C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

chrome.jar -                   C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\  - and there's something at the end here I can't see because it's off the screen.

 

How would I go about uninstalling these?

 

The only things I've installed on this computer are Firefox, AVG, Malwarebytes, CCleaner, and Advanced System Care, and a wireless mouse. 

 

So far that's where I'm at, please advise.  I'm assuming we want chrome out before running FRST again?


Edited by tshobie, 14 February 2016 - 06:16 AM.


#9 satchfan

satchfan

  • Malware Response Team
  • 2,661 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:03:28 AM

Posted 14 February 2016 - 07:25 AM

Don't worry about Chrome for now. Please follow the instructions for running the FRST fix.


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#10 tshobie

tshobie
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 15 February 2016 - 06:34 AM

Hopefully I did this right.  AVG removed FRST scan tool from my desktop as a virus.  Hopefully that isn't a problem. 

 

Fixlog.txt

 

Fix result of Farbar Recovery Scan Tool (x86) Version:07-02-2016
Ran by Administrator (2016-02-15 04:21:21) Run:1
Running from C:\Documents and Settings\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
(IObit) C:\Program Files\IObit\Advanced SystemCare\ASCTray.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare\ASCService.exe
HKU\S-1-5-21-789336058-1085031214-1417001333-500\...\Run: [Advanced SystemCare 9] => C:\Program Files\IObit\Advanced SystemCare\ASCTray.exe [2019616 2016-01-11] (IObit)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-789336058-1085031214-1417001333-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-789336058-1085031214-1417001333-500 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM - No Name - {10921475-03CE-4E04-90CE-E2E7EF20C814} -  No File
FF ExtraCheck: C:\Program Files\mozilla firefox\browser\defaults\preferences\prefs.js [2015-07-17] <==== ATTENTION (Points to *.cfg file)
CHR dev: Chrome dev build detected! <======= ATTENTION
R2 AdvancedSystemCareService9; C:\Program Files\IObit\Advanced SystemCare\ASCService.exe [446240 2016-01-05] (IObit)
S3 cpuz134; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
S1 qbbxornp; \??\C:\WINDOWS\system32\drivers\qbbxornp.sys [X]
S1 SASDIFSV; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [X]
S1 SASKUTIL; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [X]
2016-02-10 22:10 - 2016-02-10 22:10 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Advanced SystemCare
2016-02-10 22:10 - 2016-02-10 22:10 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98}
2016-02-10 22:10 - 2016-02-10 22:10 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2016-02-10 22:10 - 2016-02-10 22:10 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\ProductData
2016-02-10 01:25 - 2016-02-10 22:11 - 00000000 ____D C:\Program Files\Common Files\IObit
2016-02-10 01:24 - 2016-02-10 02:35 - 00001804 _____ C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 9.lnk
2016-02-10 01:20 - 2016-02-10 22:10 - 00000000 ____D C:\Program Files\IObit
2016-02-10 01:20 - 2016-02-10 21:38 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\IObit
2016-02-10 01:20 - 2016-02-10 21:38 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\IObit
2016-02-11 15:57 - 2015-05-29 00:58 - 00001090 _____ C:\WINDOWS\Tasks\LBXmZ6lEKyj5aYlpNsN8GcmXU.job
2016-02-11 15:57 - 2015-05-23 02:51 - 00001752 _____ C:\WINDOWS\Tasks\YOXALEU.job
2015-04-14 09:28 - 2015-04-14 09:28 - 0004387 _____ () C:\Documents and Settings\Administrator\Application Data\LBXmZ6lEKyj5aYlpNsN8GcmXU
2015-03-09 14:30 - 2015-03-09 14:30 - 0005487 _____ () C:\Documents and Settings\Administrator\Application Data\YOXALEU
2015-05-24 23:02 - 2015-05-24 23:02 - 0000064 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\ab3acd04dfe0d0981345b5062bbe1323
Task: C:\WINDOWS\Tasks\LBXmZ6lEKyj5aYlpNsN8GcmXU.job => C:\Documents and Settings\Administrator\Application Data\LBXmZ6lEKyj5aYlpNsN8GcmXU.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\QLSXP.job => C:\Documents and Settings\All Users\Application Data\0f8be51fc7a84a16a49ae00b238d2a95\0f8be51fc7a84a16a49ae00b238d2a95.exe
Task: C:\WINDOWS\Tasks\YOXALEU.job => C:\Documents and Settings\Administrator\Application Data\YOXALEU.exe <==== ATTENTION
EmptyTemp:

