Is Java still a security risk?
Started by
scarlet.rose
, Jul 04 2016 12:15 PM
#16
Posted 08 July 2016 - 11:16 AM
DonnaB
-
- GeekU Moderator
-
- 8,529 posts
Miss Congeniality
#17
Posted 08 July 2016 - 01:00 PM
scarlet.rose
- Topic Starter
-
- Member
-
- 330 posts
Member
Thank you for your help Donna. 
I have never used ZoneAlarm. Only have Windows Firewall, Avast antivirus and CrytoPrevent security.
I received the error notices on a number of sites - on Yahoo Mail, eBay.....
I use Yahoo Mail, TalkTalk Mail / Outlook Express.
Clock / time is correctly set.
I will study the info in your link later when I have more time.
Malwarebytes scan found no threats (attached).
#18
Posted 08 July 2016 - 02:44 PM
scarlet.rose
- Topic Starter
-
- Member
-
- 330 posts
Member
Although this may be completely unrelated, the other thing I want to mention is.....
My computer has spontaneously logged me off several times recently.......and I've had to click on my user-name and re-log in.
Logging off is something I never do, I am the only user.
Yesterday my computer spontaneously re-started.
Hard drive SMART results including temperature all recently showed as: Good
#19
Posted 08 July 2016 - 05:31 PM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
Do you perhaps have a proxy server?
Let's look:
Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
- Flush DNS
- Report IE Proxy Settings
- Report FF Proxy Settings
- List content of Hosts
- List IP configuration
- List Winsock Entries
- List last 10 Event Viewer Errors
- List Installed Programs
- List Devices
- List Users, Partitions and Memory size.
- List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
#20
Posted 09 July 2016 - 06:40 AM
scarlet.rose
- Topic Starter
-
- Member
-
- 330 posts
Member
Thank you RKinner.
Please find attached the results of the MiniToolBox scan.
I don't have problems logging into secure sites with Firefox, but received a server error message when I tried to log into my banking site.
I don't use IE because it is outdated and would be an additonal security risk.
I regularly see TCP/IP warnings in Event Viewer (attached)......but previously read that this could be linked to Avast.
I know the memory is low, the memory installed is what the computer came with. Your colleagues here previously helped me with this issue and reassured me somewhat with regards to this, but I am very apprehensive about upgrading the memory because a Dell Advisor told me that there is a 50/50 chance of motherboard failure, due to it being an older computer......it's my only computer, would hate to be without it. I have never worked inside a computer before. In addition to this I have been side-tracked by other important non-computer related issues.
I have ordered new compatible RDRAM from the US.
#21
Posted 09 July 2016 - 07:53 AM
scarlet.rose
- Topic Starter
-
- Member
-
- 330 posts
Member
You may miss this if I edit my previous post.....
I have just checked User Accounts......."Guest account is off"
Shockwave Flash plugin I keep as 'never activate' in Firefox (my usual browser) until I need it, then I update it.
#22
Posted 09 July 2016 - 08:28 AM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
It says you are missing a couple of files.
The following helper DLL cannot be loaded: NAPMONTR.DLL.The following helper DLL cannot be loaded: DOT3CFG.DLL.
Can't say I know what they do but it is never good when a file is missing.
You are also missing at least one driver
Name: Unsupported DeviceDescription: Unsupported DeviceClass Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}Manufacturer: UnknownService:Device ID: ACPI\MGMT180\2&DABA3FF&0
I expect it's causing your errors.
What is the make and model number (and service tag if a Dell)?
The easiest way to see if there is another copy of a missing file is to run FRST, OTL or Combofix but I am not supposed to run them outside of the malware forum so I'm going to ask to have this moved to the malware forum.
They are usually pretty quick so let's see if we can get FRST to work.
- Get FRST from
You need to download the appropriate tool for your PC. If you don't know if you have a 32 or 64 bit system get them both. ONly one will work and that's the right one.
- Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
- Check the Addition.txt box
- Press Scan button.
- It will produce a log called FRST.txt in the same directory the tool is run from.
- Please copy and paste log back here.
- It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Once you get the base scans (go ahead and post them so they don't get lost) then put
NAPMONTR.DLL;DOT3CFG.DLL
in the FRST Search: box
then press the Search Files button
It will eventually give you a Search.txt log. Please post that.
#23
Posted 09 July 2016 - 08:51 AM
scarlet.rose
- Topic Starter
-
- Member
-
- 330 posts
Member
My computer is a Dell Dimension 8100.....couldn't find a service tag when I was asked for it some time ago.
Regarding the unsupported device, please see:
https://support.micr...en-us/kb/811152
Yes, I noticed that those helper DLL's couldn't be loaded.
I'm popping out now, will deal with the scan when back.
#24
Posted 09 July 2016 - 10:00 AM
scarlet.rose
- Topic Starter
-
- Member
-
- 330 posts
Member
I see this in Google Chrome's settings:
Google Chrome is using your computer's system proxy settings to connect to the network.
Seems Firefox is too.
Is a proxy server good or bad?
