Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Trojan Emotet

This is a discussion on Trojan Emotet within the Resolved HJT Threads forums, part of the Tech Support Forum category. I just ran MBAM on my Lenovo PC running on Win XP and it detected and quarantineed Trojan Emotet in


 
 
Thread Tools Search this Thread
Old 10-10-2017, 04:52 PM   #1
Registered Member
 
Join Date: Aug 2009
Location: montreal
Posts: 178
OS: WIN 7 PRO



I just ran MBAM on my Lenovo PC running on Win XP and it detected and quarantineed
Trojan Emotet in D:\WINDOWS\SYSTEM 32\wzcdlg.dll
MBAM, as i said, quarantinned it and asked me to reboot,PC was norticeably slower before but now appears OK.
Do i need to do anything else? I understood that this Trojan affects email.
bigalster is offline  
Sponsored Links
Advertisement
 
Old 10-10-2017, 06:24 PM   #2
Moderator, Editor, Articles Team
 
Deejay100six's Avatar
 
Join Date: Nov 2007
Location: Doncaster, Great Britain
Posts: 11,795
OS: Windows 7 Professional SP1

My System


Hi,

If you think you may be infected, please follow the instructions here > NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

Follow the instructions carefully and if you have any problems with them, let the analyst know in your thread.

Post your logs as per the instructions in the Virus/Trojan/Spyware Help forum........not here.

Be advised that this part of the forum is usually very busy so some patience will be required but someone will be along to assist you when they can.

Good luck.
__________________
Regards, Dave.


Submit New Articles Here

Help us to help you by posting your System Specs
Deejay100six is offline  
Old 10-10-2017, 07:39 PM   #3
Registered Member
 
Join Date: Aug 2009
Location: montreal
Posts: 178
OS: WIN 7 PRO



DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.51.2
Run by al at 22:31:10 on 2017-10-10
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1983.843 [GMT -4:00]
.
AV: Malwarebytes *Enabled/Updated* {D4AC7077-9720-47B0-8B38-DFAF3AA21DB6}
AV: Avast Antivirus *Disabled/Updated* {7591db91-41f0-48a3-b128-1a293fd8233d}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ================
.
D:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\AVAST Software\Avast\AvastSvc.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Java\jre7\bin\jqs.exe
D:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
D:\Program Files\Common Files\Motive\McciCMService.exe
D:\Program Files\Secunia\PSI\sua.exe
D:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
D:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\jmesoft\hotkey.exe
D:\WINDOWS\system32\VTTimer.exe
D:\Program Files\BellCanada\McciTrayApp.exe
D:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
D:\Program Files\Microsoft\BingBar\7.3.132.0\SeaPort.exe
D:\Program Files\AVAST Software\Avast\AvastUI.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe
D:\WINDOWS\system32\svchost.exe -k DcomLaunch
D:\WINDOWS\system32\svchost.exe -k rpcss
D:\WINDOWS\System32\svchost.exe -k netsvcs
D:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
D:\WINDOWS\system32\svchost.exe -k NetworkService
D:\WINDOWS\system32\svchost.exe -k LocalService
D:\WINDOWS\system32\svchost.exe -k imgsvc
D:\WINDOWS\System32\svchost.exe -k HTTPFilter
D:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://cnn.com/
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - d:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - d:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - d:\program files\microsoft\bingbar\7.3.132.0\BingExt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - d:\program files\java\jre7\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - d:\program files\microsoft\bingbar\7.3.132.0\BingExt.dll
mRun: [jmekey] d:\windows\jmesoft\hotkey.exe
mRun: [VTTimer] VTTimer.exe
mRun: [SunJavaUpdateSched] "d:\program files\common files\java\java update\jusched.exe"
mRun: [WD Quick View] d:\program files\western digital\wd quick view\WDDMStatus.exe
mRun: [BellCanada_McciTrayApp] "d:\program files\bellcanada\McciTrayApp.exe"
mRun: [AvastUI.exe] "d:\program files\avast software\avast\AvLaunch.exe" /gui
mRun: [Malwarebytes TrayApp] d:\program files\malwarebytes\anti-malware\mbamtray.exe
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-System: SoftwareSASGeneration = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - d:\program files\windows live\writer\WriterBrowserExtension.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {2DAD3559-2923-4935-AD49-B673D2539944} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1349404732234
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {9E2CD2C3-4DDA-4473-B904-B8E6D0DBAB86} - hxxp://consumersupport.lenovo.com/ot/en/SmartDownloading/cab/npdueng.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{1FC1E91E-3129-4DE0-92A8-5900CE8F207C} : DHCPNameServer = 192.168.2.1
Handler: livecall - <Clsid value has no data>
Handler: msnim - <Clsid value has no data>
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - d:\program files\common files\skype\Skype4COM.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - d:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "d:\program files\google\chrome\application\49.0.2623.112\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 0.0.0.0 fr.a2dfp.net
Hosts: 0.0.0.0 m.fr.a2dfp.net
Hosts: 0.0.0.0 mfr.a2dfp.net
Hosts: 0.0.0.0 ad.a8.net
Hosts: 0.0.0.0 asy.a8ww.net
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - d:\documents and settings\al\application data\mozilla\firefox\profiles\qsu81t11.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - CNN - Breaking News, Latest News and Videos
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&type=A111US1056&p=
FF - prefs.js: network.proxy.type - 0
FF - plugin: d:\documents and settings\al\application data\jpl-nasa-caltech\nasa's eyes\npNASAEyes.dll
FF - plugin: d:\documents and settings\al\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: d:\program files\common files\motive\npMotive.dll
FF - plugin: d:\program files\google\update\1.3.33.5\npGoogleUpdate3.dll
FF - plugin: d:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: d:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: d:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: d:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: d:\windows\system32\lenovo\update\npdueng.dll
FF - plugin: d:\windows\system32\macromed\flash\NPSWF32_27_0_0_130.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswbidsh;aswbidsh;\SystemRoot\\SystemRoot\system32\drivers\aswbidshx.sys --> \SystemRoot\\SystemRoot\system32\drivers\aswbidshx.sys [?]
R0 aswblog;aswblog;\SystemRoot\\SystemRoot\system32\drivers\aswblogx.sys --> \SystemRoot\\SystemRoot\system32\drivers\aswblogx.sys [?]
R0 aswbuniv;aswbuniv;\SystemRoot\\SystemRoot\system32\drivers\aswbunivx.sys --> \SystemRoot\\SystemRoot\system32\drivers\aswbunivx.sys [?]
R0 aswRvrt;aswRvrt;\SystemRoot\\SystemRoot\system32\drivers\aswRvrt.sys --> \SystemRoot\\SystemRoot\system32\drivers\aswRvrt.sys [?]
R0 aswVmm;aswVmm;\SystemRoot\\SystemRoot\system32\drivers\aswVmm.sys --> \SystemRoot\\SystemRoot\system32\drivers\aswVmm.sys [?]
R0 MBAMChameleon;MBAMChameleon;d:\windows\system32\drivers\MBAMChameleon.sys [2017-8-29 147232]
R0 MBAMSwissArmy;MBAMSwissArmy;d:\windows\system32\drivers\MBAMSwissArmy.sys [2017-8-5 221600]
R0 MxEFUF;Matrox Extio Upper Function Filter;d:\windows\system32\drivers\MxEFUF32.sys [2011-9-25 102728]
R0 RapportKELL;RapportKELL;d:\windows\system32\drivers\RapportKELL.sys [2017-8-25 263744]
R0 xfilt;VIA SATA IDE Hot-plug Driver;d:\windows\system32\drivers\xfilt.sys [2013-10-12 23192]
R1 aswbidsdriver;aswbidsdriver;d:\windows\system32\drivers\aswbidsdriverx.sys [2017-4-23 255624]
R1 aswSnx;aswSnx;d:\windows\system32\drivers\aswSnx.sys [2017-4-23 777952]
R1 aswSP;aswSP;d:\windows\system32\drivers\aswSP.sys [2017-4-23 499560]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;d:\windows\system32\drivers\mbae.sys [2017-8-5 59936]
R1 RapportAegle;RapportAegle;d:\program files\trusteer\rapport\bin\RapportAegle.sys [2017-8-25 203072]
R1 RapportCerberus_1804073;RapportCerberus_1804073;d:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_1804073.sys [2017-9-4 846472]
R1 RapportEI;RapportEI;d:\program files\trusteer\rapport\bin\RapportEI.sys [2017-8-25 334912]
R1 RapportPG;RapportPG;d:\program files\trusteer\rapport\bin\RapportPG.sys [2017-8-25 414432]
R2 aswMonFlt;aswMonFlt;d:\windows\system32\drivers\aswMonFlt.sys [2017-4-23 124952]
R2 avast! Antivirus;Avast Antivirus;d:\program files\avast software\avast\AvastSvc.exe [2017-10-4 281416]
R2 cpuz135;cpuz135;d:\windows\system32\drivers\cpuz135_x32.sys [2011-9-25 21992]
R2 MBAMService;Malwarebytes Service;d:\program files\malwarebytes\anti-malware\MBAMService.exe [2017-8-5 3398608]
R2 RapportMgmtService;Rapport Management Service;d:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2017-8-25 2350064]
R2 Secunia Update Agent;Secunia Update Agent;d:\program files\secunia\psi\sua.exe [2012-7-25 681056]
R2 WDDriveService;WD Drive Manager;d:\program files\western digital\wd drive manager\WDDriveService.exe [2014-6-2 295800]
R3 aswStmXP;aswStmXP;d:\windows\system32\drivers\aswStmXP.sys [2017-4-23 203848]
R3 BBUpdate;BBUpdate;d:\program files\microsoft\bingbar\7.3.132.0\SeaPort.EXE [2014-3-11 247968]
R3 MBAMProtection;MBAMProtection;d:\windows\system32\drivers\mbam.sys [2017-8-5 40352]
S2 BBSvc;BingBar Service;d:\program files\microsoft\bingbar\7.3.132.0\BBSvc.EXE [2014-3-11 193696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;d:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;d:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 aswbIDSAgent;aswbIDSAgent;d:\program files\avast software\avast\aswidsagent.exe [2017-10-4 5828816]
S3 aswHwid;aswHwid;d:\windows\system32\drivers\aswHwid.sys [2017-4-23 42856]
S3 DrvAgent32;DrvAgent32;d:\windows\system32\drivers\DrvAgent32.sys [2016-9-11 31832]
S3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;d:\windows\system32\drivers\libusb0.sys [2011-10-7 21504]
S3 PSI;PSI;d:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S3 RapportIaso;RapportIaso;d:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\39624\RapportIaso.sys [2012-5-28 21520]
S3 WDC_SAM;WD SCSI Pass Thru driver;d:\windows\system32\drivers\wdcsam.sys [2013-5-9 11520]
S3 WinRM;Windows Remote Management (WS-Management);d:\windows\system32\svchost.exe -k WINRM [2009-1-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;d:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S4 Secunia PSI Agent;Secunia PSI Agent;d:\program files\secunia\psi\psia.exe [2012-7-25 1326176]
.
=============== File Associations ===============
.
FileExt: .jse: JSEFile=NOTEPAD.EXE %1
FileExt: .wsf: WSFFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2017-09-27 02:55:35 3584 ----a-r- d:\documents and settings\al\application data\microsoft\installer\{121634b0-2f4b-11d3-ada3-00c04f52dd52}\Icon386ED4E3.exe
2017-09-27 02:55:35 -------- d-----w- d:\program files\Windows Installer Clean Up
2017-09-27 02:54:48 -------- d-----w- d:\program files\MSECACHE
2017-09-24 23:03:02 -------- d-----w- d:\documents and settings\al\local settings\application data\ESET
.
==================== Find3M ====================
.
2017-10-10 23:35:55 40352 ----a-w- d:\windows\system32\drivers\mbam.sys
2017-10-10 23:34:50 221600 ----a-w- d:\windows\system32\drivers\MBAMSwissArmy.sys
2017-10-04 13:26:01 203848 ----a-w- d:\windows\system32\drivers\aswStmXP.sys
2017-10-04 13:26:00 70864 ----a-w- d:\windows\system32\drivers\aswRvrt.sys
2017-10-04 13:26:00 42856 ----a-w- d:\windows\system32\drivers\aswHwid.sys
2017-10-04 13:26:00 297840 ----a-w- d:\windows\system32\drivers\aswVmm.sys
2017-10-04 13:26:00 124952 ----a-w- d:\windows\system32\drivers\aswMonFlt.sys
2017-10-04 13:25:37 777952 ----a-w- d:\windows\system32\drivers\aswSnx.sys
2017-10-04 13:25:33 50384 ----a-w- d:\windows\system32\drivers\aswbunivx.sys
2017-10-04 13:25:33 276736 ----a-w- d:\windows\system32\drivers\aswblogx.sys
2017-10-04 13:25:33 255624 ----a-w- d:\windows\system32\drivers\aswbidsdriverx.sys
2017-10-04 13:25:33 157416 ----a-w- d:\windows\system32\drivers\aswbidshx.sys
2017-09-26 00:19:16 803328 ----a-w- d:\windows\system32\FlashPlayerApp.exe
2017-09-26 00:19:16 144896 ----a-w- d:\windows\system32\FlashPlayerCPLApp.cpl
2017-08-29 13:07:03 147232 ----a-w- d:\windows\system32\drivers\MBAMChameleon.sys
2017-08-26 03:09:20 263744 ----a-w- d:\windows\system32\drivers\RapportKELL.sys
.
============= FINISH: 22:32:00.25 ===============
bigalster is offline  
Sponsored Links
Advertisement
 
