After firing up my PC and clicking my user icon I see no taskbar or icons on the desktop, just a cursor. I can summon Task Manager using Ctrl+Alt+Del and explorer.exe is no longer a listed process. If I reboot into Safe Mode explorer.exe works.
After updating each, I've run full scans with the following:
Bitdefender AV
MBAM
MS Safety Scanner
TDSS Killer
Panda Cloud Cleaner (online)
None of the above detected anything except the Panda online scan, which found a hijacker and deleted it. I've continued to update MBAM in Safe Mode and run scans; it hasn't detected anything.
Prior to the Panda scan I used System Restore in Safe Mode and returned to a day before the problem started. When the issue returned later, I tried System Restore again and couldn't get back to an earlier restore point.
Here are my FRST logs:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-05-2017
Ran by dave (administrator) on BADDABING (24-05-2017 20:52:52)
Running from C:\Documents and Settings\dave\My Documents\Downloads
Loaded Profiles: dave (Available Profiles: steveo & dean & dave)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [BCMSMMSG] => C:\WINDOWS\BCMSMMSG.exe [122880 2003-08-29] (Broadcom Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-17] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [2650576 2017-05-12] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll [2005-10-19] (Intel Corporation)
Winlogon\Notify\NavLogon:
HKU\S-1-5-20\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-57989841-179605362-1644491937-1005\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_23_0_0_207_pepper.exe [1224896 2016-11-13] (Adobe Systems Incorporated)
HKU\S-1-5-18\...\Policies\Explorer: [NoSetActiveDesktop] 0
Startup: C:\Documents and Settings\steveo\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk [2010-10-09]
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864 2010-05-18] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.25
Tcpip\..\Interfaces\{2CE76E6F-8826-4E90-8653-9EFFF1ED8DA0}: [DhcpNameServer] 192.168.0.1 205.171.3.25
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-57989841-179605362-1644491937-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://qwest.live.com
HKU\S-1-5-21-57989841-179605362-1644491937-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://qwest.live.com
HKU\S-1-5-21-57989841-179605362-1644491937-1005\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-10-30] (Oracle Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-30] (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_71-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0071-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_71-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_71-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
FireFox:
========
FF ProfilePath: C:\Documents and Settings\dave\Application Data\Mozilla\Firefox\Profiles\omdtrzrs.default [2017-05-24]
FF Extension: (Java Console) - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2016-11-04] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-08-26] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-29] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2010-07-21] ()
FF Plugin: @emusic.com/dlm-plugin -> C:\Program Files\eMusic Download Manager\plugin\npemusic.dll [2010-01-20] (eMusic.com)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-08-12] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-30] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2010-07-21]
Chrome:
=======
StartMenuInternet: Google Chrome - C:\Documents and Settings\steveo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 EMET_Service; C:\Program Files\EMET 5.0\EMET_Service.exe [31880 2014-07-30] (Microsoft Corporation)
S2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [67592 2016-03-02] (Bitdefender)
S2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [155088 2017-05-12] (Malwarebytes Corporation)
S4 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [652360 2012-01-13] (Malwarebytes Corporation)
S2 sprtlisten; C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe [1213728 2008-01-08] (SupportSoft, Inc.)
S2 sprtsvc_quickcare; C:\Program Files\Qwest\Quickcare\bin\sprtsvc.exe [206120 2010-01-16] (SupportSoft, Inc.)
S3 SupportSoft RemoteAssist; C:\Program Files\Common Files\supportsoft\bin\ssrc.exe [382320 2010-01-16] (SupportSoft, Inc.)
S2 tgsrvc_quickcare; C:\Program Files\Qwest\Quickcare\bin\tgsrvc.exe [185640 2010-01-16] (SupportSoft, Inc.)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
U3 .redbook; ? [0 2017-05-24] () <==== ATTENTION (zero byte File/Folder)
S0 avc3; C:\WINDOWS\System32\DRIVERS\avc3.sys [633344 2013-04-17] (BitDefender)
S3 avckf; C:\WINDOWS\System32\DRIVERS\avckf.sys [486536 2013-04-17] (BitDefender)
S3 BCM42XX; C:\WINDOWS\System32\DRIVERS\bcm42xx5.sys [54271 2001-08-17] (Broadcom Corporation)
S3 BCM44X2; C:\WINDOWS\System32\DRIVERS\BCM4E5.SYS [26568 2001-08-17] (Broadcom Corporation)
S3 BCMModem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [1101696 2003-08-29] (Broadcom Corporation)
S1 bdftdif; C:\Program Files\Bitdefender\Antivirus Free Edition\bdftdif.sys [148600 2013-04-17] (Bitdefender SRL)
S1 bdselfpr; C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys [135472 2013-07-16] (BitDefender LLC)
S3 cmuda3; C:\WINDOWS\System32\drivers\cmudax3.sys [1512960 2010-02-26] (C-Media Inc)
S1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [59872 2017-05-12] ()
S1 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [164952 2013-04-22] (BitDefender LLC)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [20464 2011-12-10] (Malwarebytes Corporation) [File not signed]
S0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [355744 2013-05-28] (BitDefender S.R.L.)