Here are the scan results:
Please see my message above too.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-07-2016
Ran by dell owner (administrator) on OWNER-25721C41B (09-07-2016 16:33:24)
Running from C:\Documents and Settings\dell owner\My Documents\Downloads
Loaded Profiles: dell owner (Available Profiles: dell owner & Administrator)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Lexmark International, Inc.) C:\WINDOWS\system32\LexBceS.exe
(Lexmark International, Inc.) C:\WINDOWS\system32\Lexpps.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [PrinTray] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe [36864 2000-08-10] (Lexmark)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [nwiz] => nwiz.exe /install
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-08-18] (Avast Software s.r.o.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation)
HKLM Group Policy restriction on software: C:\Documents and Settings\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.js <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.bat <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.js <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.js <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.js <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.js <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.js <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.js <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.js <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.js <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\gotoassistdownloadhelper.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\gotoassistdownloadhelper.exe <====== ATTENTION
Winlogon\Notify\dimsntfy:
HKU\S-1-5-21-725345543-839522115-1202660629-1004\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1667584 2004-08-04] (Microsoft Corporation)
HKU\S-1-5-21-725345543-839522115-1202660629-1004\...\Run: [Adobe Reader Synchronizer] => C:\Program Files\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [746376 2014-05-08] (Adobe Systems Incorporated)
HKU\S-1-5-21-725345543-839522115-1202660629-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ss3dfo.scr [704512 2004-08-04] (Microsoft Corporation)
Lsa: [Notification Packages] :
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-08-18] (Avast Software s.r.o.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{3B02402A-9823-4F7C-89F0-0636DD23A4E3}: [DhcpNameServer] 192.168.1.1 0.0.0.0
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-725345543-839522115-1202660629-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.yahoo.com?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-725345543-839522115-1202660629-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://uk.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-725345543-839522115-1202660629-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://uk.yahoo.com?fr=hp-avast&type=avastbcl
URLSearchHook: HKU\S-1-5-21-725345543-839522115-1202660629-1004 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
URLSearchHook: HKU\S-1-5-21-725345543-839522115-1202660629-1004 - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://uk.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://uk.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-725345543-839522115-1202660629-1004 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://uk.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-725345543-839522115-1202660629-1004 -> {05FE8838-C2ED-4AC2-92F4-CBB8E10C8F4F} URL = hxxp://www.flickr.com/search/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-725345543-839522115-1202660629-1004 -> {5CAA078D-D123-40A8-90E7-4874CDC9FB6A} URL = hxxp://uk.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-725345543-839522115-1202660629-1004 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://uk.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-725345543-839522115-1202660629-1004 -> {CD10120B-C165-4f8d-8C74-639629E238FF} URL =
SearchScopes: HKU\S-1-5-21-725345543-839522115-1202660629-1004 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}
BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll [2014-09-18] (Yahoo! Inc.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-07-08] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-18] (Avast Software s.r.o.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-07-08] (Oracle Corporation)
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2011-11-03] ()
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll [2014-09-18] (Yahoo! Inc.)
Toolbar: HKU\S-1-5-21-725345543-839522115-1202660629-1004 -> Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll [2014-09-18] (Yahoo! Inc.)
Toolbar: HKU\S-1-5-21-725345543-839522115-1202660629-1004 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Toolbar: HKU\S-1-5-21-725345543-839522115-1202660629-1004 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2011-11-03] ()
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {682C59F5-478C-4421-9070-AD170D143B77} hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.5.0.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} hxxp://register.btinternet.com/templates/btwebcontrol023.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5520/mcfscan.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-04-16] (Belarc, Inc.)
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll [2011-11-03] ()
FireFox:
========
FF ProfilePath: C:\Documents and Settings\dell owner\Application Data\Mozilla\Firefox\Profiles\b7n86jf2.default-1402665467282
FF DefaultSearchUrl: hxxps://uk.search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF Homepage: about:home
FF Keyword.URL: hxxps://uk.search.yahoo.com/yhs/search
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-06-01] ()
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-07-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-07-08] (Oracle Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF SearchPlugin: C:\Documents and Settings\dell owner\Application Data\Mozilla\Firefox\Profiles\q0me9ao2.default\searchplugins\yahoo-answers.xml [2010-02-27]
FF SearchPlugin: C:\Documents and Settings\dell owner\Application Data\Mozilla\Firefox\Profiles\q0me9ao2.default\searchplugins\yahoo-avast.xml [2014-06-16]
FF SearchPlugin: C:\Documents and Settings\dell owner\Application Data\Mozilla\Firefox\Profiles\rztndne2.Default User 2\searchplugins\yahoo-avast.xml [2014-06-16]
FF SearchPlugin: C:\Documents and Settings\dell owner\Application Data\Mozilla\Firefox\Profiles\19j68g5s.3\searchplugins\yahoo-avast.xml [2014-06-16]
FF SearchPlugin: C:\Documents and Settings\dell owner\Application Data\Mozilla\Firefox\Profiles\9hueenik.default-1373479810009\searchplugins\yahoo-avast.xml [2014-06-16]
FF SearchPlugin: C:\Documents and Settings\dell owner\Application Data\Mozilla\Firefox\Profiles\trkikdsf.default-1395699729962\searchplugins\yahoo-avast.xml [2014-06-16]
FF SearchPlugin: C:\Documents and Settings\dell owner\Application Data\Mozilla\Firefox\Profiles\py5hhbjm.TEST\searchplugins\yahoo-avast.xml [2014-06-16]
FF SearchPlugin: C:\Documents and Settings\dell owner\Application Data\Mozilla\Firefox\Profiles\b7n86jf2.default-1402665467282\searchplugins\yahoo-avast.xml [2014-06-16]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2013-09-26]
