Jump to content

HappyHillbilly

Members
 View Profile  See their activity

  • Posts

    1

  • Joined

  • Last visited

Reputation

0 Neutral
  1. HappyHillbilly
    Hi! I'm having issues with an XP (w/SP3) system I sometimes use (using it now to post this). I can't open or uninstall AVG Free, not even in Safe Mode. Can't install MalwareBytes. I can download the installer but after clicking OK on the language selection I get "Invalid floating point operation" error. Even in Safe Mode. I was able to get the Farbar Recovery Scan Tool to install & scan in Safe Mode. In regular system operation mode it stopped on an error during the scan but seemed to work in Safe Mode.Here's the FRST.txt beginning in the below paragraph & I attached the Addition.txt to this post. Thank you for your time & help! Mike Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-12-2016 Ran by Daddy (administrator) on MEAN-MACHINE (13-12-2016 19:21:21) Running from C:\Documents and Settings\Daddy\Desktop Loaded Profiles: Daddy (Available Profiles: Daddy & Administrator & Guest) Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States) Internet Explorer Version 8 (Default browser: FF) Boot Mode: Safe Mode (with Networking) Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [USRpdA] => C:\WINDOWS\SYSTEM32\USRmlnkA.exe [77891 2004-08-04] (U.S. Robotics Corporation) HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [652624 2007-10-25] (CANON INC.) HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1848648 2009-07-06] (CANON INC.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation) HKLM\...\Run: [AvgUi] => "C:\Program Files\AVG\Framework\Common\avguirnx.exe" /lps=fmw Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2007-03-14] (ATI Technologies Inc.) HKU\S-1-5-21-776561741-1580436667-839522115-1003\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] () HKU\S-1-5-21-776561741-1580436667-839522115-1003\...\Run: [TomTomHOME.exe] => C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [248176 2015-07-13] (TomTom) HKU\S-1-5-21-776561741-1580436667-839522115-1003\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.) HKU\S-1-5-21-776561741-1580436667-839522115-1003\...\MountPoints2: {69004e03-ab35-11de-b166-c48083e2f13a} - G:\LaunchU3.exe -a ShellIconOverlayIdentifiers: [SmartFTP Drop] -> {EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD} => C:\Program Files\SmartFTP Client\sfShellTools.dll [2009-11-20] (SmartSoft Ltd.) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk [2008-06-26] ShortcutTarget: Adobe Gamma Loader.exe.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 74.40.74.40 74.40.74.41 Tcpip\..\Interfaces\{3FD7666B-8C29-420B-9BB0-AFC471DFE119}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{6001CC10-7028-4920-9CD3-42000B18B96D}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{C7F886B4-9167-4BF1-B39C-D608C320DDCB}: [DhcpNameServer] 74.40.74.40 74.40.74.41 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.coupons.com/ HKU\S-1-5-21-776561741-1580436667-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=1157&systemid=1&apn_dtid=IME001&apn_ptnrs=AGE&o=APN10653&apn_uid=3224793557104318&q={searchTerms} SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=1157&systemid=1&apn_dtid=IME001&apn_ptnrs=AGE&o=APN10653&apn_uid=3224793557104318&q={searchTerms} SearchScopes: HKU\S-1-5-21-776561741-1580436667-839522115-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MS9TDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-776561741-1580436667-839522115-1003 -> {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} URL = hxxp://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60186 SearchScopes: HKU\S-1-5-21-776561741-1580436667-839522115-1003 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://lavasoft.blekko.com/ws/?source=f439e2c0&tbp=rbox&toolbarid=adawaretb&u=68C3D9F1891CD3B56AF47E51703D42F9&q={searchTerms} SearchScopes: HKU\S-1-5-21-776561741-1580436667-839522115-1003 -> {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = hxxp://search.coupons.com/search.asp?p=df&q={searchTerms} SearchScopes: HKU\S-1-5-21-776561741-1580436667-839522115-1003 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=1157&systemid=1&apn_dtid=IME001&apn_ptnrs=AGE&o=APN10653&apn_uid=3224793557104318&q={searchTerms} SearchScopes: HKU\S-1-5-21-776561741-1580436667-839522115-1003 -> {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80117&lng=en SearchScopes: HKU\S-1-5-21-776561741-1580436667-839522115-1003 -> {EC0DEAD8-CAEB-4403-B5F3-238BB9F8DC56} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2012-09-23] (Adobe Systems Incorporated) BHO: No Name -> {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} -> No File BHO: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-07-06] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-07-06] (Oracle Corporation) Toolbar: HKLM - No Name - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File Toolbar: HKU\S-1-5-21-776561741-1580436667-839522115-1003 -> No Name - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1292666642437 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1292666610718 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - No File FireFox: ======== FF DefaultProfile: zfu2qh5l.default-1417308946546 FF ProfilePath: C:\Documents and Settings\Daddy\Application Data\TomTom\HOME\Profiles\9sjtv84l.default [2015-11-23] FF Extension: (Emulator) - C:\Documents and Settings\Daddy\Application Data\TomTom\HOME\Profiles\9sjtv84l.default\Extensions\Navcore.8.010.9369@tomtom.com [2012-04-30] [not signed] FF Extension: (Map status indicator) - C:\Program Files\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [2015-11-23] [not signed] FF ProfilePath: C:\Documents and Settings\Daddy\Application Data\Mozilla\Firefox\Profiles\zfu2qh5l.default-1417308946546 [2016-12-13] FF Homepage: C:\Documents and Settings\Daddy\Application Data\Mozilla\Firefox\Profiles\zfu2qh5l.default-1417308946546 -> hxxps://www.google.com/?gws_rd=ssl FF Extension: (Firefox Hotfix) - C:\Documents and Settings\Daddy\Application Data\Mozilla\Firefox\Profiles\zfu2qh5l.default-1417308946546\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-02] FF Extension: (Java Console) - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2016-09-12] [not signed] FF HKLM\...\Firefox\Extensions: [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}] - C:\Program Files\Crawler\Toolbar\firefox => not found FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-11-08] [not signed] FF HKU\S-1-5-21-776561741-1580436667-839522115-1003\...\Firefox\Extensions: [{ED76C299-85BC-4891-9237-74A140C28832}] - C:\Program Files\RebateInformer\Firefox => not found FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_23_0_0_205.dll [2016-10-26] () FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1207148.dll [2013-12-05] (Adobe Systems, Inc.) FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google) FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-07-06] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-07-06] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-776561741-1580436667-839522115-1003: @facebook.com/FBPlugin,version=1.0.3 -> C:\Documents and Settings\Daddy\Application Data\Facebook\npfbplugin_1_0_3.dll [2010-06-09] ( ) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.) Chrome: ======= CHR HKLM\...\Chrome\Extension: [lfffjahnfbocnaooecgijfnbpcfekoik] - C:\Documents and Settings\All Users\Application Data\adawaretb\shortcuts\chrome\adawaretb.crx <not found> ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [520192 2007-03-22] () [File not signed] S2 Crypkey License; C:\WINDOWS\system32\crypserv.exe [52224 2000-06-29] (Kenonic Controls Ltd.) [File not signed] S2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2009-10-16] (Hewlett-Packard Company) [File not signed] S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes) S2 Pacific Image Comm. Fax Server; C:\SUPERVOC\PROGRAM\PICPMON.EXE [63488 2003-07-04] () [File not signed] S2 Pctspk; C:\WINDOWS\system32\pctspk.exe [86016 2001-08-17] (PCtel, Inc.) S2 SLService; C:\WINDOWS\system32\slserv.exe [73796 2008-04-13] (Smart Link) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 gfibto; C:\WINDOWS\System32\drivers\gfibto.sys [13560 2013-04-18] (GFI Software) S3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [989696 2006-11-08] (Conexant Systems, Inc.) R0 Lbd; C:\WINDOWS\System32\DRIVERS\Lbd.sys [64288 2010-12-03] (Lavasoft AB) S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes) S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2010-03-17] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2010-03-17] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] S3 Mtlmnt5; C:\WINDOWS\System32\DRIVERS\Mtlmnt5.sys [126686 2004-08-03] (Smart Link) S3 Mtlstrm; C:\WINDOWS\System32\DRIVERS\Mtlstrm.sys [1309184 2008-04-13] (Smart Link) S1 NetworkX; C:\WINDOWS\system32\ckldrv.sys [24608 2000-02-03] () [File not signed] R0 nvatabus; C:\WINDOWS\System32\DRIVERS\nvatabus.sys [79360 2004-06-03] (NVIDIA Corporation) S3 nvax; C:\WINDOWS\System32\drivers\nvax.sys [48640 2004-05-25] (NVIDIA Corporation) R3 NVENET; C:\WINDOWS\System32\DRIVERS\NVENET.sys [80896 2002-11-27] (NVIDIA Corporation) S3 nvnforce; C:\WINDOWS\System32\drivers\nvapu.sys [396032 2004-05-25] (NVIDIA Corporation) R0 nv_agp; C:\WINDOWS\System32\DRIVERS\nv_agp.sys [21760 2004-04-02] (NVIDIA Corporation) S3 Ptserlp; C:\WINDOWS\System32\DRIVERS\ptserlp.sys [112574 2001-08-17] (PCTEL, INC.) R0 RecAgent; C:\WINDOWS\System32\DRIVERS\RecAgent.sys [13776 2008-04-13] (Smart Link) R0 si3112r; C:\WINDOWS\System32\drivers\si3112r.sys [116264 2007-08-29] (Silicon Image, Inc) R0 SiFilter; C:\WINDOWS\System32\DRIVERS\SiWinAcc.sys [19240 2007-08-29] (Silicon Image, Inc) R0 SiWinAcc; C:\WINDOWS\System32\drivers\SiWinAcc.sys [19240 2007-08-29] (Silicon Image, Inc) S3 Slntamr; C:\WINDOWS\System32\DRIVERS\slntamr.sys [404990 2004-08-03] (Smart Link) S3 SlNtHal; C:\WINDOWS\System32\DRIVERS\Slnthal.sys [95424 2004-08-03] (Smart Link) S3 SlWdmSup; C:\WINDOWS\System32\DRIVERS\SlWdmSup.sys [13240 2008-04-13] (Smart Link) S3 USB_RNDIS_XP; C:\WINDOWS\System32\DRIVERS\usb8023.sys [12928 2013-02-11] (Microsoft Corporation) S3 USRpdA; C:\WINDOWS\System32\DRIVERS\USRpdA.sys [113762 2001-08-17] (U.S. Robotics Corporation) R0 Vmodem; C:\WINDOWS\System32\DRIVERS\vmodem.sys [604253 2001-08-17] (PCTEL, INC.) R0 Vpctcom; C:\WINDOWS\System32\DRIVERS\vpctcom.sys [397502 2001-08-17] (PCtel, Inc.) R0 Vvoice; C:\WINDOWS\System32\DRIVERS\vvoice.sys [64605 2001-08-17] (PCtel, Inc.) S3 WEBNTACCESS; C:\WINDOWS\system32\NTACCESS.SYS [17920 2008-04-14] (Your Corporation) [File not signed] S4 IntelIde; no ImagePath S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X] S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X] S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X] S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X] U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) U1 WS2IFSL; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-12-13 19:15 - 2016-12-13 19:15 - 00000394 _____ C:\Documents and Settings\Daddy\Desktop\Addition.txt 2016-12-13 19:13 - 2016-12-13 19:21 - 00015351 _____ C:\Documents and Settings\Daddy\Desktop\FRST.txt 2016-12-13 19:12 - 2016-12-13 19:13 - 00000000 ____D C:\FRST 2016-12-13 19:11 - 2016-12-13 19:11 - 01761792 _____ (Farbar) C:\Documents and Settings\Daddy\Desktop\FRST.exe 2016-12-13 11:33 - 2016-12-13 11:33 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware 2016-12-13 11:33 - 2016-12-13 11:33 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware 2016-12-13 11:33 - 2016-03-10 14:09 - 00123264 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2016-12-13 11:26 - 2016-12-13 11:33 - 00000777 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2016-12-13 11:26 - 2016-12-13 11:33 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2016-12-13 11:26 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2016-12-12 12:50 - 2016-12-12 12:52 - 00000000 ____D C:\Documents and Settings\Daddy\Local Settings\Application Data\AvgSetupLog 2016-12-12 12:03 - 2016-12-12 12:05 - 51969976 _____ (Malwarebytes ) C:\Documents and Settings\Daddy\Desktop\mb3-setup-consumer-3.0.4.1269.exe 2016-12-12 11:45 - 2016-12-12 11:54 - 00000000 ____D C:\AVG_Remover 2016-12-08 12:35 - 2016-12-13 19:19 - 00630666 _____ C:\WINDOWS\ntbtlog.txt 2016-12-08 12:30 - 2016-12-08 12:31 - 03312896 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\Daddy\Desktop\AVG_Protection_Free_1606.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-12-13 19:21 - 2013-07-27 18:50 - 00000000 ____D C:\Documents and Settings\Daddy\Local Settings\Temp 2016-12-13 19:20 - 2004-08-04 07:00 - 00013738 _____ C:\WINDOWS\system32\wpa.dbl 2016-12-13 19:19 - 2012-06-04 01:00 - 00000000 __SHD C:\WINDOWS\CSC 2016-12-13 19:19 - 2008-12-05 14:03 - 00524288 _____ C:\WINDOWS\system32\config\ACEEvent.evt 2016-12-13 19:19 - 2008-06-01 23:05 - 00000178 ___SH C:\Documents and Settings\Daddy\ntuser.ini 2016-12-13 19:19 - 2008-06-01 22:55 - 00032544 _____ C:\WINDOWS\SchedLgU.Txt 2016-12-13 19:19 - 2008-06-01 22:55 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-12-13 19:13 - 2012-07-18 21:06 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2016-12-13 18:47 - 2010-12-03 10:38 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-12-13 11:49 - 2016-11-11 02:51 - 00000314 ____H C:\WINDOWS\Tasks\AVG EUpdate Task.job 2016-12-13 11:49 - 2015-02-03 14:06 - 00000222 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job 2016-12-13 11:49 - 2013-06-28 12:28 - 00000312 _____ C:\WINDOWS\Tasks\Crploify.job 2016-12-13 11:49 - 2010-12-03 10:38 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-12-13 11:33 - 2011-06-15 01:56 - 00000000 ____D C:\Documents and Settings\Daddy\Application Data\Malwarebytes 2016-12-12 12:50 - 2015-07-10 21:31 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG 2016-12-12 11:58 - 2008-07-11 12:07 - 00000000 ____D C:\Documents and Settings\Daddy\My Documents\Computer Hardware-Software 2016-12-12 11:49 - 2015-06-02 12:54 - 00000000 ____D C:\Documents and Settings\Daddy\Local Settings\Application Data\Avg 2016-12-12 10:32 - 2008-07-20 22:26 - 00000000 ____D C:\Documents and Settings\Daddy\My Documents\Miscellaneous 2016-12-11 13:31 - 2009-04-11 14:01 - 00000000 ____D C:\Documents and Settings\Daddy\My Documents\PayPal 2016-12-11 03:49 - 2010-07-06 22:00 - 00000000 _____ C:\Documents and Settings\Guest\Local Settings\Application Data\prvlcl.dat 2016-12-08 15:00 - 2015-02-03 14:06 - 00000216 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job 2016-12-08 12:50 - 2015-07-06 01:16 - 00000000 ____D C:\Documents and Settings\Daddy\Application Data\Skype 2016-12-08 12:46 - 2015-06-02 12:54 - 00000000 ____D C:\Documents and Settings\Guest\Local Settings\Application Data\Avg 2016-12-08 12:45 - 2008-12-13 14:38 - 00000000 ____D C:\Documents and Settings\Guest\Local Settings\Temp 2016-11-21 14:03 - 2008-06-01 18:24 - 00000000 ___HD C:\WINDOWS\inf 2016-11-20 19:32 - 2008-06-01 18:31 - 00572482 _____ C:\WINDOWS\system32\PerfStringBackup.INI ==================== Files in the root of some directories ======= 2012-10-20 23:22 - 2015-02-02 15:12 - 0000170 _____ () C:\Documents and Settings\Daddy\Application Data\default.rss 2008-06-26 21:56 - 2016-07-14 13:35 - 0042496 ____H () C:\Documents and Settings\Daddy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-01-24 19:45 - 2013-01-24 19:45 - 0026900 _____ () C:\Documents and Settings\Daddy\Local Settings\Application Data\dt.dat 2013-02-01 19:39 - 2013-02-01 19:39 - 0000085 _____ () C:\Documents and Settings\Daddy\Local Settings\Application Data\ZDManager.ini Files to move or delete: ==================== C:\Documents and Settings\Daddy\jagex_runescape_preferences.dat C:\Documents and Settings\Daddy\jagex_runescape_preferences2.dat C:\Documents and Settings\Daddy\jagex__preferences3.dat Some files in TEMP: ==================== C:\Documents and Settings\Daddy\Local Settings\Temp\avg-6d9f9374-5eb1-4817-a5e0-7777f3c12845.exe C:\Documents and Settings\Daddy\Local Settings\Temp\jre-8u111-windows-au.exe C:\Documents and Settings\Daddy\Local Settings\Temp\jre-8u91-windows-au.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End of FRST.txt ============================ Addition_13-12-2016 19.23.30.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.