Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

possible malware


  • Please log in to reply

#1
Steveows696

Steveows696

    Member

  • Member
  • PipPip
  • 14 posts
Hello, every time I get on the Internet and goto a Web site my computer restarts on me. I have the FRST installed and logs ready just need help knowing what to do from here? Windows xp

Edited by Steveows696, 20 October 2015 - 02:52 PM.

  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,803 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

Post the logs FRST.TXT and Additions.txt directly to the forum do not attach them.....
  • 0

#3
Steveows696

Steveows696

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-10-2015
Ran by user (administrator) on COUNTER3 (21-10-2015 13:40:06)
Running from C:\Documents and Settings\user\Desktop
Loaded Profiles: user (Available Profiles: user & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 7 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [248040 2010-02-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [843776 2006-05-01] (Analog Devices, Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2010-06-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [834608 2015-10-14] (Webroot)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM\...\Policies\Explorer: [NoToolbarCustomize] 0
HKLM\...\Policies\Explorer: [NoBandCustomize] 0
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\Policies\Explorer: [NoToolbarCustomize] 0
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\Policies\Explorer: [NoBandCustomize] 0
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\sstext3d.scr [679936 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
ShellIconOverlayIdentifiers: [ ] -> {1914B27A-33C8-46F8-A1C2-F993268D4564} => C:\WINDOWS\system32\WRusr.dll [2015-10-14] (Webroot)
ShellIconOverlayIdentifiers: [  ] -> {C14874EA-ACE4-4A47-8A81-18C4D1C40868} => C:\WINDOWS\system32\WRusr.dll [2015-10-14] (Webroot)
ShellIconOverlayIdentifiers: [   ] -> {6DA1ED92-315E-4D0B-B354-9D5F519DBA95} => C:\WINDOWS\system32\WRusr.dll [2015-10-14] (Webroot)
ShellIconOverlayIdentifiers: [    ] -> {8D7FC74C-E409-42DF-8EEE-69D45FAE2F30} => C:\WINDOWS\system32\WRusr.dll [2015-10-14] (Webroot)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk [2015-03-24]
ShortcutTarget: Install Webroot FF RunOnce.lnk -> C:\Program Files\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk [2015-03-24]
ShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files\Common Files\wruninstall.exe (Webroot Software, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 24.116.0.53 24.116.2.50
Tcpip\..\Interfaces\{CEBC202C-92F5-4318-B36D-27F683B881D9}: [NameServer] 4.2.2.2,8.8.8.8
Tcpip\..\Interfaces\{CEBC202C-92F5-4318-B36D-27F683B881D9}: [DhcpNameServer] 24.116.0.53 24.116.2.50
 
Internet Explorer:
==================
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\Documents and Settings\All Users\Application Data\WRData\pkg\LPBar.dll [2015-03-24] (Webroot)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll [2015-09-30] (Webroot)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-27] (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-05-27] (Sun Microsystems, Inc.)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\Documents and Settings\All Users\Application Data\WRData\pkg\LPBar.dll [2015-03-24] (Webroot)
Toolbar: HKU\S-1-5-21-2052812541-4131558422-1920305230-1005 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll [2009-02-02] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-02] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-08-05] [not signed]
 