FF Extension: YesScript - C:\Documents and Settings\dell owner\Application Data\Mozilla\Firefox\Profiles\b7n86jf2.default-1402665467282\extensions\[email protected] [2015-05-29]
FF Extension: selectivecookiedelete - C:\Documents and Settings\dell owner\Application Data\Mozilla\Firefox\Profiles\b7n86jf2.default-1402665467282\extensions\[email protected] [2015-05-29]
FF Extension: QuickJS - C:\Documents and Settings\dell owner\Application Data\Mozilla\Firefox\Profiles\b7n86jf2.default-1402665467282\extensions\{bb65e674-b194-4b6e-8033-5fa0afe3a198}.xpi [2015-05-29]
FF Extension: Amazon Price Tracker - Keepa.com - C:\Documents and Settings\dell owner\Application Data\Mozilla\Firefox\Profiles\b7n86jf2.default-1402665467282\extensions\[email protected] [2016-06-02]
FF Extension: Tiny JavaScript Debugger - C:\Documents and Settings\dell owner\Application Data\Mozilla\Firefox\Profiles\b7n86jf2.default-1402665467282\extensions\[email protected] [2016-07-08]
FF Extension: Photobucket Uploader - C:\Documents and Settings\dell owner\Application Data\Mozilla\Firefox\Profiles\q0me9ao2.default\Extensions\[email protected] [2011-10-16] [not signed]
FF Extension: YesScript - C:\Documents and Settings\dell owner\Application Data\Mozilla\Firefox\Profiles\q0me9ao2.default\Extensions\[email protected] [2011-11-29] [not signed]
FF Extension: Yahoo! Toolbar - C:\Documents and Settings\dell owner\Application Data\Mozilla\Firefox\Profiles\q0me9ao2.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012-03-25] [not signed]
FF Extension: WOT - C:\Documents and Settings\dell owner\Application Data\Mozilla\Firefox\Profiles\q0me9ao2.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}(2) [2011-11-27] [not signed]
FF Extension: Adblock Plus - C:\Documents and Settings\dell owner\Application Data\Mozilla\Firefox\Profiles\q0me9ao2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-03-25] [not signed]
FF Extension: Adobe DLM (powered by getPlus®) - C:\Documents and Settings\dell owner\Application Data\Mozilla\Firefox\Profiles\q0me9ao2.default\Extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2009-09-10] [not signed]
FF Extension: Ad blocker - C:\Documents and Settings\dell owner\Application Data\Mozilla\Firefox\Profiles\rztndne2.Default User 2\Extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C} [2011-03-25] [not signed]
FF Extension: Troubleshooter - C:\Documents and Settings\dell owner\Application Data\Mozilla\Firefox\Profiles\9hueenik.default-1373479810009\Extensions\[email protected] [2013-08-07] [not signed]
FF Extension: Updated Ad Blocker for Firefox 11+ - C:\Documents and Settings\dell owner\Application Data\Mozilla\Firefox\Profiles\9hueenik.default-1373479810009\Extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi [2013-07-15] [not signed]
FF Extension: British English Dictionary (Updated) - C:\Documents and Settings\dell owner\Application Data\Mozilla\Firefox\Profiles\trkikdsf.default-1395699729962\Extensions\[email protected] [2014-04-04] [not signed]
FF Extension: selectivecookiedelete - C:\Documents and Settings\dell owner\Application Data\Mozilla\Firefox\Profiles\trkikdsf.default-1395699729962\Extensions\[email protected] [2014-04-06] [not signed]
FF Extension: X-notifier - C:\Documents and Settings\dell owner\Application Data\Mozilla\Firefox\Profiles\trkikdsf.default-1395699729962\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi [2014-03-24] [not signed]
FF Extension: Bluhell Firewall - C:\Documents and Settings\dell owner\Application Data\Mozilla\Firefox\Profiles\trkikdsf.default-1395699729962\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2014-03-25] [not signed]
FF Extension: British English Dictionary - C:\Documents and Settings\dell owner\Application Data\Mozilla\Firefox\Profiles\b7n86jf2.default-1402665467282\Extensions\[email protected] [2016-02-23] [not signed]
FF Extension: British English Dictionary (Updated) - C:\Documents and Settings\dell owner\Application Data\Mozilla\Firefox\Profiles\b7n86jf2.default-1402665467282\Extensions\[email protected] [2015-01-06] [not signed]
FF Extension: Webmail Ad Blocker - C:\Documents and Settings\dell owner\Application Data\Mozilla\Firefox\Profiles\b7n86jf2.default-1402665467282\Extensions\[email protected] [2016-02-23]
FF Extension: British English Dictionary (Forked by Marco Pinto) - C:\Documents and Settings\dell owner\Application Data\Mozilla\Firefox\Profiles\b7n86jf2.default-1402665467282\Extensions\[email protected] [2016-02-23]
FF Extension: WOT - C:\Documents and Settings\dell owner\Application Data\Mozilla\Firefox\Profiles\b7n86jf2.default-1402665467282\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2016-05-29]
FF Extension: Yahoo Mail Hide Ad Panel - C:\Documents and Settings\dell owner\Application Data\Mozilla\Firefox\Profiles\b7n86jf2.default-1402665467282\Extensions\{c37bac34-849a-4d28-be41-549b2c76c64e}.xpi [2016-02-23]
FF Extension: Adblock Plus - C:\Documents and Settings\dell owner\Application Data\Mozilla\Firefox\Profiles\b7n86jf2.default-1402665467282\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-23]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-10]
Chrome:
=======
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\gcswf32.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll => No File
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Google Update) - C:\Documents and Settings\dell owner\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Java™ Platform SE 6 U33) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.330.3) - C:\WINDOWS\system32\npdeployJava1.dll => No File
CHR Profile: C:\Documents and Settings\dell owner\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-08-18]
CHR HKLM\...\Chrome\Extension: [okmhneofinpilciglijihehjpaegledb] - <no Path\update_url>
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-08-18] (Avast Software s.r.o.)
R2 LexBceS; C:\WINDOWS\system32\LEXBCES.EXE [278016 2000-08-10] (Lexmark International, Inc.) [File not signed]
S3 MozillaMaintenance; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [146888 2016-06-15] (Mozilla Foundation) [File not signed]
S3 Dot3svc; %SystemRoot%\System32\dot3svc.dll [X]
S3 EapHost; %SystemRoot%\System32\eapsvc.dll [X]
S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [X]
S3 hkmsvc; %SystemRoot%\System32\kmsvc.dll [X]
S3 napagent; %SystemRoot%\System32\qagentrt.dll [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24144 2015-08-18] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [74976 2015-08-18] (Avast Software s.r.o.)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-08-18] (Avast Software s.r.o.)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49904 2015-08-18] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787760 2015-08-18] (Avast Software s.r.o.)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [428120 2015-08-18] (Avast Software s.r.o.)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-08-18] (Avast Software s.r.o.)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [209048 2015-08-18] ()
R1 BANTExt; C:\WINDOWS\System32\Drivers\BANTExt.sys [3840 2013-09-10] () [File not signed]
S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-02] ()
R3 EL90XBC; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [66591 2001-08-17] (3Com Corporation)
R3 es1371; C:\WINDOWS\System32\drivers\es1371mp.sys [40832 2002-06-03] (Creative Technology Ltd.)
