Jump to content

Recommended Posts

Hi! I'm having issues with an XP (w/SP3) system I sometimes use (using it now to post this). I can't open or uninstall AVG Free, not even in Safe Mode. Can't install MalwareBytes. I can download the installer but after clicking OK on the language selection I get "Invalid floating point operation" error. Even in Safe Mode.

I was able to get the Farbar Recovery Scan Tool to install & scan in Safe Mode. In regular system operation mode it stopped on an error during the scan but seemed to work in Safe Mode.Here's the FRST.txt beginning in the below paragraph & I attached the Addition.txt to this post. Thank you for your time & help! Mike

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-12-2016
Ran by Daddy (administrator) on MEAN-MACHINE (13-12-2016 19:21:21)
Running from C:\Documents and Settings\Daddy\Desktop
Loaded Profiles: Daddy (Available Profiles: Daddy & Administrator & Guest)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [USRpdA] => C:\WINDOWS\SYSTEM32\USRmlnkA.exe [77891 2004-08-04] (U.S. Robotics Corporation)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [652624 2007-10-25] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1848648 2009-07-06] (CANON INC.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation)
HKLM\...\Run: [AvgUi] => "C:\Program Files\AVG\Framework\Common\avguirnx.exe" /lps=fmw
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2007-03-14] (ATI Technologies Inc.)
HKU\S-1-5-21-776561741-1580436667-839522115-1003\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKU\S-1-5-21-776561741-1580436667-839522115-1003\...\Run: [TomTomHOME.exe] => C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [248176 2015-07-13] (TomTom)
HKU\S-1-5-21-776561741-1580436667-839522115-1003\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-776561741-1580436667-839522115-1003\...\MountPoints2: {69004e03-ab35-11de-b166-c48083e2f13a} - G:\LaunchU3.exe -a
ShellIconOverlayIdentifiers: [SmartFTP Drop] -> {EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD} => C:\Program Files\SmartFTP Client\sfShellTools.dll [2009-11-20] (SmartSoft Ltd.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk [2008-06-26]
ShortcutTarget: Adobe Gamma Loader.exe.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 74.40.74.40 74.40.74.41
Tcpip\..\Interfaces\{3FD7666B-8C29-420B-9BB0-AFC471DFE119}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6001CC10-7028-4920-9CD3-42000B18B96D}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{C7F886B4-9167-4BF1-B39C-D608C320DDCB}: [DhcpNameServer] 74.40.74.40 74.40.74.41

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.coupons.com/
HKU\S-1-5-21-776561741-1580436667-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=1157&systemid=1&apn_dtid=IME001&apn_ptnrs=AGE&o=APN10653&apn_uid=3224793557104318&q={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=1157&systemid=1&apn_dtid=IME001&apn_ptnrs=AGE&o=APN10653&apn_uid=3224793557104318&q={searchTerms}
SearchScopes: HKU\S-1-5-21-776561741-1580436667-839522115-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MS9TDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-776561741-1580436667-839522115-1003 -> {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} URL = hxxp://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60186
SearchScopes: HKU\S-1-5-21-776561741-1580436667-839522115-1003 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://lavasoft.blekko.com/ws/?source=f439e2c0&tbp=rbox&toolbarid=adawaretb&u=68C3D9F1891CD3B56AF47E51703D42F9&q={searchTerms}
SearchScopes: HKU\S-1-5-21-776561741-1580436667-839522115-1003 -> {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = hxxp://search.coupons.com/search.asp?p=df&q={searchTerms}
SearchScopes: HKU\S-1-5-21-776561741-1580436667-839522115-1003 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=1157&systemid=1&apn_dtid=IME001&apn_ptnrs=AGE&o=APN10653&apn_uid=3224793557104318&q={searchTerms}
SearchScopes: HKU\S-1-5-21-776561741-1580436667-839522115-1003 -> {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80117&lng=en
SearchScopes: HKU\S-1-5-21-776561741-1580436667-839522115-1003 -> {EC0DEAD8-CAEB-4403-B5F3-238BB9F8DC56} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2012-09-23] (Adobe Systems Incorporated)
BHO: No Name -> {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} -> No File
BHO: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-07-06] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-07-06] (Oracle Corporation)
Toolbar: HKLM - No Name - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} -  No File
Toolbar: HKU\S-1-5-21-776561741-1580436667-839522115-1003 -> No Name - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} -  No File
DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1292666642437
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1292666610718
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} -  No File