Old 10-10-2017, 07:56 PM   #4
Registered Member
 
Join Date: Aug 2009
Location: montreal
Posts: 178
OS: WIN 7 PRO



i will now post attach.txt
Attached Files
File Type: txt attach.txt (501.5 KB, 13 views)
bigalster is offline  
Old 10-11-2017, 08:03 AM   #5
Team Manager - Hardware
Acting Manager, Security Center
 
Rich-M's Avatar
 
Join Date: May 2007
Location: NE Pennsylvania
Posts: 14,467
OS: Windows 10 Professional

My System


DeeJay meant for you to post here so our specialized help would see it readily so I moved it to the Virus and Spyware Forum for you as we wait for one to come along and help you and as said please be patient these folks are overworked and "under paid"!
__________________


All PC's are not the same. Posting your PC specs will help us to assist you quicker and more effectively.
Rich-M is offline  
Old 10-11-2017, 10:29 AM   #6
Registered Member
 
Join Date: Aug 2009
Location: montreal
Posts: 178
OS: WIN 7 PRO



Ok so i did post here like he instructed the DDS and the attach.txt,
I will be patient:)
bigalster is offline  
Old 10-13-2017, 07:05 PM   #7
Registered Member
 
Join Date: Aug 2009
Location: montreal
Posts: 178
OS: WIN 7 PRO



"BUMP, please"
bigalster is offline  
Old 10-15-2017, 12:39 PM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Remember this conversation about 2 weeks ago?

Quote:
you are running XP Pro, an outdated OS that no longer receives Windows Updates, which means your machine will ALWAYS be susceptible to infection.

Don't take this the wrong way, but it is pretty much a waste of time cleaning machines with out of date operating systems.
We cannot repeatedly clean the same users machine.

------------------------------------------------------

You still have 2 antivirus applications installed. Pick one to keep and uninstall the other one.

------------------------------------------------------

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software, i.e. Avast, now to avoid potential conflicts.
  • Run the tool by double-clicking JRT.exe. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-click JRT.exe and select 'Run as administrator'.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • When you close the log, the command window will disappear. Then close your 'My Documents' folder.
  • Post the contents of JRT.txt into your next message.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • It also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-15-2017, 01:38 PM   #9
Registered Member
 
Join Date: Aug 2009
Location: montreal
Posts: 178
OS: WIN 7 PRO



Hi Chemist, yeah i hear you.This is it.I am about to purchase new 4-core machine at end of this month or next,for sure,but until then this is my last swan song with XP.
Also posted elsewhere that when i click on browser Firefox it isn't always opening forcing me to reboot and then it works.So far this afternoon and past several hours no problem but this isn't what's been the norm lately. So it might have something to do with same issues we are trying to tackle here,i dunno, you would be better judge of that. So for the record this is my last request for help on XP.
Here are log files as requested:

Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Microsoft Windows XP x86
Ran by al (Administrator) on Sun 10/15/2017 at 16:18:15.73
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 1

Successfully deleted: D:\Documents and Settings\al\Local Settings\Application Data\slimware utilities inc (Folder)

user_pref(browser.search.defaultenginename, Secure Search);
user_pref(browser.search.order.1, Secure Search);
user_pref(browser.search.selectedEngine, Secure Search);