 

 

 

New FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:07-02-2016
Ran by Administrator (administrator) on HOME-6225A9E2BF (15-02-2016 04:14:02)
Running from C:\Documents and Settings\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
() C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe
(Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3795880 2016-02-04] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\AtiExtEvent:
HKU\S-1-5-21-789336058-1085031214-1417001333-500\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6278424 2015-04-23] (Piriform Ltd)
HKU\S-1-5-21-789336058-1085031214-1417001333-500\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-789336058-1085031214-1417001333-500\...\MountPoints2: {f25295c9-8dc4-11e4-aa11-faa7e5e504b4} - E:\o1o.exe
HKU\S-1-5-21-789336058-1085031214-1417001333-500\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\sstext3d.scr [679936 2008-04-14] (Microsoft Corporation)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2015\avgrsx.exe /sync /restart
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 208.180.42.68 208.180.42.100
Tcpip\..\Interfaces\{42DA9AAC-3532-424B-9F53-6A6B81A9C227}: [DhcpNameServer] 208.180.42.68 208.180.42.100

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-789336058-1085031214-1417001333-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=130893664555781250&GUID=B230C249-0D10-3BFC-218A-CA9D57FC52B9
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yahoo.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=130893664555937500&GUID=B230C249-0D10-3BFC-218A-CA9D57FC52B9
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yahoo.com
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=130893664555937500&GUID=B230C249-0D10-3BFC-218A-CA9D57FC52B9
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yahoo.com
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=130893664555937500&GUID=B230C249-0D10-3BFC-218A-CA9D57FC52B9
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yahoo.com
HKU\S-1-5-21-789336058-1085031214-1417001333-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/
HKU\S-1-5-21-789336058-1085031214-1417001333-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-789336058-1085031214-1417001333-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yahoo.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-789336058-1085031214-1417001333-500 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
IE Session Restore: HKU\S-1-5-21-789336058-1085031214-1417001333-500 -> is enabled.
DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vcgng0gv.default
FF Homepage: www.yahoo.com
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-10] ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Extension: Adblock Plus Pop-up Addon - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vcgng0gv.default\extensions\adblockpopups@jessehakanen.net.xpi [2016-02-10]
FF Extension: MediaPlayer - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vcgng0gv.default\Extensions\jid1-gwOhHRRpNvLcnw@jetpack.xpi [2015-07-18] [not signed]
FF Extension: skip_compatibility_checksdrockingcom - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vcgng0gv.default\Extensions\skip_compatibility_check@sdrocking.com [2015-07-17] [not signed]
FF Extension: UIEnhancergirishsharmaec8030f7c20a464f9b0e13a3a9e97384 - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vcgng0gv.default\Extensions\UIEnhancer@girishsharma{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2015-05-29] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-07-20] [not signed]
FF ExtraCheck: C:\Program Files\mozilla firefox\browser\defaults\preferences\prefs.js [2015-07-17] <==== ATTENTION (Points to *.cfg file)

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3646888 2016-02-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [335656 2016-02-04] (AVG Technologies CZ, s.r.o.)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2945312 2016-01-14] (IObit)
S2 MBAMService; C:\Documents and Settings\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 WtuSystemSupport; C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe [1205832 2016-02-01] ()