R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2004-08-04] (Microsoft Corporation)
S3 GetSusp; C:\WINDOWS\GetSusp.sys [15144 2014-12-06] (McAfee, Inc.)
R3 HCF_MSFT; C:\WINDOWS\System32\DRIVERS\HCF_MSFT.sys [907456 2001-08-17] (Conexant)
R0 idebd; C:\WINDOWS\System32\DRIVERS\idebd.sys [3737 2000-05-30] (Intel Corporation)
R0 IntelATA; C:\WINDOWS\System32\DRIVERS\intelata.sys [118480 2000-05-30] (Intel Corporation)
S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [27440 2004-08-04] ()
U0 Partizan; system32\drivers\Partizan.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96256 2004-08-04] (Microsoft Corporation)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]
U1 WS2IFSL; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-07-08 19:41 - 2016-07-08 19:41 - 00001086 _____ C:\Malwarebytes Scan Result.txt
2016-07-08 14:53 - 2016-07-08 14:53 - 00000000 ____D C:\Program Files\Common Files\Java
2016-07-08 14:50 - 2016-07-08 14:50 - 00000000 ____D C:\Documents and Settings\dell owner\.oracle_jre_usage
2016-07-08 14:50 - 2016-07-08 14:47 - 00153088 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2016-07-08 14:49 - 2016-07-08 14:47 - 00095808 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2016-07-08 14:43 - 2016-07-08 14:52 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Oracle
2016-07-08 14:42 - 2016-07-08 14:42 - 00000000 ____D C:\Program Files\Java
2016-07-08 12:28 - 2016-07-08 12:28 - 00001819 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome.lnk
2016-07-08 12:28 - 2016-07-08 12:28 - 00001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2016-07-08 12:19 - 2016-07-09 15:41 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-08 12:19 - 2016-07-09 13:39 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-08 12:01 - 2016-07-08 12:01 - 00000000 ___HD C:\WINDOWS\PIF
2016-07-07 11:21 - 2016-07-09 00:03 - 00002187 _____ C:\Documents and Settings\All Users\Desktop\Safari.lnk
2016-07-07 11:21 - 2016-07-07 11:21 - 00001854 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Safari.lnk
2016-07-07 11:17 - 2016-07-07 11:17 - 00001830 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
2016-07-05 17:41 - 2016-07-05 18:03 - 00000000 ____D C:\Documents and Settings\dell owner\Local Settings\Application Data\K-Meleon
2016-07-05 17:41 - 2016-07-05 17:41 - 00000000 ____D C:\Documents and Settings\dell owner\Application Data\K-Meleon
2016-07-05 17:37 - 2016-07-05 17:37 - 00000688 _____ C:\Documents and Settings\All Users\Start Menu\Programs\K-Meleon.lnk
2016-07-05 17:37 - 2016-07-05 17:37 - 00000682 _____ C:\Documents and Settings\All Users\Desktop\K-Meleon.lnk
2016-07-05 17:35 - 2016-07-05 17:36 - 00000000 ____D C:\Program Files\K-Meleon
2016-07-05 13:10 - 2016-07-05 13:10 - 00000000 ____D C:\Program Files\UnBlocker
2016-07-05 13:10 - 2016-07-05 13:10 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\UnBlocker
2016-07-04 11:23 - 2016-07-04 17:35 - 00013690 _____ C:\Documents and Settings\dell owner\My Documents\address rdram.odt
2016-06-25 11:43 - 2016-06-25 11:58 - 06871040 _____ C:\Program Files\GUTD.tmp
2016-06-25 11:43 - 2016-06-25 11:43 - 06871040 _____ C:\Program Files\GUTB.tmp
2016-06-25 11:43 - 2016-06-25 11:43 - 00000000 ____D C:\Program Files\GUMC.tmp
2016-06-25 11:43 - 2016-06-25 11:43 - 00000000 ____D C:\Program Files\GUMA.tmp
2016-06-25 11:31 - 2016-06-25 11:43 - 06871040 _____ C:\Program Files\GUT9.tmp
2016-06-25 11:31 - 2016-06-25 11:31 - 00000000 ____D C:\Program Files\GUM8.tmp
2016-06-23 10:58 - 2016-07-09 16:33 - 00000000 ____D C:\FRST
2016-06-23 01:02 - 2016-06-23 01:02 - 00000000 _____ C:\Documents and Settings\dell owner\sfcdetails.txt
2016-06-22 04:04 - 2001-08-17 22:37 - 00099865 ____C (Eicon Technology) C:\WINDOWS\system32\dllcache\SET1010.tmp
2016-06-22 03:57 - 2001-08-17 22:36 - 00053760 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SETFD5.tmp
2016-06-22 03:55 - 2004-08-03 23:04 - 00013568 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SETF87.tmp
2016-06-22 03:53 - 2004-08-04 00:56 - 00028672 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SETF5E.tmp
2016-06-22 03:48 - 2001-08-17 22:36 - 00028160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SETEFC.tmp
2016-06-22 03:47 - 2004-08-03 23:07 - 00044672 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SETED5.tmp
2016-06-22 03:34 - 2004-08-03 23:07 - 00006912 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SETD92.tmp
2016-06-22 03:32 - 2001-08-17 14:56 - 00157696 ____C (Silicon Integrated Systems Corporation) C:\WINDOWS\system32\dllcache\SETD1C.tmp
2016-06-22 02:57 - 2001-08-17 14:55 - 00006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SET8F8.tmp
2016-06-22 02:57 - 2001-08-17 14:55 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SET8FC.tmp
2016-06-22 02:57 - 2001-08-17 13:49 - 00026624 ____C (SigmaTel, Inc.) C:\WINDOWS\system32\dllcache\SET8E7.tmp
2016-06-22 02:56 - 2001-08-17 12:12 - 00045632 ____C (Interphase ® Corporation a Windows ® 2000 DDK Driver Provider) C:\WINDOWS\system32\dllcache\SET8C8.tmp