Chrome: 
=======
CHR Profile: C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-18]
CHR Extension: (YouTube) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-30]
CHR Extension: (Google Docs Offline) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-02]
CHR Extension: (Quick Earl Owen Company) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hikkoeoadjbjhfbcdiplhfkmafdfgkej [2015-09-22]
CHR Extension: (Webroot Filtering Extension) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2015-10-14]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]
CHR Extension: (Webroot Password Manager) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab [2015-03-24]
CHR Extension: (Gmail) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR HKLM\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\Documents and Settings\All Users\Application Data\WRData\pkg\lpchrome.crx [2015-03-24]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [68000 2010-03-29] (NOS Microsystems Ltd.)
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2010-04-12] (Sun Microsystems, Inc.)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [834608 2015-10-14] (Webroot)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
S3 FTDIBUS; C:\WINDOWS\System32\drivers\ftdibus.sys [57672 2009-02-17] (FTDI Ltd.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
R1 OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [13632 2001-08-22] (Dell Computer Corporation) [File not signed]
R3 SenFiltService; C:\WINDOWS\System32\drivers\Senfilt.sys [392960 2006-03-18] (Sensaura)
S3 slabbus; C:\WINDOWS\System32\DRIVERS\slabbus.sys [66656 2009-06-29] (MCCI Corporation)
S3 slabser; C:\WINDOWS\System32\DRIVERS\slabser.sys [84064 2009-06-29] (MCCI Corporation)
S3 slsusb; C:\WINDOWS\System32\Drivers\slsusb.sys [26208 2009-08-03] (System Level Solutions (India) Pvt. Ltd.)
S4 tmtdi; C:\WINDOWS\System32\DRIVERS\tmtdi.sys [92304 2012-05-02] (Trend Micro Inc.)
U3 TrueSight; C:\WINDOWS\system32\drivers\TrueSight.sys [35064 2015-10-19] ()
R0 WRkrn; C:\WINDOWS\System32\drivers\WRkrn.sys [119288 2015-10-14] (Webroot)
S3 wrUrlFlt; C:\WINDOWS\system32\DRIVERS\wrUrlFlt.sys [25600 2015-09-30] (Webroot) [File not signed]
S0 dmio; System32\drivers\dmio.sys [X]
S3 FTD2XX; no ImagePath
U5 P3; C:\Windows\System32\Drivers\P3.sys [42752 2008-04-13] (Microsoft Corporation)
S1 SASDIFSV; \??\C:\DOCUME~1\user\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [X]
S3 SASENUM; \??\C:\DOCUME~1\user\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS [X]
S1 SASKUTIL; \??\C:\DOCUME~1\user\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U2 TMAgent; no ImagePath
U1 WS2IFSL; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-21 13:40 - 2015-10-21 13:40 - 00022503 _____ C:\Documents and Settings\user\Desktop\FRST.txt
2015-10-21 13:39 - 2015-10-21 13:37 - 01700352 _____ (Farbar) C:\Documents and Settings\user\Desktop\FRST.exe
2015-10-21 11:48 - 2015-10-21 11:49 - 00000000 _____ C:\Documents and Settings\user\format
2015-10-20 14:14 - 2015-10-20 14:14 - 00001662 _____ C:\Documents and Settings\user\My Documents\fixlist.txt
2015-10-20 11:52 - 2015-10-21 13:40 - 00000000 ____D C:\FRST
2015-10-20 11:32 - 2015-09-30 13:28 - 00025600 ____T (Webroot) C:\WINDOWS\system32\Drivers\wrUrlFlt.sys
2015-10-20 09:17 - 2015-10-20 13:46 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-10-20 09:16 - 2015-10-20 09:16 - 00000777 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-20 09:16 - 2015-10-20 09:16 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-10-20 09:16 - 2015-10-20 09:16 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-20 09:16 - 2015-10-05 09:50 - 00121560 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-10-20 09:16 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2015-10-20 08:56 - 2015-10-20 09:02 - 01691648 _____ C:\Documents and Settings\user\Desktop\AdwCleaner.exe
2015-10-19 15:41 - 2015-10-19 15:41 - 00000000 ____D C:\TDSSKiller_Quarantine
2015-10-19 15:34 - 2015-07-24 12:31 - 04404952 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\user\Desktop\TDSSKiller.exe
2015-10-19 14:40 - 2015-10-19 15:59 - 00035064 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-10-19 14:40 - 2015-10-19 14:40 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\RogueKiller
2015-10-19 13:36 - 2015-10-20 11:36 - 00000000 ____D C:\AdwCleaner
2015-10-19 10:42 - 2015-10-19 10:42 - 00090112 _____ C:\WINDOWS\Minidump\Mini101915-02.dmp
2015-10-19 10:24 - 2015-10-19 10:24 - 00090112 _____ C:\WINDOWS\Minidump\Mini101915-01.dmp
2015-10-17 14:52 - 2015-10-17 14:52 - 00090112 _____ C:\WINDOWS\Minidump\Mini101715-01.dmp
2015-10-16 15:52 - 2015-10-16 15:52 - 00090112 _____ C:\WINDOWS\Minidump\Mini101615-05.dmp
2015-10-16 14:43 - 2015-10-16 14:43 - 00090112 _____ C:\WINDOWS\Minidump\Mini101615-04.dmp
2015-10-16 14:11 - 2015-10-16 14:11 - 00090112 _____ C:\WINDOWS\Minidump\Mini101615-03.dmp
2015-10-16 11:45 - 2015-10-16 11:45 - 00090112 _____ C:\WINDOWS\Minidump\Mini101615-02.dmp
2015-10-16 11:19 - 2015-10-16 11:19 - 00000000 ____D C:\WINDOWS\Minidump
2015-10-16 11:19 - 2015-10-16 11:18 - 00090112 _____ C:\WINDOWS\Minidump\Mini101615-01.dmp
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-21 13:40 - 2006-09-28 14:00 - 00000000 ____D C:\Documents and Settings\user\Local Settings\Temp
2015-10-21 13:38 - 2010-06-11 18:17 - 00405857 _____ C:\WINDOWS\3log.log
2015-10-21 13:37 - 2004-08-11 17:13 - 02082603 _____ C:\WINDOWS\WindowsUpdate.log
2015-10-21 13:36 - 2015-03-24 10:42 - 00000617 _____ C:\Documents and Settings\All Users\Desktop\Webroot SecureAnywhere.lnk
2015-10-21 13:36 - 2007-12-18 10:54 - 00002145 _____ C:\WINDOWS\3apps.INI
2015-10-21 13:36 - 2004-08-11 17:09 - 00000159 ____C C:\WINDOWS\wiadebug.log
2015-10-21 13:36 - 2004-08-11 17:09 - 00000050 ____C C:\WINDOWS\wiaservc.log
2015-10-21 13:35 - 2004-08-11 17:20 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-21 13:12 - 2012-08-30 14:01 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-10-21 12:44 - 2014-10-29 16:01 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-21 11:37 - 2015-03-24 10:42 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\WRData
2015-10-21 11:29 - 2006-09-28 14:00 - 00000178 ___SH C:\Documents and Settings\user\ntuser.ini
2015-10-21 11:29 - 2004-08-11 17:20 - 00032594 _____ C:\WINDOWS\SchedLgU.Txt
2015-10-20 14:44 - 2014-10-29 16:01 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-20 09:16 - 2010-06-09 13:09 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2015-10-20 08:27 - 2004-08-11 17:11 - 00000000 ____D C:\WINDOWS\Registration
2015-10-19 15:28 - 2015-09-16 10:25 - 00013837 _____ C:\WINDOWS\setupapi.log
2015-10-19 13:38 - 2008-12-08 11:39 - 00000000 ____D C:\Documents and Settings\user\Application Data\Yahoo!
2015-10-19 11:54 - 2006-09-28 14:00 - 00001513 _____ C:\Documents and Settings\user\Start Menu\Programs\Notepad.lnk
2015-10-19 07:11 - 2004-08-11 17:00 - 00001158 _____ C:\WINDOWS\system32\wpa.dbl
2015-10-16 18:12 - 2012-08-30 14:01 - 00780488 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-10-16 18:12 - 2012-08-30 14:01 - 00142536 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-10-16 11:25 - 2004-08-11 17:20 - 00000178 __SHC C:\Documents and Settings\Administrator\ntuser.ini
2015-10-16 11:09 - 2006-09-27 08:15 - 00000000 _____ C:\WINDOWS\MEMORY.DMP
2015-10-15 10:17 - 2004-08-11 17:15 - 00001507 _____ C:\Documents and Settings\All Users\Start Menu\Windows Update.lnk
2015-10-14 08:47 - 2014-10-29 16:03 - 00001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-10-14 08:13 - 2015-03-24 10:42 - 00169232 _____ (Webroot) C:\WINDOWS\system32\WRusr.dll
2015-10-14 08:13 - 2015-03-24 10:42 - 00119288 _____ (Webroot) C:\WINDOWS\system32\Drivers\WRkrn.sys
2015-10-14 08:13 - 2010-03-10 19:55 - 00000000 ____D C:\Program Files\Webroot
2015-10-13 18:08 - 2013-08-14 18:15 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-10-13 18:00 - 2007-04-27 10:41 - 141105520 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-10-12 10:29 - 2010-06-11 17:23 - 00001483 _____ C:\WINDOWS\setupact.log
2015-10-08 15:01 - 2014-03-29 09:08 - 00000214 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
 
==================== Files in the root of some directories =======
 
2015-03-24 10:53 - 2015-03-24 10:53 - 10395072 _____ (Webroot Software, Inc.) C:\Program Files\Common Files\wruninstall.exe
2009-07-03 14:14 - 2009-11-25 16:13 - 0004608 ____C () C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-03-27 18:02 - 2013-03-27 18:02 - 0000036 _____ () C:\Documents and Settings\user\Local Settings\Application Data\housecall.guid.cache
 
Files to move or delete:
====================
C:\Documents and Settings\user\2134169.exe
 
 
Some files in TEMP:
====================
C:\Documents and Settings\user\Local Settings\Temp\dllnt_dump.dll
C:\Documents and Settings\user\Local Settings\Temp\WRupdate40047328.exe
C:\Documents and Settings\user\Local Settings\Temp\WRupdate7283687.exe
C:\Documents and Settings\user\Local Settings\Temp\WRupdate79979921.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End of FRST.txt ============================