FireFox:
========
FF DefaultProfile: zfu2qh5l.default-1417308946546
FF ProfilePath: C:\Documents and Settings\Daddy\Application Data\TomTom\HOME\Profiles\9sjtv84l.default [2015-11-23]
FF Extension: (Emulator) - C:\Documents and Settings\Daddy\Application Data\TomTom\HOME\Profiles\9sjtv84l.default\Extensions\Navcore.8.010.9369@tomtom.com [2012-04-30] [not signed]
FF Extension: (Map status indicator) - C:\Program Files\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [2015-11-23] [not signed]
FF ProfilePath: C:\Documents and Settings\Daddy\Application Data\Mozilla\Firefox\Profiles\zfu2qh5l.default-1417308946546 [2016-12-13]
FF Homepage: C:\Documents and Settings\Daddy\Application Data\Mozilla\Firefox\Profiles\zfu2qh5l.default-1417308946546 -> hxxps://www.google.com/?gws_rd=ssl
FF Extension: (Firefox Hotfix) - C:\Documents and Settings\Daddy\Application Data\Mozilla\Firefox\Profiles\zfu2qh5l.default-1417308946546\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-02]
FF Extension: (Java Console) - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2016-09-12] [not signed]
FF HKLM\...\Firefox\Extensions: [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}] - C:\Program Files\Crawler\Toolbar\firefox => not found
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-11-08] [not signed]
FF HKU\S-1-5-21-776561741-1580436667-839522115-1003\...\Firefox\Extensions: [{ED76C299-85BC-4891-9237-74A140C28832}] - C:\Program Files\RebateInformer\Firefox => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_23_0_0_205.dll [2016-10-26] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1207148.dll [2013-12-05] (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-07-06] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-07-06] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-776561741-1580436667-839522115-1003: @facebook.com/FBPlugin,version=1.0.3 -> C:\Documents and Settings\Daddy\Application Data\Facebook\npfbplugin_1_0_3.dll [2010-06-09] ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [lfffjahnfbocnaooecgijfnbpcfekoik] - C:\Documents and Settings\All Users\Application Data\adawaretb\shortcuts\chrome\adawaretb.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [520192 2007-03-22] () [File not signed]
S2 Crypkey License; C:\WINDOWS\system32\crypserv.exe [52224 2000-06-29] (Kenonic Controls Ltd.) [File not signed]
S2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2009-10-16] (Hewlett-Packard Company) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S2 Pacific Image Comm. Fax Server; C:\SUPERVOC\PROGRAM\PICPMON.EXE [63488 2003-07-04] () [File not signed]
S2 Pctspk; C:\WINDOWS\system32\pctspk.exe [86016 2001-08-17] (PCtel, Inc.)
S2 SLService; C:\WINDOWS\system32\slserv.exe [73796 2008-04-13] (Smart Link)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 gfibto; C:\WINDOWS\System32\drivers\gfibto.sys [13560 2013-04-18] (GFI Software)
S3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [989696 2006-11-08] (Conexant Systems, Inc.)
R0 Lbd; C:\WINDOWS\System32\DRIVERS\Lbd.sys [64288 2010-12-03] (Lavasoft AB)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2010-03-17] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2010-03-17] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 Mtlmnt5; C:\WINDOWS\System32\DRIVERS\Mtlmnt5.sys [126686 2004-08-03] (Smart Link)
S3 Mtlstrm; C:\WINDOWS\System32\DRIVERS\Mtlstrm.sys [1309184 2008-04-13] (Smart Link)
S1 NetworkX; C:\WINDOWS\system32\ckldrv.sys [24608 2000-02-03] () [File not signed]
R0 nvatabus; C:\WINDOWS\System32\DRIVERS\nvatabus.sys [79360 2004-06-03] (NVIDIA Corporation)
S3 nvax; C:\WINDOWS\System32\drivers\nvax.sys [48640 2004-05-25] (NVIDIA Corporation)
R3 NVENET; C:\WINDOWS\System32\DRIVERS\NVENET.sys [80896 2002-11-27] (NVIDIA Corporation)
S3 nvnforce; C:\WINDOWS\System32\drivers\nvapu.sys [396032 2004-05-25] (NVIDIA Corporation)
R0 nv_agp; C:\WINDOWS\System32\DRIVERS\nv_agp.sys [21760 2004-04-02] (NVIDIA Corporation)
S3 Ptserlp; C:\WINDOWS\System32\DRIVERS\ptserlp.sys [112574 2001-08-17] (PCTEL, INC.)
R0 RecAgent; C:\WINDOWS\System32\DRIVERS\RecAgent.sys [13776 2008-04-13] (Smart Link)
R0 si3112r; C:\WINDOWS\System32\drivers\si3112r.sys [116264 2007-08-29] (Silicon Image, Inc)
R0 SiFilter; C:\WINDOWS\System32\DRIVERS\SiWinAcc.sys [19240 2007-08-29] (Silicon Image, Inc)
R0 SiWinAcc; C:\WINDOWS\System32\drivers\SiWinAcc.sys [19240 2007-08-29] (Silicon Image, Inc)
S3 Slntamr; C:\WINDOWS\System32\DRIVERS\slntamr.sys [404990 2004-08-03] (Smart Link)
S3 SlNtHal; C:\WINDOWS\System32\DRIVERS\Slnthal.sys [95424 2004-08-03] (Smart Link)
S3 SlWdmSup; C:\WINDOWS\System32\DRIVERS\SlWdmSup.sys [13240 2008-04-13] (Smart Link)
S3 USB_RNDIS_XP; C:\WINDOWS\System32\DRIVERS\usb8023.sys [12928 2013-02-11] (Microsoft Corporation)
S3 USRpdA; C:\WINDOWS\System32\DRIVERS\USRpdA.sys [113762 2001-08-17] (U.S. Robotics Corporation)
R0 Vmodem; C:\WINDOWS\System32\DRIVERS\vmodem.sys [604253 2001-08-17] (PCTEL, INC.)
R0 Vpctcom; C:\WINDOWS\System32\DRIVERS\vpctcom.sys [397502 2001-08-17] (PCtel, Inc.)
R0 Vvoice; C:\WINDOWS\System32\DRIVERS\vvoice.sys [64605 2001-08-17] (PCtel, Inc.)
S3 WEBNTACCESS; C:\WINDOWS\system32\NTACCESS.SYS [17920 2008-04-14] (Your Corporation) [File not signed]
S4 IntelIde; no ImagePath
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-13 19:15 - 2016-12-13 19:15 - 00000394 _____ C:\Documents and Settings\Daddy\Desktop\Addition.txt
2016-12-13 19:13 - 2016-12-13 19:21 - 00015351 _____ C:\Documents and Settings\Daddy\Desktop\FRST.txt
2016-12-13 19:12 - 2016-12-13 19:13 - 00000000 ____D C:\FRST
2016-12-13 19:11 - 2016-12-13 19:11 - 01761792 _____ (Farbar) C:\Documents and Settings\Daddy\Desktop\FRST.exe
2016-12-13 11:33 - 2016-12-13 11:33 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-12-13 11:33 - 2016-12-13 11:33 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2016-12-13 11:33 - 2016-03-10 14:09 - 00123264 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-12-13 11:26 - 2016-12-13 11:33 - 00000777 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2016-12-13 11:26 - 2016-12-13 11:33 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2016-12-13 11:26 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-12-12 12:50 - 2016-12-12 12:52 - 00000000 ____D C:\Documents and Settings\Daddy\Local Settings\Application Data\AvgSetupLog
2016-12-12 12:03 - 2016-12-12 12:05 - 51969976 _____ (Malwarebytes ) C:\Documents and Settings\Daddy\Desktop\mb3-setup-consumer-3.0.4.1269.exe
2016-12-12 11:45 - 2016-12-12 11:54 - 00000000 ____D C:\AVG_Remover
2016-12-08 12:35 - 2016-12-13 19:19 - 00630666 _____ C:\WINDOWS\ntbtlog.txt
2016-12-08 12:30 - 2016-12-08 12:31 - 03312896 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\Daddy\Desktop\AVG_Protection_Free_1606.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-13 19:21 - 2013-07-27 18:50 - 00000000 ____D C:\Documents and Settings\Daddy\Local Settings\Temp
2016-12-13 19:20 - 2004-08-04 07:00 - 00013738 _____ C:\WINDOWS\system32\wpa.dbl
2016-12-13 19:19 - 2012-06-04 01:00 - 00000000 __SHD C:\WINDOWS\CSC
2016-12-13 19:19 - 2008-12-05 14:03 - 00524288 _____ C:\WINDOWS\system32\config\ACEEvent.evt
2016-12-13 19:19 - 2008-06-01 23:05 - 00000178 ___SH C:\Documents and Settings\Daddy\ntuser.ini
2016-12-13 19:19 - 2008-06-01 22:55 - 00032544 _____ C:\WINDOWS\SchedLgU.Txt
2016-12-13 19:19 - 2008-06-01 22:55 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-12-13 19:13 - 2012-07-18 21:06 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-12-13 18:47 - 2010-12-03 10:38 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-12-13 11:49 - 2016-11-11 02:51 - 00000314 ____H C:\WINDOWS\Tasks\AVG EUpdate Task.job
2016-12-13 11:49 - 2015-02-03 14:06 - 00000222 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2016-12-13 11:49 - 2013-06-28 12:28 - 00000312 _____ C:\WINDOWS\Tasks\Crploify.job
2016-12-13 11:49 - 2010-12-03 10:38 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-12-13 11:33 - 2011-06-15 01:56 - 00000000 ____D C:\Documents and Settings\Daddy\Application Data\Malwarebytes
2016-12-12 12:50 - 2015-07-10 21:31 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG
2016-12-12 11:58 - 2008-07-11 12:07 - 00000000 ____D C:\Documents and Settings\Daddy\My Documents\Computer Hardware-Software
2016-12-12 11:49 - 2015-06-02 12:54 - 00000000 ____D C:\Documents and Settings\Daddy\Local Settings\Application Data\Avg
2016-12-12 10:32 - 2008-07-20 22:26 - 00000000 ____D C:\Documents and Settings\Daddy\My Documents\Miscellaneous
2016-12-11 13:31 - 2009-04-11 14:01 - 00000000 ____D C:\Documents and Settings\Daddy\My Documents\PayPal
2016-12-11 03:49 - 2010-07-06 22:00 - 00000000 _____ C:\Documents and Settings\Guest\Local Settings\Application Data\prvlcl.dat
2016-12-08 15:00 - 2015-02-03 14:06 - 00000216 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2016-12-08 12:50 - 2015-07-06 01:16 - 00000000 ____D C:\Documents and Settings\Daddy\Application Data\Skype
2016-12-08 12:46 - 2015-06-02 12:54 - 00000000 ____D C:\Documents and Settings\Guest\Local Settings\Application Data\Avg
2016-12-08 12:45 - 2008-12-13 14:38 - 00000000 ____D C:\Documents and Settings\Guest\Local Settings\Temp
2016-11-21 14:03 - 2008-06-01 18:24 - 00000000 ___HD C:\WINDOWS\inf
2016-11-20 19:32 - 2008-06-01 18:31 - 00572482 _____ C:\WINDOWS\system32\PerfStringBackup.INI

==================== Files in the root of some directories =======

2012-10-20 23:22 - 2015-02-02 15:12 - 0000170 _____ () C:\Documents and Settings\Daddy\Application Data\default.rss
2008-06-26 21:56 - 2016-07-14 13:35 - 0042496 ____H () C:\Documents and Settings\Daddy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-01-24 19:45 - 2013-01-24 19:45 - 0026900 _____ () C:\Documents and Settings\Daddy\Local Settings\Application Data\dt.dat
2013-02-01 19:39 - 2013-02-01 19:39 - 0000085 _____ () C:\Documents and Settings\Daddy\Local Settings\Application Data\ZDManager.ini

Files to move or delete:
====================
C:\Documents and Settings\Daddy\jagex_runescape_preferences.dat
C:\Documents and Settings\Daddy\jagex_runescape_preferences2.dat
C:\Documents and Settings\Daddy\jagex__preferences3.dat


Some files in TEMP:
====================
C:\Documents and Settings\Daddy\Local Settings\Temp\avg-6d9f9374-5eb1-4817-a5e0-7777f3c12845.exe
C:\Documents and Settings\Daddy\Local Settings\Temp\jre-8u111-windows-au.exe
C:\Documents and Settings\Daddy\Local Settings\Temp\jre-8u91-windows-au.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

Addition_13-12-2016 19.23.30.txt

Link to post
Share on other sites

  • 3 weeks later...
  • Root Admin

Hello @HappyHillbilly and :welcome:

 

<p>
    Sorry for the delay. I&#39;ve been out on vacation and looks like your topic was over looked.
</p>

Please try to uninstall your Java.

Then try the following.

 

Please visit each of the following sites and let's reset all of your browsers back to defaults to prevent unexpected issues.
If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.

Internet Explorer
How to reset Internet Explorer settings

Firefox
Click on Help / Troubleshooting Information then click on the Reset Firefox button.

Chrome

I would like to reset Chrome back to defaults to completely clear out what is going on with Chrome.

You can keep your “Bookmarks” if you want to keep them, but you have to export them first – >> Export Bookmarks << – Everything else should be removed.

Then I need you to go to >> Google Sync << and sign into your account.
Scroll down until you see the reset sync button and click on the button
At the prompt click on Ok.

.
Reset Your Browser Settings
.

  1. In the top-right corner of the browser window, click the “Chrome Menu” icon (Three horizontal lines)
  2. Select Settings.
  3. At the bottom, click Show advanced settings…
  4. Scroll down until you see “Reset settings”, Then click on the button Reset Settings.
  5. In the dialog that appears, click Reset.

.
Close Chrome and restart it and check it out for me please

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.