2016-06-22 02:51 - 2001-08-17 13:28 - 00073279 ____C (Conexant) C:\WINDOWS\system32\dllcache\SET7F7.tmp
2016-06-22 02:49 - 2001-08-17 22:36 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SET7C3.tmp
2016-06-22 02:48 - 2001-08-17 22:36 - 00083968 ____C () C:\WINDOWS\system32\dllcache\SET78F.tmp
2016-06-22 02:46 - 2008-04-14 13:00 - 00008704 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SET723.tmp
2016-06-22 02:40 - 2001-08-17 22:36 - 00006216 ____C C:\WINDOWS\system32\dllcache\SET5AA.tmp
2016-06-22 02:38 - 2001-08-17 22:36 - 00024064 ____C (Creative Technology Ltd.) C:\WINDOWS\system32\dllcache\SET54E.tmp
2016-06-22 02:33 - 2004-08-03 23:10 - 00038016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SET329.tmp
2016-06-22 02:30 - 2004-08-03 22:29 - 00063663 ____C (ATI Technologies Inc.) C:\WINDOWS\system32\dllcache\SET1BB.tmp
2016-06-22 02:30 - 2004-08-03 22:29 - 00011615 ____C (ATI Technologies Inc.) C:\WINDOWS\system32\dllcache\SET1AF.tmp
2016-06-22 02:26 - 2004-08-03 22:32 - 00010880 ____C (Aureal, Inc.) C:\WINDOWS\system32\dllcache\SET117.tmp
2016-06-22 02:23 - 2003-03-24 16:52 - 00208896 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\SETA4.tmp
2016-06-20 13:49 - 2016-06-20 13:49 - 00013326 _____ C:\Documents and Settings\dell owner\My Documents\Mum B12.odt
2016-06-14 20:42 - 2016-06-14 20:42 - 00000958 _____ C:\Documents and Settings\dell owner\Desktop\Shortcut to dd.exe.lnk
2016-06-14 18:18 - 2016-06-15 12:20 - 00000000 ____D C:\Documents and Settings\dell owner\My Documents\Double Driver Backup
2016-06-14 13:59 - 2016-06-14 13:59 - 00000000 ____D C:\Documents and Settings\dell owner\My Documents\xpDriverBackUp
2016-06-14 13:55 - 2016-06-14 13:55 - 00000300 _____ C:\Documents and Settings\dell owner\My Documents\WindowsDrivers.bat
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-07-09 16:35 - 2008-09-19 14:29 - 00000000 ____D C:\Documents and Settings\dell owner\Local Settings\Temp
2016-07-09 13:29 - 2008-09-19 14:29 - 00000000 ___RD C:\Documents and Settings\dell owner\My Documents\My Pictures
2016-07-09 10:09 - 2015-08-18 17:38 - 00000372 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2016-07-09 10:08 - 2015-05-16 13:52 - 00000286 _____ C:\WINDOWS\Tasks\NUAutoUpdate.job
2016-07-09 10:08 - 2008-09-19 14:27 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-07-09 10:08 - 2005-04-12 14:21 - 00087959 _____ C:\WINDOWS\system32\nvapps.xml
2016-07-09 02:57 - 2008-09-19 14:29 - 00000178 ___SH C:\Documents and Settings\dell owner\ntuser.ini
2016-07-09 02:57 - 2008-09-19 14:27 - 00032504 _____ C:\WINDOWS\SchedLgU.Txt
2016-07-08 20:13 - 2008-09-19 14:29 - 00000000 ____D C:\Documents and Settings\dell owner
2016-07-08 19:00 - 2015-05-16 13:52 - 00000278 _____ C:\WINDOWS\Tasks\NUSchedule.job
2016-07-08 18:06 - 2014-06-30 00:31 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2016-07-08 14:49 - 2013-11-08 16:35 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java
2016-07-08 12:24 - 2011-09-07 15:04 - 00000000 ____D C:\Program Files\Google
2016-07-07 11:41 - 2010-11-19 02:01 - 00020056 ____H C:\WINDOWS\system32\mlfcache.dat
2016-07-07 11:21 - 2011-11-27 14:17 - 00000000 ____D C:\Program Files\Safari
2016-07-07 11:17 - 2011-11-27 14:16 - 00000000 ____D C:\Program Files\Apple Software Update
2016-07-04 17:35 - 2008-09-19 14:29 - 00000000 ___RD C:\Documents and Settings\dell owner\My Documents
2016-07-03 14:13 - 2004-08-04 11:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2016-06-22 11:01 - 2008-09-19 14:48 - 00000000 RSHDC C:\WINDOWS\system32\dllcache
2016-06-22 02:22 - 2008-09-19 14:48 - 00000000 ____D C:\WINDOWS\Help
2016-06-21 21:04 - 2013-06-14 12:38 - 00000000 ____D C:\Stinger_Quarantine
2016-06-19 23:01 - 2014-05-14 11:23 - 00002315 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2016-06-16 10:01 - 2014-07-07 11:09 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
==================== Files in the root of some directories =======
2016-06-25 11:31 - 2016-06-25 11:43 - 6871040 _____ () C:\Program Files\GUT9.tmp
2016-06-25 11:43 - 2016-06-25 11:43 - 6871040 _____ () C:\Program Files\GUTB.tmp
2016-06-25 11:43 - 2016-06-25 11:58 - 6871040 _____ () C:\Program Files\GUTD.tmp
2012-07-12 12:10 - 2012-07-12 12:10 - 0033758 _____ () C:\Documents and Settings\dell owner\Local Settings\Application Data\dt.dat
2014-04-16 15:00 - 2014-04-16 15:00 - 0044991 _____ () C:\Documents and Settings\All Users\Application Data\1397656736.bdinstall.bin
2012-07-18 20:18 - 2012-07-18 20:18 - 0000694 _____ () C:\Documents and Settings\All Users\Application Data\SMRResults300.dat
Some files in TEMP:
====================
C:\Documents and Settings\dell owner\Local Settings\Temp\HitmanPro.exe
C:\Documents and Settings\dell owner\Local Settings\Temp\processhacker-2.39-setup.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of FRST.txt ============================
Edited by RKinner, 09 July 2016 - 03:13 PM.