  • 0

#4
Steveows696

Steveows696

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Additional scan result of Farbar Recovery Scan Tool (x86) Version:21-10-2015
Ran by user (2015-10-21 13:41:25)
Running from C:\Documents and Settings\user\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2007-12-18 15:51:00)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2052812541-4131558422-1920305230-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Guest (S-1-5-21-2052812541-4131558422-1920305230-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-2052812541-4131558422-1920305230-1008 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-2052812541-4131558422-1920305230-1002 - Limited - Disabled)
user (S-1-5-21-2052812541-4131558422-1920305230-1005 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\user
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Webroot SecureAnywhere (Enabled - Up to date) {D486329C-1488-4CEB-9CC8-D662B732D904}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Download Manager (HKLM\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.63 - NOS Microsystems Ltd.)
Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.0.22.87 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe Reader 9.3.4 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A93000000001}) (Version: 9.3.4 - Adobe Systems Incorporated)
Broadcom Management Programs (HKLM\...\{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}) (Version: 9.03.02 - Broadcom Corporation)
Dell ETS Factory Installation (Version: 1.0.0 - ) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 46.0.2490.71 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
J2SE Runtime Environment 5.0 Update 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150060}) (Version: 1.5.0.60 - Sun Microsystems, Inc.)
Java™ 6 Update 2 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160020}) (Version: 1.6.0.20 - Sun Microsystems, Inc.)
Java™ 6 Update 20 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216015FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Java™ SE Runtime Environment 6 Update 1 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160010}) (Version: 1.6.0.10 - Sun Microsystems, Inc.)
Lightning (HKLM\...\{79C6D9EB-1267-49F5-9904-9241466D410F}) (Version: 3.01.0001 - Edge Products)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 and SOAP Toolkit 3.0 (Version: 1.0.0.0 - Webroot Software, Inc.) Hidden
MSXML 6 Service Pack 2 (KB954459) (HKLM\...\{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}) (Version: 6.20.1099.0 - Microsoft Corporation)
PowerDVD OD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version:  - )
PowerTools (HKLM\...\PowerTools) (Version:  - )
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (HKLM\...\SLABCOMM&10C4&EA60) (Version:  - )
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Webroot SecureAnywhere (HKLM\...\WRUNINST) (Version: 9.0.5.8 - Webroot)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0036.0 - Microsoft Corporation)
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Resource Kit Tools - SubInAcl.exe (HKLM\...\{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}) (Version: 5.2.3790.1164 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2052812541-4131558422-1920305230-1005_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2052812541-4131558422-1920305230-1005_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2052812541-4131558422-1920305230-1005_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2052812541-4131558422-1920305230-1005_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2052812541-4131558422-1920305230-1005_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2052812541-4131558422-1920305230-1005_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2052812541-4131558422-1920305230-1005_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2052812541-4131558422-1920305230-1005_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2052812541-4131558422-1920305230-1005_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2052812541-4131558422-1920305230-1005_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2052812541-4131558422-1920305230-1005_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2052812541-4131558422-1920305230-1005_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> no filepath
 
==================== Restore Points =========================
 
16-09-2015 12:23:25 System Checkpoint
16-09-2015 14:16:32 Removed Fusion
17-09-2015 14:50:53 System Checkpoint
18-09-2015 15:00:35 System Checkpoint
19-09-2015 15:17:51 System Checkpoint
20-09-2015 15:55:39 System Checkpoint
21-09-2015 16:54:27 System Checkpoint
22-09-2015 17:20:52 System Checkpoint
23-09-2015 18:16:42 System Checkpoint
25-09-2015 08:51:49 System Checkpoint
26-09-2015 10:41:38 System Checkpoint
28-09-2015 08:08:29 System Checkpoint
29-09-2015 08:21:48 System Checkpoint
30-09-2015 08:48:11 System Checkpoint
01-10-2015 10:23:09 System Checkpoint
02-10-2015 12:54:20 System Checkpoint
05-10-2015 08:09:03 System Checkpoint
06-10-2015 08:39:02 System Checkpoint
07-10-2015 12:20:37 System Checkpoint
08-10-2015 12:45:40 System Checkpoint
09-10-2015 14:07:09 System Checkpoint
10-10-2015 14:08:19 System Checkpoint
11-10-2015 14:38:19 System Checkpoint
12-10-2015 14:56:41 System Checkpoint
13-10-2015 18:00:09 Software Distribution Service 3.0
15-10-2015 08:15:48 System Checkpoint
15-10-2015 10:31:13 Removed Acrobat.com
16-10-2015 12:20:15 System Checkpoint
17-10-2015 12:57:20 System Checkpoint
19-10-2015 07:27:23 System Checkpoint
20-10-2015 12:14:20 System Checkpoint
21-10-2015 12:15:17 System Checkpoint
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2010-06-08 12:43 - 2011-03-10 18:32 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\06623899.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\17906850.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\52326093.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\66954184.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\06623899.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\17906850.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\52326093.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\66954184.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\Software\Classes\exefile: "%1" %* <===== ATTENTION
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\100sexlinks.com -> 100sexlinks.com
 
There are 4610 more restricted sites.
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 4.2.2.2 - 8.8.8.8
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\mmc.exe] => Disabled:Microsoft Management Console
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/21/2015 01:36:14 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (10/21/2015 01:36:14 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (10/21/2015 01:36:14 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (10/21/2015 01:36:14 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (10/21/2015 01:24:08 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (10/21/2015 01:24:08 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (10/21/2015 01:24:08 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (10/21/2015 01:24:08 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (10/21/2015 11:55:38 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (10/21/2015 11:55:38 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.
 
 
System errors:
=============
Error: (10/21/2015 01:36:07 PM) (Source: LDMS) (EventID: 3016) (User: )
Description: Failed to initialize DmServer service. The service is not running. Error: C000003A
 
Error: (10/21/2015 01:36:07 PM) (Source: LDMS) (EventID: 3004) (User: )
Description: Failed to open event VxKernel2VoldEvent, Error=C000003A.
 
Error: (10/21/2015 01:36:07 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
 
Error: (10/21/2015 01:24:02 PM) (Source: LDMS) (EventID: 3016) (User: )
Description: Failed to initialize DmServer service. The service is not running. Error: C000003A
 
Error: (10/21/2015 01:24:02 PM) (Source: LDMS) (EventID: 3004) (User: )
Description: Failed to open event VxKernel2VoldEvent, Error=C000003A.
 
Error: (10/21/2015 01:24:01 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
 
Error: (10/21/2015 11:55:31 AM) (Source: LDMS) (EventID: 3016) (User: )
Description: Failed to initialize DmServer service. The service is not running. Error: C000003A
 
Error: (10/21/2015 11:55:31 AM) (Source: LDMS) (EventID: 3004) (User: )
Description: Failed to open event VxKernel2VoldEvent, Error=C000003A.
 