U0 aswVmm; no ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S0 cerc6; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-05-24 20:51 - 2017-05-24 20:52 - 00000000 ____D C:\FRST
2017-05-24 20:38 - 2017-05-24 20:38 - 00000633 _____ C:\Documents and Settings\dave\Desktop\Shortcut to FRST.lnk
2017-05-24 19:30 - 2017-05-24 19:32 - 00118940 _____ C:\TDSSKiller.3.1.0.15_24.05.2017_19.30.57_log.txt
2017-05-24 19:27 - 2017-05-24 19:27 - 00000364 _____ C:\TDSSKiller.3.1.0.9_24.05.2017_19.27.51_log.txt
2017-05-24 18:00 - 2017-05-24 18:00 - 00000000 ____D C:\Documents and Settings\dave\Local Settings\Application Data\ESET
2017-05-24 18:00 - 2017-05-24 18:00 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Panda Security
2017-05-24 18:00 - 2017-05-24 18:00 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Exploit
2017-05-24 17:59 - 2017-05-24 17:59 - 00000000 ____D C:\Program Files\MS Safety Scanner
2017-05-24 17:59 - 2017-05-24 17:59 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\CPUID
2017-05-24 17:59 - 2017-05-24 17:59 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus Free Edition
2017-05-24 15:21 - 2015-09-14 13:03 - 00038520 _____ C:\WINDOWS\system32\Drivers\DasPtct.SYS
2017-05-24 15:19 - 2017-05-24 15:19 - 00000935 _____ C:\Documents and Settings\All Users\Desktop\Panda Cloud Cleaner.lnk
2017-05-24 15:19 - 2017-05-24 15:19 - 00000000 ____D C:\Program Files\Panda Security
2017-05-24 13:00 - 2017-05-24 18:00 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Exploit
2017-05-24 13:00 - 2017-05-24 13:00 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes Anti-Exploit
2017-05-24 08:35 - 2017-05-24 08:35 - 00000000 ____D C:\Program Files\CPUID
2017-05-24 08:11 - 2017-05-24 08:11 - 01892136 _____ (Malwarebytes ) C:\Program Files\mbae-setup-1.09.1.1410.exe
2017-05-23 21:24 - 2017-05-23 21:24 - 00242504 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avchv.sys
2017-05-23 21:15 - 2017-05-23 21:34 - 00038233 _____ C:\Documents and Settings\All Users\Application Data\1495592126.3180.bin
2017-05-23 21:15 - 2017-05-23 21:34 - 00018945 _____ C:\Documents and Settings\All Users\Application Data\1495592126.3508.bin
2017-05-23 21:15 - 2017-05-23 21:16 - 00103736 _____ C:\Documents and Settings\All Users\Application Data\1495592126.3408.bin
2017-05-23 21:15 - 2017-05-23 21:16 - 00012114 _____ C:\Documents and Settings\All Users\Application Data\1495592126.3244.bin
2017-05-23 21:15 - 2017-05-23 21:16 - 00003557 _____ C:\Documents and Settings\All Users\Application Data\1495592126.3240.bin
2017-05-23 21:15 - 2017-05-23 21:15 - 00037164 _____ C:\Documents and Settings\All Users\Application Data\1495592123.bdinstall.bin
2017-05-23 19:39 - 2017-05-23 19:39 - 00039356 _____ C:\Documents and Settings\All Users\Application Data\1495586334.bdinstall.bin
2017-05-23 19:38 - 2017-05-23 19:38 - 00037190 _____ C:\Documents and Settings\All Users\Application Data\1495586332.bdinstall.bin
2017-05-23 12:24 - 2017-05-23 12:24 - 00000000 ____D C:\Documents and Settings\steveo\Start Menu\Programs\Google Chrome
2017-05-23 09:09 - 2017-05-23 09:09 - 00010712 _____ C:\Documents and Settings\All Users\Application Data\1495548528.1236.bin
2017-05-23 09:08 - 2017-05-23 09:21 - 00039169 _____ C:\Documents and Settings\All Users\Application Data\1495548528.1904.bin
2017-05-23 09:08 - 2017-05-23 09:09 - 00023516 _____ C:\Documents and Settings\All Users\Application Data\1495548528.268.bin