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [132576 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [240048 2015-12-16] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [223152 2016-01-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [31664 2015-11-25] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [234416 2015-12-16] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [290272 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [193456 2016-01-22] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [35808 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [230832 2015-08-04] (AVG Technologies CZ, s.r.o.)
R3 GTIPCI21; C:\WINDOWS\System32\DRIVERS\gtipci21.sys [88192 2007-12-15] (Texas Instruments)
R3 HSFHWICH; C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys [208384 2005-05-03] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.SYS [1033728 2005-05-03] (Conexant Systems, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [170200 2016-02-12] (Malwarebytes)
R3 STAC97; C:\WINDOWS\System32\drivers\STAC97.sys [273168 2005-03-10] (SigmaTel, Inc.)
R3 w29n51; C:\WINDOWS\System32\DRIVERS\w29n51.sys [2216064 2009-11-10] (Intel® Corporation)
S3 cpuz134; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
S1 qbbxornp; \??\C:\WINDOWS\system32\drivers\qbbxornp.sys [X]
S1 SASDIFSV; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [X]
S1 SASKUTIL; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-15 04:14 - 2016-02-15 04:14 - 00010319 _____ C:\Documents and Settings\Administrator\Desktop\FRST.txt
2016-02-15 04:13 - 2016-02-15 04:13 - 01721344 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
2016-02-14 03:31 - 2016-02-14 03:31 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\New Folder
2016-02-11 16:23 - 2016-02-15 04:14 - 00000000 ____D C:\FRST
2016-02-11 00:19 - 2015-01-04 21:01 - 00000803 _____ C:\Documents and Settings\Administrator\Desktop\Internet Explorer.lnk
2016-02-10 22:10 - 2016-02-10 22:10 - 00000000 ____D C:\WINDOWS\Tasks\ImCleanDisabled
2016-02-10 22:10 - 2016-02-10 22:10 - 00000000 ____D C:\WINDOWS\system32\winrm
2016-02-10 22:10 - 2016-02-10 22:10 - 00000000 ____D C:\WINDOWS\$NtUninstallKB968930$
2016-02-10 22:10 - 2016-02-10 22:10 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98}
2016-02-10 22:10 - 2016-02-10 22:10 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2016-02-10 22:10 - 2016-02-10 22:10 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\ProductData
2016-02-10 21:26 - 2016-02-10 21:28 - 00113666 _____ C:\WINDOWS\ntbtlog.txt
2016-02-10 21:08 - 2016-02-10 22:12 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-02-10 21:08 - 2016-02-10 21:08 - 00000730 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2016-02-10 21:08 - 2016-02-10 21:08 - 00000724 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2016-02-10 20:43 - 2016-02-10 21:34 - 00000000 ____D C:\AdwCleaner
2016-02-10 20:25 - 2016-02-10 20:28 - 00002868 _____ C:\Documents and Settings\Administrator\Desktop\Rkill.txt
2016-02-10 02:38 - 2016-02-10 03:24 - 00065536 _____ C:\WINDOWS\system32\config\WindowsPowerShell.evt
2016-02-10 02:38 - 2016-02-10 03:24 - 00065536 _____ C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2016-02-10 02:37 - 2016-02-10 02:37 - 18853888 _____ C:\WINDOWS\system32\config\software.iodefrag.bak
2016-02-10 02:37 - 2016-02-10 02:37 - 00356352 _____ C:\WINDOWS\system32\config\default.iodefrag.bak
2016-02-10 02:37 - 2016-02-10 02:37 - 00065536 _____ C:\WINDOWS\system32\config\SECURITY.iodefrag.bak
2016-02-10 02:37 - 2016-02-10 02:37 - 00024576 _____ C:\WINDOWS\system32\config\SAM.iodefrag.bak
2016-02-10 01:58 - 2016-02-10 21:37 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2808679$
2016-02-10 01:55 - 2016-02-10 21:38 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2492386$
2016-02-10 01:55 - 2011-10-28 09:07 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SET121.tmp
2016-02-10 01:53 - 2016-02-10 02:36 - 00065536 _____ C:\WINDOWS\system32\config\Windows .evt
2016-02-10 01:53 - 2016-02-10 02:36 - 00065536 _____ C:\WINDOWS\system32\config\Microsof.evt
2016-02-10 01:52 - 2016-02-10 21:38 - 00000000 __HDC C:\WINDOWS\$968930Uinstall_KB968930$
2016-02-10 01:52 - 2016-02-10 01:52 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2016-02-10 01:51 - 2016-02-10 01:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallbasecsp$
2016-02-10 01:50 - 2014-10-16 10:27 - 00023840 _____ (IObit) C:\WINDOWS\system32\RegistryDefragBootTime.exe
2016-02-10 01:35 - 2016-02-10 01:35 - 18853888 _____ C:\WINDOWS\system32\config\software.iobit
2016-02-10 01:35 - 2016-02-10 01:35 - 00356352 _____ C:\WINDOWS\system32\config\default.iobit
2016-02-10 01:35 - 2016-02-10 01:35 - 00065536 _____ C:\WINDOWS\system32\config\SECURITY.iobit
2016-02-10 01:35 - 2016-02-10 01:35 - 00024576 _____ C:\WINDOWS\system32\config\SAM.iobit
2016-02-10 01:27 - 2016-02-10 21:38 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ProductData
2016-02-10 01:25 - 2016-02-10 22:11 - 00000000 ____D C:\Program Files\Common Files\IObit
2016-02-10 01:20 - 2016-02-14 03:17 - 00000000 ____D C:\Program Files\IObit
2016-02-10 01:20 - 2016-02-10 21:38 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\IObit
2016-02-10 01:20 - 2016-02-10 21:38 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\IObit
2016-02-09 13:22 - 2016-02-09 13:18 - 00720085 _____ C:\Documents and Settings\Malwarebytes Anti-Malware\unins000.exe
2016-02-09 12:24 - 2016-02-09 12:24 - 00000702 _____ C:\Documents and Settings\All Users\Desktop\AVG 2015.lnk
2016-02-08 17:49 - 2016-02-10 22:11 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-02-06 14:47 - 2016-02-15 03:59 - 00000588 _____ C:\WINDOWS\Tasks\AVG-Secure-Search-Update_0116tb_rel.job
2016-02-06 14:36 - 2016-02-15 03:59 - 00000696 _____ C:\WINDOWS\Tasks\AVG_SYS_TASK_0116tb_VALID.job
2016-02-06 14:36 - 2016-02-15 03:59 - 00000502 _____ C:\WINDOWS\Tasks\AVG_SYS_TASK_0116tb_DELETE.job
2016-01-28 13:43 - 2016-01-28 17:51 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\AVG Web TuneUp
2016-01-28 13:41 - 2016-02-01 14:26 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG Web TuneUp
2016-01-28 13:40 - 2016-02-10 21:58 - 00000000 ____D C:\Program Files\AVG Web TuneUp
2016-01-25 21:39 - 2016-02-15 03:59 - 00000618 _____ C:\WINDOWS\Tasks\AVG_SYS_TASK_0116av.job
2016-01-25 21:36 - 2016-02-15 03:59 - 00000502 _____ C:\WINDOWS\Tasks\AVG_SYS_TASK_0116av_DELETE.job

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-15 04:15 - 2015-01-03 21:55 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-02-15 04:14 - 2014-12-27 05:36 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
2016-02-15 04:05 - 2015-07-18 03:15 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2016-02-15 04:00 - 2004-08-04 04:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2016-02-15 03:59 - 2015-05-29 00:58 - 00001090 _____ C:\WINDOWS\Tasks\LBXmZ6lEKyj5aYlpNsN8GcmXU.job
2016-02-15 03:59 - 2015-05-23 02:51 - 00001752 _____ C:\WINDOWS\Tasks\YOXALEU.job
2016-02-15 03:59 - 2015-01-04 21:01 - 00000238 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2016-02-15 03:59 - 2014-12-27 05:35 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-14 04:03 - 2014-12-27 05:36 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2016-02-14 04:03 - 2014-12-27 05:35 - 00032166 _____ C:\WINDOWS\SchedLgU.Txt
2016-02-14 03:31 - 2014-12-27 05:36 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents
2016-02-14 01:26 - 2014-12-27 05:36 - 00000000 ____D C:\Documents and Settings\Administrator
2016-02-14 00:44 - 2015-05-29 00:44 - 00000588 _____ C:\WINDOWS\Tasks\QLSXP.job
2016-02-12 23:57 - 2015-05-28 23:23 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-02-12 14:24 - 2015-01-17 02:20 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat
2016-02-11 12:15 - 2015-01-03 21:55 - 00796864 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-02-11 12:15 - 2015-01-03 21:55 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-02-10 22:11 - 2014-12-26 21:04 - 00000000 ___HD C:\WINDOWS\inf
2016-02-10 22:02 - 2015-07-18 03:21 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2016-02-10 21:44 - 2015-05-28 23:22 - 00000000 ____D C:\Documents and Settings\Malwarebytes Anti-Malware
2016-02-10 21:43 - 2015-07-20 13:53 - 00000000 ____D C:\Documents and Settings\Malwarebytes Anti-Malware\platforms
2016-02-10 21:43 - 2015-05-28 23:22 - 00000000 ____D C:\Documents and Settings\Malwarebytes Anti-Malware\Plugins
2016-02-10 21:43 - 2015-05-28 23:22 - 00000000 ____D C:\Documents and Settings\Malwarebytes Anti-Malware\imageformats
2016-02-10 21:43 - 2015-05-28 23:22 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2016-02-10 21:38 - 2014-12-26 21:04 - 00000000 RSHDC C:\WINDOWS\system32\dllcache
2016-02-10 21:34 - 2014-12-27 17:57 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\MPC-HC
2016-02-10 02:37 - 2014-12-27 05:35 - 00000000 __SHD C:\Documents and Settings\LocalService
2016-02-10 02:37 - 2014-12-27 05:32 - 00000000 __SHD C:\Documents and Settings\NetworkService
2016-02-10 02:36 - 2014-12-26 21:04 - 00000000 ____D C:\WINDOWS\security
2016-02-10 01:56 - 2015-01-04 18:13 - 00000000 ____D C:\WINDOWS\ie8updates
2016-02-10 01:56 - 2015-01-01 05:04 - 00000000 ___HD C:\WINDOWS\$hf_mig$
2016-02-10 01:53 - 2014-12-26 21:04 - 00000000 ____D C:\WINDOWS\Help
2016-02-10 01:27 - 2015-07-10 23:02 - 00014120 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2016-02-10 00:21 - 2015-01-16 04:31 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-02-10 00:21 - 2015-01-04 18:08 - 144254680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-02-09 13:23 - 2015-05-28 23:22 - 00093318 _____ C:\Documents and Settings\Malwarebytes Anti-Malware\unins000.dat
2016-02-09 13:23 - 2015-05-28 23:22 - 00000772 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2016-02-09 13:23 - 2015-05-28 23:22 - 00000000 ____D C:\Documents and Settings\Malwarebytes Anti-Malware\Languages
2016-02-08 16:41 - 2015-01-04 21:01 - 00000232 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2016-01-28 17:47 - 2015-01-04 17:52 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2757638$
2016-01-22 12:56 - 2015-06-10 16:38 - 00193456 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgmfx86.sys

==================== Files in the root of some directories =======

2015-04-14 09:28 - 2015-04-14 09:28 - 0004387 _____ () C:\Documents and Settings\Administrator\Application Data\LBXmZ6lEKyj5aYlpNsN8GcmXU
2015-03-09 14:30 - 2015-03-09 14:30 - 0005487 _____ () C:\Documents and Settings\Administrator\Application Data\YOXALEU
2015-05-24 23:02 - 2015-05-24 23:02 - 0000064 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\ab3acd04dfe0d0981345b5062bbe1323
2015-04-17 14:17 - 2016-01-04 03:54 - 0001324 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\d3d9caps.dat
2015-05-29 04:05 - 2015-09-10 04:02 - 0005632 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-29 04:13 - 2015-07-09 01:21 - 0000112 _____ () C:\Documents and Settings\All Users\Application Data\jQCqN3Y.dat

Files to move or delete:
====================
C:\Documents and Settings\Administrator\TempWmicBatchFile.bat
C:\Documents and Settings\Malwarebytes Anti-Malware\7z.dll
C:\Documents and Settings\Malwarebytes Anti-Malware\cloud-enumeration.dll
C:\Documents and Settings\Malwarebytes Anti-Malware\cloud.dll
C:\Documents and Settings\Malwarebytes Anti-Malware\mbam.dll
C:\Documents and Settings\Malwarebytes Anti-Malware\mbam.exe
C:\Documents and Settings\Malwarebytes Anti-Malware\mbamcore.dll
C:\Documents and Settings\Malwarebytes Anti-Malware\mbamdor.exe
C:\Documents and Settings\Malwarebytes Anti-Malware\mbamext.dll
C:\Documents and Settings\Malwarebytes Anti-Malware\mbampt.exe
C:\Documents and Settings\Malwarebytes Anti-Malware\mbamresearch.exe
C:\Documents and Settings\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Documents and Settings\Malwarebytes Anti-Malware\mbamservice.exe
C:\Documents and Settings\Malwarebytes Anti-Malware\mbamsrv.dll
C:\Documents and Settings\Malwarebytes Anti-Malware\msvcp100.dll
C:\Documents and Settings\Malwarebytes Anti-Malware\msvcr100.dll
C:\Documents and Settings\Malwarebytes Anti-Malware\Qt5Core.dll
C:\Documents and Settings\Malwarebytes Anti-Malware\Qt5Gui.dll
C:\Documents and Settings\Malwarebytes Anti-Malware\Qt5Network.dll
C:\Documents and Settings\Malwarebytes Anti-Malware\Qt5Widgets.dll
C:\Documents and Settings\Malwarebytes Anti-Malware\unins000.dat
C:\Documents and Settings\Malwarebytes Anti-Malware\unins000.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

 

 

New Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:07-02-2016
Ran by Administrator (2016-02-15 04:16:06)
Running from C:\Documents and Settings\Administrator\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2014-12-27 12:30:57)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-789336058-1085031214-1417001333-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Guest (S-1-5-21-789336058-1085031214-1417001333-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-789336058-1085031214-1417001333-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-789336058-1085031214-1417001333-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 20 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6189 - AVG Technologies)
AVG 2015 (Version: 15.0.4522 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.6189 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM\...\AVG Web TuneUp) (Version: 4.2.5.441 - AVG Technologies)
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
C-Major Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 42xx - SigmaTel)
Conexant D110 MDC V.92 Modem (HKLM\...\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1) (Version:  - )
Itibiti RTC (Version: 0.0.1 - Itibiti Inc) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 43.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 43.0.1 - Mozilla)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_0116tb_rel.job => C:\Documents and Settings\All Users\Application Data\Avg_Update_0116tb\AVG-Secure-Search-Update_0116tb.exe
Task: C:\WINDOWS\Tasks\AVG_SYS_TASK_0116av.job => C:\Documents and Settings\All Users\Application Data\Avg_Update_0116av\AVG-Secure-Search-Update_0116av.exe
Task: C:\WINDOWS\Tasks\AVG_SYS_TASK_0116av_DELETE.job => C:\Documents and Settings\All Users\Application Data\Avg_Update_0116av\AVG-Secure-Search-Update_0116av.exe
Task: C:\WINDOWS\Tasks\AVG_SYS_TASK_0116tb_DELETE.job => C:\Documents and Settings\All Users\Application Data\Avg_Update_0116tb\AVG-Secure-Search-Update_0116tb.exe
Task: C:\WINDOWS\Tasks\AVG_SYS_TASK_0116tb_VALID.job => C:\Documents and Settings\All Users\Application Data\Avg_Update_0116tb\AVG-Secure-Search-Update_0116tb.exe
Task: C:\WINDOWS\Tasks\LBXmZ6lEKyj5aYlpNsN8GcmXU.job => C:\Documents and Settings\Administrator\Application Data\LBXmZ6lEKyj5aYlpNsN8GcmXU.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\QLSXP.job => C:\Documents and Settings\All Users\Application Data\0f8be51fc7a84a16a49ae00b238d2a95\0f8be51fc7a84a16a49ae00b238d2a95.exe
Task: C:\WINDOWS\Tasks\YOXALEU.job => C:\Documents and Settings\Administrator\Application Data\YOXALEU.exe <==== ATTENTION

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-01-28 13:40 - 2016-02-01 14:22 - 01205832 _____ () C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmdb.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tammg119.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Itaampeafe => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\klmdb.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tammg119.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-789336058-1085031214-1417001333-500\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-789336058-1085031214-1417001333-500\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-789336058-1085031214-1417001333-500\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-789336058-1085031214-1417001333-500\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-789336058-1085031214-1417001333-500\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-789336058-1085031214-1417001333-500\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-789336058-1085031214-1417001333-500\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-789336058-1085031214-1417001333-500\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-789336058-1085031214-1417001333-500\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-789336058-1085031214-1417001333-500\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-789336058-1085031214-1417001333-500\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-789336058-1085031214-1417001333-500\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-789336058-1085031214-1417001333-500\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-789336058-1085031214-1417001333-500\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-789336058-1085031214-1417001333-500\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-789336058-1085031214-1417001333-500\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-789336058-1085031214-1417001333-500\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-789336058-1085031214-1417001333-500\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-789336058-1085031214-1417001333-500\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-789336058-1085031214-1417001333-500\...\100sexlinks.com -> 100sexlinks.com

There are 4788 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-04 04:00 - 2004-08-04 04:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-789336058-1085031214-1417001333-500\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 208.180.42.68 - 208.180.42.100
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2015\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2015\avgnsx.exe] => Enabled:Online Shield
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2015\avgdiagex.exe] => Enabled:AVG Diagnostics 2015
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2015\avgemcx.exe] => Enabled:Personal Email Scanner
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\GloballyOpenPorts: [5985:TCP] => Disabled:Windows Remote Management
StandardProfile\GloballyOpenPorts: [80:TCP] => Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

==================== Restore Points =========================

04-01-2016 16:46:36 System Checkpoint
05-01-2016 16:51:16 System Checkpoint
06-01-2016 16:52:06 System Checkpoint
07-01-2016 17:52:06 System Checkpoint
08-01-2016 18:52:07 System Checkpoint
13-01-2016 04:34:27 System Checkpoint
14-01-2016 00:00:32 Software Distribution Service 3.0
15-01-2016 00:35:02 System Checkpoint
16-01-2016 00:49:42 System Checkpoint
18-01-2016 01:40:29 System Checkpoint
19-01-2016 02:01:17 System Checkpoint
20-01-2016 02:38:19 System Checkpoint
21-01-2016 03:38:19 System Checkpoint
22-01-2016 04:21:26 System Checkpoint
23-01-2016 04:38:20 System Checkpoint
24-01-2016 05:38:19 System Checkpoint
25-01-2016 06:38:19 System Checkpoint
26-01-2016 07:38:20 System Checkpoint
28-01-2016 09:02:26 System Checkpoint
29-01-2016 09:55:22 System Checkpoint
30-01-2016 10:11:51 System Checkpoint
31-01-2016 11:11:50 System Checkpoint
09-02-2016 15:04:04 System Checkpoint
10-02-2016 00:03:42 Software Distribution Service 3.0
10-02-2016 00:17:08 Software Distribution Service 3.0
10-02-2016 01:51:30 Installed %1 %2.
10-02-2016 01:52:47 Installed %1 %2.
10-02-2016 01:55:38 Installed Windows XP KB2492386.
10-02-2016 01:57:03 Installed Windows XP KB2632503.
10-02-2016 01:58:20 Installed Windows XP KB2808679.
10-02-2016 21:12:55 Restore Operation
10-02-2016 21:17:40 Restore Operation
10-02-2016 21:22:50 Restore Operation
10-02-2016 22:15:49 Restore Operation
11-02-2016 23:09:42 System Checkpoint
12-02-2016 23:51:26 System Checkpoint
14-02-2016 00:50:19 System Checkpoint

==================== Faulty Device Manager Devices =============

Name: Video Controller (VGA Compatible)
Description: Video Controller (VGA Compatible)
Class Guid: {4D36E968-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : This device is not configured correctly. (Code1)
Resolution: You may be prompted to provide the path of the driver. Windows may have the driver built-in, or may still have the driver files installed from the last time that you set up the device. If you are asked for the driver and you do not have it, you can try to download the latest driver from the hardware vendor�s Web site.
In the device properties dialog box, click the "Driver" tab, and then click "Update Driver" to start the "Hardware Update Wizard". Follow the instructions to update the driver. If updating the driver does not work, see your hardware documentation for more information.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/20/2015 12:56:44 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (07/18/2015 08:24:58 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (07/16/2015 11:17:09 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (07/14/2015 05:15:03 PM) (Source: MsiInstaller) (EventID: 11704) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 4 Client Profile -- Error 1704. An installation for Microsoft .NET Framework 2.0 Service Pack 2 is currently suspended.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?(NULL)(NULL)(NULL)(NULL)

Error: (07/13/2015 11:25:23 PM) (Source: MsiInstaller) (EventID: 11705) (User: HOME-6225A9E2BF)
Description: Product: OpenOffice 4.1.1 -- Error 1705.A previous installation for this product is in progress.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?(NULL)(NULL)(NULL)(NULL)

Error: (07/12/2015 04:53:44 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (07/12/2015 02:59:44 PM) (Source: MsiInstaller) (EventID: 11704) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 2.0 Service Pack 2 -- Error 1704.An installation for Microsoft .NET Framework 4 Client Profile is currently suspended.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?(NULL)(NULL)(NULL)(NULL)

Error: (07/12/2015 02:13:44 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (07/11/2015 10:10:15 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (07/11/2015 09:19:49 PM) (Source: MsiInstaller) (EventID: 11704) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 4 Client Profile -- Error 1704. An installation for Microsoft .NET Framework 2.0 Service Pack 2 is currently suspended.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?(NULL)(NULL)(NULL)(NULL)


System errors:
=============
Error: (02/15/2016 04:00:17 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SASDIFSV
SASKUTIL

Error: (02/14/2016 03:13:52 AM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.0.4 for the Network Card with network address 00166F8FA020 has been
denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

Error: (02/14/2016 03:12:54 AM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.0.103 for the Network Card with network address 00166F8FA020 has been
denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

Error: (02/14/2016 03:12:17 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SASDIFSV
SASKUTIL

Error: (02/11/2016 07:35:12 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.0.2 for the Network Card with network address 00166F8FA020 has been
denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

Error: (02/11/2016 07:25:23 PM) (Source: 0) (EventID: 4199) (User: )
Description: 192.168.0.101CC:FA:00:A7:9C:89

Error: (02/11/2016 07:23:04 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.0.3 for the Network Card with network address 00166F8FA020 has been
denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

Error: (02/11/2016 06:06:23 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SASDIFSV
SASKUTIL

Error: (02/11/2016 03:58:02 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SASDIFSV
SASKUTIL

Error: (02/11/2016 12:20:08 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SASDIFSV
SASKUTIL


==================== Memory info ===========================

Processor:  Intel® Pentium® M processor 1.86GHz
Percentage of memory in use: 41%
Total physical RAM: 1535.36 MB
Available physical RAM: 894.82 MB
Total Virtual: 3431.29 MB
Available Virtual: 2859.47 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:37.26 GB) (Free:21.27 GB) NTFS ==>[drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 37.3 GB) (Disk ID: 38C738C7)
Partition 1: (Active) - (Size=37.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#11 satchfan

satchfan

  • Malware Response Team
  • 2,661 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:03:28 AM

Posted 15 February 2016 - 06:44 AM

Thanks but the fix has not been done.

 

Do you have a file called "Fixlist" on your desktop?


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#12 tshobie

tshobie
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 15 February 2016 - 06:49 AM

Yes



#13 satchfan

satchfan

  • Malware Response Team
  • 2,661 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:03:28 AM

Posted 15 February 2016 - 06:51 AM

Do you also have the FRST program still on your destop?


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#14 tshobie

tshobie
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 15 February 2016 - 06:52 AM

Not the program, AVG removed it.  Should I turn AVG off and do it again?



#15 satchfan

satchfan

  • Malware Response Team
  • 2,661 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:03:28 AM

Posted 15 February 2016 - 06:57 AM

Temporarily disable AVG and download FRST again from here, (remember, it MUST be saved to your desktop).

 

When you've done that, double-click on FRST to open the program then click Fix just once and wait
 - it will create a log (Fixlog.txt); please post it to your reply.


Edited by satchfan, 15 February 2016 - 06:57 AM.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users