Error: (10/21/2015 11:55:30 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
 
Error: (10/21/2015 11:43:05 AM) (Source: LDMS) (EventID: 3016) (User: )
Description: Failed to initialize DmServer service. The service is not running. Error: C000003A
 
 
==================== Memory info =========================== 
 
Processor:  Intel® Celeron® CPU 3.20GHz
Percentage of memory in use: 16%
Total physical RAM: 2037.54 MB
Available physical RAM: 1694.59 MB
Total Virtual: 2784.15 MB
Available Virtual: 2580.85 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:74.46 GB) (Free:59.79 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive e: () (Removable) (Total:7.2 GB) (Free:7.2 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: 7B4B7B4B)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=74.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7.2 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=7.2 GB) - (Type=0B)
 
==================== End of Addition.txt ============================

  • 0

#5
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,803 posts
Hello,
Were you getting help somewhere else ?
2015-10-20 14:14 - 2015-10-20 14:14 - 00001662 _____ C:\Documents and Settings\user\My Documents\fixlist.txt
Who made the fixlist ? I suggest you delete that now so there is no confusion.

Programs to uninstall
  • Adobe Reader 9.3.4
  • J2SE Runtime Environment 5.0 Update 6
  • Java 6 Update 2
  • Java 6 Update 20
  • Java SE Runtime Environment 6 Update 1

    Next

    Download the enclosed file==> Attached File  fixlist.txt   15.08KB   64 downloads Save it in the location FRST64 is. Run FRST64 and click on the Fix button. Wait until finished.

    The tool will make a log in the location FRST64 is, (Fixlog.txt). Please post it to your reply.

  • 0

#6
Steveows696

Steveows696

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
No help elsewhere was trying to do it myself but frst suggested I get help before I screw something up (which wouldn't be to bad cause then work would have to buy a new one) anyways now I'm here.
  • 0

#7
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,803 posts
Hello,

Carry on with the instructions, if a program will not remove skip it and keep moving on. Post the fixlog in your next reply.

Thanks
Joe :)
  • 0

#8
Steveows696

Steveows696

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Fix result of Farbar Recovery Scan Tool (x86) Version:21-10-2015
Ran by user (2015-10-22 08:54:36) Run:2
Running from C:\Documents and Settings\user\Desktop
Loaded Profiles: user (Available Profiles: user & Administrator)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
HKLM\...\Policies\Explorer: [NoToolbarCustomize] 0
HKLM\...\Policies\Explorer: [NoBandCustomize] 0
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\Policies\Explorer: [NoToolbarCustomize] 0
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\Policies\Explorer: [NoBandCustomize] 0
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\sstext3d.scr [679936 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-27] (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-05-27] (Sun Microsystems, Inc.)
Toolbar: HKU\S-1-5-21-2052812541-4131558422-1920305230-1005 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-08-05] [not signed]
S3 FTD2XX; no ImagePath
U5 P3; C:\Windows\System32\Drivers\P3.sys [42752 2008-04-13] (Microsoft Corporation)
S1 SASDIFSV; \??\C:\DOCUME~1\user\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [X]
S3 SASENUM; \??\C:\DOCUME~1\user\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS [X]
S1 SASKUTIL; \??\C:\DOCUME~1\user\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U2 TMAgent; no ImagePath
U1 WS2IFSL; no ImagePath 
C:\Documents and Settings\user\2134169.exe
CustomCLSID: HKU\S-1-5-21-2052812541-4131558422-1920305230-1005_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2052812541-4131558422-1920305230-1005_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2052812541-4131558422-1920305230-1005_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2052812541-4131558422-1920305230-1005_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2052812541-4131558422-1920305230-1005_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2052812541-4131558422-1920305230-1005_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2052812541-4131558422-1920305230-1005_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2052812541-4131558422-1920305230-1005_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2052812541-4131558422-1920305230-1005_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2052812541-4131558422-1920305230-1005_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2052812541-4131558422-1920305230-1005_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2052812541-4131558422-1920305230-1005_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> no filepath
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\06623899.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\17906850.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\52326093.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\66954184.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\06623899.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\17906850.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\52326093.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\66954184.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\Software\Classes\exefile: "%1" %* <===== ATTENTION
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
RemoveProxy:
hosts:
Emptytemp:
 