2017-05-23 09:08 - 2017-05-23 09:09 - 00003256 _____ C:\Documents and Settings\All Users\Application Data\1495548528.244.bin
2017-05-23 09:08 - 2017-05-23 09:09 - 00002102 _____ C:\Documents and Settings\All Users\Application Data\1495548528.240.bin
2017-05-23 09:08 - 2017-05-23 09:08 - 00035994 _____ C:\Documents and Settings\All Users\Application Data\1495548521.bdinstall.bin
2017-05-22 12:03 - 2017-05-22 12:07 - 00117518 _____ C:\TDSSKiller.3.1.0.15_22.05.2017_12.03.54_log.txt
2017-05-22 11:58 - 2017-05-22 11:58 - 00000366 _____ C:\TDSSKiller.3.0.0.44_22.05.2017_11.58.19_log.txt
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-05-24 20:53 - 2012-03-30 08:10 - 00000000 ____D C:\Documents and Settings\dave\Local Settings\temp
2017-05-24 20:50 - 2016-11-08 20:30 - 01285696 _____ C:\WINDOWS\ntbtlog.txt
2017-05-24 19:29 - 2016-12-25 14:21 - 00000000 ____D C:\Documents and Settings\dean\My Documents\GEICO Damage Inspection Cancellation Confirmation_files
2017-05-24 19:29 - 2016-12-18 10:12 - 00000000 ____D C:\Documents and Settings\dean\My Documents\Gold Nugget Army Surplus Invoice 11876_files
2017-05-24 19:29 - 2010-08-22 00:14 - 00000000 ___RD C:\Documents and Settings\dean\My Documents\My Music
2017-05-24 18:10 - 2008-04-13 18:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2017-05-24 18:09 - 2016-08-11 12:33 - 00000400 _____ C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1470936737.job
2017-05-24 18:09 - 2010-08-22 00:14 - 00000178 ___SH C:\Documents and Settings\dean\ntuser.ini
2017-05-24 18:09 - 2010-08-21 21:47 - 00032124 _____ C:\WINDOWS\SchedLgU.Txt
2017-05-24 18:09 - 2010-08-21 21:47 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-05-24 17:59 - 2010-08-21 21:40 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-05-24 17:58 - 2016-11-04 20:24 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-05-24 17:58 - 2012-05-04 23:00 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-05-24 17:46 - 2010-08-22 22:42 - 00000178 ___SH C:\Documents and Settings\dave\ntuser.ini
2017-05-24 14:44 - 2010-08-22 03:20 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat
2017-05-24 14:23 - 2016-09-24 06:52 - 00277063 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-57989841-179605362-1644491937-1004-0.dat
2017-05-24 14:23 - 2016-09-19 16:45 - 00151982 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2017-05-24 14:17 - 2012-03-30 08:10 - 00000000 ____D C:\Documents and Settings\dean\Local Settings\temp
2017-05-24 13:54 - 2010-08-22 22:42 - 00000000 ___RD C:\Documents and Settings\dave\My Documents
2017-05-24 13:37 - 2010-10-18 21:03 - 00000982 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-179605362-1644491937-1003UA.job
2017-05-24 11:43 - 2016-08-12 22:06 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-05-24 10:37 - 2010-10-18 21:03 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-179605362-1644491937-1003Core.job
2017-05-24 06:27 - 2014-03-26 18:25 - 00000220 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2017-05-23 20:08 - 2010-08-21 09:32 - 00000327 __RSH C:\boot.ini
2017-05-23 20:08 - 2008-04-13 18:00 - 00000507 _____ C:\WINDOWS\win.ini
2017-05-23 20:08 - 2008-04-13 18:00 - 00000227 _____ C:\WINDOWS\system.ini
2017-05-23 19:03 - 2016-09-19 15:27 - 00000000 ____D C:\Program Files\Bitdefender
2017-05-23 12:24 - 2010-08-22 22:42 - 00000000 ____D C:\Documents and Settings\dave
2017-05-23 12:24 - 2010-08-22 00:14 - 00000000 ____D C:\Documents and Settings\dean