#25
Posted 09 July 2016 - 03:42 PM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
More files missing:
S3 Dot3svc; %SystemRoot%\System32\dot3svc.dll [X]
...
S3 hkmsvc; %SystemRoot%\System32\kmsvc.dll [X]
S3 napagent; %SystemRoot%\System32\qagentrt.dll [X]
These are all associated with network authentification so their lack may be why you can't talk to the bank.
I think we need to do a disk check to make sure the file system is OK. Usually when we see a bunch of files missing it's because a sector on the hard drive failed tho it could also be a very stupid anti-virus program. We will also try SFC. Unfortunately sfc doesn't work all that well on XP but we can try it anyway.
1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.
Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.
Reboot.
The disk check will run and will probably take an hour or more to finish.
Start, Run, sfc /scannow, OK
SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP. On some PCs you can point it at C:\i386 and it will pick from there. IF you don't have the Run option you can Start, All Programs, Accessories, Command Prompt then type:
sfc /scannow
and hit Enter.
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:
* System
4. Under 'Select type to list', select:
* Error
* Warning
Then use the 'Number of events' as follows:
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
Please post the Output log in your next reply then repeat but select Application.
Also try the FRST File search for:
dot3svc.*;kmsvc.*;qagentrt.*;napmontr.*;ws2ifsl.*
I have an old XP lying around here somewhere. Will see if it fires up. Perhaps if SFC can't find the files then I can zip them up and attach them for you unless you have a friend with an XP.
They would be in C:\Windows\System32\
These are hidden system files so you would need to:
Double-click on the My Computer icon.
Select the Tools menu and click Folder Options.
After the new window appears select the View tab.
Put a checkmark in the checkbox labeled Display the contents of system folders.
Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
Remove the checkmark from the checkbox labeled Hide protected operating system files.
Press the Apply button and then the OK button
In order to see them.
#26
Posted 09 July 2016 - 04:51 PM
scarlet.rose
- Topic Starter
-
- Member
-
- 330 posts
Member
You're very kind, taking the time....to help me....
I like that you don't tell me off for using XP and an older computer.
I've never had any difficulties at all with online banking until my bank recently introduced a new system. I cannot use this new system, but could the old.
I recently carried out chkdsk - result > this volume is clean.
Is there some way i can retrieve this result to show you?
I recently carried out sfc - a number of DLL's were successfully copied into the DLL cache, but a lot weren't! Please see Event Viewer screenshot attached, many of those are "could not be copied into the DLL cache" errors.
I have 2 brand new genuine (as far as I can tell) XP cds (from different sources) - sfc asked for the XP cd......but stiil couldn't copy all DLL's?
I previously raised a topic on this. Although very appealing......carrying out an XP repair installation is something I am afraid to do also in case something goes wrong. I am used to hiring technicians, I've never installed an operating system. I don't have a spare computer.
I will look into your other instructions......maybe later, it's nearly midnight now.
Thank you!
#27
Posted 09 July 2016 - 04:59 PM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
I'll take your word for it that the disk check ran OK.
Run a new FRST scan and post it. That will show me if it found any of the missing files.
With MS being so nasty about updates to XP I would be afraid to do a repair install. Might leave you without a lot of updates.
#28
Posted 09 July 2016 - 05:03 PM
scarlet.rose
- Topic Starter
-
- Member
-
- 330 posts
Member
I carried out sfc on 22nd June 2016.....not just now...
Yes, to your last comment.....
#29
Posted 09 July 2016 - 05:24 PM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
Run SFC /Scannow again and let's see if it does any better. After you run it let's see if this works on XP too:
Copy the next two lines:
findstr /c:"[SR]" \windows\logs\cbs\cbs.log > \windows\logs\cbs\junk.txt notepad \windows\logs\cbs\junk.txt
Start, All Programs, Accessories, click on Command Prompt. Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad doesn't open. Copy and paste the text from notepad or if it is too big, just attach the file.)
#30
Posted 10 July 2016 - 04:10 AM
scarlet.rose
- Topic Starter
-
- Member
-
- 330 posts
Member
Here are the scan results.
Think I am supposed to copy and paste here, not just attach so I will.
One DLL has been found.
Regarding:
"ACPI BIOS is attempting to write to an illegal IO port address (0x70), which lies in the 0x70 - 0x71 protected address range. This could lead to system instability. Please contact your system vendor for technical assistance."
I have had this looked into before......was told it is nothing to worry about, linked to XP upgrade.
https://support.micr...en-us/kb/283649
Have a busy day today, have to go out.
Will run sfc tomorrow and then try to find the log with your instruction to post here.
