Page 1 of 4 123 ... LastLast
Results 1 to 10 of 40
  1. #1
    Member
    Join Date
    Oct 2010
    Posts
    189
    Points
    3

    Default Something keeps running on computer

    Hi, I have another problem. Lately, whenever I start up my computer, something starts running in the background and it runs and runs and runs. I try to bring up pages but it seems to slow down doing that because all of the energy is taking in running whatever is running in the background which saps it all. So I wait, and after ten minutes it's quiet, so I try to pull up a page, and how it acts can only be best described this way

    ..........say there's a large room and it's crowded with people. Everyone is quiet. One person decided to speak up and say something. Suddenly, everyone in the room is yelling something too and trying to drown him out.


    That's how my computer is acting. I tray to pull up a page and suddenly something starts running running running in the background like fast static and it's noisy and dominating and it prevents me from pulling up the page because it's overriding everything. I stop and after ten minutes or so it quiets down until I try to pull up another page then it does it again.

    I can hardly move on my computer. I've tried changing browsers, updating everything I can think of and removing unnecessary programs. Whatever this is it's overriding everything. BTW, I ran a virus check and everything is OK. I have Windows 10 installed. Any help would be appreciated. Thanks.

  2. #2
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,173
    Points
    1307

    Default

    Hello,

    Lets take a closer look at things. Windows 10 can have high disc usage at times, approaching 100% bringing the system to a crawl...

    Everything gets download to the desktop and tools are "Run as administrator."

    Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatible with your system (32 Bit or 64 Bit) . If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce a log called FRST.txt in the same directory the tool is run from.
    • Please copy and paste log back here.
    • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
    Last edited by zep516; 09-16-2016 at 05:01 PM.

  3. The Following User Says Thank You to zep516 For This Useful Post:


  4. #3
    Member
    Join Date
    Oct 2010
    Posts
    189
    Points
    3

    Default

    Sorry for the delay(overloaded at worK)

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-09-2016
    Ran by Administrator (administrator) on XP-PERFORMANCE- (17-09-2016 12:49:00)
    Running from C:\Documents and Settings\Administrator\My Documents\Downloads
    Loaded Profiles: Administrator (Available Profiles: Administrator)
    Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
    Internet Explorer Version 8 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\Av\avgrsx.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgcsrvx.exe
    () C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe
    (Google Inc.) C:\Program Files\Google\Update\1.3.31.5\GoogleCrashHandler.exe
    (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
    (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
    () C:\Program Files\AVG Web TuneUp\vprot.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgui.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgidsagent.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgwdsvcx.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
    (AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.3.5\ToolbarUpdater.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
    (Farbar) C:\Documents and Settings\Administrator\My Documents\Downloads\farbar recovery tool.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2005-09-20] (Intel Corporation)
    HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [114688 2005-09-20] (Intel Corporation)
    HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [187152 2016-09-07] (AVG Technologies CZ, s.r.o.)
    HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\Av\avgui.exe [5308688 2016-08-26] (AVG Technologies CZ, s.r.o.)
    HKLM\...\Run: [vProt] => C:\Program Files\AVG Web TuneUp\vprot.exe [2180680 2016-09-14] ()
    HKLM\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
    HKU\S-1-5-19\...\RunOnce: [_nltide_3] => C:\WINDOWS\system32\advpack.dll [128512 2009-03-08] (Microsoft Corporation)
    HKU\S-1-5-19\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
    HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 1
    HKU\S-1-5-19\...\Policies\Explorer: [NoRecentDocsMenu] 1
    HKU\S-1-5-19\...\Policies\Explorer: [NoRecentDocsHistory] 1
    HKU\S-1-5-19\...\Policies\Explorer: [NoSMMyPictures] 1
    HKU\S-1-5-19\...\Policies\Explorer: [NoSMConfigurePrograms] 1
    HKU\S-1-5-20\...\RunOnce: [_nltide_3] => C:\WINDOWS\system32\advpack.dll [128512 2009-03-08] (Microsoft Corporation)
    HKU\S-1-5-20\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
    HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 1
    HKU\S-1-5-20\...\Policies\Explorer: [NoRecentDocsMenu] 1
    HKU\S-1-5-20\...\Policies\Explorer: [NoRecentDocsHistory] 1
    HKU\S-1-5-20\...\Policies\Explorer: [NoSMMyPictures] 1
    HKU\S-1-5-20\...\Policies\Explorer: [NoSMConfigurePrograms] 1
    HKU\S-1-5-21-299502267-1292428093-1606980848-500\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
    HKU\S-1-5-21-299502267-1292428093-1606980848-500\...\Policies\Explorer: [NoResolveSearch] 1
    HKU\S-1-5-21-299502267-1292428093-1606980848-500\...\Policies\Explorer: [NoRecentDocsMenu] 1
    HKU\S-1-5-21-299502267-1292428093-1606980848-500\...\Policies\Explorer: [NoRecentDocsHistory] 1
    HKU\S-1-5-21-299502267-1292428093-1606980848-500\...\Policies\Explorer: [NoSMMyPictures] 1
    HKU\S-1-5-21-299502267-1292428093-1606980848-500\...\Policies\Explorer: [NoSMConfigurePrograms] 1
    HKU\S-1-5-18\...\RunOnce: [_nltide_3] => C:\WINDOWS\system32\advpack.dll [128512 2009-03-08] (Microsoft Corporation)
    HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_21_0_0_197_pepper.exe -update pepperplugin
    HKU\S-1-5-18\...\RunOnce: [RunNarrator] => C:\WINDOWS\system32\Narrator.exe [53760 2008-04-13] (Microsoft Corporation)
    HKU\S-1-5-18\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
    HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 1
    HKU\S-1-5-18\...\Policies\Explorer: [NoRecentDocsMenu] 1
    HKU\S-1-5-18\...\Policies\Explorer: [NoRecentDocsHistory] 1
    HKU\S-1-5-18\...\Policies\Explorer: [NoSMMyPictures] 1
    HKU\S-1-5-18\...\Policies\Explorer: [NoSMConfigurePrograms] 1
    HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> logon.scr
    ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
    BootExecute: autocheck autochk * C:\PROGRA~1\AVG\Av\avgrsx.exe /sync /restart

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 65.87.230.4 65.87.230.5
    Tcpip\..\Interfaces\{2A0D59A8-3E38-4C90-9266-C8806C2B32C2}: [DhcpNameServer] 65.87.230.4 65.87.230.5

    Internet Explorer:
    ==================
    HKU\S-1-5-21-299502267-1292428093-1606980848-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={5A72A740-F1B1-4779-8CCD-04DD43451206}&mid=ee13b2b0327847ccb8bbd15a666bd0b7-7356fd6db638c0889971efe96ed2afafb3b8c93a&lang=en&ds=AVG&coid=avgtbavg&cmpid=0616av&pr=fr&d=2016-06-09 01:27:15&v=4.3.5.160&pid=wtu&sg=&sap=hp
    HKU\S-1-5-21-299502267-1292428093-1606980848-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    SearchScopes: HKU\S-1-5-21-299502267-1292428093-1606980848-500 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={5A72A740-F1B1-4779-8CCD-04DD43451206}&mid=ee13b2b0327847ccb8bbd15a666bd0b7-7356fd6db638c0889971efe96ed2afafb3b8c93a&lang=en&ds=AVG&coid=avgtbavg&cmpid=0716tb&pr=fr&d=2016-06-09 01:27:15&v=4.3.5.160&pid=wtu&sg=&sap=dsp&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-299502267-1292428093-1606980848-500 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={5A72A740-F1B1-4779-8CCD-04DD43451206}&mid=ee13b2b0327847ccb8bbd15a666bd0b7-7356fd6db638c0889971efe96ed2afafb3b8c93a&lang=en&ds=AVG&coid=avgtbavg&cmpid=0716tb&pr=fr&d=2016-06-09 01:27:15&v=4.3.5.160&pid=wtu&sg=&sap=dsp&q={searchTerms}
    BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File

    FireFox:
    ========
    FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\c4poxpdk.default
    FF Homepage: hxxps://www.google.ca/webhp?complete=0&gws_rd=cr,ssl&ei=WMsFV9GcDevfjwTb-qKoBQ
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-13] ()
    FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.5\\npsitesafety.dll [No File]
    FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-14] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-14] (Google Inc.)
    FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\c4poxpdk.default\searchplugins\avg-secure-search.xml [2016-09-14]
    FF Extension: (AVG Web TuneUp) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\c4poxpdk.default\Extensions\avg@toolbar.xpi [2016-09-14]
    FF Extension: (Firefox Hotfix) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\c4poxpdk.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-08]
    FF Extension: (Adblock Plus) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\c4poxpdk.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: (Microsoft .NET Framework Assistant) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2016-04-06] [not signed]

    Chrome:
    =======
    CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default [2016-09-16]
    CHR Extension: (Google Slides) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-14]
    CHR Extension: (Google Docs) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-14]
    CHR Extension: (Google Drive) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-14]
    CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-14]
    CHR Extension: (Google Sheets) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-14]
    CHR Extension: (Google Docs Offline) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-15]
    CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-14]
    CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-14]

    Opera:
    =======
    OPR StartupUrls: "hxxps://www.google.ca/webhp?complete=0&gws_rd=cr&ei=FcwFV6JJofSOBJKzu6gF"

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
    R2 AVGIDSAgent; C:\Program Files\AVG\Av\avgidsagent.exe [4109856 2016-08-26] (AVG Technologies CZ, s.r.o.)
    R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [911120 2016-09-07] (AVG Technologies CZ, s.r.o.)
    R2 avgwd; C:\Program Files\AVG\Av\avgwdsvcx.exe [632632 2016-08-26] (AVG Technologies CZ, s.r.o.)
    R2 TuneUp.UtilitiesSvc; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [3941648 2016-08-19] (AVG Technologies CZ, s.r.o.)
    R2 UxTuneUp; C:\WINDOWS\System32\uxtuneup.dll [49424 2016-08-19] (AVG Technologies CZ, s.r.o.)
    R2 vToolbarUpdater40.3.5; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.3.5\ToolbarUpdater.exe [1349704 2016-09-14] (AVG Secure Search)
    R2 WtuSystemSupport; C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe [980552 2016-09-14] ()

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [134912 2016-05-13] (AVG Technologies CZ, s.r.o.)
    R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [243968 2016-08-23] (AVG Technologies CZ, s.r.o.)
    R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [210176 2016-07-27] (AVG Technologies CZ, s.r.o.)
    R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [31664 2015-11-20] (AVG Technologies CZ, s.r.o.)
    R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [212736 2016-06-01] (AVG Technologies CZ, s.r.o.)
    R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [287008 2016-02-16] (AVG Technologies CZ, s.r.o.)
    R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [201984 2016-08-02] (AVG Technologies CZ, s.r.o.)
    R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [47360 2016-06-01] (AVG Technologies CZ, s.r.o.)
    R0 avgunivx; C:\WINDOWS\System32\DRIVERS\avgunivx.sys [65280 2016-06-20] (AVG Technologies CZ, s.r.o.)
    S3 FETNDIS; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc. )
    R3 FETNDISB; C:\WINDOWS\System32\DRIVERS\dlkfet5b.sys [43008 2007-05-16] (D-Link )
    R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO32.SYS [23840 2016-04-10] (REALiX(tm))
    S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [170200 2016-06-27] (Malwarebytes)
    R3 P17; C:\WINDOWS\System32\drivers\P17.sys [1127936 2016-04-10] (Creative Technology Ltd.)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R3 TuneUpUtilitiesDrv; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [31792 2016-06-01] (AVG Netherlands B.V.)
    R3 VIAudio; C:\WINDOWS\System32\drivers\vinyl97.sys [207488 2016-04-10] (VIA Technologies, Inc.)
    U4 ClipSrv; no ImagePath
    U4 NetDDE; no ImagePath
    U4 NetDDEdsdm; no ImagePath
    U1 WS2IFSL; no ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-09-17 12:48 - 2016-09-17 12:49 - 00000000 ____D C:\FRST
    2016-09-16 20:19 - 2016-09-17 08:52 - 00000000 ____D C:\Program Files\Mozilla Firefox
    2016-09-14 15:38 - 2016-09-14 16:20 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
    2016-09-14 15:38 - 2016-09-14 15:38 - 00001819 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome.lnk
    2016-09-14 15:38 - 2016-09-14 15:38 - 00001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    2016-09-14 15:32 - 2016-09-17 12:37 - 00000900 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2016-09-14 15:32 - 2016-09-17 08:35 - 00000896 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2016-09-14 15:32 - 2016-09-14 15:37 - 00000000 ____D C:\Program Files\Google
    2016-08-23 09:10 - 2016-08-19 16:30 - 00049424 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\uxtuneup.dll
    2016-08-23 09:09 - 2016-08-23 09:09 - 00000000 ____D C:\Documents and Settings\Default User\Local Settings\Application Data\AVG

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-09-17 12:49 - 2016-04-06 13:18 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
    2016-09-17 12:33 - 2016-04-06 23:13 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
    2016-09-17 12:24 - 2016-04-06 13:14 - 00000000 ____D C:\WINDOWS\system32\Macromed
    2016-09-17 12:08 - 2016-05-14 08:02 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2016-09-17 12:01 - 2016-04-06 20:39 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
    2016-09-17 08:52 - 2016-04-06 13:43 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
    2016-09-17 08:38 - 2016-04-10 11:42 - 00000296 _____ C:\WINDOWS\Tasks\Driver Booster Scheduler.job
    2016-09-17 08:36 - 2001-08-23 06:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
    2016-09-17 08:35 - 2016-04-06 20:59 - 00000424 _____ C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1459997937.job
    2016-09-17 08:35 - 2016-04-06 20:58 - 00000000 ____D C:\Program Files\Opera
    2016-09-17 08:35 - 2016-04-06 15:52 - 00000238 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
    2016-09-17 08:35 - 2016-04-06 13:18 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2016-09-17 03:57 - 2016-04-06 13:17 - 00032396 _____ C:\WINDOWS\SchedLgU.Txt
    2016-09-17 03:56 - 2016-04-06 13:18 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
    2016-09-17 03:56 - 2016-04-06 13:18 - 00000000 ____D C:\Documents and Settings\Administrator
    2016-09-17 02:00 - 2016-04-11 21:24 - 00000526 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 71f9c40c-5acd-4bb4-9839-35f49ecd2f85.job
    2016-09-16 22:01 - 2016-04-06 22:01 - 00000526 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task afc618c2-4128-41cc-85e8-e28548256c19.job
    2016-09-16 11:28 - 2016-04-06 13:43 - 00000730 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
    2016-09-16 11:28 - 2016-04-06 13:43 - 00000724 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    2016-09-14 07:21 - 2016-06-09 01:26 - 00000000 ____D C:\Program Files\AVG Web TuneUp
    2016-09-14 07:21 - 2016-06-09 01:26 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG Web TuneUp
    2016-09-13 23:07 - 2016-04-06 20:42 - 00000673 _____ C:\Documents and Settings\All Users\Desktop\AVG Protection.lnk
    2016-09-13 23:07 - 2016-04-06 20:42 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
    2016-09-13 23:07 - 2016-04-06 07:07 - 00000000 ____D C:\WINDOWS\inf
    2016-09-13 14:10 - 2016-04-06 22:42 - 00796352 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
    2016-09-13 14:10 - 2016-04-06 22:42 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
    2016-08-23 16:25 - 2016-03-07 13:33 - 00243968 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsdriverlx.sys
    2016-08-23 09:10 - 2016-06-04 01:55 - 00001776 _____ C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC TuneUp.lnk
    2016-08-23 09:10 - 2016-06-04 01:55 - 00001770 _____ C:\Documents and Settings\All Users\Desktop\AVG PC TuneUp.lnk
    2016-08-23 09:10 - 2016-06-04 01:55 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC TuneUp
    2016-08-19 16:36 - 2016-06-04 01:55 - 00049936 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\TURegOpt.exe

    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    ==================== End of FRST.txt ============================

  5. #4
    Member
    Join Date
    Oct 2010
    Posts
    189
    Points
    3

    Default

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-09-2016
    Ran by Administrator (17-09-2016 12:49:50)
    Running from C:\Documents and Settings\Administrator\My Documents\Downloads
    Microsoft Windows XP Professional Service Pack 3 (X86) (2016-04-06 19:16:32)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-299502267-1292428093-1606980848-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
    ASPNET (S-1-5-21-299502267-1292428093-1606980848-1001 - Limited - Enabled)
    Guest (S-1-5-21-299502267-1292428093-1606980848-501 - Limited - Disabled)
    HelpAssistant (S-1-5-21-299502267-1292428093-1606980848-1000 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)


    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-Zip 15.14 (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
    Adobe Flash Player 23 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 23.0.0.162 - Adobe Systems Incorporated)
    Adobe Flash Player 23 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
    Adobe Flash Player 23 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
    AVG (Version: 16.111.7797 - AVG Technologies) Hidden
    AVG 2016 (Version: 16.0.4656 - AVG Technologies) Hidden
    AVG PC TuneUp (HKLM\...\AVG PC TuneUp) (Version: 16.52.2.34122 - AVG Technologies)
    AVG PC TuneUp (Version: 16.52.2 - AVG Technologies) Hidden
    AVG Protection (HKLM\...\AVG) (Version: 2016.111.7797 - AVG Technologies)
    AVG Web TuneUp (HKLM\...\AVG Web TuneUp) (Version: 4.3.5.160 - AVG Technologies)
    D-Link PCI Fast Ethernet Adapter (HKLM\...\VN_VUIns_Rhine_D-Link) (Version: - )
    Driver Booster 3.2 (HKLM\...\Driver Booster_is1) (Version: 3.2 - IObit)
    FMW 1 (Version: 1.123.1 - AVG Technologies) Hidden
    Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
    Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
    HashCheck Shell Extension (x86-32) (HKLM\...\HashCheck Shell Extension) (Version: 2.1.11.0 - Kai Liu)
    Intel(R) Extreme Graphics 2 Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4396 - )
    Intel(R) PRO Network Adapters and Drivers (HKLM\...\PROSet) (Version: - )
    IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.42 - Irfan Skiljan)
    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
    Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Mozilla Firefox 48.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 48.0.2 (x86 en-US)) (Version: 48.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 43.0.1 - Mozilla)
    Opera Stable 36.0.2130.80 (HKLM\...\Opera 36.0.2130.80) (Version: 36.0.2130.80 - Opera Software)
    Paint Shop Pro 7 Anniversary Edition (HKLM\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.0.4.0000 - Jasc Software Inc)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1204 - SUPERAntiSpyware.com)
    TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
    Viper Racing 2012 (HKLM\...\Viper Racing 2012) (Version: - )
    Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
    Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
    Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation)
    WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
    ZModeler (remove only) (HKLM\...\ZModeler) (Version: - )

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_23_0_0_162_pepper.exe
    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\Driver Booster Scheduler.job => C:\Program Files\IObit\Driver Booster\Scheduler.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1459997937.job => C:\Program Files\Opera\launcher.exe
    Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 71f9c40c-5acd-4bb4-9839-35f49ecd2f85.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task afc618c2-4128-41cc-85e8-e28548256c19.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2016-06-09 01:26 - 2016-09-14 07:20 - 00980552 ____N () C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe
    2016-04-06 21:42 - 2004-01-22 18:36 - 00120832 _____ () C:\Program Files\WinRAR\rarext.dll
    2016-09-14 07:21 - 2016-09-14 07:20 - 02180680 _____ () C:\Program Files\AVG Web TuneUp\vprot.exe
    2016-04-06 20:37 - 2016-04-10 10:34 - 40500224 _____ () C:\Program Files\AVG\UiDll\2171\libcef.dll
    2009-09-13 23:56 - 2013-01-02 00:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
    2016-09-13 13:10 - 2016-09-13 13:10 - 19588800 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_23_0_0_162.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2001-08-23 06:00 - 2001-08-23 06:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts

    127.0.0.1 localhost

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-299502267-1292428093-1606980848-500\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Desktop Background.bmp
    DNS Servers: 65.87.230.4 - 65.87.230.5
    Windows Firewall is disabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\Av\avgmfapx.exe] => Enabled:AVG Installer
    StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\Av\avgdiagex.exe] => Enabled:AVG Diagnostics
    StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
    StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
    StandardProfile\GloballyOpenPorts: [5985:TCP] => Disabled:Windows Remote Management
    StandardProfile\GloballyOpenPorts: [80:TCP] => Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

    ==================== Restore Points =========================

    17-06-2016 11:50:17 System Checkpoint
    18-06-2016 12:29:27 System Checkpoint
    19-06-2016 20:39:45 System Checkpoint
    21-06-2016 09:41:14 System Checkpoint
    22-06-2016 09:54:18 System Checkpoint
    23-06-2016 11:41:31 System Checkpoint
    24-06-2016 12:05:19 System Checkpoint
    25-06-2016 12:37:22 System Checkpoint
    26-06-2016 12:45:44 System Checkpoint
    27-06-2016 12:48:59 System Checkpoint
    28-06-2016 17:01:16 System Checkpoint
    29-06-2016 18:19:39 System Checkpoint
    30-06-2016 19:14:14 System Checkpoint
    01-07-2016 22:14:34 System Checkpoint
    02-07-2016 22:50:58 System Checkpoint
    04-07-2016 11:48:11 System Checkpoint
    05-07-2016 12:38:59 System Checkpoint
    06-07-2016 18:48:21 System Checkpoint
    07-07-2016 22:42:26 System Checkpoint
    09-07-2016 00:16:27 System Checkpoint
    10-07-2016 10:21:56 System Checkpoint
    11-07-2016 17:25:34 System Checkpoint
    12-07-2016 19:54:32 System Checkpoint
    13-07-2016 14:00:26 Software Distribution Service 3.0
    14-07-2016 17:30:44 System Checkpoint
    15-07-2016 17:34:58 System Checkpoint
    16-07-2016 19:06:06 System Checkpoint
    17-07-2016 21:36:40 System Checkpoint
    18-07-2016 22:26:54 System Checkpoint
    19-07-2016 22:52:02 System Checkpoint
    21-07-2016 09:15:29 System Checkpoint
    22-07-2016 11:29:36 System Checkpoint
    23-07-2016 19:29:58 System Checkpoint
    25-07-2016 09:42:03 System Checkpoint
    26-07-2016 18:19:08 System Checkpoint
    27-07-2016 21:51:25 System Checkpoint
    28-07-2016 23:42:27 System Checkpoint
    30-07-2016 10:34:47 System Checkpoint
    31-07-2016 18:54:36 System Checkpoint
    02-08-2016 21:49:12 System Checkpoint
    03-08-2016 23:45:54 System Checkpoint
    05-08-2016 10:20:21 System Checkpoint
    06-08-2016 11:06:06 System Checkpoint
    07-08-2016 15:18:53 System Checkpoint
    08-08-2016 18:25:16 System Checkpoint
    09-08-2016 20:50:10 System Checkpoint
    10-08-2016 01:18:22 Software Distribution Service 3.0
    11-08-2016 10:43:13 System Checkpoint
    12-08-2016 12:34:15 System Checkpoint
    13-08-2016 13:07:31 System Checkpoint
    14-08-2016 19:18:00 System Checkpoint
    15-08-2016 20:24:03 System Checkpoint
    17-08-2016 18:26:54 System Checkpoint
    18-08-2016 19:08:33 System Checkpoint
    20-08-2016 16:35:43 System Checkpoint
    22-08-2016 02:40:57 System Checkpoint
    23-08-2016 15:59:56 System Checkpoint
    24-08-2016 17:17:24 System Checkpoint
    26-08-2016 15:47:49 System Checkpoint
    28-08-2016 01:58:40 System Checkpoint
    29-08-2016 12:17:23 System Checkpoint
    30-08-2016 17:29:26 System Checkpoint
    31-08-2016 18:13:37 System Checkpoint
    01-09-2016 20:31:02 System Checkpoint
    03-09-2016 09:37:51 System Checkpoint
    04-09-2016 14:49:34 System Checkpoint
    06-09-2016 01:03:57 System Checkpoint
    07-09-2016 02:58:42 System Checkpoint
    09-09-2016 20:30:05 System Checkpoint
    13-09-2016 15:44:42 System Checkpoint
    14-09-2016 17:19:41 System Checkpoint

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (09/14/2016 04:02:03 PM) (Source: crypt32) (EventID: 11) (User: )
    Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

    Error: (09/14/2016 04:02:03 PM) (Source: crypt32) (EventID: 11) (User: )
    Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

    Error: (08/27/2016 11:00:32 AM) (Source: crypt32) (EventID: 8) (User: )
    Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.


    System errors:
    =============
    Error: (09/13/2016 12:39:24 PM) (Source: Dhcp) (EventID: 1000) (User: )
    Description: Your computer has lost the lease to its IP address 192.168.100.11 on the
    Network Card with network address 0050BA239280.

    Error: (09/13/2016 12:39:02 PM) (Source: Dhcp) (EventID: 1002) (User: )
    Description: The IP address lease 24.72.64.213 for the Network Card with network address 0050BA239280 has been
    denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

    Error: (09/08/2016 02:15:12 AM) (Source: 0) (EventID: 55) (User: )
    Description: Event-ID 55

    Error: (08/10/2016 07:18:27 AM) (Source: 0) (EventID: 1) (User: )
    Description: Event-ID 1

    Error: (07/31/2016 03:01:39 PM) (Source: Dhcp) (EventID: 1000) (User: )
    Description: Your computer has lost the lease to its IP address 192.168.100.11 on the
    Network Card with network address 0050BA239280.

    Error: (07/31/2016 03:00:54 PM) (Source: Dhcp) (EventID: 1002) (User: )
    Description: The IP address lease 24.72.64.213 for the Network Card with network address 0050BA239280 has been
    denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

    Error: (07/25/2016 09:14:10 PM) (Source: 0) (EventID: 1) (User: )
    Description: Event-ID 1

    Error: (07/15/2016 03:10:06 PM) (Source: 0) (EventID: 1) (User: )
    Description: Event-ID 1

    Error: (06/15/2016 10:27:40 AM) (Source: Dhcp) (EventID: 1000) (User: )
    Description: Your computer has lost the lease to its IP address 192.168.100.11 on the
    Network Card with network address 0050BA239280.

    Error: (06/15/2016 10:26:34 AM) (Source: Dhcp) (EventID: 1002) (User: )
    Description: The IP address lease 24.72.64.213 for the Network Card with network address 0050BA239280 has been
    denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).


    ==================== Memory info ===========================

    Processor: Intel(R) Celeron(R) CPU 2.53GHz
    Percentage of memory in use: 86%
    Total physical RAM: 1021.98 MB
    Available physical RAM: 134.28 MB
    Total Virtual: 2464.09 MB
    Available Virtual: 1355.09 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:74.54 GB) (Free:61.81 GB) NTFS ==>[drive with boot components (Windows XP)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows XP) (Size: 74.6 GB) (Disk ID: 41172BA5)
    Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ==

  6. #5
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,173
    Points
    1307

    Default

    Next

    Please download AdwCleaner by Xplode onto your Desktop.

    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click the Scan button and wait for the process to complete.
    • Click the logfile button and the log will open in Notepad.
    • Click on the Clean button follow the prompts.
    • A log file will automatically open after the scan has finished and the PC has rebooted.
    • Please post the content of that log file with your next answer.
    • The report will be saved in the C:\AdwCleaner folder.


    Next
    Please download Junkware Removal Tool to your Desktop.
    Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
    Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete, depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    Please post the contents of JRT.txt into your reply.

    Next


    • Please download Malwarebytes Anti-Malware to your desktop.
    • Double-click mbam-setup-version.exe and follow the prompts to install the program.
    • Launch Malwarebytes Anti-Malware
    • Then click Finish.
    • If an update is found, you will be prompted to download and install the latest version.
    • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
    • When the scan is complete , make sure that that all Threats are selected, and click Remove Selected.
    • Reboot your computer if prompted.


    Posting the Malwarebytes log.

    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok

  7. The Following User Says Thank You to zep516 For This Useful Post:


  8. #6
    Member
    Join Date
    Oct 2010
    Posts
    189
    Points
    3

    Default

    Before running "clean" it said there were 35 threats.


    # AdwCleaner v6.020 - Logfile created 18/09/2016 at 08:11:27
    # Updated on 14/09/2016 by ToolsLib
    # Database : 2016-09-17.1 [Server]
    # Operating System : Microsoft Windows XP Service Pack 3 (X86)
    # Username : Administrator - XP-PERFORMANCE-
    # Running from : C:\Documents and Settings\Administrator\My Documents\Downloads\adwcleaner_6.020.exe
    # Mode: Clean
    # Support : https://toolslib.net/forum



    ***** [ Services ] *****

    [-] Service deleted: vToolbarUpdater40.3.5
    [-] Service deleted: WtuSystemSupport


    ***** [ Folders ] *****

    [-] Folder deleted: C:\Documents and Settings\All Users\Application Data\avg web tuneup
    [-] Folder deleted: C:\Program Files\avg web tuneup
    [-] Folder deleted: C:\Program Files\Common Files\AVG Secure Search


    ***** [ Files ] *****

  9. #7
    Member
    Join Date
    Oct 2010
    Posts
    189
    Points
    3

    Default

    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.7 (07.03.2016)
    Operating System: Microsoft Windows XP x86
    Ran by Administrator (Administrator) on Sun 09/18/2016 at 8:35:41.42
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 6

    Successfully deleted: C:\Documents and Settings\Administrator\Application Data\iobit\driver booster (Folder)
    Successfully deleted: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\c4poxpdk.default\searchplugins\avg-secure-search.xml (File)
    Successfully deleted: C:\WINDOWS\Tasks\Driver Booster Scheduler.job (Task)
    Successfully deleted: C:\Program Files\iobit\driver booster (Folder)
    Successfully deleted: C:\WINDOWS\prefetch\DRIVERBOOSTER.EXE-117FA5D9.pf (File)
    Successfully deleted: C:\WINDOWS\prefetch\TOOLBARUPDATER.EXE-39E55995.pf (File)



    Registry: 1

    Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sun 09/18/2016 at 8:38:10.82
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  10. #8
    Member
    Join Date
    Oct 2010
    Posts
    189
    Points
    3

    Default

    Quote Originally Posted by zep516 View Post
    [list][*]Please download Malwarebytes Anti-Malware to your desktop.[*]Double-click mbam-setup-version.exe and follow the prompts to install the program.[*]Launch Malwarebytes Anti-Malware
    [

    Done. No threats found.


    Quote Originally Posted by zep516 View Post
    [list][*]Please download Malwarebytes Anti-Malware to your desktop.[*]Double-click mbam-setup-version.exe and follow the prompts to install the program.[*]Launch Malwarebytes Anti-Malware
    [

    Done. No threats found.



    javascript: void (0) is still showing up. This is very discouraging because this is happening a lot.

    I've tried some of these solutions(before coming on this site) to correct the problem, and I'm getting lost
    because I don't know what some of the terminology is, ie, "code" and one said on firefox to go to Javascipt in
    the security section and enable javascript. When I do that, there's no "enable javascript)
    HELP!!!

    https://support.mozilla.org/en-US/questions/990123

    https://www.techwalla.com/articles/h...avascript-void
    Last edited by rjay81; 09-18-2016 at 10:50 AM.

  11. #9
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,173
    Points
    1307

    Default

    A few items to fix

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Open notepad (Start =>All Programs => Accessories => Notepad).
    Copy/Paste the contents of the code box below into Notepad.

    Code:
    start
    CloseProcesses:
    CreateRestorePoint:
    HKU\S-1-5-19\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
    HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 1
    HKU\S-1-5-19\...\Policies\Explorer: [NoRecentDocsMenu] 1
    HKU\S-1-5-19\...\Policies\Explorer: [NoRecentDocsHistory] 1
    HKU\S-1-5-19\...\Policies\Explorer: [NoSMMyPictures] 1
    HKU\S-1-5-19\...\Policies\Explorer: [NoSMConfigurePrograms] 1
    HKU\S-1-5-20\...\RunOnce: [_nltide_3] => C:\WINDOWS\system32\advpack.dll [128512 2009-03-08] (Microsoft Corporation)
    HKU\S-1-5-20\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
    HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 1
    HKU\S-1-5-20\...\Policies\Explorer: [NoRecentDocsMenu] 1
    HKU\S-1-5-20\...\Policies\Explorer: [NoRecentDocsHistory] 1
    HKU\S-1-5-20\...\Policies\Explorer: [NoSMMyPictures] 1
    HKU\S-1-5-20\...\Policies\Explorer: [NoSMConfigurePrograms] 1
    HKU\S-1-5-21-299502267-1292428093-1606980848-500\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
    HKU\S-1-5-21-299502267-1292428093-1606980848-500\...\Policies\Explorer: [NoResolveSearch] 1
    HKU\S-1-5-21-299502267-1292428093-1606980848-500\...\Policies\Explorer: [NoRecentDocsMenu] 1
    HKU\S-1-5-21-299502267-1292428093-1606980848-500\...\Policies\Explorer: [NoRecentDocsHistory] 1
    HKU\S-1-5-21-299502267-1292428093-1606980848-500\...\Policies\Explorer: [NoSMMyPictures] 1
    HKU\S-1-5-21-299502267-1292428093-1606980848-500\...\Policies\Explorer: [NoSMConfigurePrograms] 1
    HKU\S-1-5-18\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
    HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 1
    HKU\S-1-5-18\...\Policies\Explorer: [NoRecentDocsMenu] 1
    HKU\S-1-5-18\...\Policies\Explorer: [NoRecentDocsHistory] 1
    HKU\S-1-5-18\...\Policies\Explorer: [NoSMMyPictures] 1
    HKU\S-1-5-18\...\Policies\Explorer: [NoSMConfigurePrograms] 1
    HKU\S-1-5-21-299502267-1292428093-1606980848-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={5A72A740-F1B1-4779-8CCD-04DD43451206}&mid=ee13b2b0327847ccb8bbd15a666bd0b7-7356fd6db638c0889971efe96ed2afafb3b8c93a&lang=en&ds=AVG&coid=avgtbavg&cmpid=0616av&pr=fr&d=2016-06-09 01:27:15&v=4.3.5.160&pid=wtu&sg=&sap=hp
    HKU\S-1-5-21-299502267-1292428093-1606980848-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    SearchScopes: HKU\S-1-5-21-299502267-1292428093-1606980848-500 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={5A72A740-F1B1-4779-8CCD-04DD43451206}&mid=ee13b2b0327847ccb8bbd15a666bd0b7-7356fd6db638c0889971efe96ed2afafb3b8c93a&lang=en&ds=AVG&coid=avgtbavg&cmpid=0716tb&pr=fr&d=2016-06-09 01:27:15&v=4.3.5.160&pid=wtu&sg=&sap=dsp&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-299502267-1292428093-1606980848-500 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={5A72A740-F1B1-4779-8CCD-04DD43451206}&mid=ee13b2b0327847ccb8bbd15a666bd0b7-7356fd6db638c0889971efe96ed2afafb3b8c93a&lang=en&ds=AVG&coid=avgtbavg&cmpid=0716tb&pr=fr&d=2016-06-09 01:27:15&v=4.3.5.160&pid=wtu&sg=&sap=dsp&q={searchTerms}
    BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
    FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.5\\npsitesafety.dll [No File]
    U4 ClipSrv; no ImagePath
    U4 NetDDE; no ImagePath
    U4 NetDDEdsdm; no ImagePath
    U1 WS2IFSL; no ImagePath
    2016-09-14 15:32 - 2016-09-17 12:37 - 00000900 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2016-09-14 15:32 - 2016-09-17 08:35 - 00000896 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    Task: C:\WINDOWS\Tasks\Driver Booster Scheduler.job => C:\Program Files\IObit\Driver Booster\Scheduler.exe
    C:\Program Files\IObit\
    C:\Program Files\AVG Web TuneUp\
    CMD: bitsadmin /reset /allusers
    CMD: netsh winsock reset catalog
    CMD: ipconfig /flushdns
    RemoveProxy:
    hosts:
    Emptytemp:
    • Click Format and ensure Wordwrap is unchecked.
    • Save as Fixlist.txt to your C:\Documents and Settings\Administrator\My Documents\Downloads (Must be in this location)
    • Run FRST/FRST64 and press the Fix button just once and wait.
    • If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
    • The tool will make a log in C:\Documents and Settings\Administrator\My Documents\Downloads (Fixlog.txt). Please post it to your reply.


    Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

  12. The Following User Says Thank You to zep516 For This Useful Post:


  13. #10
    Member
    Join Date
    Oct 2010
    Posts
    189
    Points
    3

    Default

    Quote Originally Posted by zep516 View Post
    [*]Save as Fixlist.txt to your C:\Documents and Settings\Administrator\My Documents\Downloads (Must be in this location)[*]Run FRST/FRST64 and press the Fix button just once and wait..

    When I get to Save to C:\Documents and Settings\Administrator\My Documents\Downloads , I can type in Foxlist.txt but
    in the box beneath it it says " save as Text document " or " All Files" and I can't remove either of them to type the above in. I'm in Save in C: Local Disk.......I hope that's the right place.

Page 1 of 4 123 ... LastLast