2017-05-23 12:24 - 2010-08-21 21:49 - 00000000 ____D C:\Documents and Settings\steveo
2017-05-23 12:24 - 2010-08-21 21:47 - 00000000 __SHD C:\Documents and Settings\NetworkService
2017-05-23 12:24 - 2010-08-21 21:47 - 00000000 __SHD C:\Documents and Settings\LocalService
2017-05-23 12:24 - 2010-08-21 21:39 - 00000000 ____D C:\WINDOWS\Registration
2017-05-22 19:39 - 2012-03-30 08:10 - 00000000 ____D C:\Documents and Settings\steveo\Local Settings\temp
2017-05-22 12:08 - 2010-08-21 23:33 - 00000000 ____D C:\Documents and Settings\steveo\Application Data\Adobe
2017-05-22 12:01 - 2014-05-18 22:33 - 00000000 ____D C:\Program Files\TDSSkiller
2017-05-22 10:42 - 2010-08-21 22:02 - 00000000 ____D C:\Documents and Settings\steveo\Application Data\Mozilla
2017-05-22 10:32 - 2010-08-23 18:30 - 00000000 ____D C:\Program Files\Google
2017-05-22 10:28 - 2010-08-21 22:17 - 00000000 ____D C:\Documents and Settings\steveo\Application Data\Apple Computer
2017-05-22 08:16 - 2012-03-29 22:25 - 00000000 __SHD C:\WINDOWS\CSC
2017-05-08 19:15 - 2014-03-26 18:25 - 00000214 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2017-05-01 23:55 - 2016-11-13 20:09 - 00000364 _____ C:\WINDOWS\Tasks\jucheck.job
==================== Files in the root of some directories =======
2016-10-05 20:25 - 2016-10-05 20:26 - 48013312 _____ () C:\Program Files\AdbeRdrUpd11017.msp
2016-09-19 14:10 - 2016-09-19 14:15 - 0196944 _____ () C:\Program Files\Antivirus_Free_Edition.exe
2016-09-19 15:11 - 2016-09-19 15:11 - 10056744 _____ () C:\Program Files\Antivirus_Free_Edition_x86.exe
2016-09-18 11:48 - 2016-09-18 11:48 - 8244656 _____ (Piriform Ltd) C:\Program Files\ccsetup522.exe
2016-09-05 13:54 - 2016-09-05 13:54 - 1718016 _____ ( ) C:\Program Files\cpu-z_1.77-en.exe
2016-09-07 16:08 - 2016-09-07 16:08 - 0473291 _____ () C:\Program Files\Everything-1.3.4.686.x86-Setup.exe
2016-09-08 04:37 - 2016-09-08 04:37 - 0450352 _____ (Microsoft Corporation) C:\Program Files\FixitCenter_Run_2012.exe
2017-05-24 08:11 - 2017-05-24 08:11 - 1892136 _____ (Malwarebytes ) C:\Program Files\mbae-setup-1.09.1.1410.exe
2016-08-11 09:58 - 2016-08-11 10:00 - 37689480 _____ (Opera Software) C:\Program Files\Opera_winxpvista_36.0.2130.80_Setup.exe
2016-09-19 09:39 - 2016-09-19 09:39 - 0146112 _____ () C:\Program Files\regscanner_setup.exe
2011-12-09 15:04 - 2011-12-09 15:07 - 0000112 _____ () C:\Documents and Settings\All Users\Application Data\0sJT3AhC.dat
2016-09-19 15:30 - 2016-09-19 15:30 - 0218835 _____ () C:\Documents and Settings\All Users\Application Data\1474315919.bdinstall.bin
2016-11-11 00:17 - 2016-11-11 00:17 - 0037173 _____ () C:\Documents and Settings\All Users\Application Data\1478841434.bdinstall.bin
2016-11-11 00:17 - 2016-11-11 01:00 - 0038217 _____ () C:\Documents and Settings\All Users\Application Data\1478841439.2772.bin
2016-11-11 00:17 - 2016-11-11 01:01 - 0018886 _____ () C:\Documents and Settings\All Users\Application Data\1478841439.3056.bin
2016-11-11 00:17 - 2016-11-11 00:18 - 0003557 _____ () C:\Documents and Settings\All Users\Application Data\1478841439.3884.bin
2016-11-11 00:17 - 2016-11-11 00:18 - 0010417 _____ () C:\Documents and Settings\All Users\Application Data\1478841439.3888.bin
2016-11-11 00:17 - 2016-11-11 00:18 - 0106083 _____ () C:\Documents and Settings\All Users\Application Data\1478841439.688.bin