Vino's Event Viewer v01c run on Windows XP in English
Report run at 10/07/2016 00:39:59
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 09/07/2016 22:03:30
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
Log: 'System' Date/Time: 09/07/2016 22:02:59
Type: error Category: 0
Event: 4 Source: ACPI
AMLI: ACPI BIOS is attempting to read from an illegal IO port address (0x71), which lies in the 0x70 - 0x71 protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.
Log: 'System' Date/Time: 09/07/2016 22:02:59
Type: error Category: 0
Event: 5 Source: ACPI
AMLI: ACPI BIOS is attempting to write to an illegal IO port address (0x70), which lies in the 0x70 - 0x71 protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.
Log: 'System' Date/Time: 09/07/2016 10:08:45
Type: error Category: 0
Event: 4 Source: ACPI
AMLI: ACPI BIOS is attempting to read from an illegal IO port address (0x71), which lies in the 0x70 - 0x71 protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.
Log: 'System' Date/Time: 09/07/2016 10:08:45
Type: error Category: 0
Event: 5 Source: ACPI
AMLI: ACPI BIOS is attempting to write to an illegal IO port address (0x70), which lies in the 0x70 - 0x71 protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.
Log: 'System' Date/Time: 08/07/2016 21:24:35
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
Log: 'System' Date/Time: 08/07/2016 21:23:34
Type: error Category: 0
Event: 4 Source: ACPI
AMLI: ACPI BIOS is attempting to read from an illegal IO port address (0x71), which lies in the 0x70 - 0x71 protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.
Log: 'System' Date/Time: 08/07/2016 21:23:34
Type: error Category: 0
Event: 5 Source: ACPI
AMLI: ACPI BIOS is attempting to write to an illegal IO port address (0x70), which lies in the 0x70 - 0x71 protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.
Log: 'System' Date/Time: 08/07/2016 15:32:27
Type: error Category: 0
Event: 4 Source: ACPI
AMLI: ACPI BIOS is attempting to read from an illegal IO port address (0x71), which lies in the 0x70 - 0x71 protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.
Log: 'System' Date/Time: 08/07/2016 15:32:27
Type: error Category: 0
Event: 5 Source: ACPI
AMLI: ACPI BIOS is attempting to write to an illegal IO port address (0x70), which lies in the 0x70 - 0x71 protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.
Log: 'System' Date/Time: 08/07/2016 13:41:42
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Windows Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
Log: 'System' Date/Time: 08/07/2016 13:41:42
Type: error Category: 0
Event: 7009 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for the Windows Installer service to connect.
Log: 'System' Date/Time: 08/07/2016 13:41:13
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1053" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
Log: 'System' Date/Time: 08/07/2016 10:14:47
Type: error Category: 0
Event: 4 Source: ACPI
AMLI: ACPI BIOS is attempting to read from an illegal IO port address (0x71), which lies in the 0x70 - 0x71 protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.
Log: 'System' Date/Time: 08/07/2016 10:14:47
Type: error Category: 0
Event: 5 Source: ACPI
AMLI: ACPI BIOS is attempting to write to an illegal IO port address (0x70), which lies in the 0x70 - 0x71 protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.
Log: 'System' Date/Time: 07/07/2016 21:09:18
Type: error Category: 0
Event: 4 Source: ACPI
AMLI: ACPI BIOS is attempting to read from an illegal IO port address (0x71), which lies in the 0x70 - 0x71 protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.
Log: 'System' Date/Time: 07/07/2016 21:09:18
Type: error Category: 0
Event: 5 Source: ACPI
AMLI: ACPI BIOS is attempting to write to an illegal IO port address (0x70), which lies in the 0x70 - 0x71 protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.
Log: 'System' Date/Time: 07/07/2016 17:34:41
Type: error Category: 0
Event: 10010 Source: DCOM
The server {D5E8041D-920F-45E9-B8FB-B1DEB82C6E5E} did not register with DCOM within the required timeout.
Log: 'System' Date/Time: 07/07/2016 17:11:15
Type: error Category: 0
Event: 7011 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
Log: 'System' Date/Time: 07/07/2016 17:10:46
Type: error Category: 0
Event: 7011 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 09/07/2016 23:54:31
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Log: 'System' Date/Time: 08/07/2016 23:47:33
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Log: 'System' Date/Time: 07/07/2016 23:36:48
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Log: 'System' Date/Time: 06/07/2016 23:28:37
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Log: 'System' Date/Time: 05/07/2016 23:25:37
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Log: 'System' Date/Time: 04/07/2016 23:13:01
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Log: 'System' Date/Time: 04/07/2016 11:35:24
Type: warning Category: 0
Event: 8 Source: Print
Printer Lexmark Z52 Color Jetprinter was purged.
Log: 'System' Date/Time: 03/07/2016 23:05:45
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Log: 'System' Date/Time: 02/07/2016 23:02:02
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Log: 'System' Date/Time: 01/07/2016 22:53:32
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Log: 'System' Date/Time: 30/06/2016 22:49:09
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Log: 'System' Date/Time: 30/06/2016 10:51:38
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Log: 'System' Date/Time: 29/06/2016 22:38:15
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Log: 'System' Date/Time: 28/06/2016 20:53:08
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Log: 'System' Date/Time: 27/06/2016 20:43:56
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Log: 'System' Date/Time: 26/06/2016 20:34:29
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Log: 'System' Date/Time: 25/06/2016 19:06:23
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Log: 'System' Date/Time: 24/06/2016 18:59:28
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Log: 'System' Date/Time: 23/06/2016 18:38:34
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Log: 'System' Date/Time: 22/06/2016 18:26:19
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
END OF LOG
Vino's Event Viewer v01c run on Windows XP in English
Report run at 10/07/2016 00:47:06
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 08/07/2016 00:05:53
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application mmc.exe, version 5.1.2600.2180, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Log: 'Application' Date/Time: 17/06/2016 21:21:44
Type: error Category: 0
Event: 8 Source: crypt32
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt>with error: This operation returned because the timeout period expired.