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 10/15/2017 at 16:21:38.62
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-10-2017
Ran by al (administrator) on AL-2EE23B0BE121 (15-10-2017 16:24:09)
Running from D:\Documents and Settings\al\My Documents\Downloads
Loaded Profiles: al (Available Profiles: al & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) D:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Malwarebytes) D:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) D:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(AVAST Software) D:\Program Files\AVAST Software\Avast\avastui.exe
(Mozilla Corporation) D:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [jmekey] => D:\WINDOWS\jmesoft\hotkey.exe [114688 2010-12-21] (Lenovo)
HKLM\...\Run: [VTTimer] => D:\WINDOWS\system32\VTTimer.exe [53248 2013-10-12] (S3 Graphics, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => D:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [WD Quick View] => D:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-05-09] (Western Digital Technologies, Inc.)
HKLM\...\Run: [BellCanada_McciTrayApp] => D:\Program Files\BellCanada\McciTrayApp.exe [1564160 2012-11-29] (Alcatel-Lucent)
HKLM\...\Run: [AvastUI.exe] => D:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-10-04] (AVAST Software)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - D:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
ShellExecuteHooks: No Name - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - -> No File
BootExecute: autocheck autochk *
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{1FC1E91E-3129-4DE0-92A8-5900CE8F207C}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-682003330-2139871995-1801674531-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-682003330-2139871995-1801674531-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://cnn.com/
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-682003330-2139871995-1801674531-1004 -> {FA3CAAC7-4CBB-47AD-A90B-B008EAF73DDF} URL = hxxp://www.bing.com/search?q={searchTerms}&form=B8MCDF&pc=B8MC&src=IE-SearchBox
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> D:\Program Files\Java\jre7\bin\ssv.dll [2013-12-18] (Oracle Corporation)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> D:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> D:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-12-18] (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - D:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
DPF: {2DAD3559-2923-4935-AD49-B673D2539944} hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {9E2CD2C3-4DDA-4473-B904-B8E6D0DBAB86} hxxp://consumersupport.lenovo.com/ot/en/SmartDownloading/cab/npdueng.cab
Handler: livecall - No CLSID Value -
Handler: msnim - No CLSID Value -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF DefaultProfile: qsu81t11.default
FF ProfilePath: D:\Documents and Settings\al\Application Data\Mozilla\Firefox\Profiles\qsu81t11.default [2017-10-15]
FF DefaultSearchEngine: D:\Documents and Settings\al\Application Data\Mozilla\Firefox\Profiles\qsu81t11.default -> Secure Search
FF SearchEngineOrder.1: D:\Documents and Settings\al\Application Data\Mozilla\Firefox\Profiles\qsu81t11.default -> Secure Search
FF SelectedSearchEngine: D:\Documents and Settings\al\Application Data\Mozilla\Firefox\Profiles\qsu81t11.default -> Secure Search
FF Homepage: D:\Documents and Settings\al\Application Data\Mozilla\Firefox\Profiles\qsu81t11.default -> CNN - Breaking News, Latest News and Videos
FF Keyword.URL: D:\Documents and Settings\al\Application Data\Mozilla\Firefox\Profiles\qsu81t11.default -> hxxp://search.yahoo.com/search?fr=mcafee&type=A111US1056&p=
FF NetworkProxy: D:\Documents and Settings\al\Application Data\Mozilla\Firefox\Profiles\qsu81t11.default -> type", 0
FF Extension: (YouTube™ Flash® Player) - D:\Documents and Settings\al\Application Data\Mozilla\Firefox\Profiles\qsu81t11.default\Extensions\[email protected] [2017-08-19]
FF Extension: (uBlock Origin) - D:\Documents and Settings\al\Application Data\Mozilla\Firefox\Profiles\qsu81t11.default\Extensions\[email protected] [2017-10-09]
FF Extension: (__MSG_appName__) - D:\Documents and Settings\al\Application Data\Mozilla\Firefox\Profiles\qsu81t11.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}.xpi [2017-10-03]
FF Extension: (Adblock Plus) - D:\Documents and Settings\al\Application Data\Mozilla\Firefox\Profiles\qsu81t11.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-09]
FF ProfilePath: D:\Documents and Settings\al\Application Data\Mozilla\Firefox\Profiles\kw8swtpj.default-1496952744468 [2017-09-21]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - d:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - d:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-09-25] [not signed]
FF SearchPlugin: D:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2016-04-15]
FF Plugin: @Adobe.com/FlashPlayer -> D:\WINDOWS\system32\Macromed\Flash\NPSWF32_27_0_0_159.dll [2017-10-11] ()
FF Plugin: @Java.com/DTPlugin,version=10.51.2 -> D:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-12-18] (Oracle Corporation)
FF Plugin: @Java.com/JavaPlugin,version=10.51.2 -> D:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-12-18] (Oracle Corporation)
FF Plugin: @lenovo.com/dueng,version=2.0 -> D:\WINDOWS\system32\lenovo\update\npdueng.dll [2010-05-28] (Lenovo)
FF Plugin: @microsoft.com/NpCtrl,version=1.0 -> d:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> D:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> d:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 -> D:\Program Files\Common Files\Motive\npMotive.dll [2012-11-29] (Alcatel-Lucent)
FF Plugin: @tools.google.com/Google Update;version=3 -> D:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> D:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin HKU\S-1-5-21-682003330-2139871995-1801674531-1004: @unity3d.com/UnityPlayer,version=1.0 -> D:\Documents and Settings\al\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll [2011-09-13] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-682003330-2139871995-1801674531-1004: jpl.nasa.gov/NASAEyes -> D:\Documents and Settings\al\Application Data\JPL-NASA-Caltech\NASA's Eyes\npNASAEyes.dll [2016-06-29] (Jet Propulsion Laboratory)
FF Plugin ProgramFiles/Appdata: D:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: D:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2012-12-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: D:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2012-12-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: D:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2012-12-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: D:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2012-12-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: D:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2012-12-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: D:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2012-12-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: D:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2012-12-28] (Apple Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://cnn.com/"
CHR DefaultSearchURL: Default -> hxxp://search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=902615&p={searchTerms}
CHR DefaultSearchKeyword: Default -> yahoo.com
CHR DefaultSuggestURL: Default -> hxxp://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
CHR Profile: D:\Documents and Settings\al\Local Settings\Application Data\Google\Chrome\User Data\Default [2017-09-21]
CHR Extension: (AdBlock) - D:\Documents and Settings\al\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-08-16]
CHR Extension: (Chrome Web Store Payments) - D:\Documents and Settings\al\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR HKLM\...\Chrome\Extension: [fagakgcelolinfnkfgekcnedpaklfcok] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; D:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-10-11] (Adobe Systems Incorporated) [File not signed]
S3 aswbIDSAgent; D:\Program Files\AVAST Software\Avast\aswidsagent.exe [5828816 2017-10-04] (AVAST Software s.r.o.)
R2 avast! Antivirus; D:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-10-04] (AVAST Software)
S2 JavaQuickStarterService; D:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation)
R2 MBAMService; D:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4430792 2017-08-07] (Malwarebytes)
S2 McciCMService; D:\Program Files\Common Files\Motive\McciCMService.exe [319488 2012-11-29] (Alcatel-Lucent) [File not signed]
S2 RapportMgmtService; D:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [2350064 2017-08-25] (IBM Corp.)
S4 Secunia PSI Agent; D:\Program Files\Secunia\PSI\PSIA.exe [1326176 2012-07-25] (Secunia)
S2 Secunia Update Agent; D:\Program Files\Secunia\PSI\sua.exe [681056 2012-07-25] (Secunia)
S2 WDDriveService; D:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [295800 2014-05-09] (Western Digital Technologies, Inc.)
S3 WmdmPmSN; C:\WINDOWS\system32\mspmsnsv.dll [27136 2009-05-23] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ALCXWDM; D:\WINDOWS\System32\drivers\ALCXWDM.SYS [4019072 2006-09-20] (Realtek Semiconductor Corp.)
R1 AmdPPM; D:\WINDOWS\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices)
R1 aswbidsdriver; D:\WINDOWS\system32\drivers\aswbidsdriverx.sys [255624 2017-10-04] (AVAST Software s.r.o.)
R0 aswbidsh; D:\WINDOWS\system32\drivers\aswbidshx.sys [157416 2017-10-04] (AVAST Software s.r.o.)
R0 aswblog; D:\WINDOWS\system32\drivers\aswblogx.sys [276736 2017-10-04] (AVAST Software s.r.o.)
R0 aswbuniv; D:\WINDOWS\system32\drivers\aswbunivx.sys [50384 2017-10-04] (AVAST Software s.r.o.)
S3 aswHwid; D:\WINDOWS\system32\drivers\aswHwid.sys [42856 2017-10-04] (AVAST Software)
R2 aswMonFlt; D:\WINDOWS\system32\drivers\aswMonFlt.sys [124952 2017-10-04] (AVAST Software)
R1 aswRdr; D:\WINDOWS\system32\drivers\aswRdr.sys [70112 2017-10-04] (AVAST Software)