2017-05-23 09:08 - 2017-05-23 09:08 - 0035994 _____ () C:\Documents and Settings\All Users\Application Data\1495548521.bdinstall.bin
2017-05-23 09:09 - 2017-05-23 09:09 - 0010712 _____ () C:\Documents and Settings\All Users\Application Data\1495548528.1236.bin
2017-05-23 09:08 - 2017-05-23 09:21 - 0039169 _____ () C:\Documents and Settings\All Users\Application Data\1495548528.1904.bin
2017-05-23 09:08 - 2017-05-23 09:09 - 0002102 _____ () C:\Documents and Settings\All Users\Application Data\1495548528.240.bin
2017-05-23 09:08 - 2017-05-23 09:09 - 0003256 _____ () C:\Documents and Settings\All Users\Application Data\1495548528.244.bin
2017-05-23 09:08 - 2017-05-23 09:09 - 0023516 _____ () C:\Documents and Settings\All Users\Application Data\1495548528.268.bin
2017-05-23 19:38 - 2017-05-23 19:38 - 0037190 _____ () C:\Documents and Settings\All Users\Application Data\1495586332.bdinstall.bin
2017-05-23 19:39 - 2017-05-23 19:39 - 0039356 _____ () C:\Documents and Settings\All Users\Application Data\1495586334.bdinstall.bin
2017-05-23 21:15 - 2017-05-23 21:15 - 0037164 _____ () C:\Documents and Settings\All Users\Application Data\1495592123.bdinstall.bin
2017-05-23 21:15 - 2017-05-23 21:34 - 0038233 _____ () C:\Documents and Settings\All Users\Application Data\1495592126.3180.bin
2017-05-23 21:15 - 2017-05-23 21:16 - 0003557 _____ () C:\Documents and Settings\All Users\Application Data\1495592126.3240.bin
2017-05-23 21:15 - 2017-05-23 21:16 - 0012114 _____ () C:\Documents and Settings\All Users\Application Data\1495592126.3244.bin
2017-05-23 21:15 - 2017-05-23 21:16 - 0103736 _____ () C:\Documents and Settings\All Users\Application Data\1495592126.3408.bin
2017-05-23 21:15 - 2017-05-23 21:34 - 0018945 _____ () C:\Documents and Settings\All Users\Application Data\1495592126.3508.bin
Some files in TEMP:
====================
2016-10-30 15:42 - 2016-10-30 15:42 - 0737856 _____ (Oracle Corporation) C:\Documents and Settings\dean\Local Settings\temp\jre-8u111-windows-au.exe
2015-10-07 13:17 - 2015-10-07 13:17 - 0585824 _____ (Oracle Corporation) C:\Documents and Settings\dean\Local Settings\temp\jre-8u65-windows-au.exe
2015-11-10 10:59 - 2015-11-10 10:59 - 0585824 _____ (Oracle Corporation) C:\Documents and Settings\dean\Local Settings\temp\jre-8u66-windows-au.exe
2015-12-23 13:48 - 2015-12-23 13:48 - 0644704 _____ (Oracle Corporation) C:\Documents and Settings\dean\Local Settings\temp\jre-8u71-windows-au.exe
2016-01-30 03:10 - 2016-01-30 03:10 - 0736352 _____ (Oracle Corporation) C:\Documents and Settings\dean\Local Settings\temp\jre-8u73-windows-au.exe
2016-05-27 05:43 - 2016-05-27 05:43 - 0739904 _____ (Oracle Corporation) C:\Documents and Settings\dean\Local Settings\temp\jre-8u91-windows-au.exe
2016-09-18 17:58 - 2016-09-18 17:58 - 0000000 _____ () C:\Documents and Settings\dean\Local Settings\temp\ob9zvrxh.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-05-2017
Ran by dave (24-05-2017 20:54:07)
Running from C:\Documents and Settings\dave\My Documents\Downloads
Microsoft Windows XP Professional Service Pack 3 (X86) (2010-08-22 02:46:34)
Boot Mode: Safe Mode (with Networking)
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-57989841-179605362-1644491937-500 - Administrator - Enabled)
ASPNET (S-1-5-21-57989841-179605362-1644491937-1006 - Limited - Enabled)
dave (S-1-5-21-57989841-179605362-1644491937-1005 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\dave
dean (S-1-5-21-57989841-179605362-1644491937-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\dean
Guest (S-1-5-21-57989841-179605362-1644491937-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-57989841-179605362-1644491937-1000 - Limited - Disabled)
steveo (S-1-5-21-57989841-179605362-1644491937-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\steveo
SUPPORT_388945a0 (S-1-5-21-57989841-179605362-1644491937-1002 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Bitdefender Antivirus Free Edition (Enabled - Up to date) {9488E0FA-F058-4673-850E-E755F112BABC}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 4.32 (HKLM\...\7-Zip) (Version: - )
Adobe Flash Player 23 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.17) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.17 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{85991ED2-010C-4930-96FA-52F43C2CE98A}) (Version: 3.1.0.62 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
BCM V.92 56K Modem (HKLM\...\BCM V.92 56K Modem) (Version: - )
Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1109 - Bitdefender)
Bonjour (HKLM\...\{0CB9668D-F979-4F31-B8B8-67FE90F929F8}) (Version: 2.0.2.0 - Apple Inc.)
Broadcom 440x 10/100 Integrated Controller (HKLM\...\InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}) (Version: 3.29 - Broadcom)
Broadcom 440x 10/100 Integrated Controller (Version: 3.29 - Broadcom) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.22 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CPUID CPU-Z 1.77 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
Diamond Xtreme Audio (HKLM\...\C-Media PCI Sound) (Version: - )
EMET 5.0 (HKLM\...\{FDDEBC40-9491-4978-8EF7-3FABA86595FB}) (Version: 5.0 - Microsoft Corporation)
eMusic Download Manager 4.1.4 (HKLM\...\eMusic Download Manager) (Version: 4.1.4 - eMusic, Inc.)
Everything 1.3.4.686 (x86) (HKLM\...\Everything) (Version: - )
Google Talk Plugin (HKLM\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Intel® Extreme Graphics Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: - )
iTunes (HKLM\...\{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}) (Version: 9.2.1.5 - Apple Inc.)
Java 8 Update 111 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Mahjongg Dimensions Deluxe (HKLM\...\am-mahjonggdimensionsdeluxe) (Version: - )
Malwarebytes Anti-Exploit version 1.9.1.1410 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.9.1.1410 - Malwarebytes)
Malwarebytes Anti-Malware version 1.60.1.1000 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.60.1.1000 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Mozilla Firefox 52.1.2 ESR (x86 en-US) (HKLM\...\Mozilla Firefox 52.1.2 ESR (x86 en-US)) (Version: 52.1.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.1.2.6346 - Mozilla)
Mozilla Thunderbird (3.1.20) (HKLM\...\Mozilla Thunderbird (3.1.20)) (Version: 3.1.20 (en-US) - Mozilla)
NirSoft RegScanner (HKLM\...\NirSoft RegScanner) (Version: - )
OpenOffice.org 3.2 (HKLM\...\{5A13987D-55F4-4271-A40E-76AC9B1B38FD}) (Version: 3.2.9502 - OpenOffice.org)
Opera Stable 36.0.2130.80 (HKLM\...\Opera 36.0.2130.80) (Version: 36.0.2130.80 - Opera Software)
Panda Cloud Cleaner (HKLM\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.1.10 - Panda Security)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plants vs. Zombies (HKLM\...\am-plantsvszombiestm) (Version: - )
Qwest Installer (HKLM\...\{C96FF998-45BD-411E-9253-B7F2660FE280}) (Version: 1.0 - Qwest Communications International Inc.)
Qwest Personal Digital Vault™ (HKLM\...\{746FB02B-1D03-43B7-917A-E1341AB69A00}) (Version: 1.0.0002 - Qwest)
Qwest QuickAssist Desktop Tools (HKLM\...\{A63E18AC-B504-4045-AFE6-A279BBABB988}) (Version: 23 - SupportSoft)
Qwest Quickcare 2.7 (HKLM\...\QwestQuickCare_is1) (Version: 2.7.1002.1512 - Qwest)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Rhapsody (HKLM\...\Rhapsody) (Version: - )
Roads of Rome (HKLM\...\am-roadsofrome) (Version: - )
VLC media player 1.1.3 (HKLM\...\VLC media player) (Version: 1.1.3 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - Microsoft Corporation)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-57989841-179605362-1644491937-1005_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Program Files\Windows Desktop Search\deskbar.dll => No File
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_23_0_0_207_pepper.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-179605362-1644491937-1003Core.job => C:\Documents and Settings\steveo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-179605362-1644491937-1003UA.job => C:\Documents and Settings\steveo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\jucheck.job => C:\Program Files\Common Files\Java\Java Update\jucheck.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1470936737.job => C:\Program Files\Opera\launcher.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2008-04-13 18:00 - 2013-01-02 01:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Program Files\Antivirus_Free_Edition.exe:SummaryInformation [43]
AlternateDataStreams: C:\Program Files\Antivirus_Free_Edition.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Program Files\mbae-setup-1.09.1.1410.exe:BDU [0]
AlternateDataStreams: C:\WINDOWS\$NtUninstallKB26929$:SummaryInformation [0]
AlternateDataStreams: C:\Documents and Settings\dean\My Documents\K20 Truck Parts List.rtf:SummaryInformation [43]
AlternateDataStreams: C:\Documents and Settings\dean\My Documents\K20 Truck Parts List.rtf:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
river"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\03833947.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SupportSoft RemoteAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2012-03-29 22:52 - 2012-03-30 07:57 - 00000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-57989841-179605362-1644491937-1005\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Bliss.bmp
DNS Servers: 192.168.0.1 - 205.171.3.25
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk => C:\WINDOWS\pss\Windows Search.lnkCommon Startup
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Qwest Personal Digital Vault => "C:\Program Files\Qwest Personal Digital Vault\QwestPersonalDigitalVault.exe" /m
MSCONFIG\startupreg: QwestTouchPointAgent => "C:\Program Files\Qwest\Desktop\QwestTouchPointAgent.exe" /autostart
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
StandardProfile\AuthorizedApplications: [C:\WINDOWS\Network Diagnostic\xpnetdiag.exe] => Enabled:Network Diagnostic for Windows XP
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\steveo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe] => Enabled:WebKit
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
==================== Restore Points =========================
23-02-2017 17:29:47 System Checkpoint
24-02-2017 17:35:54 System Checkpoint
25-02-2017 17:42:44 System Checkpoint
26-02-2017 18:32:40 System Checkpoint
27-02-2017 19:14:09 System Checkpoint
28-02-2017 20:10:44 System Checkpoint
01-03-2017 22:05:02 System Checkpoint
02-03-2017 23:08:10 System Checkpoint
03-03-2017 23:47:16 System Checkpoint
05-03-2017 00:29:44 System Checkpoint
06-03-2017 02:04:07 System Checkpoint
07-03-2017 03:08:10 System Checkpoint
08-03-2017 03:42:36 System Checkpoint
09-03-2017 04:42:30 System Checkpoint
10-03-2017 05:11:23 System Checkpoint
11-03-2017 06:27:41 System Checkpoint
12-03-2017 07:03:49 System Checkpoint
13-03-2017 07:37:43 System Checkpoint
14-03-2017 08:37:18 System Checkpoint
15-03-2017 03:00:44 Software Distribution Service 3.0
16-03-2017 03:30:21 System Checkpoint
17-03-2017 03:56:38 System Checkpoint
18-03-2017 04:14:13 System Checkpoint
19-03-2017 04:43:34 System Checkpoint
20-03-2017 05:00:41 System Checkpoint
21-03-2017 06:11:54 System Checkpoint
22-03-2017 06:56:40 System Checkpoint
23-03-2017 06:57:44 System Checkpoint
24-03-2017 07:12:23 System Checkpoint
25-03-2017 07:34:09 System Checkpoint
26-03-2017 08:24:18 System Checkpoint
27-03-2017 09:16:41 System Checkpoint
28-03-2017 09:26:10 System Checkpoint
30-03-2017 18:07:33 System Checkpoint
31-03-2017 18:20:29 System Checkpoint
01-04-2017 19:10:28 System Checkpoint
02-04-2017 19:32:14 System Checkpoint
03-04-2017 19:40:35 System Checkpoint
04-04-2017 20:21:22 System Checkpoint
05-04-2017 21:05:00 System Checkpoint
06-04-2017 22:03:53 System Checkpoint
07-04-2017 22:59:45 System Checkpoint
08-04-2017 23:09:41 System Checkpoint
09-04-2017 23:35:29 System Checkpoint
10-04-2017 23:36:32 System Checkpoint
11-04-2017 23:38:14 Software Distribution Service 3.0
13-04-2017 00:24:15 System Checkpoint
14-04-2017 01:24:13 System Checkpoint
15-04-2017 01:48:07 System Checkpoint
16-04-2017 02:33:44 System Checkpoint
17-04-2017 03:24:05 System Checkpoint
18-04-2017 04:15:51 System Checkpoint
19-04-2017 04:24:08 System Checkpoint
20-04-2017 04:25:12 System Checkpoint
21-04-2017 05:25:40 System Checkpoint
22-04-2017 05:30:39 System Checkpoint
23-04-2017 11:05:48 System Checkpoint
24-04-2017 11:35:31 System Checkpoint
25-04-2017 11:53:48 System Checkpoint
26-04-2017 12:33:46 System Checkpoint
27-04-2017 13:21:52 System Checkpoint
28-04-2017 14:00:22 System Checkpoint
29-04-2017 14:57:42 System Checkpoint
30-04-2017 15:49:07 System Checkpoint
01-05-2017 16:49:03 System Checkpoint
02-05-2017 17:48:56 System Checkpoint
03-05-2017 18:35:24 System Checkpoint
04-05-2017 19:20:58 System Checkpoint
05-05-2017 19:29:02 System Checkpoint
06-05-2017 19:56:49 System Checkpoint
07-05-2017 20:32:50 System Checkpoint
08-05-2017 20:59:44 System Checkpoint
09-05-2017 21:24:30 System Checkpoint
10-05-2017 05:54:02 Software Distribution Service 3.0
11-05-2017 06:47:31 System Checkpoint
13-05-2017 06:41:38 System Checkpoint
14-05-2017 06:58:41 System Checkpoint
15-05-2017 07:41:33 System Checkpoint
16-05-2017 19:50:31 System Checkpoint
17-05-2017 20:05:13 System Checkpoint
18-05-2017 21:13:47 System Checkpoint
19-05-2017 22:02:19 System Checkpoint
20-05-2017 22:03:29 System Checkpoint
21-05-2017 23:02:21 System Checkpoint
23-05-2017 07:30:25 Restore Operation
23-05-2017 12:21:19 Restore Operation
24-05-2017 17:07:37 Restore Operation
24-05-2017 17:17:01 Restore Operation
24-05-2017 18:11:01 Restore Operation
==================== Faulty Device Manager Devices =============
Name: Multimedia Audio Controller
Description: Multimedia Audio Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Error: (05/24/2017 06:12:21 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
avc3
bdftdif
bdselfpr
ESProtectionDriver
Fips
gzflt
intelppm
trufos
Error: (05/24/2017 06:11:06 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Error: (05/24/2017 06:02:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Apple Mobile Device service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (05/24/2017 06:02:02 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Apple Mobile Device service to connect.
Error: (05/24/2017 05:58:18 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Error: (05/24/2017 05:57:30 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Error: (05/24/2017 05:46:21 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Error: (05/24/2017 05:18:27 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
avc3
bdftdif
bdselfpr
ESProtectionDriver
Fips
gzflt
intelppm
trufos
Error: (05/24/2017 05:17:07 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Error: (05/24/2017 05:12:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Apple Mobile Device service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
==================== Memory info ===========================
Processor: Intel® Pentium® 4 CPU 2.20GHz
Percentage of memory in use: 71%
Total physical RAM: 759 MB
Available physical RAM: 215.25 MB
Total Virtual: 1853.77 MB
Available Virtual: 1365.48 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:74.47 GB) (Free:49.6 GB) NTFS ==>[drive with boot components (Windows XP)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: 9DC96E9E)
Partition 1: (Not Active) - (Size=31 MB) - (Type=DE)
Partition 2: (Active) - (Size=74.5 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Edited by Lamont_Cranston, 29 May 2017 - 04:00 PM.