Log: 'Application' Date/Time: 10/06/2016 22:23:42
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application taskmgr.exe, version 5.1.2600.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Log: 'Application' Date/Time: 31/05/2016 12:42:06
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application mmc.exe, version 5.1.2600.2180, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00010f29.
Log: 'Application' Date/Time: 28/05/2016 12:01:21
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application drwtsn32.exe, version 5.1.2600.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Log: 'Application' Date/Time: 28/05/2016 12:01:13
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application msimn.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Log: 'Application' Date/Time: 28/05/2016 12:00:27
Type: error Category: 100
Event: 1000 Source: Application Error
Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.
Log: 'Application' Date/Time: 28/05/2016 11:59:56
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application msimn.exe, version 6.0.2900.2180, faulting module msoe.dll, version 6.0.2900.2180, fault address 0x000564f7.
Log: 'Application' Date/Time: 20/05/2016 17:53:00
Type: error Category: 0
Event: 8 Source: crypt32
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt>with error: This operation returned because the timeout period expired.
Log: 'Application' Date/Time: 03/05/2016 19:19:58
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application taskmgr.exe, version 5.1.2600.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Log: 'Application' Date/Time: 03/05/2016 19:19:58
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application taskmgr.exe, version 5.1.2600.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Log: 'Application' Date/Time: 29/04/2016 17:28:58
Type: error Category: 100
Event: 1000 Source: Application Error
Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.
Log: 'Application' Date/Time: 29/04/2016 17:28:24
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application msimn.exe, version 6.0.2900.2180, faulting module msoe.dll, version 6.0.2900.2180, fault address 0x000564f7.
Log: 'Application' Date/Time: 22/04/2016 13:25:55
Type: error Category: 0
Event: 8 Source: crypt32
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt>with error: This operation returned because the timeout period expired.
Log: 'Application' Date/Time: 03/04/2016 20:13:03
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application taskmgr.exe, version 5.1.2600.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Log: 'Application' Date/Time: 02/03/2016 13:48:41
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application acrord32.exe, version 11.0.8.4, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Log: 'Application' Date/Time: 02/03/2016 13:23:58
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application acrord32.exe, version 11.0.8.4, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Log: 'Application' Date/Time: 02/03/2016 12:21:32
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application acrord32.exe, version 11.0.8.4, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Log: 'Application' Date/Time: 24/02/2016 14:01:29
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application acrord32.exe, version 11.0.8.4, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Log: 'Application' Date/Time: 24/02/2016 13:55:51
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application acrord32.exe, version 11.0.8.4, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 08/07/2016 20:13:48
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user OWNER-25721C41B\dell owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Log: 'Application' Date/Time: 08/07/2016 13:41:17
Type: warning Category: 0
Event: 1015 Source: MsiInstaller
Failed to connect to server. Error: 0x8007041D
Log: 'Application' Date/Time: 07/07/2016 19:58:34
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user OWNER-25721C41B\dell owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Log: 'Application' Date/Time: 07/07/2016 13:48:23
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user OWNER-25721C41B\dell owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Log: 'Application' Date/Time: 29/06/2016 02:14:53
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user OWNER-25721C41B\dell owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Log: 'Application' Date/Time: 27/06/2016 15:56:05
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user OWNER-25721C41B\dell owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Log: 'Application' Date/Time: 27/06/2016 02:47:49
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user OWNER-25721C41B\dell owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Log: 'Application' Date/Time: 26/06/2016 17:41:41
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user OWNER-25721C41B\dell owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Log: 'Application' Date/Time: 25/06/2016 03:02:13
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user OWNER-25721C41B\dell owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Log: 'Application' Date/Time: 23/06/2016 01:55:05
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user OWNER-25721C41B\dell owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Log: 'Application' Date/Time: 22/06/2016 15:21:39
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user OWNER-25721C41B\dell owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Log: 'Application' Date/Time: 22/06/2016 04:15:45
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user OWNER-25721C41B\dell owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Log: 'Application' Date/Time: 21/06/2016 19:02:09
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user OWNER-25721C41B\dell owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Log: 'Application' Date/Time: 21/06/2016 15:59:00
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user OWNER-25721C41B\dell owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Log: 'Application' Date/Time: 21/06/2016 15:24:29
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user OWNER-25721C41B\dell owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Log: 'Application' Date/Time: 21/06/2016 01:23:42
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user OWNER-25721C41B\dell owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Log: 'Application' Date/Time: 20/06/2016 02:26:57
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user OWNER-25721C41B\dell owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Log: 'Application' Date/Time: 19/06/2016 18:18:27
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user OWNER-25721C41B\dell owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Log: 'Application' Date/Time: 19/06/2016 14:45:30
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user OWNER-25721C41B\dell owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Log: 'Application' Date/Time: 18/06/2016 13:47:18
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user OWNER-25721C41B\dell owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
END OF LOG
Farbar Recovery Scan Tool (x86) Version: 09-07-2016
Ran by dell owner (2016-07-10 10:42:08)
Running from C:\Documents and Settings\dell owner\My Documents\Downloads
Boot Mode: Normal
================== Search Files: "dot3svc.*;kmsvc.*;qagentrt.*;napmontr.*;ws2ifsl.*" =============
C:\WINDOWS\system32\drivers\ws2ifsl.sys
[2004-08-04 11:00][2004-08-04 11:00] 0012032 ____A (Microsoft Corporation) 6ABE6E225ADB5A751622A9CC3BC19CE8 [File is digitally signed]
C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004-08-04 11:00][2004-08-04 11:00] 0012032 ___AC (Microsoft Corporation) 6ABE6E225ADB5A751622A9CC3BC19CE8 [File is digitally signed]
====== End of Search ======
Edited by scarlet.rose, 10 July 2016 - 04:18 AM.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