R0 aswRvrt; D:\WINDOWS\system32\drivers\aswRvrt.sys [70864 2017-10-04] (AVAST Software)
R1 aswSnx; D:\WINDOWS\system32\drivers\aswSnx.sys [777952 2017-10-04] (AVAST Software)
R1 aswSP; D:\WINDOWS\system32\drivers\aswSP.sys [499560 2017-10-04] (AVAST Software)
R3 aswStmXP; D:\WINDOWS\system32\drivers\aswStmXP.sys [203848 2017-10-04] (AVAST Software)
R0 aswVmm; D:\WINDOWS\system32\drivers\aswVmm.sys [297840 2017-10-04] (AVAST Software)
S3 CCDECODE; D:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R1 ESProtectionDriver; D:\WINDOWS\system32\drivers\mbae.sys [59904 2017-10-04] ()
R3 FET5X86V; D:\WINDOWS\System32\DRIVERS\fetnd5bv.sys [48128 2011-04-01] (VIA Technologies, Inc. )
S3 FETNDIS; D:\WINDOWS\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc. )
S3 libusb0; D:\WINDOWS\System32\drivers\libusb0.sys [21504 2011-10-07] (hxxp://libusb-win32.sourceforge.net) [File not signed]
R3 LVPr2Mon; D:\WINDOWS\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()
S3 mbamchameleon; D:\WINDOWS\system32\drivers\mbamchameleon.sys [150816 2017-10-11] (Malwarebytes)
R3 MBAMProtection; D:\WINDOWS\system32\drivers\mbam.sys [40384 2017-10-15] (Malwarebytes)
R3 MBAMSwissArmy; D:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [221112 2017-10-15] (Malwarebytes)
S3 MREMP50; D:\Program Files\Common Files\Motive\MREMP50.sys [21248 2012-11-29] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; D:\Program Files\Common Files\Motive\MRESP50.sys [20096 2012-11-29] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R0 MxEFUF; D:\WINDOWS\System32\DRIVERS\MxEFUF32.sys [102728 2010-11-04] (Matrox Graphics Inc.)
S3 NdisIP; D:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S3 PID_PEPI; D:\WINDOWS\System32\DRIVERS\LV302V32.SYS [2687512 2009-04-30] (Logitech Inc.)
S3 PSI; D:\WINDOWS\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)
R1 RapportAegle; D:\Program Files\Trusteer\Rapport\bin\RapportAegle.sys [203072 2017-08-25] (IBM Corp.)
R1 RapportCerberus_1804073; D:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_1804073.sys [846472 2017-09-04] (IBM Corp.)
R1 RapportEI; D:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [334912 2017-08-25] (IBM Corp.)
S3 RapportIaso; d:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\39624\rapportiaso.sys [21520 2012-05-28] (Trusteer Ltd.)
R0 RapportKELL; D:\WINDOWS\System32\Drivers\RapportKELL.sys [263744 2017-08-25] (IBM Corp.)
R1 RapportPG; D:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [414432 2017-08-25] (IBM Corp.)
R3 viagfx; D:\WINDOWS\System32\DRIVERS\vtmini.sys [283904 2013-10-12] (Copyright (C) VIA/S3 Graphics Co, Ltd.)
R0 videX32; D:\WINDOWS\System32\DRIVERS\videX32.sys [13976 2013-10-12] (VIA Technologies, Inc.)
R0 xfilt; D:\WINDOWS\System32\DRIVERS\xfilt.sys [23192 2013-10-12] (VIA Technologies, Inc.)
S3 catchme; \??\D:\DOCUME~1\al\LOCALS~1\Temp\catchme.sys [X]
S4 IntelIde; no ImagePath
S3 MREMPR5; \??\D:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\D:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
U5 Sdbus; D:\Windows\System32\Drivers\Sdbus.sys [80256 2009-05-23] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-15 16:24 - 2017-10-15 16:24 - 000000000 ____D D:\FRST
2017-10-15 16:21 - 2017-10-15 16:21 - 000000846 _____ D:\Documents and Settings\al\Desktop\JRT.txt
2017-10-12 21:42 - 2017-10-12 21:42 - 000000000 ____D D:\Documents and Settings\al\My Documents\My Filehippo Downloads
2017-10-11 13:46 - 2017-10-15 10:51 - 000040384 _____ (Malwarebytes) D:\WINDOWS\system32\Drivers\mbam.sys
2017-10-11 13:39 - 2017-10-11 13:39 - 000150816 _____ (Malwarebytes) D:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-10-11 13:37 - 2017-10-15 10:51 - 000221112 _____ (Malwarebytes) D:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-10-11 13:36 - 2017-10-11 13:36 - 000001730 _____ D:\Documents and Settings\All Users\Desktop\Malwarebytes.lnk
2017-10-11 13:36 - 2017-10-11 13:36 - 000000000 ____D D:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes
2017-10-11 13:36 - 2017-10-11 13:36 - 000000000 ____D D:\Documents and Settings\All Users\Application Data\Malwarebytes
2017-10-11 13:36 - 2017-10-04 13:15 - 000059904 _____ D:\WINDOWS\system32\Drivers\mbae.sys
2017-10-10 23:28 - 2017-10-10 23:28 - 000000000 ____D D:\Documents and Settings\al\Local Settings\Application Data\AVAST Software
2017-10-10 22:32 - 2017-10-10 22:51 - 000513497 _____ D:\Documents and Settings\al\Desktop\attach.txt
2017-10-10 22:32 - 2017-10-10 22:32 - 000013024 _____ D:\Documents and Settings\al\Desktop\dds.txt
2017-10-04 09:26 - 2017-10-04 09:25 - 000304816 _____ (AVAST Software) D:\WINDOWS\system32\aswBoot.exe
2017-09-26 22:55 - 2017-10-11 00:01 - 000002321 _____ D:\Documents and Settings\al\Start Menu\Programs\Windows Install Clean Up.lnk
2017-09-26 22:55 - 2017-09-26 22:55 - 000000000 ____D D:\Program Files\Windows Installer Clean Up
2017-09-26 22:54 - 2017-09-26 22:54 - 000000000 ____D D:\Program Files\MSECACHE
2017-09-26 19:35 - 2017-09-26 19:35 - 000000000 __HDC D:\WINDOWS\$NtUninstallKB4025218$
2017-09-26 19:31 - 2017-09-26 19:31 - 000001374 _____ D:\WINDOWS\imsins.BAK
2017-09-26 19:31 - 2017-09-26 19:31 - 000000000 __HDC D:\WINDOWS\$NtUninstallKB4022747$
2017-09-26 13:23 - 2017-09-26 13:23 - 000000931 _____ D:\Documents and Settings\al\Desktop\Shortcut to ATF-Cleaner(1).exe.lnk
2017-09-24 23:35 - 2017-09-24 23:35 - 000006957 _____ D:\Documents and Settings\al\My Documents\fix.bat
2017-09-24 19:03 - 2017-09-24 19:03 - 000000000 ____D D:\Documents and Settings\al\Local Settings\Application Data\ESET
2017-09-22 05:10 - 2017-09-22 05:10 - 000119744 _____ D:\WINDOWS\system32\FNTCACHE.DAT
2017-09-21 09:44 - 2017-09-21 09:44 - 000020024 _____ D:\Documents and Settings\al\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-15 16:24 - 2013-03-04 21:21 - 000000000 ____D D:\Documents and Settings\al\Local Settings\temp
2017-10-15 16:14 - 2013-10-22 15:44 - 000000830 _____ D:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-10-15 15:29 - 2012-11-06 14:22 - 000000886 _____ D:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-10-15 13:14 - 2011-09-24 22:53 - 000032548 _____ D:\WINDOWS\SchedLgU.Txt
2017-10-15 10:49 - 2009-01-04 18:45 - 000013646 _____ D:\WINDOWS\system32\wpa.dbl
2017-10-15 10:48 - 2017-04-23 10:01 - 000000358 ____H D:\WINDOWS\Tasks\Avast Emergency Update.job
2017-10-15 10:48 - 2014-03-21 09:39 - 000000216 _____ D:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2017-10-15 10:48 - 2012-11-06 14:22 - 000000882 _____ D:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-10-15 10:48 - 2011-09-24 22:53 - 000000006 ____H D:\WINDOWS\Tasks\SA.DAT
2017-10-15 10:47 - 2011-09-24 22:55 - 000000178 ___SH D:\Documents and Settings\al\ntuser.ini
2017-10-15 10:47 - 2011-09-24 22:55 - 000000000 ____D D:\Documents and Settings\al
2017-10-14 10:15 - 2013-03-06 13:06 - 000000000 ____D D:\Documents and Settings\All Users\Application Data\TEMP
2017-10-14 10:14 - 2017-03-31 09:35 - 000040924 __RSH D:\Documents and Settings\All Users\ntuser.pol
2017-10-14 10:14 - 2012-09-21 21:44 - 000000000 ____D D:\Program Files\SpywareBlaster
2017-10-14 10:14 - 2011-09-24 18:22 - 000000000 ____D D:\Documents and Settings\All Users
2017-10-12 11:56 - 2011-09-24 18:19 - 000000000 ___HD D:\WINDOWS\inf
2017-10-11 13:36 - 2017-01-29 15:42 - 000000000 ____D D:\Program Files\Malwarebytes
2017-10-11 09:14 - 2013-10-22 15:44 - 000803328 _____ (Adobe Systems Incorporated) D:\WINDOWS\system32\FlashPlayerApp.exe
2017-10-11 09:14 - 2013-10-22 15:44 - 000144896 _____ (Adobe Systems Incorporated) D:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2017-10-11 09:14 - 2011-09-24 22:47 - 000000000 ____D D:\WINDOWS\system32\Macromed
2017-10-08 15:00 - 2014-03-21 09:39 - 000000210 _____ D:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2017-10-04 09:26 - 2017-04-23 10:00 - 000499560 _____ (AVAST Software) D:\WINDOWS\system32\Drivers\aswSP.sys
2017-10-04 09:26 - 2017-04-23 10:00 - 000297840 _____ (AVAST Software) D:\WINDOWS\system32\Drivers\aswVmm.sys
2017-10-04 09:26 - 2017-04-23 10:00 - 000203848 _____ (AVAST Software) D:\WINDOWS\system32\Drivers\aswStmXP.sys
2017-10-04 09:26 - 2017-04-23 10:00 - 000124952 _____ (AVAST Software) D:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-10-04 09:26 - 2017-04-23 10:00 - 000070864 _____ (AVAST Software) D:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-10-04 09:26 - 2017-04-23 10:00 - 000070112 _____ (AVAST Software) D:\WINDOWS\system32\Drivers\aswRdr.sys
2017-10-04 09:26 - 2017-04-23 10:00 - 000042856 _____ (AVAST Software) D:\WINDOWS\system32\Drivers\aswHwid.sys
2017-10-04 09:26 - 2016-05-04 08:50 - 000000000 ____D D:\Documents and Settings\All Users\Application Data\AVAST Software
2017-10-04 09:25 - 2017-04-23 10:00 - 000777952 _____ (AVAST Software) D:\WINDOWS\system32\Drivers\aswSnx.sys
2017-10-04 09:25 - 2017-04-23 10:00 - 000276736 _____ (AVAST Software s.r.o.) D:\WINDOWS\system32\Drivers\aswblogx.sys
2017-10-04 09:25 - 2017-04-23 10:00 - 000255624 _____ (AVAST Software s.r.o.) D:\WINDOWS\system32\Drivers\aswbidsdriverx.sys
2017-10-04 09:25 - 2017-04-23 10:00 - 000157416 _____ (AVAST Software s.r.o.) D:\WINDOWS\system32\Drivers\aswbidshx.sys
2017-10-04 09:25 - 2017-04-23 10:00 - 000050384 _____ (AVAST Software s.r.o.) D:\WINDOWS\system32\Drivers\aswbunivx.sys
2017-09-30 09:08 - 2012-12-10 00:15 - 000000000 ____D D:\Program Files\Mozilla Maintenance Service
2017-09-29 12:33 - 2017-08-08 11:05 - 000000000 ____D D:\Program Files\Mozilla Firefox
2017-09-26 19:35 - 2011-09-24 18:19 - 000000000 RSHDC D:\WINDOWS\system32\dllcache
2017-09-26 19:28 - 2011-09-24 23:08 - 000000000 ___HD D:\WINDOWS\$hf_mig$
2017-09-26 15:18 - 2011-10-05 21:55 - 000000000 ____D D:\Program Files\Common Files\Adobe
2017-09-26 15:18 - 2011-10-05 21:53 - 000000000 ____D D:\Documents and Settings\All Users\Application Data\Adobe
2017-09-25 20:18 - 2014-09-01 09:56 - 000000000 ____D D:\Documents and Settings\al\Local Settings\Application Data\Adobe
2017-09-15 10:43 - 2009-01-04 18:44 - 000498670 _____ D:\WINDOWS\system32\Drivers\etc\HOSTS.MVP