*****************
 
Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoToolbarCustomize => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoBandCustomize => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\LinkResolveIgnoreLinkInfo => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewOnDrive => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRun => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRunOnce => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRun => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRunOnce => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewContextMenu => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoShellSearchButton => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFind => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFile => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideClock => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayContextMenu => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayItemsDisplay => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetFolders => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDevMgrUpdate => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetTaskbar => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDeletePrinter => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDFSTab => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeStartMenu => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogoff => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWindowsUpdate => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoEncryptOnMove => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRunasInstallPrompt => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSaveSettings => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoHardwareTab => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartMenuSubFolders => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDesktop => value removed successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableCMD => value removed successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispAppearancePage => value removed successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispBackgroundPage => value removed successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispSettingsPage => value removed successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value removed successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewOnDrive => value removed successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value removed successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRun => value removed successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRunOnce => value removed successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRun => value removed successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRunOnce => value removed successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewContextMenu => value removed successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoShellSearchButton => value removed successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFind => value removed successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFile => value removed successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideClock => value removed successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayContextMenu => value removed successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayItemsDisplay => value removed successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetFolders => value removed successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDevMgrUpdate => value removed successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetTaskbar => value removed successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDeletePrinter => value removed successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDFSTab => value removed successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeStartMenu => value removed successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogoff => value removed successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWindowsUpdate => value removed successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoEncryptOnMove => value removed successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRunasInstallPrompt => value removed successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => value removed successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSaveSettings => value removed successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoHardwareTab => value removed successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartMenuSubFolders => value removed successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableCMD => value removed successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispAppearancePage => value removed successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispBackgroundPage => value removed successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispSettingsPage => value removed successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value removed successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewOnDrive => value removed successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value removed successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRun => value removed successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRunOnce => value removed successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRun => value removed successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRunOnce => value removed successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewContextMenu => value removed successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoShellSearchButton => value removed successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFind => value removed successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFile => value removed successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideClock => value removed successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayContextMenu => value removed successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayItemsDisplay => value removed successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetFolders => value removed successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDevMgrUpdate => value removed successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetTaskbar => value removed successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDeletePrinter => value removed successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDFSTab => value removed successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeStartMenu => value removed successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogoff => value removed successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWindowsUpdate => value removed successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoEncryptOnMove => value removed successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRunasInstallPrompt => value removed successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => value removed successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSaveSettings => value removed successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoHardwareTab => value removed successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartMenuSubFolders => value removed successfully.
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableCMD => value removed successfully.
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispAppearancePage => value removed successfully.
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispBackgroundPage => value removed successfully.
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispSettingsPage => value removed successfully.
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoToolbarCustomize => value removed successfully.
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoBandCustomize => value removed successfully.
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\LinkResolveIgnoreLinkInfo => value removed successfully.
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value removed successfully.
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewOnDrive => value removed successfully.
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value removed successfully.
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRun => value removed successfully.
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRunOnce => value removed successfully.
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRun => value removed successfully.
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRunOnce => value removed successfully.
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewContextMenu => value removed successfully.
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoShellSearchButton => value removed successfully.
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFind => value removed successfully.
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFile => value removed successfully.
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideClock => value removed successfully.
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayContextMenu => value removed successfully.
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayItemsDisplay => value removed successfully.
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetFolders => value removed successfully.
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDevMgrUpdate => value removed successfully.
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetTaskbar => value removed successfully.
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDeletePrinter => value removed successfully.
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDFSTab => value removed successfully.
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeStartMenu => value removed successfully.
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogoff => value removed successfully.
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWindowsUpdate => value removed successfully.
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoEncryptOnMove => value removed successfully.
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRunasInstallPrompt => value removed successfully.
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => value removed successfully.
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSaveSettings => value removed successfully.
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoHardwareTab => value removed successfully.
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartMenuSubFolders => value removed successfully.
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\Control Panel\Desktop\\SCRNSAVE.EXE => value restored successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableCMD => value removed successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispAppearancePage => value removed successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispBackgroundPage => value removed successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispSettingsPage => value removed successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value removed successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewOnDrive => value removed successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value removed successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRun => value removed successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRunOnce => value removed successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRun => value removed successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRunOnce => value removed successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewContextMenu => value removed successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoShellSearchButton => value removed successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFind => value removed successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFile => value removed successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideClock => value removed successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayContextMenu => value removed successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayItemsDisplay => value removed successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetFolders => value removed successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDevMgrUpdate => value removed successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetTaskbar => value removed successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDeletePrinter => value removed successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDFSTab => value removed successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeStartMenu => value removed successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogoff => value removed successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWindowsUpdate => value removed successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoEncryptOnMove => value removed successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRunasInstallPrompt => value removed successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => value removed successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSaveSettings => value removed successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoHardwareTab => value removed successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartMenuSubFolders => value removed successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully.
"HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C} => key not found. 
HKCR\CLSID\{E7E6F031-17CE-4C07-BC86-EABFE594F69C} => key not found. 
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => value removed successfully.
HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => key not found. 
HKLM\Software\Mozilla\Firefox\Extensions\\[email protected] => value not found.
C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-08-05] => not found.
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-08-05] [not signed] => not found
FTD2XX => service removed successfully.
P3 => service removed successfully.
SASDIFSV => service removed successfully.
SASENUM => service removed successfully.
SASKUTIL => service removed successfully.
ScsiPort => service removed successfully.
TMAgent => service removed successfully.
WS2IFSL => service removed successfully.
C:\Documents and Settings\user\2134169.exe => moved successfully
"HKU\S-1-5-21-2052812541-4131558422-1920305230-1005_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}" => key removed successfully.
"HKU\S-1-5-21-2052812541-4131558422-1920305230-1005_Classes\CLSID\{00020420-0000-0000-C000-000000000046}" => key removed successfully.
"HKU\S-1-5-21-2052812541-4131558422-1920305230-1005_Classes\CLSID\{00020421-0000-0000-C000-000000000046}" => key removed successfully.
"HKU\S-1-5-21-2052812541-4131558422-1920305230-1005_Classes\CLSID\{00020422-0000-0000-C000-000000000046}" => key removed successfully.
"HKU\S-1-5-21-2052812541-4131558422-1920305230-1005_Classes\CLSID\{00020423-0000-0000-C000-000000000046}" => key removed successfully.
"HKU\S-1-5-21-2052812541-4131558422-1920305230-1005_Classes\CLSID\{00020424-0000-0000-C000-000000000046}" => key removed successfully.
"HKU\S-1-5-21-2052812541-4131558422-1920305230-1005_Classes\CLSID\{00020425-0000-0000-C000-000000000046}" => key removed successfully.
"HKU\S-1-5-21-2052812541-4131558422-1920305230-1005_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}" => key removed successfully.
"HKU\S-1-5-21-2052812541-4131558422-1920305230-1005_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}" => key removed successfully.
"HKU\S-1-5-21-2052812541-4131558422-1920305230-1005_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}" => key removed successfully.
"HKU\S-1-5-21-2052812541-4131558422-1920305230-1005_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}" => key removed successfully.
"HKU\S-1-5-21-2052812541-4131558422-1920305230-1005_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}" => key removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":1CE11B51" ADS removed successfully..
C:\Documents and Settings\All Users\Application Data\TEMP => ":CB0AACC9" ADS removed successfully..
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\06623899.sys" => key removed successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\17906850.sys" => key removed successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\52326093.sys" => key removed successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\66954184.sys" => key removed successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\06623899.sys" => key removed successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\17906850.sys" => key removed successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\52326093.sys" => key removed successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\66954184.sys" => key removed successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\WRkrn" => key removed successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\WRSVC" => key removed successfully.
"HKU\.DEFAULT\Software\Classes\exefile" => key removed successfully.
"HKU\.DEFAULT\Software\Classes\.exe" => key removed successfully.
HKU\.DEFAULT\Software\Classes\exefile => key not found. 
"HKU\S-1-5-19\Software\Classes\exefile" => key removed successfully.
"HKU\S-1-5-19\Software\Classes\.exe" => key removed successfully.
HKU\S-1-5-19\Software\Classes\exefile => key not found. 
"HKU\S-1-5-20\Software\Classes\exefile" => key removed successfully.
"HKU\S-1-5-20\Software\Classes\.exe" => key removed successfully.
HKU\S-1-5-20\Software\Classes\exefile => key not found. 
"HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\Software\Classes\exefile" => key removed successfully.
"HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\Software\Classes\.exe" => key removed successfully.
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\Software\Classes\exefile => key not found. 
 
=========  bitsadmin /reset /allusers =========
 
'bitsadmin' is not recognized as an internal or external command,
operable program or batch file.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the machine in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
 
Windows IP Configuration
 
 
 
Successfully flushed the DNS Resolver Cache.
 
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
 
 
========= End of RemoveProxy: =========
 
"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not restore Hosts.
EmptyTemp: => 2.7 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 09:21:34 ====

  • 0

#9
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,803 posts
Hello,

Next

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the logfile button and the log will open in Notepad.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file at "C"

    Next

    thisisujrt.gif Please download Junkware Removal Tool to your Desktop.
    Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
    Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete, depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    Please post the contents of JRT.txt into your reply.


    In your next reply post;
  • The AdwCleaner [SO].txt Log
  • The JRT.txt Log

  • 0

#10
Steveows696

Steveows696

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
# AdwCleaner v5.014 - Logfile created 22/10/2015 at 13:51:51
# Updated 18/10/2015 by Xplode
# Database : 2015-10-18.5 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : user - COUNTER3
# Running from : C:\Documents and Settings\user\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
 
*************************
 
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [660 bytes] ##########

  • 0

Advertisements


#11
Steveows696

Steveows696

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Microsoft Windows XP x86
Ran by user on Thu 10/22/2015 at 14:00:20.62
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Chrome
 
 
[C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 10/22/2015 at 14:05:27.10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • 0

#12
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,803 posts
How is the computer doing ?

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

  • 0

#13
Steveows696

Steveows696

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Still the same. When i open. Chrome it's fine until I try to browse then she restarts.
  • 0

#14
Steveows696

Steveows696

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-10-2015
Ran by user (administrator) on COUNTER3 (22-10-2015 14:26:28)
Running from C:\Documents and Settings\user\Desktop
Loaded Profiles: user (Available Profiles: user & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 7 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [843776 2006-05-01] (Analog Devices, Inc.)
HKLM\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [834608 2015-10-14] (Webroot)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
ShellIconOverlayIdentifiers: [ ] -> {1914B27A-33C8-46F8-A1C2-F993268D4564} => C:\WINDOWS\system32\WRusr.dll [2015-10-14] (Webroot)
ShellIconOverlayIdentifiers: [  ] -> {C14874EA-ACE4-4A47-8A81-18C4D1C40868} => C:\WINDOWS\system32\WRusr.dll [2015-10-14] (Webroot)
ShellIconOverlayIdentifiers: [   ] -> {6DA1ED92-315E-4D0B-B354-9D5F519DBA95} => C:\WINDOWS\system32\WRusr.dll [2015-10-14] (Webroot)
ShellIconOverlayIdentifiers: [    ] -> {8D7FC74C-E409-42DF-8EEE-69D45FAE2F30} => C:\WINDOWS\system32\WRusr.dll [2015-10-14] (Webroot)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk [2015-03-24]
ShortcutTarget: Install Webroot FF RunOnce.lnk -> C:\Program Files\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk [2015-03-24]
ShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files\Common Files\wruninstall.exe (Webroot Software, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 24.116.0.53 24.116.2.50
Tcpip\..\Interfaces\{CEBC202C-92F5-4318-B36D-27F683B881D9}: [NameServer] 4.2.2.2,8.8.8.8
Tcpip\..\Interfaces\{CEBC202C-92F5-4318-B36D-27F683B881D9}: [DhcpNameServer] 24.116.0.53 24.116.2.50
 
Internet Explorer:
==================
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\Documents and Settings\All Users\Application Data\WRData\pkg\LPBar.dll [2015-03-24] (Webroot)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll [2015-09-30] (Webroot)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\Documents and Settings\All Users\Application Data\WRData\pkg\LPBar.dll [2015-03-24] (Webroot)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll [2009-02-02] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-02] [not signed]
 
Chrome: 
=======
CHR Profile: C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-18]
CHR Extension: (YouTube) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-30]
CHR Extension: (Google Docs Offline) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-02]
CHR Extension: (Quick Earl Owen Company) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hikkoeoadjbjhfbcdiplhfkmafdfgkej [2015-09-22]
CHR Extension: (Webroot Filtering Extension) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2015-10-14]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]
CHR Extension: (Webroot Password Manager) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab [2015-03-24]
CHR Extension: (Gmail) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR HKLM\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\Documents and Settings\All Users\Application Data\WRData\pkg\lpchrome.crx [2015-03-24]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [68000 2010-03-29] (NOS Microsystems Ltd.)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [834608 2015-10-14] (Webroot)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
S3 FTDIBUS; C:\WINDOWS\System32\drivers\ftdibus.sys [57672 2009-02-17] (FTDI Ltd.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
R1 OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [13632 2001-08-22] (Dell Computer Corporation) [File not signed]
R3 SenFiltService; C:\WINDOWS\System32\drivers\Senfilt.sys [392960 2006-03-18] (Sensaura)
S3 slabbus; C:\WINDOWS\System32\DRIVERS\slabbus.sys [66656 2009-06-29] (MCCI Corporation)
S3 slabser; C:\WINDOWS\System32\DRIVERS\slabser.sys [84064 2009-06-29] (MCCI Corporation)
S3 slsusb; C:\WINDOWS\System32\Drivers\slsusb.sys [26208 2009-08-03] (System Level Solutions (India) Pvt. Ltd.)
S4 tmtdi; C:\WINDOWS\System32\DRIVERS\tmtdi.sys [92304 2012-05-02] (Trend Micro Inc.)
U3 TrueSight; C:\WINDOWS\system32\drivers\TrueSight.sys [35064 2015-10-19] ()
R0 WRkrn; C:\WINDOWS\System32\drivers\WRkrn.sys [119288 2015-10-14] (Webroot)
S3 wrUrlFlt; C:\WINDOWS\system32\DRIVERS\wrUrlFlt.sys [25600 2015-09-30] (Webroot) [File not signed]
S0 dmio; System32\drivers\dmio.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-22 14:05 - 2015-10-22 14:05 - 00001522 _____ C:\Documents and Settings\user\Desktop\JRT.txt
2015-10-22 13:54 - 2015-10-22 13:44 - 01801288 _____ (Malwarebytes) C:\Documents and Settings\user\Desktop\JRT.exe
2015-10-21 13:41 - 2015-10-21 13:42 - 00021965 _____ C:\Documents and Settings\user\Desktop\Addition.txt
2015-10-21 13:40 - 2015-10-22 14:27 - 00009346 _____ C:\Documents and Settings\user\Desktop\FRST.txt
2015-10-21 13:39 - 2015-10-21 13:37 - 01700352 _____ (Farbar) C:\Documents and Settings\user\Desktop\FRST.exe
2015-10-21 11:48 - 2015-10-21 11:49 - 00000000 _____ C:\Documents and Settings\user\format
2015-10-20 14:14 - 2015-10-20 14:14 - 00001662 _____ C:\Documents and Settings\user\My Documents\fixlist.txt
2015-10-20 11:52 - 2015-10-22 14:26 - 00000000 ____D C:\FRST
2015-10-20 11:32 - 2015-09-30 13:28 - 00025600 ____T (Webroot) C:\WINDOWS\system32\Drivers\wrUrlFlt.sys
2015-10-20 09:17 - 2015-10-20 13:46 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-10-20 09:16 - 2015-10-20 09:16 - 00000777 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-20 09:16 - 2015-10-20 09:16 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-10-20 09:16 - 2015-10-20 09:16 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-20 09:16 - 2015-10-05 09:50 - 00121560 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-10-20 09:16 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2015-10-20 08:56 - 2015-10-20 09:02 - 01691648 _____ C:\Documents and Settings\user\Desktop\AdwCleaner.exe
2015-10-19 15:41 - 2015-10-19 15:41 - 00000000 ____D C:\TDSSKiller_Quarantine
2015-10-19 15:34 - 2015-07-24 12:31 - 04404952 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\user\Desktop\TDSSKiller.exe
2015-10-19 14:40 - 2015-10-19 15:59 - 00035064 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-10-19 14:40 - 2015-10-19 14:40 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\RogueKiller
2015-10-19 13:36 - 2015-10-22 13:51 - 00000000 ____D C:\AdwCleaner
2015-10-19 10:42 - 2015-10-19 10:42 - 00090112 _____ C:\WINDOWS\Minidump\Mini101915-02.dmp
2015-10-19 10:24 - 2015-10-19 10:24 - 00090112 _____ C:\WINDOWS\Minidump\Mini101915-01.dmp
2015-10-17 14:52 - 2015-10-17 14:52 - 00090112 _____ C:\WINDOWS\Minidump\Mini101715-01.dmp
2015-10-16 15:52 - 2015-10-16 15:52 - 00090112 _____ C:\WINDOWS\Minidump\Mini101615-05.dmp
2015-10-16 14:43 - 2015-10-16 14:43 - 00090112 _____ C:\WINDOWS\Minidump\Mini101615-04.dmp
2015-10-16 14:11 - 2015-10-16 14:11 - 00090112 _____ C:\WINDOWS\Minidump\Mini101615-03.dmp
2015-10-16 11:45 - 2015-10-16 11:45 - 00090112 _____ C:\WINDOWS\Minidump\Mini101615-02.dmp
2015-10-16 11:19 - 2015-10-16 11:19 - 00000000 ____D C:\WINDOWS\Minidump
2015-10-16 11:19 - 2015-10-16 11:18 - 00090112 _____ C:\WINDOWS\Minidump\Mini101615-01.dmp
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-22 14:27 - 2006-09-28 14:00 - 00000000 ____D C:\Documents and Settings\user\Local Settings\Temp
2015-10-22 14:21 - 2004-08-11 17:13 - 01102883 _____ C:\WINDOWS\WindowsUpdate.log
2015-10-22 14:21 - 2004-08-11 17:09 - 00000159 ____C C:\WINDOWS\wiadebug.log
2015-10-22 14:21 - 2004-08-11 17:09 - 00000050 ____C C:\WINDOWS\wiaservc.log
2015-10-22 14:20 - 2015-03-24 10:42 - 00000617 _____ C:\Documents and Settings\All Users\Desktop\Webroot SecureAnywhere.lnk
2015-10-22 14:20 - 2004-08-11 17:20 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-22 14:17 - 2006-09-28 14:00 - 00000178 ___SH C:\Documents and Settings\user\ntuser.ini
2015-10-22 14:17 - 2004-08-11 17:20 - 00032534 _____ C:\WINDOWS\SchedLgU.Txt
2015-10-22 14:12 - 2012-08-30 14:01 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-10-22 13:44 - 2014-10-29 16:01 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-22 13:42 - 2010-06-11 18:17 - 00406810 _____ C:\WINDOWS\3log.log
2015-10-22 12:03 - 2007-12-18 10:54 - 00002145 _____ C:\WINDOWS\3apps.INI
2015-10-22 09:19 - 2015-03-24 10:42 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\WRData
2015-10-22 09:19 - 2004-08-11 17:20 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
2015-10-22 08:55 - 2004-08-11 17:20 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Temp
2015-10-22 08:52 - 2006-09-27 08:28 - 00000000 ____D C:\Program Files\Java
2015-10-22 08:52 - 2006-09-27 08:28 - 00000000 ____D C:\Program Files\Common Files\Java
2015-10-22 08:39 - 2010-06-11 14:51 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-10-22 08:39 - 2008-04-15 12:23 - 00000000 ____D C:\Documents and Settings\user\Local Settings\Application Data\Adobe
2015-10-22 08:39 - 2008-04-15 12:23 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe
2015-10-22 08:39 - 2008-04-15 12:22 - 00000000 ____D C:\Program Files\Adobe
2015-10-21 14:44 - 2014-10-29 16:01 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-20 09:16 - 2010-06-09 13:09 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2015-10-20 08:27 - 2004-08-11 17:11 - 00000000 ____D C:\WINDOWS\Registration
2015-10-19 15:28 - 2015-09-16 10:25 - 00013837 _____ C:\WINDOWS\setupapi.log
2015-10-19 13:38 - 2008-12-08 11:39 - 00000000 ____D C:\Documents and Settings\user\Application Data\Yahoo!
2015-10-19 11:54 - 2006-09-28 14:00 - 00001513 _____ C:\Documents and Settings\user\Start Menu\Programs\Notepad.lnk
2015-10-19 07:11 - 2004-08-11 17:00 - 00001158 _____ C:\WINDOWS\system32\wpa.dbl
2015-10-16 18:12 - 2012-08-30 14:01 - 00780488 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-10-16 18:12 - 2012-08-30 14:01 - 00142536 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-10-16 11:25 - 2004-08-11 17:20 - 00000178 __SHC C:\Documents and Settings\Administrator\ntuser.ini
2015-10-16 11:09 - 2006-09-27 08:15 - 00000000 _____ C:\WINDOWS\MEMORY.DMP
2015-10-15 10:17 - 2004-08-11 17:15 - 00001507 _____ C:\Documents and Settings\All Users\Start Menu\Windows Update.lnk
2015-10-14 08:47 - 2014-10-29 16:03 - 00001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-10-14 08:13 - 2015-03-24 10:42 - 00169232 _____ (Webroot) C:\WINDOWS\system32\WRusr.dll
2015-10-14 08:13 - 2015-03-24 10:42 - 00119288 _____ (Webroot) C:\WINDOWS\system32\Drivers\WRkrn.sys
2015-10-14 08:13 - 2010-03-10 19:55 - 00000000 ____D C:\Program Files\Webroot
2015-10-13 18:08 - 2013-08-14 18:15 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-10-13 18:00 - 2007-04-27 10:41 - 141105520 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-10-12 10:29 - 2010-06-11 17:23 - 00001483 _____ C:\WINDOWS\setupact.log
2015-10-08 15:01 - 2014-03-29 09:08 - 00000214 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
 
==================== Files in the root of some directories =======
 
2015-03-24 10:53 - 2015-03-24 10:53 - 10395072 _____ (Webroot Software, Inc.) C:\Program Files\Common Files\wruninstall.exe
2009-07-03 14:14 - 2009-11-25 16:13 - 0004608 ____C () C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-03-27 18:02 - 2013-03-27 18:02 - 0000036 _____ () C:\Documents and Settings\user\Local Settings\Application Data\housecall.guid.cache
 
Some files in TEMP:
====================
C:\Documents and Settings\user\Local Settings\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End of FRST.txt ============================

