This laptop will no longer run .exe file. Downloads everything and places it in the appropriate files in Program file. Keep getting the win32 error not valid. Any quick fixes?
WIn XP will not run .EXE files Service pack 3
Started by
merc300sd
, Jul 05 2017 07:36 PM
#2
Posted 05 July 2017 - 08:07 PM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
Copy the text:
[Version] Signature="$Chicago$" Provider=Symantec [DefaultInstall] AddReg=UnhookRegKey [UnhookRegKey] HKLM, Software\CLASSES\batfile\shell\open\command,,,"""%1"" %*" HKLM, Software\CLASSES\comfile\shell\open\command,,,"""%1"" %*" HKLM, Software\CLASSES\exefile\shell\open\command,,,"""%1"" %*" HKLM, Software\CLASSES\piffile\shell\open\command,,,"""%1"" %*" HKLM, Software\CLASSES\regfile\shell\open\command,,,"regedit.exe ""%1""" HKLM, Software\CLASSES\scrfile\shell\open\command,,,"""%1"" %*" HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableRegistryTools,0x00000020,0
Open Notepad
Edit, Paste. File, Save As, to your desktop, " UnHookExec.inf" OK (You need the quotes or it won't work). Close Notepad. Right click on UnHookExec.inf and Install.
That should allow exe to work again.
If that doesn't work see if you can get OTL.scr to work.
http://www.geekstogo...timers-list-it/
Post the logs.
#3
Posted 06 July 2017 - 07:25 AM
merc300sd
- Topic Starter
-
- Member
-
- 8 posts
New Member
UnHookExec.inf didnt work so I ran the old timer. Appears that I have a number of firewalls I didnt know existed on this machine. Here are the logs:
OTL Extras logfile created on: 7/6/2017 9:16:48 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\OldTIMER
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.87 Gb Total Physical Memory | 0.47 Gb Available Physical Memory | 25.23% Memory free
3.72 Gb Paging File | 2.15 Gb Available in Paging File | 57.81% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 59.62 Gb Total Space | 17.14 Gb Free Space | 28.75% Space Free | Partition Type: NTFS
Computer Name: NONE | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" %*
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"1542:TCP" = 1542:TCP:*:Enabled:Realtek WPS TCP Prot
"1542:UDP" = 1542:UDP:*:Enabled:Realtek WPS UDP Prot
"53:UDP" = 53:UDP:*:Enabled:Realtek AP UDP Prot
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe" = C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe:*:Enabled:RtWlan -- (Realtek Semiconductor Corp.)
"C:\Program Files\Ralink\Common\RaMediaServer.exe" = C:\Program Files\Ralink\Common\RaMediaServer.exe:*:Enabled:Ralink UPnP Media Server -- (Ralink)
"C:\Program Files\Ralink\Common\RaUI.exe" = C:\Program Files\Ralink\Common\RaUI.exe:*:Enabled:Ralink Utility -- (Ralink Technology, Corp.)
"C:\Program Files\Google\Chrome\Application\chrome.exe" = C:\Program Files\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome -- (Google Inc.)
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe" = C:\Program Files\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe:*:Enabled:SP_FF -- (IObit)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox (C:\Program Files\Mozilla Firefox) -- (Mozilla Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F03217071FF}" = Java 7 Update 71
"{284F4C1C-380D-4F10-88C8-1F9E386EFE98}" = 32 Bit HP CIO Components Installer
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Ralink RT2870 Wireless LAN Card
"{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1" = Foxit Cloud
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{959282E3-55A9-49D8-B885-D27CF8A2FD82}" = PHOTOfunSTUDIO 5.0
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C049499-055C-4a0c-A916-1D12314F45EB}" = REALTEK Wireless LAN Driver and Utility
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{BE686891-3C56-4714-AFEF-341A7867BA80}" = REALTEK RTL8187 Wireless LAN Driver and Utility
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{CAAF899F-D15F-480F-AF10-22B1431A5E9F}" = AX88772
"{CDA1ADA3-BBB4-4250-B272-AC21C78C3968}" = HP PCMCIA Smart Card Reader
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom NetXtreme Ethernet Controller
"{DBBE5C26-72B7-4E01-950D-86BDE35918ED}" = Embedded Security for HP ProtectTools Driver
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}" = OpenOffice 4.1.2
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"Adobe Flash Player NPAPI" = Adobe Flash Player 23 NPAPI
"Adobe Shockwave Player" = Adobe Shockwave Player 12.2
"Advanced SystemCare_is1" = Advanced SystemCare 10
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"ATI Display Driver" = ATI Display Driver
"Avast" = Avast Free Antivirus
"BitShares2-light" = BitShares2-light
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"Driver Booster_is1" = Driver Booster 4.1
"Foxit Reader_is1" = Foxit Reader
"Google Chrome" = Google Chrome
"IObitUninstall" = IObit Uninstaller
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 52.2.1 ESR (x86 en-US)" = Mozilla Firefox 52.2.1 ESR (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PrintKey2000" = PrintKey2000
"Smart Defrag_is1" = Smart Defrag 5
"VLC media player" = VLC media player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WinZip" = WinZip
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 6/6/2017 7:39:47 PM | Computer Name = NONE | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft .NET Framework 3.5 SP1 -- The installer has encountered
an unexpected error installing this package. This may indicate a problem with this
package. The error code is 2902. The arguments are: ixfAssemblyCopy, ,
Error - 6/6/2017 7:39:48 PM | Computer Name = NONE | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 3.5 SP1 - Update 'KB2836940' could
not be installed. Error code 1603. Additional information is available in the log
file C:\DOCUME~1\User\LOCALS~1\Temp\Microsoft .NET Framework 3.5-KB2836940_20170606_233942968-Msi0.txt.
Error - 6/6/2017 7:39:48 PM | Computer Name = NONE | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 3.5-kb2836940,
P2 1033, P3 1603, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10
2902.
Error - 6/28/2017 6:08:27 PM | Computer Name = NONE | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 6/28/2017 6:08:27 PM | Computer Name = NONE | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 7/5/2017 8:11:10 PM | Computer Name = NONE | Source = Total System Care | ID = 0
Description = GenericSkinnedInstaller.Installing: Unexpected exception while sending
installation data.
Error - 7/5/2017 8:11:25 PM | Computer Name = NONE | Source = Total System Care | ID = 0
Description = InstallerCore.Downloader: Unexpected Exception while checking contentLength
.
Error - 7/5/2017 8:11:41 PM | Computer Name = NONE | Source = Total System Care | ID = 0
Description = GenericSkinnedInstaller.BrowserDetection.BrowserUtility: System.DllNotFoundException:
Unable to load DLL 'SQLite.Interop.dll': The specified module could not be found.
(Exception from HRESULT: 0x8007007E) at System.Data.SQLite.UnsafeNativeMethods.sqlite3_config_none(SQLiteConfigOpsEnum
op) at System.Data.SQLite.SQLite3.StaticIsInitialized() at System.Data.SQLite.SQLiteLog.Initialize()
at System.Data.SQLite.SQLiteConnection..ctor(String connectionString, Boolean
parseViaFramework) at System.Data.SQLite.SQLiteConnection..ctor(String connectionString)
at GenericSkinnedInstaller.BrowserDetection.BrowserUtility.ExtractLastUsedDateFromFirefox(DateTime
lastUsedDate)
Error - 7/5/2017 8:24:51 PM | Computer Name = NONE | Source = Total System Care | ID = 0
Description = InstallerCore.Downloader: Unexpected Exception while checking contentLength
.
Error - 7/5/2017 8:24:53 PM | Computer Name = NONE | Source = Total System Care | ID = 0
Description = InstallerCore.Downloader: Exception while downloading: http://download.tota....inst_info.json.
System.Net.WebException: The server committed a protocol violation. Section=ResponseStatusLine
at System.Net.HttpWebRequest.GetResponse() at InstallerCore.Downloader.downloader_DoWork(Object
sender, DoWorkEventArgs e)
[ System Events ]
Error - 7/5/2017 7:00:17 PM | Computer Name = NONE | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Avast.VC140.CRT could not be found and Last Error
was The referenced assembly is not installed on your system.
Error - 7/5/2017 7:00:17 PM | Computer Name = NONE | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Avast.VC140.CRT. Reference error
message: The referenced assembly is not installed on your system. .
Error - 7/5/2017 7:00:17 PM | Computer Name = NONE | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll.
Reference
error message: The operation completed successfully. .
Error - 7/5/2017 9:03:30 PM | Computer Name = NONE | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Avast.VC140.CRT could not be found and Last Error
was The referenced assembly is not installed on your system.
Error - 7/5/2017 9:03:30 PM | Computer Name = NONE | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Avast.VC140.CRT. Reference error
message: The referenced assembly is not installed on your system. .
Error - 7/5/2017 9:03:30 PM | Computer Name = NONE | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll.
Reference
error message: The operation completed successfully. .
Error - 7/6/2017 7:58:04 AM | Computer Name = NONE | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 10.229.212.39 on
the Network Card with network address 000DB002B902.
Error - 7/6/2017 7:58:54 AM | Computer Name = NONE | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Avast.VC140.CRT could not be found and Last Error
was The referenced assembly is not installed on your system.
Error - 7/6/2017 7:58:54 AM | Computer Name = NONE | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Avast.VC140.CRT. Reference error
message: The referenced assembly is not installed on your system. .
Error - 7/6/2017 7:58:54 AM | Computer Name = NONE | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll.
Reference
error message: The operation completed successfully. .
< End of report >
OTL logfile created on: 7/6/2017 9:16:48 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\OldTIMER
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.87 Gb Total Physical Memory | 0.47 Gb Available Physical Memory | 25.23% Memory free
3.72 Gb Paging File | 2.15 Gb Available in Paging File | 57.81% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 59.62 Gb Total Space | 17.14 Gb Free Space | 28.75% Space Free | Partition Type: NTFS
Computer Name: NONE | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2017/07/06 09:15:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\OldTIMER\OTL.exe
PRC - [2017/06/30 08:46:42 | 000,517,064 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2017/06/27 21:20:05 | 000,850,720 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare\RealTimeProtector.exe
PRC - [2016/12/26 13:52:32 | 006,948,128 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare\ASC.exe
PRC - [2016/12/16 18:05:26 | 002,913,568 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare\ASCTray.exe
PRC - [2016/12/12 14:37:20 | 000,462,624 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare\ASCService.exe
PRC - [2016/12/05 22:47:10 | 003,332,384 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare\Monitor.exe
PRC - [2016/11/10 15:05:27 | 005,515,496 | ---- | M] (Avast Software s.r.o.) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2016/10/31 12:26:00 | 001,808,672 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
PRC - [2016/10/26 13:30:28 | 000,078,032 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\system32\rpcnet.exe
PRC - [2016/10/26 12:56:38 | 000,343,336 | ---- | M] (Avast Software s.r.o.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2016/10/18 15:17:02 | 002,275,104 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe
PRC - [2016/04/06 06:05:03 | 000,874,648 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2014/12/08 14:47:50 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/09/23 17:49:52 | 015,661,872 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\Ralink\Common\RaUI.exe
PRC - [2013/06/26 12:07:18 | 000,391,472 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\Ralink\Common\RaRegistry.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2016/12/20 17:36:46 | 001,362,720 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare\Scan.dll
MOD - [2016/11/01 11:11:58 | 000,078,624 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare\GetProcessDLL.dll
MOD - [2016/10/26 13:00:44 | 003,072,000 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\16111000\algo.dll
MOD - [2016/10/26 12:56:51 | 040,540,672 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2016/10/26 12:56:38 | 000,104,400 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\log.dll
MOD - [2016/10/26 12:56:38 | 000,081,728 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
MOD - [2016/09/26 14:59:22 | 000,631,072 | ---- | M] () -- C:\Program Files\IObit\IObit Uninstaller\ProductStatistics.dll
MOD - [2016/09/26 14:59:22 | 000,631,072 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare\ProductStatistics.dll
MOD - [2016/09/06 12:00:38 | 005,197,312 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.3.0.1\libGLESv2.dll
MOD - [2016/09/06 12:00:36 | 000,147,456 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.3.0.1\libEGL.dll
MOD - [2016/08/18 19:43:40 | 000,442,144 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare\madexcept_.bpl
MOD - [2016/08/18 19:43:36 | 000,059,680 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare\maddisAsm_.bpl
MOD - [2016/08/18 19:43:34 | 000,210,720 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare\madbasic_.bpl
MOD - [2016/06/21 20:30:02 | 000,442,144 | ---- | M] () -- C:\Program Files\IObit\IObit Uninstaller\madexcept_.bpl
MOD - [2016/06/21 20:29:58 | 000,059,680 | ---- | M] () -- C:\Program Files\IObit\IObit Uninstaller\maddisAsm_.bpl
MOD - [2016/06/21 20:29:56 | 000,210,720 | ---- | M] () -- C:\Program Files\IObit\IObit Uninstaller\madbasic_.bpl
MOD - [2015/12/28 14:50:58 | 000,899,872 | ---- | M] () -- C:\Program Files\IObit\IObit Uninstaller\webres.dll
MOD - [2015/12/28 14:50:58 | 000,899,872 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare\webres.dll
MOD - [2013/09/23 17:48:06 | 001,210,672 | ---- | M] () -- C:\Program Files\Ralink\Common\RaWLAPI.dll
MOD - [2013/01/02 02:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2010/06/29 11:34:56 | 000,480,608 | ---- | M] () -- C:\WINDOWS\system32\DiagFunc.dll
MOD - [2008/04/14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 05:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
========== Services (SafeList) ==========
SRV - [2017/06/30 08:46:42 | 000,174,024 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2016/12/12 14:37:20 | 000,462,624 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare\ASCService.exe -- (AdvancedSystemCareService10)
SRV - [2016/10/28 15:54:10 | 000,360,736 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files\IObit\IObit Uninstaller\IUService.exe -- (IObitUnSvr)
SRV - [2016/10/26 13:30:28 | 000,078,032 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\WINDOWS\system32\rpcnet.exe -- (rpcnet)
SRV - [2016/10/26 12:56:38 | 000,343,336 | ---- | M] (Avast Software s.r.o.) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2014/12/08 14:47:50 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2014/03/11 17:44:52 | 000,241,728 | ---- | M] (Foxit Corporation) [On_Demand | Stopped] -- C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe -- (FoxitCloudUpdateService)
SRV - [2013/06/26 12:07:18 | 000,391,472 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files\Ralink\Common\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2012/07/06 19:20:54 | 001,863,680 | ---- | M] (Ralink) [On_Demand | Stopped] -- C:\Program Files\Ralink\Common\RaMediaServer.exe -- (RaMediaServer)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\User\LOCALS~1\Temp\cpuz138\cpuz138_x32.sys -- (cpuz138)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2017/01/31 17:24:14 | 000,056,832 | ---- | M] (GenesysLogic) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\GeneStor.sys -- (GeneStor)
DRV - [2017/01/03 16:19:39 | 000,011,904 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\amdide.sys -- (amdide)
DRV - [2017/01/03 16:01:41 | 000,023,840 | ---- | M] (REALiX™) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\HWiNFO32.SYS -- (HWiNFO32)
DRV - [2016/11/10 15:05:28 | 000,428,120 | ---- | M] (Avast Software s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswsp.sys -- (aswSP)
DRV - [2016/10/26 12:56:54 | 000,209,048 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2016/10/26 12:56:54 | 000,074,976 | ---- | M] (Avast Software s.r.o.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2016/10/26 12:56:54 | 000,057,888 | ---- | M] (Avast Software s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2016/10/26 12:56:54 | 000,049,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2016/10/26 12:56:54 | 000,024,144 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aswHwid.sys -- (aswHwid)
DRV - [2016/10/26 12:56:53 | 000,055,200 | ---- | M] (Avast Software s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2016/10/26 12:56:35 | 000,787,760 | ---- | M] (Avast Software s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2016/03/22 12:02:16 | 000,015,824 | ---- | M] (IObit) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2014/12/08 14:34:21 | 001,391,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2013/09/06 21:51:06 | 001,660,488 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2012/10/25 10:43:10 | 000,026,336 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Scutum50.sys -- (Scutum50)
DRV - [2012/07/31 07:57:15 | 000,078,960 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrSerIb.sys -- (BrSerIb)
DRV - [2012/06/21 22:00:20 | 000,018,800 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbSib.sys -- (BrUsbSIb)
DRV - [2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/12/07 12:31:24 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/03/19 11:40:10 | 000,009,216 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2009/01/06 17:38:52 | 000,035,328 | ---- | M] (ASIX Electronics Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ax88772.sys -- (AX88772)
DRV - [2008/07/23 12:31:38 | 000,044,800 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2007/07/17 02:24:00 | 000,035,072 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HP24X.sys -- (HP24X)
DRV - [2007/06/18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/01/02 16:01:40 | 001,160,320 | R--- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/12/15 15:44:42 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/07/01 23:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startpage.com/
IE - HKCU\..\SearchScopes,DefaultScope = {3D585554-3A2C-4BF8-9587-2D99C7A6EBAD}
IE - HKCU\..\SearchScopes\{3D585554-3A2C-4BF8-9587-2D99C7A6EBAD}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.countryCode: "US"
FF - prefs.js..browser.search.hiddenOneOffs: "Bing"
FF - prefs.js..browser.search.region: "US"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://mg.mail.yaho...ogout&logout=L"
FF - user.js..browser.search.countryCode: "US"
FF - user.js..browser.search.hiddenOneOffs: "Bing"
FF - user.js..browser.search.region: "US"
FF - user.js..browser.search.update: false
FF - user.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.5.0.1
FF - user.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:49.0.2
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_23_0_0_162.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1225195.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.71.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.71.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 52.2.1 ESR\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 52.2.1 ESR\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2014/12/08 14:41:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2016/11/22 15:54:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ati0qr63.default\browser-extension-data
[2016/11/22 15:54:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ati0qr63.default\browser-extension-data\[email protected]
[2017/06/02 19:31:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ati0qr63.default\extensions
[2016/10/18 11:27:40 | 000,153,926 | ---- | M] () (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ati0qr63.default\extensions\[email protected]
[2017/06/02 19:31:41 | 001,801,339 | ---- | M] () (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ati0qr63.default\extensions\[email protected]
[2017/05/12 08:10:43 | 000,897,182 | ---- | M] () (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ati0qr63.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2017/06/30 08:46:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
========== Chrome ==========
CHR - Extension: No name found = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aleakchihdccplidncghkekgioiakgal\1.0.4_0\
CHR - Extension: No name found = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen\1.0.0_0\
CHR - Extension: No name found = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\3.13.0_0\
CHR - Extension: No name found = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lnkdbjbjpnpjeciipoaflmpcddinpjjp\0.9931_0\
CHR - Extension: No name found = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\
O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer.dll (IObit)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (IObit Surfing Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files\IObit\Advanced SystemCare\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer.dll (IObit)
O3 - HKCU\..\Toolbar\ShellBrowser: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer.dll (IObit)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o.)
O4 - HKCU..\Run: [Advanced SystemCare 10] C:\Program Files\IObit\Advanced SystemCare\ASCTray.exe (IObit)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk = C:\Program Files\Ralink\Common\RaUI.exe (Ralink Technology, Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\REALTEK 11n USB Wireless LAN Utility.lnk = C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\REALTEK RTL8187 Wireless LAN Utility.lnk = C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleNetIDList = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NolowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O15 - HKCU\..Trusted Domains: bitshares.org ([www] https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.2.1.29 10.1.12.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{604E83AF-5CD9-4CB9-A64C-8DEB593318FE}: DhcpNameServer = 10.2.1.29 10.1.12.10
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014/12/08 13:53:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2017/07/06 09:15:33 | 000,000,000 | ---D | C] -- C:\OldTIMER
[2017/07/06 09:10:38 | 000,000,000 | ---D | C] -- C:\EXEREPAIR
[2017/07/05 20:09:59 | 000,000,000 | ---D | C] -- C:\totalsystemcare
[2017/07/05 16:18:03 | 000,000,000 | ---D | C] -- C:\Program Files\BitShares2-light
[2017/07/05 10:13:01 | 000,000,000 | ---D | C] -- C:\Data scales tolt
[2017/07/05 10:09:01 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll
[2017/07/04 08:03:33 | 000,000,000 | ---D | C] -- C:\Bitshare
[2017/06/30 08:38:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Brother Printer
[2017/06/24 13:55:57 | 000,000,000 | ---D | C] -- C:\etherwallet
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2017/07/06 09:04:27 | 000,017,408 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.exe
[2017/07/06 07:58:14 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_AutoAnalyze.job
[2017/07/05 21:06:26 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\Driver Booster Scheduler.job
[2017/07/05 21:03:06 | 000,431,100 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2017/07/05 21:03:06 | 000,067,130 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2017/07/05 20:59:50 | 000,000,132 | ---- | M] () -- C:\Documents
[2017/07/05 20:59:47 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_Startup.job
[2017/07/05 20:59:17 | 000,000,753 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk
[2017/07/05 20:59:07 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_Update.job
[2017/07/05 20:59:03 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2017/07/05 20:58:58 | 000,078,032 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\System32\rpcnet.dll
[2017/07/05 20:58:58 | 000,017,408 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.dll
[2017/07/05 20:58:55 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\ASC10_PerformanceMonitor.job
[2017/07/05 20:58:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2017/07/05 12:53:15 | 000,000,116 | RHS- | M] () -- C:\Documents and Settings\All Users\Application Data\3002.xml
[2017/07/05 10:09:05 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2017/07/05 10:09:05 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_GeneStor_01009.Wdf
[2017/06/30 10:36:25 | 000,007,891 | ---- | M] () -- C:\WINDOWS\BRRBCOM.INI
[2017/06/27 09:25:59 | 000,001,824 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare 10.lnk
[2017/06/27 09:25:59 | 000,001,806 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 10.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2017/07/05 10:09:05 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2017/07/05 10:09:05 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_GeneStor_01009.Wdf
[2017/07/04 10:31:10 | 000,001,658 | ---- | C] () -- C:\Documents and Settings\User\Start Menu\Programs\BitShares2-light.lnk
[2017/02/13 13:14:19 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2017/02/13 13:14:19 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2017/02/13 13:14:19 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2017/02/13 13:14:19 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2017/02/13 13:14:19 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2017/02/13 13:14:19 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2017/02/13 13:14:19 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2017/02/13 13:14:19 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2017/02/13 13:14:19 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2017/02/13 13:14:19 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2017/02/13 13:14:19 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2017/02/13 13:14:19 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2017/02/13 13:14:19 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2017/02/13 13:14:19 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2017/02/13 13:14:19 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2017/02/13 13:14:19 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2017/02/13 13:14:19 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2017/02/13 13:14:19 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2017/02/13 13:14:19 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2017/01/08 12:48:38 | 000,007,891 | ---- | C] () -- C:\WINDOWS\BRRBCOM.INI
[2017/01/08 12:48:38 | 000,007,819 | ---- | C] () -- C:\WINDOWS\BROMJ470DW.INI
[2017/01/05 10:01:52 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2017/01/05 10:01:52 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2016/12/29 15:03:57 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\rpcnetp.dll
[2016/12/29 15:03:44 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\rpcnetp.exe
[2016/12/16 13:10:17 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2016/11/25 10:18:30 | 000,000,116 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\3002.xml
[2016/11/24 09:46:43 | 000,015,568 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\3029.abs
[2016/11/24 09:45:53 | 000,035,216 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\3002.abs
[2016/11/22 15:46:27 | 000,480,608 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.dll
[2016/11/22 15:46:27 | 000,034,080 | ---- | C] () -- C:\WINDOWS\System32\CTAAEI.dll
[2016/11/22 15:46:27 | 000,001,191 | ---- | C] () -- C:\WINDOWS\System32\W32N55.INI
[2016/11/22 15:46:27 | 000,000,449 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.ini
[2016/11/22 15:45:40 | 000,013,973 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2016/11/22 14:48:00 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2016/11/22 14:47:15 | 000,451,072 | ---- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe
[2016/10/26 13:19:43 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2016/10/26 12:56:56 | 000,209,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2016/10/26 12:56:56 | 000,049,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2016/10/26 12:56:56 | 000,024,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswHwid.sys
========== ZeroAccess Check ==========
[2016/11/10 15:17:46 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2013/09/23 03:40:03 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report >
#4
Posted 06 July 2017 - 06:02 PM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
I don't see anything that would keep it from running .exe programs.
Uninstall:
Advanced SystemCare 10
Driver Booster 4.1
IObit Uninstaller
Java 7 Update 71
Copy the text in the code box by highlighting and Ctrl + c
:OTL SRV - [2016/10/26 13:30:28 | 000,078,032 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\WINDOWS\system32\rpcnet.exe -- (rpcnet) [2017/07/05 12:53:15 | 000,000,116 | RHS- | M] () -- C:\Documents and Settings\All Users\Application Data\3002.xml [2016/11/25 10:18:30 | 000,000,116 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\3002.xml [2016/11/24 09:46:43 | 000,015,568 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\3029.abs [2016/11/24 09:45:53 | 000,035,216 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\3002.abs [2017/07/06 09:04:27 | 000,017,408 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.exe [2017/07/06 07:58:14 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_AutoAnalyze.job [2017/07/05 21:06:26 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\Driver Booster Scheduler.job [2017/07/05 20:59:47 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_Startup.job [2017/07/05 20:59:07 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_Update.job [2017/07/05 20:58:58 | 000,078,032 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\System32\rpcnet.dll [2017/07/05 20:58:58 | 000,017,408 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.dll [2017/07/05 20:58:55 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\ASC10_PerformanceMonitor.job [2017/06/27 09:25:59 | 000,001,824 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare 10.lnk [2017/06/27 09:25:59 | 000,001,806 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 10.lnk [2016/12/29 15:03:57 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\rpcnetp.dll [2016/12/29 15:03:44 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\rpcnetp.exe
then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.
It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\070617-some number.log so look there if you don't see it.
Also check that your clock is set correctly.
1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.
Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.
Reboot.
The disk check will run and will probably take an hour or more to finish.
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:
* System
4. Under 'Select type to list', select:
* Error
* Warning
Then use the 'Number of events' as follows:
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
Please post the Output log in your next reply then repeat but select Application. (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)
#5
Posted 07 July 2017 - 10:06 AM
merc300sd
- Topic Starter
-
- Member
-
- 8 posts
New Member
I followed the instructions. Ran OTL in Admin mode. It was done in a flash took no time at all. The disk check did not run at all after rebooting. SYstem and Application still had data in the file after I cleared them. So they didnt clear? Event Viewer Tool ran for application and system. Results are the same, .EXE will not run. Is there a setting somewhere that has changed?
========== OTL ==========
Service rpcnet stopped successfully!
Service rpcnet deleted successfully!
C:\WINDOWS\system32\rpcnet.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\3002.xml moved successfully.
File C:\Documents and Settings\All Users\Application Data\3002.xml not found.
C:\Documents and Settings\All Users\Application Data\3029.abs moved successfully.
C:\Documents and Settings\All Users\Application Data\3002.abs moved successfully.
C:\WINDOWS\system32\rpcnetp.exe moved successfully.
C:\WINDOWS\tasks\SmartDefrag_AutoAnalyze.job moved successfully.
File C:\WINDOWS\tasks\Driver Booster Scheduler.job not found.
C:\WINDOWS\tasks\SmartDefrag_Startup.job moved successfully.
C:\WINDOWS\tasks\SmartDefrag_Update.job moved successfully.
C:\WINDOWS\system32\rpcnet.dll moved successfully.
C:\WINDOWS\system32\rpcnetp.dll moved successfully.
File C:\WINDOWS\tasks\ASC10_PerformanceMonitor.job not found.
File C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare 10.lnk not found.
File C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 10.lnk not found.
File C:\WINDOWS\System32\rpcnetp.dll not found.
File C:\WINDOWS\System32\rpcnetp.exe not found.
OTL by OldTimer - Version 3.2.69.0 log created on 07062017_210801
Vino's Event Viewer v01c run on Windows XP in English
Report run at 07/07/2017 11:59:26 AM
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 07/07/2017 11:50:47 AM
Type: error Category: 0
Event: 59 Source: SideBySide
Generate Activation Context failed for C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll. Reference error message: The operation completed successfully. .
Log: 'System' Date/Time: 07/07/2017 11:50:47 AM
Type: error Category: 0
Event: 59 Source: SideBySide
Resolve Partial Assembly failed for Avast.VC140.CRT. Reference error message: The referenced assembly is not installed on your system. .
Log: 'System' Date/Time: 07/07/2017 11:50:47 AM
Type: error Category: 0
Event: 32 Source: SideBySide
Dependent Assembly Avast.VC140.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
Log: 'System' Date/Time: 07/07/2017 11:50:46 AM
Type: error Category: 0
Event: 59 Source: SideBySide
Generate Activation Context failed for C:\Program Files\AVAST Software\Avast\defs\99999999\aswEngin.dll. Reference error message: The operation completed successfully. .
Log: 'System' Date/Time: 07/07/2017 11:50:46 AM
Type: error Category: 0
Event: 59 Source: SideBySide
Resolve Partial Assembly failed for Avast.VC140.CRT. Reference error message: The referenced assembly is not installed on your system. .
Log: 'System' Date/Time: 07/07/2017 11:50:46 AM
Type: error Category: 0
Event: 32 Source: SideBySide
Dependent Assembly Avast.VC140.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 07/07/2017 11:45:25 AM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Log: 'System' Date/Time: 07/07/2017 11:36:34 AM
Type: warning Category: 0
Event: 4 Source: b57w2k
Broadcom NetLink Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.
Vino's Event Viewer v01c run on Windows XP in English
Report run at 07/07/2017 12:02:28 PM
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#6
Posted 07 July 2017 - 02:12 PM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
Avast is not happy.
Log: 'System' Date/Time: 07/07/2017 11:50:47 AMType: error Category: 0Event: 59 Source: SideBySideResolve Partial Assembly failed for Avast.VC140.CRT. Reference error message: The referenced assembly is not installed on your system. .
This next is probably because of BitShares2-light
Log: 'System' Date/Time: 07/07/2017 11:45:25 AMType: warning Category: 0Event: 4226 Source: TcpipTCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Other than that it doesn't look too bad. Obviously it is not all exe files since you were able to run VEW. What files are you having problems with?
#7
Posted 07 July 2017 - 02:36 PM
merc300sd
- Topic Starter
-
- Member
-
- 8 posts
New Member
FUnny you should mention it. But bitshares does not run on the machine. I rebooted the unit three times after it froze then chk dsk started running?. Having issues with WSS:// api to stay in the unit. DOnt know where it lives, do you?
#8
Posted 07 July 2017 - 03:08 PM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
OK. If not bitshare then something else less obvious. Let's see what it is.
There is a program called tcpview. http://live.sysinter...com/Tcpview.exe Download, Save and then run it.
Then File, Save As (to your desktop), tcp , OK. This should create a file tcp.txt on your desktop. Attach or copy and paste it to a reply.
Did check disk finish OK?
WSS:// api is incomplete. Usually it is something like wss://api.artik.cloud/ and it is an address out on the Internet somewhere. If you are running a WSS server on your PC and are trying to get to it then something like WSS://api.localhost or WSS://localhost should work.-
#9
Posted 08 July 2017 - 06:44 AM
merc300sd
- Topic Starter
-
- Member
-
- 8 posts
New Member
Check disk finished fine.
[System Process] 0 TCP none 12080 localhost 3867 TIME_WAIT
alg.exe 1412 TCP none 1025 none 0 LISTENING
AvastSvc.exe 1496 TCP none 12143 none 0 LISTENING
AvastSvc.exe 1496 TCP none 12465 none 0 LISTENING
AvastSvc.exe 1496 TCP none 27275 none 0 LISTENING
AvastSvc.exe 1496 TCP none 12993 none 0 LISTENING
AvastSvc.exe 1496 TCP none 12563 none 0 LISTENING
AvastSvc.exe 1496 TCP none 12110 none 0 LISTENING
AvastSvc.exe 1496 TCP none 12025 none 0 LISTENING
AvastSvc.exe 1496 TCP none 12995 none 0 LISTENING
AvastSvc.exe 1496 TCP none 12119 none 0 LISTENING
AvastSvc.exe 1496 TCPV6 none 12080 [0:0:0:0:0:0:0:0] 6171 LISTENING
lsass.exe 1064 UDP none isakmp * *
lsass.exe 1064 UDP none 4500 * *
svchost.exe 1288 TCP none epmap none 0 LISTENING
svchost.exe 1328 UDP none ntp * *
svchost.exe 1288 TCPV6 [0:0:0:0:0:0:0:0] epmap [0:0:0:0:0:0:0:0] 37076 LISTENING
System 4 TCP none microsoft-ds none 0 LISTENING
System 4 UDP none microsoft-ds * *
Maybe Avast is causing issues.
#10
Posted 08 July 2017 - 06:58 AM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
TCPView doesn't show anything using the Internet right now. The Listens do not count.
Avast does have a lot of errors so uninstall it, Reboot. Download a new copy and install it and run VEW again as before and let's see if it is running better.
Try defragging the hard drive now that you got it to do a disk check:
Open My Computer, Right click on C:\ and select Properties then Tools, Defragment Now, Defragment. Once it starts it may take a while. Wait until it finishes.
#11
Posted 08 July 2017 - 05:06 PM
merc300sd
- Topic Starter
-
- Member
-
- 8 posts
New Member
DEfrag would not run. Says its not loaded. If its not one thing its another! I have solid memory and used to defrag once a week after junk file purge. Its got to be something simple which make this very difficult.
Vino's Event Viewer v01c run on Windows XP in English
Report run at 08/07/2017 11:50:12 AM
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Vino's Event Viewer v01c run on Windows XP in English
Report run at 08/07/2017 11:46:24 AM
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 08/07/2017 11:43:26 AM
Type: error Category: 0
Event: 59 Source: SideBySide
Generate Activation Context failed for C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll. Reference error message: The operation completed successfully. .
Log: 'System' Date/Time: 08/07/2017 11:43:26 AM
Type: error Category: 0
Event: 59 Source: SideBySide
Resolve Partial Assembly failed for Avast.VC140.CRT. Reference error message: The referenced assembly is not installed on your system. .
Log: 'System' Date/Time: 08/07/2017 11:43:26 AM
Type: error Category: 0
Event: 32 Source: SideBySide
Dependent Assembly Avast.VC140.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
Log: 'System' Date/Time: 08/07/2017 11:43:26 AM
Type: error Category: 0
Event: 59 Source: SideBySide
Generate Activation Context failed for C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll. Reference error message: The operation completed successfully. .
Log: 'System' Date/Time: 08/07/2017 11:43:26 AM
Type: error Category: 0
Event: 59 Source: SideBySide
Resolve Partial Assembly failed for Avast.VC140.CRT. Reference error message: The referenced assembly is not installed on your system. .
Log: 'System' Date/Time: 08/07/2017 11:43:26 AM
Type: error Category: 0
Event: 32 Source: SideBySide
Dependent Assembly Avast.VC140.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
Log: 'System' Date/Time: 08/07/2017 11:43:05 AM
Type: error Category: 0
Event: 59 Source: SideBySide
Generate Activation Context failed for C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll. Reference error message: The operation completed successfully. .
Log: 'System' Date/Time: 08/07/2017 11:43:05 AM
Type: error Category: 0
Event: 59 Source: SideBySide
Resolve Partial Assembly failed for Avast.VC140.CRT. Reference error message: The referenced assembly is not installed on your system. .
Log: 'System' Date/Time: 08/07/2017 11:43:05 AM
Type: error Category: 0
Event: 32 Source: SideBySide
Dependent Assembly Avast.VC140.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
Log: 'System' Date/Time: 08/07/2017 11:43:05 AM
Type: error Category: 0
Event: 59 Source: SideBySide
Generate Activation Context failed for C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll. Reference error message: The operation completed successfully. .
Log: 'System' Date/Time: 08/07/2017 11:43:05 AM
Type: error Category: 0
Event: 59 Source: SideBySide
Resolve Partial Assembly failed for Avast.VC140.CRT. Reference error message: The referenced assembly is not installed on your system. .
Log: 'System' Date/Time: 08/07/2017 11:43:05 AM
Type: error Category: 0
Event: 32 Source: SideBySide
Dependent Assembly Avast.VC140.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
Log: 'System' Date/Time: 08/07/2017 7:57:47 AM
Type: error Category: 0
Event: 59 Source: SideBySide
Generate Activation Context failed for C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll. Reference error message: The operation completed successfully. .
Log: 'System' Date/Time: 08/07/2017 7:57:47 AM
Type: error Category: 0
Event: 59 Source: SideBySide
Resolve Partial Assembly failed for Avast.VC140.CRT. Reference error message: The referenced assembly is not installed on your system. .
Log: 'System' Date/Time: 08/07/2017 7:57:47 AM
Type: error Category: 0
Event: 32 Source: SideBySide
Dependent Assembly Avast.VC140.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
Log: 'System' Date/Time: 07/07/2017 9:44:46 PM
Type: error Category: 0
Event: 59 Source: SideBySide
Generate Activation Context failed for C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll. Reference error message: The operation completed successfully. .
Log: 'System' Date/Time: 07/07/2017 9:44:46 PM
Type: error Category: 0
Event: 59 Source: SideBySide
Resolve Partial Assembly failed for Avast.VC140.CRT. Reference error message: The referenced assembly is not installed on your system. .
Log: 'System' Date/Time: 07/07/2017 9:44:46 PM
Type: error Category: 0
Event: 32 Source: SideBySide
Dependent Assembly Avast.VC140.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
Log: 'System' Date/Time: 07/07/2017 4:21:55 PM
Type: error Category: 0
Event: 59 Source: SideBySide
Generate Activation Context failed for C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll. Reference error message: The operation completed successfully. .
Log: 'System' Date/Time: 07/07/2017 4:21:55 PM
Type: error Category: 0
Event: 59 Source: SideBySide
Resolve Partial Assembly failed for Avast.VC140.CRT. Reference error message: The referenced assembly is not installed on your system. .
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 08/07/2017 11:45:56 AM
Type: warning Category: 0
Event: 4 Source: b57w2k
Broadcom NetLink Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.
Log: 'System' Date/Time: 08/07/2017 10:56:39 AM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 000DB002B902. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Log: 'System' Date/Time: 08/07/2017 10:56:37 AM
Type: warning Category: 0
Event: 256 Source: PlugPlayManager
Timed out sending notification of device interface change to window of "Ralink WLAN Utility"
Log: 'System' Date/Time: 08/07/2017 10:56:37 AM
Type: warning Category: 0
Event: 256 Source: PlugPlayManager
Timed out sending notification of device interface change to window of "Ralink WLAN Utility"
Log: 'System' Date/Time: 08/07/2017 7:56:48 AM
Type: warning Category: 0
Event: 256 Source: PlugPlayManager
Timed out sending notification of device interface change to window of "Ralink WLAN Utility"
Log: 'System' Date/Time: 08/07/2017 7:56:48 AM
Type: warning Category: 0
Event: 256 Source: PlugPlayManager
Timed out sending notification of device interface change to window of "Ralink WLAN Utility"
Log: 'System' Date/Time: 07/07/2017 9:43:30 PM
Type: warning Category: 0
Event: 256 Source: PlugPlayManager
Timed out sending notification of device interface change to window of "Ralink WLAN Utility"
Log: 'System' Date/Time: 07/07/2017 9:43:30 PM
Type: warning Category: 0
Event: 256 Source: PlugPlayManager
Timed out sending notification of device interface change to window of "Ralink WLAN Utility"
Log: 'System' Date/Time: 07/07/2017 7:18:14 PM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Log: 'System' Date/Time: 07/07/2017 6:16:52 PM
Type: warning Category: 0
Event: 11050 Source: dnscache
The DNS Client service could not contact any DNS servers for a repeated number of attempts. For the next 30 seconds the DNS Client service will not use the network to avoid further network performance problems. It will resume its normal behavior after that. If this problem persists, verify your TCP/IP configuration, specifically check that you have a preferred (and possibly an alternate) DNS server configured. If the problem continues, verify network conditions to these DNS servers or contact your network administrator.
Log: 'System' Date/Time: 07/07/2017 6:02:51 PM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Log: 'System' Date/Time: 07/07/2017 4:35:57 PM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Log: 'System' Date/Time: 07/07/2017 4:22:15 PM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Log: 'System' Date/Time: 07/07/2017 4:16:57 PM
Type: warning Category: 0
Event: 4 Source: b57w2k
Broadcom NetLink Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.
Log: 'System' Date/Time: 07/07/2017 1:46:57 PM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Log: 'System' Date/Time: 07/07/2017 1:23:45 PM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Log: 'System' Date/Time: 07/07/2017 1:22:09 PM
Type: warning Category: 0
Event: 4 Source: b57w2k
Broadcom NetLink Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.
Log: 'System' Date/Time: 07/07/2017 11:45:25 AM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Log: 'System' Date/Time: 07/07/2017 11:36:34 AM
Type: warning Category: 0
Event: 4 Source: b57w2k
Broadcom NetLink Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.
#12
Posted 08 July 2017 - 06:39 PM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
can you give me the exact error message you got with defrag?
Doesn't look like Avast is happy. Perhaps it no longer works with XP?
Can you get it to run a boot-time scan?
Click on the Avast ball. Then click on Protection, then on Antivirus, then on Other Scans then on Boot-time Scan. Click on Install Special Definitions. Click on Run on Next PC Reboot.
Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Mute your speakers so it doesn't wake you up when Windows boots.
When you reboot you will see the scan start. It will tell you where it saves its log. Usually on XP it's C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\report\aswboot.txt
This is a hidden location so yuo need to tell Windows to let you see it:
Double-click on the My Computer icon.
Select the Tools menu and click Folder Options.
After the new window appears select the View tab.
Put a checkmark in the checkbox labeled Display the contents of system folders.
Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
Remove the checkmark from the checkbox labeled Hide protected operating system files.
Press the Apply button and then the OK button
#13
Posted 16 July 2017 - 06:30 PM
merc300sd
- Topic Starter
-
- Member
-
- 8 posts
New Member
I think what I am going to do is trash the drive and reimage it from a clean win XP. I deleted avast and everything started moving faster.
,EXE still does not work but after I redo the drive it should be just fine,.What do you think?
#14
Posted 16 July 2017 - 07:10 PM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
Haven't really seen any exe files that it didn't run so not sure. Worth a try tho.
#15
Posted 17 July 2017 - 06:13 AM
merc300sd
- Topic Starter
-
- Member
-
- 8 posts
New Member
After I removed Avast,, the laptop started working much better. .EXE still doesnt work. Ill let you know what happens after I wipe it.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