==================== Files in the root of some directories =======

2011-11-29 18:52 - 2012-12-28 13:26 - 000000770 _____ () D:\Documents and Settings\al\Application Data\Rim.Desktop.Exception.log
2011-11-29 18:51 - 2013-02-20 16:36 - 000002745 _____ () D:\Documents and Settings\al\Application Data\Rim.Desktop.HttpServerSetup.log
2011-11-29 18:54 - 2012-12-28 13:26 - 000000847 _____ () D:\Documents and Settings\al\Application Data\Rim.DesktopHelper.Exception.log

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

D:\WINDOWS\explorer.exe => File is digitally signed
D:\WINDOWS\system32\winlogon.exe => File is digitally signed
D:\WINDOWS\system32\svchost.exe => File is digitally signed
D:\WINDOWS\system32\services.exe => File is digitally signed
D:\WINDOWS\system32\User32.dll => File is digitally signed
D:\WINDOWS\system32\userinit.exe => File is digitally signed
D:\WINDOWS\system32\rpcss.dll => File is digitally signed
D:\WINDOWS\system32\dnsapi.dll => File is digitally signed
D:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-10-2017
Ran by al (15-10-2017 16:25:19)
Running from D:\Documents and Settings\al\My Documents\Downloads
Microsoft Windows XP Professional Service Pack 3 (X86) (2011-09-25 02:52:03)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-682003330-2139871995-1801674531-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator.AL-2EE23B0BE121
al (S-1-5-21-682003330-2139871995-1801674531-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\al
ASPNET (S-1-5-21-682003330-2139871995-1801674531-1003 - Limited - Enabled)
Guest (S-1-5-21-682003330-2139871995-1801674531-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-682003330-2139871995-1801674531-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-682003330-2139871995-1801674531-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {D4AC7077-9720-47B0-8B38-DFAF3AA21DB6}
AV: Avast Antivirus (Disabled - Up to date) {7591db91-41f0-48a3-b128-1a293fd8233d}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall (Disabled) {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

%WS4_ARP_DISPLAY% (HKLM\...\KB940157) (Version: 04.00.6001.503 - ) Hidden
Adobe Flash Player 27 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 27.0.0.159 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 27.0.0.159 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM\...\{39EA6AA6-F891-4D70-867D-839DA49948D2}) (Version: 12.2.9.199 - Adobe Systems, Inc)
Akamai NetSession Interface (HKU\S-1-5-21-682003330-2139871995-1801674531-1004\...\Akamai) (Version: - )
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 17.7.2314 - AVAST Software)
Bell Internet Check-up (HKLM\...\BellCanada) (Version: - )
Bing Bar (HKLM\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
BlitzIn 3.11 (HKLM\...\BlitzIn 3.11) (Version: - Internet Chess Club)
CAM UnZip 4.5 (HKLM\...\CUZ4_is1) (Version: - CAM Development)
Canon MP500 (HKLM\...\{BA4DF4C3-196E-4128-969A-00996B5A46F8}) (Version: - )
ChessBase 10 (HKLM\...\{CF652E2D-6128-49E9-833E-F131C4FC42CA}) (Version: 10 - ChessBase)
ChessBase 10 (HKLM\...\{D5B11428-F4C4-4FC2-AF89-4D2163BD1D28}) (Version: 10 - ChessBase) Hidden
ChessBase Reader (HKLM\...\{52A3CA50-6E19-40B2-AD6D-2B7B2D89A8E4}) (Version: 12.44.0.0 - ChessBase)
CPUID CPU-Z 1.70 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
Dasher (HKLM\...\Dasher) (Version: - Internet Chess Club)
Deep Rybka 3 (HKLM\...\{AE8A1CE1-EFBD-4ED9-9672-A50DB2D944E5}) (Version: 3.0 - ChessBase) Hidden
Easy-WebPrint (HKLM\...\Easy-WebPrint) (Version: - )
FileHippo App Manager (HKLM\...\FileHippo.com) (Version: - FileHippo.com)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
ICC for Windows 1.0 beta 9.8.8 (HKLM\...\{CFF71C5A-D887-429C-A1F6-FD395C1823E8}_is1) (Version: 1.0 - Internet Chess Club, Inc.)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Junk Mail filter update (HKLM\...\{8E5233E1-7495-44FB-8DEB-4BE906D59619}) (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Kobo (HKLM\...\Kobo) (Version: /Qt-5.2.0 - Kobo Inc.)
LENOVO OKE FN PS2 KEYBOARD (HKLM\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V6.3.1221 - Lenovo)
Logitech Vid HD (HKLM\...\Logitech Vid) (Version: 7.2 (7259) - Logitech Inc..)
Logitech Webcam Software (HKLM\...\{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}) (Version: 12.10.1113 - Logitech Inc.)
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 52.4.0 ESR (x86 en-US) (HKLM\...\Mozilla Firefox 52.4.0 ESR (x86 en-US)) (Version: 52.4.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.4.0.6473 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) Hidden
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Octoshape add-in for Adobe Flash Player (HKU\S-1-5-21-682003330-2139871995-1801674531-1004\...\Octoshape add-in for Adobe Flash Player) (Version: - )
PlayChess (HKLM\...\PlayChess) (Version: - ChessBase GmbH)
Rapport (HKLM\...\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}) (Version: 3.5.1804.152 - Trusteer) Hidden
Realtek AC'97 Audio (HKLM\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version: 5.28 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.6418 - Realtek Semiconductor Corp.)
Secunia PSI (3.0.0.3001) (HKLM\...\Secunia PSI) (Version: 3.0.0.3001 - Secunia)
Segoe UI (HKLM\...\{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}) (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
SpywareBlaster 5.5 (HKLM\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Trusteer Endpoint Protection (HKLM\...\Rapport_msi) (Version: 3.5.1804.152 - Trusteer)
Unity Web Player (HKU\S-1-5-21-682003330-2139871995-1801674531-1004\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
VIA Rhine-Family Fast-Ethernet Adapter (HKLM\...\VN_VUIns_Rhine_VIA) (Version: - )
WD Quick View (HKLM\...\{F181233F-67DF-4995-A159-EB81F2B5500B}) (Version: 2.4.0.39 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM\...\{9af08980-8d36-4304-a8d0-53dc0c7d93a5}) (Version: 2.4.0.39 - Western Digital Technologies, Inc.)
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Installer Clean Up (HKLM\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-682003330-2139871995-1801674531-1004_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> D:\Documents and Settings\al\Local Settings\Application Data\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-682003330-2139871995-1801674531-1004_Classes\CLSID\{449CFB1B-1C07-48EA-9A9A-7A7881C2B49B}\InprocServer32 -> D:\Documents and Settings\al\Local Settings\Application Data\Dropbox\Update\1.3.59.1\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-682003330-2139871995-1801674531-1004_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> D:\Documents and Settings\al\Local Settings\Application Data\Dropbox\Update\1.3.59.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-682003330-2139871995-1801674531-1004_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> D:\Program Files\Windows Desktop Search\deskbar.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-682003330-2139871995-1801674531-1004_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> D:\Documents and Settings\al\Local Settings\Application Data\Dropbox\Update\1.3.59.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-682003330-2139871995-1801674531-1004_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> D:\Documents and Settings\al\Local Settings\Application Data\Dropbox\Update\1.3.59.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-682003330-2139871995-1801674531-1004_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> D:\Documents and Settings\al\Local Settings\Application Data\Dropbox\Update\1.3.59.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-682003330-2139871995-1801674531-1004_Classes\CLSID\{cacd3178-4c86-52cb-87bf-eb0ef10e6e26}\InprocServer32 -> D:\Documents and Settings\al\Application Data\JPL-NASA-Caltech\NASA's Eyes\npNASAEyes.dll (Jet Propulsion Laboratory)
CustomCLSID: HKU\S-1-5-21-682003330-2139871995-1801674531-1004_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> D:\Documents and Settings\al\Local Settings\Application Data\Dropbox\Update\1.3.59.1\psuser.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files\AVAST Software\Avast\ashShell.dll [2017-10-04] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files\AVAST Software\Avast\ashShell.dll [2017-10-04] (AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files\AVAST Software\Avast\ashShell.dll [2017-10-04] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => D:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files\AVAST Software\Avast\ashShell.dll [2017-10-04] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => D:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers1_S-1-5-21-682003330-2139871995-1801674531-1004: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => -> No File
ContextMenuHandlers4_S-1-5-21-682003330-2139871995-1801674531-1004: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => -> No File
ContextMenuHandlers5_S-1-5-21-682003330-2139871995-1801674531-1004: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => -> No File