  • 0

#15
Steveows696

Steveows696

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Additional scan result of Farbar Recovery Scan Tool (x86) Version:21-10-2015
Ran by user (2015-10-22 14:27:46)
Running from C:\Documents and Settings\user\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2007-12-18 15:51:00)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2052812541-4131558422-1920305230-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Guest (S-1-5-21-2052812541-4131558422-1920305230-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-2052812541-4131558422-1920305230-1008 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-2052812541-4131558422-1920305230-1002 - Limited - Disabled)
user (S-1-5-21-2052812541-4131558422-1920305230-1005 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\user
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Webroot SecureAnywhere (Enabled - Up to date) {D486329C-1488-4CEB-9CC8-D662B732D904}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Download Manager (HKLM\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.63 - NOS Microsystems Ltd.)
Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.0.22.87 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Broadcom Management Programs (HKLM\...\{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}) (Version: 9.03.02 - Broadcom Corporation)
Dell ETS Factory Installation (Version: 1.0.0 - ) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 46.0.2490.71 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Java™ 6 Update 20 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216015FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Lightning (HKLM\...\{79C6D9EB-1267-49F5-9904-9241466D410F}) (Version: 3.01.0001 - Edge Products)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 and SOAP Toolkit 3.0 (Version: 1.0.0.0 - Webroot Software, Inc.) Hidden
MSXML 6 Service Pack 2 (KB954459) (HKLM\...\{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}) (Version: 6.20.1099.0 - Microsoft Corporation)
PowerDVD OD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version:  - )
PowerTools (HKLM\...\PowerTools) (Version:  - )
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (HKLM\...\SLABCOMM&10C4&EA60) (Version:  - )
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Webroot SecureAnywhere (HKLM\...\WRUNINST) (Version: 9.0.5.8 - Webroot)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0036.0 - Microsoft Corporation)
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Resource Kit Tools - SubInAcl.exe (HKLM\...\{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}) (Version: 5.2.3790.1164 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
16-09-2015 12:23:25 System Checkpoint
16-09-2015 14:16:32 Removed Fusion
17-09-2015 14:50:53 System Checkpoint
18-09-2015 15:00:35 System Checkpoint
19-09-2015 15:17:51 System Checkpoint
20-09-2015 15:55:39 System Checkpoint
21-09-2015 16:54:27 System Checkpoint
22-09-2015 17:20:52 System Checkpoint
23-09-2015 18:16:42 System Checkpoint
25-09-2015 08:51:49 System Checkpoint
26-09-2015 10:41:38 System Checkpoint
28-09-2015 08:08:29 System Checkpoint
29-09-2015 08:21:48 System Checkpoint
30-09-2015 08:48:11 System Checkpoint
01-10-2015 10:23:09 System Checkpoint
02-10-2015 12:54:20 System Checkpoint
05-10-2015 08:09:03 System Checkpoint
06-10-2015 08:39:02 System Checkpoint
07-10-2015 12:20:37 System Checkpoint
08-10-2015 12:45:40 System Checkpoint
09-10-2015 14:07:09 System Checkpoint
10-10-2015 14:08:19 System Checkpoint
11-10-2015 14:38:19 System Checkpoint
12-10-2015 14:56:41 System Checkpoint
13-10-2015 18:00:09 Software Distribution Service 3.0
15-10-2015 08:15:48 System Checkpoint
15-10-2015 10:31:13 Removed Acrobat.com
16-10-2015 12:20:15 System Checkpoint
17-10-2015 12:57:20 System Checkpoint
19-10-2015 07:27:23 System Checkpoint
20-10-2015 12:14:20 System Checkpoint
21-10-2015 12:15:17 System Checkpoint
22-10-2015 08:39:29 Removed Adobe Reader 9.3.4.
22-10-2015 08:40:01 Removed J2SE Runtime Environment 5.0 Update 6
22-10-2015 08:40:29 Removed Java™ 6 Update 2
22-10-2015 08:52:21 Removed Java™ 6 Update 15
22-10-2015 08:52:24 Removed Java™ SE Runtime Environment 6 Update 1
22-10-2015 08:54:40 Restore Point Created by FRST
22-10-2015 13:55:23 JRT Pre-Junkware Removal
22-10-2015 14:00:25 JRT Pre-Junkware Removal
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2010-06-08 12:43 - 2011-03-10 18:32 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\...\100sexlinks.com -> 100sexlinks.com
 
There are 4610 more restricted sites.
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2052812541-4131558422-1920305230-1005\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 4.2.2.2 - 8.8.8.8
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\mmc.exe] => Disabled:Microsoft Management Console
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/22/2015 02:21:09 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (10/22/2015 02:21:09 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (10/22/2015 02:21:09 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (10/22/2015 02:21:09 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (10/22/2015 02:18:13 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (10/22/2015 02:18:13 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (10/22/2015 02:18:13 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (10/22/2015 02:18:13 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (10/22/2015 02:13:03 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (10/22/2015 02:13:03 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.
 
 
System errors:
=============
Error: (10/22/2015 02:21:02 PM) (Source: LDMS) (EventID: 3016) (User: )
Description: Failed to initialize DmServer service. The service is not running. Error: C000003A
 
Error: (10/22/2015 02:21:02 PM) (Source: LDMS) (EventID: 3004) (User: )
Description: Failed to open event VxKernel2VoldEvent, Error=C000003A.
 
Error: (10/22/2015 02:21:02 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
 
Error: (10/22/2015 02:18:07 PM) (Source: LDMS) (EventID: 3016) (User: )
Description: Failed to initialize DmServer service. The service is not running. Error: C000003A
 
Error: (10/22/2015 02:18:07 PM) (Source: LDMS) (EventID: 3004) (User: )
Description: Failed to open event VxKernel2VoldEvent, Error=C000003A.
 
Error: (10/22/2015 02:18:07 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
 
Error: (10/22/2015 02:12:57 PM) (Source: LDMS) (EventID: 3016) (User: )
Description: Failed to initialize DmServer service. The service is not running. Error: C000003A
 
Error: (10/22/2015 02:12:57 PM) (Source: LDMS) (EventID: 3004) (User: )
Description: Failed to open event VxKernel2VoldEvent, Error=C000003A.
 
Error: (10/22/2015 02:12:56 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
 
Error: (10/22/2015 01:52:58 PM) (Source: LDMS) (EventID: 3016) (User: )
Description: Failed to initialize DmServer service. The service is not running. Error: C000003A
 
 
==================== Memory info =========================== 
 
Processor:  Intel® Celeron® CPU 3.20GHz
Percentage of memory in use: 17%
Total physical RAM: 2037.54 MB
Available physical RAM: 1682.9 MB
Total Virtual: 2784.15 MB
Available Virtual: 2581.56 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:74.46 GB) (Free:60.5 GB) NTFS ==>[drive with boot components (Windows XP)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: 7B4B7B4B)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=74.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP