Recent Posts

Pages: [1] 2 3 ... 10
1
It seems that I wrote about Enigma ten years ago still applies.  Still a mystery.

Webster Merriman Dictionary:

"One entry found for enigma

 Main Entry: enig·ma

Pronunciation: i-'nig-m&, e-
Function: noun
Etymology: Latin aenigma, from Greek ainigmat-, ainigma, from ainissesthai to speak in riddles, from ainos fable
1 : an obscure speech or writing
2 : something hard to understand or explain
3 : an inscrutable or mysterious person
synonym see MYSTERY"
2
Zango v Kaspersky was a very powerful win for antimalware in the United States. Surprised Enigma wasn't aware / didn't think it applied / ???
3
Windows Insider Preview Build 17046 Released to Fast & Skip Ahead Rings for PC:Announcing Windows 10 Insider Preview Build 17046 for PC - Windows Experience BlogWindows Experience Blog.
4
better to have more than one escape route than not enough my pappy always said
before passing from Agent Orange...
5
Every time the definitions are updated, several times a day.
6
Mine is 1.0.3322 I assume this can change every hour or two.
7
Actually, removing Java was a good decision -- reinstalling it, not so good. :D  The reason is that there are very few reasons why Java is needed on a personal computer. If it is on the Windows 7 computer, I encourage you to uninstall it.

Any programs that are not initially on the Windows 7 computer will need to be downloaded and installed, not transferred from XP.  This will include CCleaner, Firefox ESR (since the extensions Keith uses are "legacy" and not available with the change to extensions), IrfanView (if it is still used), Malwarebytes, SolidWorks eDrawings and, of course, antivirus software.  Note:  If you elect to continue with AVG, first check that another antivirus software isn't installed on the computer.

Microsoft Office XP Professional with FrontPage:  Obviously, this is no longer supported and I don't believe it included a program for managing email nor do I see another email program installed.  Thus, if Keith uses an online mail service, he will merely need to log on to that account from the new computer to access his email.

As I indicated last night, documents can be copied to CD/DVD or USB.  Do you know how to back up Bookmarks?  The Bookmarks can also be added to the same media as the documents.

One thing that could help in speeding up the computer while copying documents and bookmarks is to disable (or uninstall) AVG as long as the computer isn't connected to the internet.  Other than that, I don't believe there is much more that can be done for this old computer.  IMO, the sooner you move to the new PC, the better.  :)
8
I couldnt get it to enable restore points and I’m in a hurry, so I removed that one line. I just flew without a net.
You said to copy from Start to End inclusive but didn’t say where to paste it. I gathered that I should make a fixlist.txt doc on the desktop like was mentioned at the end and pasted it in there.
Also I don’t think I got it to run as admin so I ran it as User and hit the fourth button that said “Fix”.  Maybe an XP thing.
It did something that took ages.
At one point AVG alerted to frst.exe as a threat. I chose to NOT protect me and allow it as an exception.
-
After the restart, it was still sloooww. I had seen SCGeneric from 2 consecutive AVG scans a couple months ago.
Also after the restart, I double checked that AVG was updated -it was. I also just now looked at the Nov15 and the Nov20 AVG scans. Both times it saw SCGenric2.BZPJ .  It said it had healed it successfully (and yet did the same thing 5 days later). It opens a SCGeneric web page but in the program it says SCGenric2.BZPJ specifically. I dont know if that matters. It said it was EMBEDDED into JAVA Update Jusched.exe [3372]. Hmmm.
I didn't like the sounds of that so I ripped off Java. Uninstalled. JAVA icon gone in control panel. ProgFiles Common- no Java folder. ATF cleaner.  It may have been a bit better but not impressive. Anytime it takes me more than 45 minutes to open Firefox, I am not impressed. But it did open and I put Java back on. Should I run another scan ?

Oh, I removed Quicktime. I didn't see those other programs.
When I was trying to open AVG and look at the scan results again and it was ignoring me, I had it up to about 30 AVG processes at one point.  :( 
He probably won't be moving programs. Bookmarks, documents and Emails mostly I think.

Fix result of Farbar Recovery Scan Tool (x86) Version: 19-11-2017
Ran by keith (21-11-2017 22:44:08) Run:1
Running from C:\Documents and Settings\Keith.patriotplastics\Desktop
Loaded Profiles: keith (Available Profiles: Keith & Administrator & keith & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CloseProcesses:
Toolbar: HKU\S-1-5-21-799565685-2143723220-303131718-1145 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKU\S-1-5-21-799565685-2143723220-303131718-1145 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Toolbar: HKU\S-1-5-21-799565685-2143723220-303131718-1145 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
S4 IntelIde; no ImagePath
S2 LMIInfo; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [X]
S4 LMIRfsClientNP; no ImagePath
S3 NAVENG; \??\C:\Program Files\Norton Security\NortonData\22.9.1.12\Definitions\SDSDefs\20170413.007\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\Program Files\Norton Security\NortonData\22.9.1.12\Definitions\SDSDefs\20170413.007\NAVEX15.SYS [X]
U1 WS2IFSL; no ImagePath
2017-11-20 12:44 - 2017-04-13 11:48 - 000000000 ____D C:\Documents and Settings\Keith.patriotplastics\Start Menu\Programs\Norton
2017-11-20 12:44 - 2017-04-13 11:48 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Norton
2017-11-20 12:43 - 2017-04-13 11:48 - 000000930 _____ C:\Documents and Settings\Keith.patriotplastics\Desktop\Norton Installation Files.lnk
2017-11-20 11:17 - 2017-04-13 11:55 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\NortonInstaller
2017-11-16 11:15 - 2017-06-23 07:05 - 000000000 ____D C:\Program Files\Norton Security
EmptyTemp:

*****************

Processes closed successfully.
HKU\S-1-5-21-799565685-2143723220-303131718-1145\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => value removed successfully.
HKLM\Software\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => key not found.
HKU\S-1-5-21-799565685-2143723220-303131718-1145\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value removed successfully.
HKLM\Software\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => key removed successfully.
HKU\S-1-5-21-799565685-2143723220-303131718-1145\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully.
HKLM\Software\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found.
HKLM\Software\Classes\PROTOCOLS\Handler\linkscanner => key removed successfully.
HKLM\Software\Classes\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} => key not found.
HKLM\System\CurrentControlSet\Services\IntelIde => key removed successfully.
IntelIde => service removed successfully.
HKLM\System\CurrentControlSet\Services\LMIInfo => key removed successfully.
LMIInfo => service removed successfully.
HKLM\System\CurrentControlSet\Services\LMIRfsClientNP => key removed successfully.
LMIRfsClientNP => service removed successfully.
HKLM\System\CurrentControlSet\Services\NAVENG => key removed successfully.
NAVENG => service removed successfully.
HKLM\System\CurrentControlSet\Services\NAVEX15 => key removed successfully.
NAVEX15 => service removed successfully.
HKLM\System\CurrentControlSet\Services\WS2IFSL => key removed successfully.
WS2IFSL => service removed successfully.
C:\Documents and Settings\Keith.patriotplastics\Start Menu\Programs\Norton => moved successfully
C:\Documents and Settings\All Users\Application Data\Norton => moved successfully
C:\Documents and Settings\Keith.patriotplastics\Desktop\Norton Installation Files.lnk => moved successfully
C:\Documents and Settings\All Users\Application Data\NortonInstaller => moved successfully
C:\Program Files\Norton Security => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache => 1044471 B
Java, Flash, Steam htmlcache => 466601 B
Windows/system/dllcache/drivers => 928929 B
Edge => 0 B
Chrome => 0 B
Firefox => 20464167 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Documents and Settings => 0 B
Default User => 16677 B
All Users => 0 B
systemprofile => 315027491 B
LocalService => 66164 B
NetworkService => 66164 B
Keith => 65979 B
LogMeInRemoteUser => 16677 B
Administrator => 16677 B
Keith.patriotplastics => 89978064 B
administrator.patriotplastics => 65979 B

RecycleBin => 0 B
EmptyTemp: => 408.4 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 23:05:26 ====
9
When moving to the new computer, what files are being moved?  You're referring to documents and pictures that you'll copy to a CD/DVD or USB stick.  You won't be transferring any programs.  In fact, something to consider for the "new to you" Windows 7 computer -- looking at the "running processes", the program that seems to be a hog is the 12 processes by AVG.  As to the SCgeneric trojan, that false/positive was supposedly fixed by AVG in June. 

What you may want to do when you set up the new computer (or even before) is to post a fresh set of logs in a new topic just for a "quick check".  If it has programs like QuickTime (no longer supported) or Java or unnecessary toolbars, we can address that.

Running FRST "may" give you some breathing room.  It is merely set to remove left-over Norton files and some other old filesk.  One thing you should do first, however, is to enable System Restore.  FRST will then create a restore point prior to removing anything.

Please do the following to run FRST:

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Please select the entire contents of the code box below, from the "Start::" line to "End", including both lies.  Right-click and select "Copy ".
Code: [Select]
Start::
CreateRestorePoint:
CloseProcesses:
Toolbar: HKU\S-1-5-21-799565685-2143723220-303131718-1145 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKU\S-1-5-21-799565685-2143723220-303131718-1145 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-799565685-2143723220-303131718-1145 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
S4 IntelIde; no ImagePath
S2 LMIInfo; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [X]
S4 LMIRfsClientNP; no ImagePath
S3 NAVENG; \??\C:\Program Files\Norton Security\NortonData\22.9.1.12\Definitions\SDSDefs\20170413.007\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\Program Files\Norton Security\NortonData\22.9.1.12\Definitions\SDSDefs\20170413.007\NAVEX15.SYS [X]
U1 WS2IFSL; no ImagePath
2017-11-20 12:44 - 2017-04-13 11:48 - 000000000 ____D C:\Documents and Settings\Keith.patriotplastics\Start Menu\Programs\Norton
2017-11-20 12:44 - 2017-04-13 11:48 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Norton
2017-11-20 12:43 - 2017-04-13 11:48 - 000000930 _____ C:\Documents and Settings\Keith.patriotplastics\Desktop\Norton Installation Files.lnk
2017-11-20 11:17 - 2017-04-13 11:55 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\NortonInstaller
2017-11-16 11:15 - 2017-06-23 07:05 - 000000000 ____D C:\Program Files\Norton Security
EmptyTemp:
End::
  • Please right-click on FRST/FRST64 to run as administrator.  When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST/FRST64.exe
  • Please post the log in your next reply.
10
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-11-2017
Ran by keith (21-11-2017 20:32:50)
Running from C:\Documents and Settings\Keith.patriotplastics\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2009-10-19 22:55:09)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1275210071-630328440-839522115-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-1275210071-630328440-839522115-1005 - Limited - Enabled)
Guest (S-1-5-21-1275210071-630328440-839522115-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1275210071-630328440-839522115-1000 - Limited - Disabled)
Keith (S-1-5-21-1275210071-630328440-839522115-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Keith
SUPPORT_388945a0 (S-1-5-21-1275210071-630328440-839522115-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Business Edition (Enabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG AntiVirus Business Edition (Disabled) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM\...\{6D8D64BE-F500-55B6-705D-DFD08AFE0624}) (Version: 1.7.186 - Adobe Systems Incorporated) Hidden
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.7.186 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.2.8900 - Adobe Systems Inc.)
Adobe Download Manager (HKLM\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.48 - NOS Microsystems Ltd.)
Adobe Flash Player 27 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 27.0.0.187 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG (HKLM\...\{AF2F870E-DFB3-4E94-BC0C-0119609F6281}) (Version: 16.161.8039 - AVG Technologies) Hidden
AVG 2016 (HKLM\...\{43A28682-68D0-43A2-906A-126B40B1FFA7}) (Version: 16.0.4782 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 16.161.8039 - AVG Technologies)
Broadcom Gigabit Integrated Controller (HKLM\...\{7E369B27-13E2-41A5-9879-358EE1C8B5AD}) (Version: 9.02.06 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.35 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
Dell Resource CD (HKLM\...\{FCD9CD52-7222-4672-94A0-A722BA702FD0}) (Version: 1.00.0000 - Dell Inc.)
FMW 1 (HKLM\...\{A2B92392-DC17-416B-88F6-A6A55E053E32}) (Version: 1.143.3 - AVG Technologies) Hidden
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Java 8 Update 151 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office XP Professional with FrontPage (HKLM\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 52.5.0 ESR (x86 en-US) (HKLM\...\Mozilla Firefox 52.5.0 ESR (x86 en-US)) (Version: 52.5.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.5.0.6520 - Mozilla)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
QuickTime (HKLM\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.4820.0 - SigmaTel)
SolidWorks eDrawings 2010 (HKLM\...\{10CF8B73-4BF5-4565-8F79-BD56600E4E09}) (Version: 10.0.727 - Dassault Systèmes SolidWorks Corp.)
SolidWorks eDrawings 2012 (HKLM\...\{AA70C64F-28D6-4014-8AB0-0C61ECFC7313}) (Version: 12.3.113 - Dassault Systèmes SolidWorks Corp.)
TeamViewer 10 (HKLM\...\TeamViewer) (Version: 10.0.45862 - TeamViewer)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [AVG Shell Extension] -> {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} => C:\Program Files\AVG\Av\avgse.dll [2017-09-08] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes Anti-Malware Free\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers5: [00nView] -> {1E9B04FB-F9E5-4718-997B-B8DA88302A48} => C:\WINDOWS\system32\nvshell.dll [2006-10-03] ()
ContextMenuHandlers5: [NvCplDesktopContext] -> {A70C977A-BF00-412C-90B7-034C51DA2439} => C:\WINDOWS\system32\nvcpl.dll [2006-10-03] (NVIDIA Corporation)
ContextMenuHandlers6: [AVG Shell Extension] -> {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} => C:\Program Files\AVG\Av\avgse.dll [2017-09-08] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes Anti-Malware Free\mbshlext.dll [2017-08-30] (Malwarebytes)

==================== Scheduled Tasks=============================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AVG EUpdate Task.job => C:\Program Files\AVG\SetupAVG Technologiesጏ耄0303
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Documents and Settings\Keith.patriotplastics\NetHood\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co

==================== Loaded Modules (Whitelisted) ==============

2005-01-21 13:55 - 2005-01-21 13:55 - 000094274 _____ () C:\WINDOWS\system32\HPBHealr.dll
2009-10-19 17:59 - 2006-10-03 13:07 - 000196608 _____ () C:\WINDOWS\system32\nvapi.dll
2013-01-15 07:04 - 2013-01-15 07:03 - 000945328 ____N () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe
2009-10-19 17:59 - 2006-10-03 13:07 - 000466944 _____ () C:\WINDOWS\system32\nvshell.dll
2017-05-04 14:10 - 2016-06-23 14:07 - 048920064 _____ () C:\Program Files\AVG\UiDll\2623\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-04 05:00 - 2004-08-04 05:00 - 000000734 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-799565685-2143723220-303131718-1145\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\Soap Bubbles.bmp
DNS Servers: 192.168.101.4 - 8.8.8.8
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe] => Enabled:WebKit
DomainProfile\AuthorizedApplications: [C:\Program Files\TeamViewer\TeamViewer.exe] => Enabled:Teamviewer Remote Control Application
DomainProfile\AuthorizedApplications: [C:\Program Files\TeamViewer\TeamViewer_Service.exe] => Enabled:Teamviewer Remote Control Service
DomainProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2015\avgmfapx.exe] => Enabled:AVG Installer
DomainProfile\AuthorizedApplications: [C:\Program Files\AVG\Av\avgmfapx.exe] => Enabled:AVG Installer
DomainProfile\AuthorizedApplications: [C:\Program Files\AVG\Av\avgnsx.exe] => Enabled:Online Shield
DomainProfile\AuthorizedApplications: [C:\Program Files\AVG\Av\avgwdsvcx.exe] => Enabled:AVG Remote Administration
DomainProfile\AuthorizedApplications: [C:\Program Files\AVG\Av\avgemcx.exe] => Enabled:Personal Email Scanner
DomainProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG9\avgam.exe] => Enabled:avgam.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG9\avgdiagex.exe] => Enabled:avgdiagex.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG9\avgemc.exe] => Enabled:avgemc.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG9\avgupd.exe] => Enabled:avgupd.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG9\avgnsx.exe] => Enabled:avgnsx.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2012\avgnsx.exe] => Enabled:Online Shield
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2012\avgdiagex.exe] => Enabled:AVG Diagnostics 2012
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2012\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2012\avgemcx.exe] => Enabled:Personal E-mail Scanner
DomainProfile\GloballyOpenPorts: [5985:TCP] => Disabled:Windows Remote Management
DomainProfile\GloballyOpenPorts: [80:TCP] => Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/21/2017 06:42:41 PM) (Source: Userenv) (EventID: 1053) (User: NT AUTHORITY)
Description: Windows cannot determine the user or computer name. (The RPC server is unavailable. ). Group Policy processing aborted.

Error: (11/21/2017 06:38:46 PM) (Source: Userenv) (EventID: 1053) (User: NT AUTHORITY)
Description: Windows cannot determine the user or computer name. (The RPC server is unavailable. ). Group Policy processing aborted.

Error: (11/21/2017 04:52:49 PM) (Source: Userenv) (EventID: 1053) (User: NT AUTHORITY)
Description: Windows cannot determine the user or computer name. (The RPC server is unavailable. ). Group Policy processing aborted.

Error: (11/21/2017 04:39:14 PM) (Source: Userenv) (EventID: 1053) (User: NT AUTHORITY)
Description: Windows cannot determine the user or computer name. (The RPC server is unavailable. ). Group Policy processing aborted.

Error: (11/21/2017 03:12:57 PM) (Source: Userenv) (EventID: 1053) (User: NT AUTHORITY)
Description: Windows cannot determine the user or computer name. (The RPC server is unavailable. ). Group Policy processing aborted.

Error: (11/21/2017 03:07:48 PM) (Source: Userenv) (EventID: 1053) (User: NT AUTHORITY)
Description: Windows cannot determine the user or computer name. (The RPC server is unavailable. ). Group Policy processing aborted.

Error: (11/21/2017 02:21:52 PM) (Source: AutoEnrollment) (EventID: 15) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007003a).  The specified server cannot perform the requested operation.
  Enrollment will not be performed.

Error: (11/21/2017 01:30:05 PM) (Source: Userenv) (EventID: 1053) (User: NT AUTHORITY)
Description: Windows cannot determine the user or computer name. (The RPC server is unavailable. ). Group Policy processing aborted.

Error: (11/21/2017 01:19:21 PM) (Source: Userenv) (EventID: 1053) (User: NT AUTHORITY)
Description: Windows cannot determine the user or computer name. (The RPC server is unavailable. ). Group Policy processing aborted.

Error: (11/21/2017 12:29:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application firefox.exe, version 52.5.0.6520, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (11/21/2017 07:44:01 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
Access is denied.

Error: (11/21/2017 07:44:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
The system cannot find the path specified.

Error: (11/21/2017 07:44:00 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
Access is denied.

Error: (11/21/2017 09:49:03 AM) (Source: DCOM) (EventID: 10000) (User: patriotplastics)
Description: Unable to start a DCOM Server: {FB7199AB-79BF-11D2-8D94-0000F875C541}.
The error:
"%%2 = The system cannot find the file specified."
Happened while starting this command:
C:\Program Files\Messenger\msmsgs.exe -Embedding

Error: (11/21/2017 08:37:54 AM) (Source: DCOM) (EventID: 10000) (User: patriotplastics)
Description: Unable to start a DCOM Server: {FB7199AB-79BF-11D2-8D94-0000F875C541}.
The error:
"%%2 = The system cannot find the file specified."
Happened while starting this command:
C:\Program Files\Messenger\msmsgs.exe -Embedding

Error: (11/21/2017 08:13:20 AM) (Source: DCOM) (EventID: 10000) (User: patriotplastics)
Description: Unable to start a DCOM Server: {FB7199AB-79BF-11D2-8D94-0000F875C541}.
The error:
"%%2 = The system cannot find the file specified."
Happened while starting this command:
C:\Program Files\Messenger\msmsgs.exe -Embedding

Error: (11/21/2017 06:21:19 AM) (Source: W32Time) (EventID: 29) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Error: (11/21/2017 06:21:04 AM) (Source: W32Time) (EventID: 29) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Error: (11/21/2017 06:21:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
The system cannot find the path specified.

Error: (11/21/2017 06:21:02 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
Access is denied.


==================== Memory info ===========================

Processor: AMD Athlon(tm) 64 Processor 3800+
Percentage of memory in use: 70%
Total physical RAM: 958.36 MB
Available physical RAM: 281.16 MB
Total Virtual: 2313.89 MB
Available Virtual: 1579.34 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.46 GB) (Free:29.61 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive h: () (Network) (Total:33.91 GB) (Free:1.71 GB)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: 41AB2316)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
Pages: [1] 2 3 ... 10