==================== Scheduled Tasks=============================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: D:\WINDOWS\Tasks\Adobe Flash Player Updater.job => D:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: D:\WINDOWS\Tasks\Avast Emergency Update.job => D:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task: D:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => D:\Program Files\Google\Update\GoogleUpdate.exe
Task: D:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => D:\Program Files\Google\Update\GoogleUpdate.exe
Task: D:\WINDOWS\Tasks\McAfee Cleanup.job => D:\DOCUME~1\al\LOCALS~1\Temp\MCPR\mccleanup.exe <==== ATTENTION
Task: D:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => D:\WINDOWS\system32\xp_eos.exe
Task: D:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => D:\WINDOWS\system32\xp_eos.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-10-04 09:25 - 2017-10-04 09:25 - 000059040 _____ () D:\Program Files\AVAST Software\Avast\module_lifetime.dll
2017-10-04 09:25 - 2017-10-04 09:25 - 000167096 _____ () D:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-10-04 09:25 - 2017-10-04 09:25 - 000217088 _____ () D:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-10-04 09:25 - 2017-10-04 09:25 - 000244584 _____ () D:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-10-04 09:25 - 2017-10-04 09:25 - 000151104 _____ () D:\Program Files\AVAST Software\Avast\network_notifications.dll
2017-10-15 09:41 - 2017-10-15 09:41 - 005880504 _____ () D:\Program Files\AVAST Software\Avast\defs\17101500\algo.dll
2017-10-04 09:25 - 2017-10-04 09:25 - 000700656 _____ () D:\Program Files\AVAST Software\Avast\ffl2.dll
2017-10-04 09:25 - 2017-10-04 09:25 - 000241448 _____ () D:\Program Files\AVAST Software\Avast\streamback.dll
2017-10-11 13:36 - 2017-10-04 13:15 - 001924552 _____ () D:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-04-23 09:59 - 2017-04-23 09:59 - 048936448 _____ () D:\Program Files\AVAST Software\Avast\libcef.dll
2009-05-23 20:54 - 2013-01-02 02:48 - 001292288 _____ () D:\WINDOWS\system32\quartz.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: D:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 [125]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> 0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> 1001 Namen
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> 100sexlinks.com*-*This website is for sale!*-*Sexlinks Resources and Information.
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> Dangers related to Porn sites | Porn related viruses
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> Coming Soon
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7770 more sites.

IE trusted site: HKU\S-1-5-21-682003330-2139871995-1801674531-1004\...\hola.org -> hxxp://hola.org
IE restricted site: HKU\S-1-5-21-682003330-2139871995-1801674531-1004\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-682003330-2139871995-1801674531-1004\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-682003330-2139871995-1801674531-1004\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-682003330-2139871995-1801674531-1004\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-682003330-2139871995-1801674531-1004\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-682003330-2139871995-1801674531-1004\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-682003330-2139871995-1801674531-1004\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-682003330-2139871995-1801674531-1004\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-682003330-2139871995-1801674531-1004\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-682003330-2139871995-1801674531-1004\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-682003330-2139871995-1801674531-1004\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-682003330-2139871995-1801674531-1004\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-682003330-2139871995-1801674531-1004\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-682003330-2139871995-1801674531-1004\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-682003330-2139871995-1801674531-1004\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-682003330-2139871995-1801674531-1004\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-682003330-2139871995-1801674531-1004\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-682003330-2139871995-1801674531-1004\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-682003330-2139871995-1801674531-1004\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-682003330-2139871995-1801674531-1004\...\1-2005-search.com -> www.1-2005-search.com

There are 12621 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-01-04 18:44 - 2017-09-15 10:43 - 000498670 _____ D:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost
0.0.0.0 fr.a2dfp.net
0.0.0.0 m.fr.a2dfp.net
0.0.0.0 mfr.a2dfp.net
0.0.0.0 ad.a8.net
0.0.0.0 asy.a8ww.net
0.0.0.0 static.a-ads.com
0.0.0.0 abcstats.com
0.0.0.0 a.abv.bg
0.0.0.0 adserver.abv.bg
0.0.0.0 adv.abv.bg
0.0.0.0 bimg.abv.bg
0.0.0.0 ca.abv.bg
0.0.0.0 track.acclaimnetwork.com
0.0.0.0 accuserveadsystem.com
0.0.0.0 Accuserve Online Ad Delivery System
0.0.0.0 achmedia.com
0.0.0.0 csh.actiondesk.com
0.0.0.0 ads.activepower.net
0.0.0.0 ad.activesolutions.cz
0.0.0.0 app.activetrail.com
0.0.0.0 traffic.acwebconnecting.com
0.0.0.0 office.ad1.ru
0.0.0.0 cms.ad2click.nl
0.0.0.0 ad2games.com
0.0.0.0 content.ad20.net
0.0.0.0 core.ad20.net
0.0.0.0 banner.ad.nu
0.0.0.0 adadvisor.net
0.0.0.0 tag1.adaptiveads.com

There are 13120 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-682003330-2139871995-1801674531-1004\Control Panel\Desktop\\Wallpaper -> D:\WINDOWS\web\wallpaper\Bliss.bmp
DNS Servers: 192.168.2.1
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk => D:\WINDOWS\pss\Windows Search.lnkCommon Startup
MSCONFIG\startupfolder: D:^Documents and Settings^al^Start Menu^Programs^Startup^Logitech . Product Registration.lnk => D:\WINDOWS\pss\Logitech . Product Registration.lnkStartup
MSCONFIG\startupreg: LogitechQuickCamRibbon => "D:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
MSCONFIG\startupreg: MSC => "d:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: MSMSGS => "D:\Program Files\Messenger\msmsgs.exe" /background
MSCONFIG\startupreg: SunJavaUpdateSched => "D:\Program Files\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [D:\Program Files\Windows Live\Messenger\wlcsdk.exe] => Enabled:Windows Live Call
DomainProfile\AuthorizedApplications: [D:\Program Files\Windows Live\Messenger\msnmsgr.exe] => Enabled:Windows Live Messenger
DomainProfile\AuthorizedApplications: [D:\Program Files\Windows Live\Sync\WindowsLiveSync.exe] => Enabled:Windows Live Sync
StandardProfile\AuthorizedApplications: [D:\Documents and Settings\al\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe] => Enabled:Octoshape add-in for Adobe Flash Player
StandardProfile\AuthorizedApplications: [D:\Documents and Settings\al\Local Settings\Application Data\Akamai\netsession_win.exe] => Disabled:netsession_win
StandardProfile\AuthorizedApplications: [D:\Program Files\Windows Live\Sync\WindowsLiveSync.exe] => Enabled:Windows Live Sync
StandardProfile\AuthorizedApplications: [D:\Documents and Settings\al\Application Data\Dropbox\bin\Dropbox.exe] => Enabled:Dropbox
StandardProfile\AuthorizedApplications: [D:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [D:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype
StandardProfile\AuthorizedApplications: [D:\Documents and Settings\al\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0001.tmp\lmi_rescue.exe] => Enabled:LogMeIn Rescue
StandardProfile\AuthorizedApplications: [D:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe] => Enabled:McAfee Shared Service Host
StandardProfile\AuthorizedApplications: [D:\Program Files\McAfee\Supportability\MVT\MvtApp.exe] => Enabled:MVT Browser Communication
StandardProfile\AuthorizedApplications: [D:\Program Files\Logitech\Vid HD\Vid.exe] => Enabled:Logitech Vid HD
StandardProfile\AuthorizedApplications: [D:\Program Files\pandasecuritytb\cleanupie.exe] => Enabled:Panda Safe Web IE Cleaner
StandardProfile\AuthorizedApplications: [D:\Program Files\pandasecuritytb\ToolbarCleaner.exe] => Enabled:ToolbarCleaner
StandardProfile\AuthorizedApplications: [D:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (D:\Program Files\Mozilla Firefox)
StandardProfile\GloballyOpenPorts: [5985:TCP] => Disabled:Windows Remote Management
StandardProfile\GloballyOpenPorts: [80:TCP] => Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22008

==================== Restore Points =========================

19-08-2017 14:29:41 System Checkpoint
20-08-2017 14:40:52 System Checkpoint
21-08-2017 16:55:29 System Checkpoint
24-08-2017 10:23:55 System Checkpoint
25-08-2017 12:51:45 System Checkpoint
26-08-2017 17:02:22 System Checkpoint
28-08-2017 17:25:38 System Checkpoint
29-08-2017 18:12:44 System Checkpoint
30-08-2017 22:27:30 System Checkpoint
31-08-2017 09:14:33 Installed Windows XP Wdf01009.
01-09-2017 12:45:05 System Checkpoint
02-09-2017 12:58:29 System Checkpoint
03-09-2017 13:15:24 System Checkpoint
04-09-2017 09:23:31 Installed Rapport
05-09-2017 11:13:22 System Checkpoint
06-09-2017 12:28:10 System Checkpoint
07-09-2017 14:03:48 System Checkpoint
08-09-2017 14:25:09 System Checkpoint
09-09-2017 14:30:22 System Checkpoint
10-09-2017 15:08:22 System Checkpoint
11-09-2017 15:38:18 System Checkpoint
12-09-2017 16:57:07 System Checkpoint
13-09-2017 18:20:35 System Checkpoint
14-09-2017 18:35:35 System Checkpoint
16-09-2017 12:41:30 System Checkpoint
17-09-2017 12:52:53 System Checkpoint
18-09-2017 13:04:54 System Checkpoint
19-09-2017 14:08:11 System Checkpoint
20-09-2017 14:49:47 System Checkpoint
21-09-2017 15:31:43 System Checkpoint
22-09-2017 15:42:55 System Checkpoint
23-09-2017 16:37:49 System Checkpoint
23-09-2017 22:50:38 JRT Pre-Junkware Removal
24-09-2017 23:28:20 System Checkpoint
26-09-2017 09:57:48 Adobe Shockwave Player Installation
26-09-2017 10:22:02 Installed Adobe Shockwave Player 12.2.
26-09-2017 14:17:19 Adobe Shockwave Player Installation
26-09-2017 15:18:29 Removed Adobe Reader XI (11.0.08).
26-09-2017 19:28:37 Installed Windows XP KB958644.
26-09-2017 19:31:44 Installed Windows XP KB4022747.
26-09-2017 19:35:36 Installed Windows XP KB4025218.
26-09-2017 22:55:34 Installed Windows Installer Clean Up
27-09-2017 23:13:03 System Checkpoint
29-09-2017 13:22:15 System Checkpoint
30-09-2017 14:13:30 System Checkpoint
01-10-2017 14:21:43 System Checkpoint
03-10-2017 18:41:28 System Checkpoint
04-10-2017 09:27:45 Installed Windows XP Wdf01009.
05-10-2017 09:35:47 System Checkpoint
06-10-2017 10:49:55 System Checkpoint
07-10-2017 11:42:34 System Checkpoint
08-10-2017 11:50:04 System Checkpoint
09-10-2017 12:03:08 System Checkpoint
10-10-2017 12:23:30 System Checkpoint
10-10-2017 23:30:31 Removed Avast Driver Updater
12-10-2017 10:55:53 System Checkpoint
13-10-2017 11:03:28 System Checkpoint
14-10-2017 11:10:43 System Checkpoint
15-10-2017 13:27:33 System Checkpoint
15-10-2017 16:18:19 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/12/2017 12:05:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 52.4.0.6473, faulting module mozglue.dll, version 52.4.0.6473, fault address 0x0000f7b1.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (10/10/2017 09:14:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 52.4.0.6473, faulting module mozglue.dll, version 52.4.0.6473, fault address 0x0000f7b1.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (10/09/2017 11:53:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 52.4.0.6473, faulting module mozglue.dll, version 52.4.0.6473, fault address 0x0000f7b1.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (10/03/2017 06:18:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 52.4.0.6473, faulting module mozglue.dll, version 52.4.0.6473, fault address 0x0000f7b1.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (09/26/2017 02:57:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 52.3.0.6423, faulting module mozglue.dll, version 52.3.0.6423, fault address 0x0000f7ca.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (09/26/2017 01:09:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 52.3.0.6423, faulting module mozglue.dll, version 52.3.0.6423, fault address 0x0000f7ca.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (09/25/2017 07:14:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application cbase10.exe, version 10.0.0.3, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x00010c8e.
Processing media-specific event for [cbase10.exe!ws!]

Error: (09/25/2017 11:54:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 52.3.0.6423, faulting module mozglue.dll, version 52.3.0.6423, fault address 0x0000f7ca.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (09/23/2017 12:07:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 52.3.0.6423, faulting module mozglue.dll, version 52.3.0.6423, fault address 0x0000f7ca.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (09/21/2017 09:34:32 AM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <https://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.


System errors:
=============
Error: (10/15/2017 04:18:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The BBUpdate service terminated unexpectedly. It has done this 1 time(s).

Error: (10/15/2017 04:18:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).

Error: (10/15/2017 04:18:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The WD Drive Manager service terminated unexpectedly. It has done this 1 time(s).

Error: (10/15/2017 04:18:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Secunia Update Agent service terminated unexpectedly. It has done this 1 time(s).

Error: (10/15/2017 04:18:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The McciCMService service terminated unexpectedly. It has done this 1 time(s).

Error: (10/15/2017 04:18:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Process Monitor service terminated unexpectedly. It has done this 1 time(s).

Error: (10/15/2017 04:18:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Rapport Management Service service terminated unexpectedly. It has done this 1 time(s).

Error: (10/15/2017 02:34:19 PM) (Source: DCOM) (EventID: 10005) (User: AL-2EE23B0BE121)
Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (10/15/2017 02:34:15 PM) (Source: DCOM) (EventID: 10005) (User: AL-2EE23B0BE121)
Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (10/15/2017 10:36:07 AM) (Source: DCOM) (EventID: 10005) (User: AL-2EE23B0BE121)
Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}


==================== Memory info ===========================

Processor: AMD Athlon(tm) 64 Processor 3200+
Percentage of memory in use: 57%
Total physical RAM: 1983.48 MB
Available physical RAM: 833.45 MB
Total Virtual: 3875.82 MB
Available Virtual: 2950.49 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:70.28 GB) (Free:8.16 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: (Secondary Drive) (Fixed) (Total:162.61 GB) (Free:109.67 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 232.9 GB) (Disk ID: CCCDCCCD)
Partition 1: (Active) - (Size=70.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=162.6 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================
bigalster is offline  
Old 10-15-2017, 03:29 PM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello bigalster. Did you address your multiple antivirus situation? It appears not. Uninstall Avast or MBAM.

Was McAfee a previous install?

Please follow these instructions for de-registering McAfee Anti-Virus and Anti-Spyware and McAfee Firewall:

**Note: Make sure you only delete McAfee products.
  • Go Start > Run and copy/paste wbemtest into the Run box and click 'OK'.
  • Click 'Connect'.
  • Copy/paste root\securitycenter into the box and click 'Connect'.
  • Click 'Query'.
  • Copy/paste SELECT * FROM AntiVirusProduct under 'Enter Query' and click 'Apply'.
  • If there is more than one result, it means there is more than one Antivirus program registered.
  • Double-click on each result to view the properties for that Antivirus product.
  • Identify the product(s) registered by scrolling down to 'companyName' then click 'Close'.
  • In the 'Query Result' window, click 'Delete' for any Antivirus software that is no longer installed.
  • Click 'Query'.
  • Copy/paste SELECT * FROM FirewallProduct under 'Enter Query' and click 'Apply'.
  • If there is more than one result, it means there is more than one Firewall program registered.
  • Double-click on each result to view the properties for that Firewall product.
  • Identify the product(s) registered by scrolling down to 'companyName' then click 'Close'.
  • In the 'Query Result' window, click 'Delete' for any Firewall software that is no longer installed.
  • Click 'Close', then 'Exit' and let me know if it worked.
------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST.exe

    NOTE: Both FRST.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => -> No File
    ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => -> No File
    ContextMenuHandlers1_S-1-5-21-682003330-2139871995-1801674531-1004: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => -> No File
    ContextMenuHandlers4_S-1-5-21-682003330-2139871995-1801674531-1004: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => -> No File
    ContextMenuHandlers5_S-1-5-21-682003330-2139871995-1801674531-1004: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => -> No File
    Task: D:\WINDOWS\Tasks\McAfee Cleanup.job => D:\DOCUME~1\al\LOCALS~1\Temp\MCPR\mccleanup.exe <==== ATTENTION
    AlternateDataStreams: D:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 [125]
    StandardProfile\AuthorizedApplications: [D:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe] => Enabled:McAfee Shared Service Host
    StandardProfile\AuthorizedApplications: [D:\Program Files\McAfee\Supportability\MVT\MvtApp.exe] => Enabled:MVT Browser Communication
    StandardProfile\AuthorizedApplications: [D:\Program Files\pandasecuritytb\cleanupie.exe] => Enabled:Panda Safe Web IE Cleaner
    StandardProfile\AuthorizedApplications: [D:\Program Files\pandasecuritytb\ToolbarCleaner.exe] => Enabled:ToolbarCleaner
    ShellExecuteHooks: No Name - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - -> No File
    GroupPolicy: Restriction - Chrome <==== ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
    SearchScopes: HKLM -> DefaultScope value is missing
    BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
    Handler: livecall - No CLSID Value -
    Handler: msnim - No CLSID Value -
    FF DefaultSearchEngine: D:\Documents and Settings\al\Application Data\Mozilla\Firefox\Profiles\qsu81t11.default -> Secure Search
    FF SearchEngineOrder.1: D:\Documents and Settings\al\Application Data\Mozilla\Firefox\Profiles\qsu81t11.default -> Secure Search
    FF SelectedSearchEngine: D:\Documents and Settings\al\Application Data\Mozilla\Firefox\Profiles\qsu81t11.default -> Secure Search
    FF Keyword.URL: D:\Documents and Settings\al\Application Data\Mozilla\Firefox\Profiles\qsu81t11.default -> hxxp://search.yahoo.com/search?fr=mcafee&type=A111US1056&p=
    FF SearchPlugin: D:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2016-04-15]
    CHR HKLM\...\Chrome\Extension: [fagakgcelolinfnkfgekcnedpaklfcok] - hxxps://clients2.google.com/service/update2/crx
    EmptyTemp:
    end
  • Double-click FRST to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-15-2017, 04:50 PM   #11
Registered Member
 
Join Date: Aug 2009
Location: montreal
Posts: 178
OS: WIN 7 PRO



i have to manually enter it but it only identified tone Firewall,Norton and when i deleted it Windows is showing me that i have no Firewall protection.I also managed to delte the Norton Antivirus prodcuct but now i have no firewall protection
bigalster is offline  
Old 10-15-2017, 05:08 PM   #12
Registered Member
 
Join Date: Aug 2009
Location: montreal
Posts: 178
OS: WIN 7 PRO



OK i went to Notepad and copied text as you said and saved it as Fixlist.txt in the Notepad box,but i don't know what you mean by "next to fixlist.txt must be in same location or the fix will not work" You lose me there!
Help

The code is copied into Notepad and i saved it like you said as fixlist.txt
but i don't get the part about fixlist.txt being next to FRST.exe? I don't see that at all where is that supposed to be?
I don't even see either fixlist.txt nor FRST.exe in Notepad so there is nothing to dbl-click on.
bigalster is offline  
Old 10-15-2017, 07:16 PM   #13
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



It simply means if FRST in on your desktop(where it was supposed to be saved as per the instructions), you must save fixlist to your desktop.

However, you saved FRST to:

D:\Documents and Settings\al\My Documents\Downloads

And I don't know where you saved fixlist(was also supposed to be saved to your desktop).

They must both be in the same place in order for the fix to work. Let me know.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-15-2017, 08:26 PM   #14
Registered Member
 
Join Date: Aug 2009
Location: montreal
Posts: 178
OS: WIN 7 PRO



OK FRST and fixlist are saved to desktop,but you instructed me to copy code to Notepad so i thought there was something in Notepad i needed to dbl click on.
When i go to my Desktop and dbl click on FRST i get message:
" 16bit MSDOS Subsytem D:\DOCUME~1 al\Desktop\FRST.exe
The NTVDM CPU has encountered an illegal instruction.
CS:0549 IP:0188 OP:63 6f 6e 4f 76 Chosse "Close" to terminate the application. "
That's the message i get and the Black DOS window stays on but i don't know what to type in it.
Fixlist.txt is also saved to my desktop but it is in Notepad format,there is no DOS window popping up so i cannot dbl-click on it either.
I'm really not clear on the steps.You told me to copy to Notepad and then save as fixlist.txt, this i performed by going to Notepad and clicking on "save as".That part is clear an both are on my desktop but like i said,i am unable to dbl click on either to allow the tool to do it's job.
You'll have to run the Notepad part by me again(i'm 65 so not as sharp as i used to be) and why i need to copy the code there when i cannot dbl click on my desktop.

Ok i managed to get the shortcut to the FRST.exe on my desktop but when i press "fix' button, it tells me No fixlist.txt found. The fixlist.txt should be in the same folder/directory the tool is located.
This is where i am confused, how do i get the fixlist.txt into the FRST.exe box?
bigalster is offline  
Old 10-15-2017, 08:59 PM   #15
Registered Member
 
Join Date: Aug 2009
Location: montreal
Posts: 178
OS: WIN 7 PRO



------------------------------------------------------[*]Open Notepad (Start > All Programs > Accessories > Notepad).
[*]Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste). [*]Save it as fixlist.txt next to FRST.exe

NOTE: Both FRST.exe and the fixlist.txt must be in the same location or the fix will not work.


Code:
start
createrestorepoint:
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ContextMenuHandlers1_S-1-5-21-682003330-2139871995-1801674531-1004: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => -> No File
ContextMenuHandlers4_S-1-5-21-682003330-2139871995-1801674531-1004: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => -> No File
ContextMenuHandlers5_S-1-5-21-682003330-2139871995-1801674531-1004: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => -> No File
Task: D:\WINDOWS\Tasks\McAfee Cleanup.job => D:\DOCUME~1\al\LOCALS~1\Temp\MCPR\mccleanup.exe <==== ATTENTION
AlternateDataStreams: D:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 [125]
StandardProfile\AuthorizedApplications: [D:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe] => Enabled:McAfee Shared Service Host
StandardProfile\AuthorizedApplications: [D:\Program Files\McAfee\Supportability\MVT\MvtApp.exe] => Enabled:MVT Browser Communication
StandardProfile\AuthorizedApplications: [D:\Program Files\pandasecuritytb\cleanupie.exe] => Enabled:Panda Safe Web IE Cleaner
StandardProfile\AuthorizedApplications: [D:\Program Files\pandasecuritytb\ToolbarCleaner.exe] => Enabled:ToolbarCleaner
ShellExecuteHooks: No Name - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - -> No File
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
Handler: livecall - No CLSID Value -
Handler: msnim - No CLSID Value -
FF DefaultSearchEngine: D:\Documents and Settings\al\Application Data\Mozilla\Firefox\Profiles\qsu81t11.default -> Secure Search
FF SearchEngineOrder.1: D:\Documents and Settings\al\Application Data\Mozilla\Firefox\Profiles\qsu81t11.default -> Secure Search
FF SelectedSearchEngine: D:\Documents and Settings\al\Application Data\Mozilla\Firefox\Profiles\qsu81t11.default -> Secure Search
FF Keyword.URL: D:\Documents and Settings\al\Application Data\Mozilla\Firefox\Profiles\qsu81t11.default -> hxxp://search.yahoo.com/search?fr=mcafee&type=A111US1056&p=
FF SearchPlugin: D:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2016-04-15]
CHR HKLM\...\Chrome\Extension: [fagakgcelolinfnkfgekcnedpaklfcok] - hxxps://clients2.google.com/service/update2/crx
EmptyTemp:
end
[*]Double-click FRST to run the tool. If the tool warns you the version is outdated, please download and run the updated version.[*]Click the Fix button just once, and wait.
[*]If you receive a message that a reboot is required, please make sure you allow it to restart normally.
[*]The tool will complete its run after the restart.[*]When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.[/list]


I don't understand what you mean by the fixlist.txt and the FRST have to be next to each other? They are on my desktop but like i indciated in previous post,i dblclick on the FRST.exe tool and it tells me there is nothing in the "search box"(it is blank) and there is nothing to fix.There is no fixlist.txt.I think it is simply a matter of somehow copying or getting the fixlist.txt that you asked me to copy into the FRST.exe search box and pressing "fix" button. I belive this is what you are asking me to perform,BUt i don't know how i get the fixlist.txt into FRST.exe How do i do that? Please go slow. I see the notepad list right next to FRST.exe on my desktop but that's as far as i understnd it.
bigalster is offline  
Old 10-15-2017, 09:10 PM   #16
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



When you open FRST by double-clicking, did you click the 'Fix' button?
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-15-2017, 09:19 PM   #17
Registered Member
 
Join Date: Aug 2009
Location: montreal
Posts: 178
OS: WIN 7 PRO



yes but get message telling me, "" 16bit MSDOS Subsytem D:\DOCUME~1 al\Desktop\FRST.exe
The NTVDM CPU has encountered an illegal instruction.
CS:0549 IP:0188 OP:63 6f 6e 4f 76 Chosse "Close" to terminate the application. "
And just now i tried it and when i press fix button it tells me, "no fixlist.txt is found and that it must be in same directory".
bigalster is offline  
Old 10-16-2017, 06:56 AM   #18
Registered Member
 
Join Date: Aug 2009
Location: montreal
Posts: 178
OS: WIN 7 PRO



Chemist,
I recopied and pasted the code in Notepad and saved it to Desktop,so that's there and the FRST.exe is also there.Both are where they are supposed to be,on the Desktop.
I see what you are trying to do; copy the code in fixlist into the Farber tool; but i don't see how to get the notepad code,ie: fixlist.txt which sits next to FRST.exe on my desktop, into the too and how they both have to be in same folder or directory in order for the tool to work.
So if you could guide me as to how to make a folder or get the fixlist.txt into FRST.exe into the same directory,that's all we really need to do.
I'm having a hard time understnding that if both ar on desktop,then can't i just copy&paste the contents of Notepad(the code you askd me to copy) into the FRST.exe tool?
This is the instruction i don;t see to be able to do>>>>>
"NOTE: Both FRST.exe and the fixlist.txt must be in the same location or the fix will not work."
They are in same location on my Desktop though?
bigalster is offline  
Old 10-16-2017, 07:43 AM   #19
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You don't put fixlist into FRST. Just double-click FRST and click the 'Fix' button.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-16-2017, 07:50 AM   #20
Registered Member
 
Join Date: Aug 2009
Location: montreal
Posts: 178
OS: WIN 7 PRO



when i press the "fix ' button it is telling me that no fixlist.txt is found, that it has to be in the same directory /folder the tool is located in
There are certain things checked and unchecked in the Farber Tool,should we be checking to see what should be checked or unchecked?
bigalster is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Malware/trojan help
Hello, My computer is running considerably slower than normal. Additionally, the computer appears to be infected by the trojan Cryptowall. Thanks in advance for your help. FYI I do not have a boot CD (or CD drive) easily accessible. Here is my DDS log: DDS (Ver_2012-11-20.01) -...
challett Resolved HJT Threads 25 12-15-2014 08:43 AM
can't install or uninstall programs
I've tried to install my printer software but when it gets to the last phase of the installation process it says 'unable to install software' I tried to download and install AVG 2012 and the same thing it got to the last step and said set up error: general internal error: additional message:MSI...
reedkwize1 Virus/Trojan/Spyware Help 59 11-10-2011 04:40 PM
google redirect and script errors
Hi, When I use google any link I click is redirected to random websites. Also I am constantly getting pop up notifications from internet explorer that there is a script error. Thanks for any help DDS Log . DDS (Ver_11-03-05.01) - NTFSx86 Run by Susan at 13:09:47.78 on Thu...
healys818 Resolved HJT Threads 18 05-12-2011 06:42 AM
Malware/popup/redirects
Hi Recently my machines been running very slow (Win XP, SP 4), then recently on Mozilla 4.0 new tabs started appearing. I found a folder in Documents and Settings/Network Service/Local Settings which was 'temp' which had lots of jpgs/html/javascript, like these were the dodgy HTML pages...
psj3809 Resolved HJT Threads 48 04-14-2011 01:45 PM
url redirects plus some other spurious behavior
Was unable to complete an Amazon transaction yesterday -- checkout pages wouldn't load without repeated attempts. Then found that search engine results were being redirected. Tried System Restore to several different known-clean restore points -- all failed. Have also noticed these intermittent...
tooleyweeds Resolved HJT Threads 14 04-13-2011 11:42 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 02:58 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts