• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
    • Budfred

      PLEASE READ - Reversing upgrade   02/23/2017

      We have found that this new upgrade is somewhat of a disaster.  We are finding lots of glitches in being able to post and administer the forum.  Additionally, there are new costs associated with the upgrade that we simply cannot afford.  As a result, we have decided to reverse course and go back to the previous version of our software.  Since this will involve restoring it from a backup, we will lose posts that have been added since January 30 or possibly even some before that.    If you started a topic during that time, we urge you to make backups of your posts and you will need to start the topics over again after the change.  You can simply paste the copies of your posts that you created at that point.    If you joined the forum this month, you will need to re-register since your membership will be lost along with the posts.  Since you have a concealed password, we cannot simply restore your membership for you.   We are going to backup as much as we can so that it will reduce inconvenience for our members.  Unfortunately we cannot back everything up since much will be incompatible with the old version of our software.  We apologize for the confusion and regret the need to do this even though it is not viable to continue with this version of the software.   We plan to begin the process tomorrow evening and, if it goes smoothly, we shouldn't be offline for very long.  However, since we have not done this before, we are not sure how smoothly it will go.  We ask your patience as we proceed.   EDIT: I have asked our hosting service to do the restore at 9 PM Central time and it looks like it will go forward at that time.  Please prepare whatever you need to prepare so that we can restore your topics when the forum is stable again.

dburkhead

Full Member
  • Content count

    93
  • Joined

  • Last visited

About dburkhead

  • Rank
    Member
  • Birthday
  1. Actually, the problem with Facebook seems to have cleared itself up. That just leaves us with the problem with PowerPoint that something along the way appears to have broken. I have tried other Office apps (Office 2000 to be exact)--Word, Excel, and Front Page with no problems. It occurs to me that I have an add-in to PowerPoint, "Image Importer Wizard." And checking that shows that it's not working. This is very bad as that's an important part of what we do here. (We do analytical reports that generally have a lot of figures--we import them into PowerPoint to provide a convenient "container" for presentation to customers.) Perhaps reinstalling Image Import Wizard? (Although the failure to register OLEAUT32.DLL concerns me.)
  2. Oh, and to be clear, I am running in Windows XP and the specific "run as administrator" does not appear as an option.
  3. Same result. Note that the login account is the only account on this computer. I do a "run as" and unclick the "protect my computer from unauthorized..." in case that is the problem but still same result.
  4. Attempted to run "regsvr 32 OLEAUT32.dll" and get the following error: DLLRegisterServer in OLEAUT32.dll failed. Return code was 0x80070005 To be clear, I was running in an account with Administrator privileges. Indeed, it is the sole account on this computer. Search.txt: Farbar Recovery Scan Tool (x86) Version: 05-07-2015 Ran by user at 2015-07-10 09:21:25 Running from C:\Documents and Settings\user\Desktop Boot Mode: Normal ================== Search Files: "OLEAUT32.DLL" ============= C:\WINDOWS\system32\oleaut32.dll [2008-04-25 12:16][2013-01-25 23:55] 0552448 ____N (Microsoft Corporation) eff03460e542eea6b0abdec6bf19c897 [File is signed] C:\WINDOWS\system32\dllcache\oleaut32.dll [2008-04-25 12:16][2013-01-25 23:55] 0552448 ___AC (Microsoft Corporation) eff03460e542eea6b0abdec6bf19c897 [File is signed] C:\WINDOWS\LastGood\system32\OLEAUT32.DLL [2015-07-09 13:49][2013-01-25 23:55] 0552448 ____N (Microsoft Corporation) eff03460e542eea6b0abdec6bf19c897 [File is signed] C:\WINDOWS\$NtUninstallKB2802968$\oleaut32.dll [2013-02-13 04:06][2010-12-20 13:32] 0551936 ____C (Microsoft Corporation) 1b2be5777f69a71778f52ffee1c798d6 [File is signed] C:\WINDOWS\$NtUninstallKB2476490$\oleaut32.dll [2011-06-16 10:50][2008-04-14 08:00] 0551936 ____C (Microsoft Corporation) 387006cf9983000bab76dd250d424045 [File is signed] C:\WINDOWS\$hf_mig$\KB2802968\SP3QFE\oleaut32.dll [2013-01-25 23:55][2013-01-25 23:55] 0552448 ____A (Microsoft Corporation) 6874d2a757f06dc1d8b3c80a47755013 [File is signed] C:\WINDOWS\$hf_mig$\KB2476490\SP3QFE\oleaut32.dll [2010-12-20 13:30][2010-12-20 13:30] 0552448 ____A (Microsoft Corporation) 37fef4e75c47afdb6a7ef3294994504f [File is signed] C:\VCI\FORMONE5\Redist32\OLEAUT32.DLL [2009-08-31 12:10][1997-05-19 09:08] 0492304 ____N (Microsoft Corporation) 6976dbbe4c97571c86d4aa19b10b1296 C:\source\Disk1\WinNT40\Oleaut32.dll [2009-08-31 16:21][2001-01-11 15:46] 0598288 ____N (Microsoft Corporation) 0d303488cce054204c323c37657afa34 C:\source\Disk1\Win95-98\Oleaut32.dll [2009-08-31 16:21][2001-01-11 15:45] 0598288 ____N (Microsoft Corporation) 0d303488cce054204c323c37657afa34 C:\Program Files\Microsoft Visual Studio\VB98\Wizards\PDWizard\Redist\OLEAUT32.DLL [2000-04-12 00:00][2000-04-12 00:00] 0598288 ____N (Microsoft Corporation) 7b156d230278b8c914ef3f4169fec1cc C:\Program Files\InstallShield\InstallShield 5.5 Professional Edition\TemplateData\Visual Basic Template Data\Automation Self-reg Shared Files 0009\oleaut32.dll [2009-08-31 17:03][1998-08-07 07:55] 0492304 ____N (Microsoft Corporation) 6976dbbe4c97571c86d4aa19b10b1296 C:\Program Files\InstallShield\InstallShield 5.5 Professional Edition\TemplateData\PowerBuilder Template Data\Automation Self-reg Shared Files 0009\oleaut32.dll [2009-08-31 17:03][1998-08-24 17:39] 0492304 ____N (Microsoft Corporation) 6976dbbe4c97571c86d4aa19b10b1296 C:\Program Files\InstallShield\InstallShield 5.5 Professional Edition\TemplateData\OLE DB Template Data\Automation Self-reg Shared Files 0009\oleaut32.dll [2009-08-31 17:03][1998-07-08 15:32] 0492304 ____N (Microsoft Corporation) 6976dbbe4c97571c86d4aa19b10b1296 C:\Program Files\InstallShield\InstallShield 5.5 Professional Edition\TemplateData\ODBC-DAO-RDO Template Data\Automation Self-reg Shared Files 0009\oleaut32.dll [2009-08-31 17:03][1998-06-30 14:17] 0492304 ____N (Microsoft Corporation) 6976dbbe4c97571c86d4aa19b10b1296 C:\Program Files\InstallShield\InstallShield 5.5 Professional Edition\TemplateData\ADO Template Data\Automation Self-reg Shared Files 0009\oleaut32.dll [2009-08-31 17:02][1998-07-06 11:53] 0492304 ____N (Microsoft Corporation) 6976dbbe4c97571c86d4aa19b10b1296 C:\Program Files\InstallShield\InstallShield 5.5 Professional Edition\TemplateData\Access Template Data\Automation Self-reg Shared Files 0009\oleaut32.dll [2009-08-31 17:02][1998-07-28 13:57] 0492304 ____N (Microsoft Corporation) 6976dbbe4c97571c86d4aa19b10b1296 C:\NSToolBox\Matrox\ActiveMIL\System\oleaut32.dll [2009-08-31 16:02][1999-11-18 12:04] 0598288 ____N (Microsoft Corporation) 0d303488cce054204c323c37657afa34 C:\My Installations\OLD\DTP Explorer\Media\CD Rom\Disk Images\Disk1\OleAut32.dll [2011-06-24 15:37][1999-08-31 17:55] 0598288 ____N (Microsoft Corporation) 0d303488cce054204c323c37657afa34 C:\My Installations\OLD\DiscTrack Plus II\Media\CD Install\Disk Images\Disk1\WinNT40\Oleaut32.dll [2011-06-24 15:38][1999-08-31 17:55] 0598288 ____N (Microsoft Corporation) 0d303488cce054204c323c37657afa34 C:\My Installations\OLD\DiscTrack Plus II\Media\CD Install\Disk Images\Disk1\Win95-98\Oleaut32.dll [2011-06-24 15:39][1999-08-31 17:55] 0598288 ____N (Microsoft Corporation) 0d303488cce054204c323c37657afa34 C:\My Installations\OLD\DiscTrack Plus Demo\Media\CD Install\Disk Images\Disk1\WinNT40\Oleaut32.dll [2011-06-24 15:39][1998-10-15 13:04] 0598288 ____N (Microsoft Corporation) 8afb4c39ad28cf287b6c2a65003c2f97 C:\My Installations\OLD\DiscTrack Plus Demo\Media\CD Install\Disk Images\Disk1\Win95-98\Oleaut32.dll [2011-06-24 15:40][1999-03-24 13:33] 0598288 ____N (Microsoft Corporation) 38461ada35229a5bcb53a33e516030d6 C:\My Installations\OLD\DiscTrack Plus 2000 USB\Media\CD Install\Disk Images\Disk1\WinNT40\Oleaut32.dll [2011-06-24 15:41][1999-08-31 17:55] 0598288 ____N (Microsoft Corporation) 0d303488cce054204c323c37657afa34 C:\My Installations\OLD\DiscTrack Plus 2000 USB\Media\CD Install\Disk Images\Disk1\Win95-98\Oleaut32.dll [2011-06-24 15:41][1999-08-31 17:55] 0598288 ____N (Microsoft Corporation) 0d303488cce054204c323c37657afa34 C:\My Installations\OLD\DiscTrack Plus 2000 IV\Media\CD Install\Disk Images\Disk1\WinNT40\OLEAUT32.DLL [2011-06-24 15:42][2000-01-05 16:10] 0614672 ____N (Microsoft Corporation) 677186db46b08c9481f6c60a00baefc5 C:\My Installations\OLD\DiscTrack Plus 2000 IV\Media\CD Install\Disk Images\Disk1\Win95-98\Oleaut32.dll [2011-06-24 15:43][1999-08-31 17:55] 0598288 ____N (Microsoft Corporation) 0d303488cce054204c323c37657afa34 C:\My Installations\OLD\DiscTrack Plus 2000 III\Media\CD Install\Disk Images\Disk1\WinNT40\OLEAUT32.DLL [2011-06-24 15:44][2000-01-05 16:10] 0614672 ____N (Microsoft Corporation) 677186db46b08c9481f6c60a00baefc5 C:\My Installations\OLD\DiscTrack Plus 2000 III\Media\CD Install\Disk Images\Disk1\Win95-98\Oleaut32.dll [2011-06-24 15:44][1999-08-31 17:55] 0598288 ____N (Microsoft Corporation) 0d303488cce054204c323c37657afa34 C:\My Installations\OLD\DiscTrack Plus 2000 II\Media\CD\Disk Images\Disk1\WinNT40\Oleaut32.dll [2011-06-24 15:45][1999-08-31 17:55] 0598288 ____N (Microsoft Corporation) 0d303488cce054204c323c37657afa34 C:\My Installations\OLD\DiscTrack Plus 2000 II\Media\CD\Disk Images\Disk1\Win95-98\Oleaut32.dll [2011-06-24 15:46][1999-08-31 17:55] 0598288 ____N (Microsoft Corporation) 0d303488cce054204c323c37657afa34 C:\My Installations\OLD\DiscTrack Plus 2000\Media\CD Rom\Disk Images\Disk1\WinNT40\Oleaut32.dll [2011-06-24 15:47][1999-08-31 17:55] 0598288 ____N (Microsoft Corporation) 0d303488cce054204c323c37657afa34 C:\My Installations\OLD\DiscTrack Plus 2000\Media\CD Rom\Disk Images\Disk1\Win95-98\Oleaut32.dll [2011-06-24 15:47][1999-08-31 17:55] 0598288 ____N (Microsoft Corporation) 0d303488cce054204c323c37657afa34 C:\My Installations\OLD\DiscTrack Plus\Media\CD Install\Disk Images\disk1\Shared\Oleaut32.dll [2011-06-24 15:48][1998-06-02 19:24] 0598288 ____N () 44bf5f06b3fa6e1943e5350b57f8b393 C:\My Installations\OLD\DiscTrack Demo\Media\CD Install\Disk Images\disk1\Shared\Oleaut32.dll [2011-06-24 15:49][1998-06-02 19:24] 0598288 ____N () dc6eb29b3673566932cc7e57ae2b6d3b C:\My Installations\MagneTrack II\Media\CD Install\Disk Images\Disk1\WinNT40\OLEAUT32.DLL [2011-06-24 15:32][2000-01-05 16:10] 0614672 ____N (Microsoft Corporation) 677186db46b08c9481f6c60a00baefc5 C:\My Installations\MagneTrack II\Media\CD Install\Disk Images\Disk1\Win95-98\Oleaut32.dll [2011-06-24 15:32][1999-08-31 17:55] 0598288 ____N (Microsoft Corporation) 0d303488cce054204c323c37657afa34 C:\My Installations\DTP_AIP II-1\Media\DC Media\Disk Images\Disk1\WinNT40\OLEAUT32.DLL [2011-06-24 16:05][2000-01-05 15:10] 0614672 ____N (Microsoft Corporation) 677186db46b08c9481f6c60a00baefc5 C:\My Installations\DTP_AIP II-1\Media\DC Media\Disk Images\Disk1\Win95-98\Oleaut32.dll [2011-06-24 16:05][1999-08-31 16:55] 0598288 ____N (Microsoft Corporation) 0d303488cce054204c323c37657afa34 C:\My Installations\DTP_AIP II\Media\CD Install\Disk Images\Disk1\WinNT40\OLEAUT32.DLL [2011-06-24 15:36][2000-01-05 15:10] 0614672 ____N (Microsoft Corporation) 677186db46b08c9481f6c60a00baefc5 C:\My Installations\DTP_AIP II\Media\CD Install\Disk Images\Disk1\Win95-98\Oleaut32.dll [2011-06-24 15:36][1999-08-31 16:55] 0598288 ____N (Microsoft Corporation) 0d303488cce054204c323c37657afa34 C:\My Installations\DTP_AIP\Media\CD Install\Disk Images\Disk1\WinNT40\OLEAUT32.DLL [2011-06-24 15:30][2000-01-05 16:10] 0614672 ____N (Microsoft Corporation) 677186db46b08c9481f6c60a00baefc5 C:\My Installations\DTP_AIP\Media\CD Install\Disk Images\Disk1\Win95-98\Oleaut32.dll [2011-06-24 15:31][1999-08-31 17:55] 0598288 ____N (Microsoft Corporation) 0d303488cce054204c323c37657afa34 C:\My Installations\DTP II-1\Media\CD Media\Disk Images\Disk1\WinNT40\OLEAUT32.DLL [2011-06-24 15:50][2000-01-05 16:10] 0614672 ____N (Microsoft Corporation) 677186db46b08c9481f6c60a00baefc5 C:\My Installations\DTP II-1\Media\CD Media\Disk Images\Disk1\Win95-98\Oleaut32.dll [2011-06-24 15:51][1999-08-31 17:55] 0598288 ____N (Microsoft Corporation) 0d303488cce054204c323c37657afa34 C:\My Installations\DTP\Media\CD Install\Disk Images\Disk1\WinNT40\OLEAUT32.DLL [2011-06-24 15:52][2000-01-05 15:10] 0614672 ____N (Microsoft Corporation) 677186db46b08c9481f6c60a00baefc5 C:\My Installations\DTP\Media\CD Install\Disk Images\Disk1\Win95-98\Oleaut32.dll [2011-06-24 15:52][1999-08-31 16:55] 0598288 ____N (Microsoft Corporation) 0d303488cce054204c323c37657afa34 C:\My Installations\DiscTrack Plus with AIP\Media\CD Media\Disk Images\Disk1\WinNT40\OLEAUT32.DLL [2011-06-24 15:54][2000-01-05 15:10] 0614672 ____N (Microsoft Corporation) 677186db46b08c9481f6c60a00baefc5 C:\My Installations\DiscTrack Plus with AIP\Media\CD Media\Disk Images\Disk1\Win95-98\Oleaut32.dll [2011-06-24 15:54][1999-08-31 16:55] 0598288 ____N (Microsoft Corporation) 0d303488cce054204c323c37657afa34 C:\My Installations\AIP\Media\CD Install\Disk Images\Disk1\WinNT40\OLEAUT32.DLL [2011-06-24 15:56][2000-01-05 15:10] 0614672 ____N (Microsoft Corporation) 677186db46b08c9481f6c60a00baefc5 C:\My Installations\AIP\Media\CD Install\Disk Images\Disk1\Win95-98\Oleaut32.dll [2011-06-24 15:56][1999-08-31 16:55] 0598288 ____N (Microsoft Corporation) 0d303488cce054204c323c37657afa34 ====== End of Search ======
  5. My last reply was the result of attempting to download and reinstall the VB6 run time redistribution pack.
  6. Got this: Error registering the OCX C:\WINDOWS\System32\OLEAUT32.DLL And the same result when I tried to open PowerPoint.
  7. An additional issue. I started Microsoft PowerPoint (work goes on even with the computer problem) and got a sequence of errors "Microsoft Visual Basic Component not correctly registered". Got a bunch of those, then a "could not load an object because it is not available on this machine. Then Powerpoint finally opens but when I close it there are a bunch more of the "Component not correctly registered" behind it.
  8. Fixlog.txt: Fix result of Farbar Recovery Scan Tool (x86) Version: 05-07-2015 Ran by user at 2015-07-09 09:16:48 Run:2 Running from C:\Documents and Settings\user\Desktop Loaded Profiles: user (Available Profiles: user & Administrator) Boot Mode: Normal ============================================== fixlist content: ***************** start CreateRestorePoint: EmptyTemp: CloseProcesses: HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-1081035915-1334999037-3880933879-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll No File BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll No File BHO: MSN Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll No File BHO: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files\Windows Live\Toolbar\wltcore.dll No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll No File CHR Extension: (Avast SafePrice) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2014-11-09] CHR Extension: (Avast Online Security) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-05-02] CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-06] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-21] S3 catchme; \??\C:\DOCUME~1\user\LOCALS~1\Temp\catchme.sys [X] S0 cccllq; System32\drivers\qvilowj.sys [X] S3 Diag69xp; System32\Drivers\Diag69xp.sys [X] S2 Sentinel; \SystemRoot\System32\Drivers\SENTINEL.SYS [X] U2 V2iMount; No ImagePath End ***************** Restore point was successfully created. Processes closed successfully. HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. HKU\S-1-5-21-1081035915-1334999037-3880933879-1005\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} => key not found. HKCR\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => key not found. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} => key not found. HKCR\CLSID\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} => key not found. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\BHO: Windows => key not found. HKCR\CLSID\BHO: Windows => key not found. Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll No File => Error: No automatic fix found for this entry. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} => key not found. HKCR\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} => key not found. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} => key not found. HKCR\CLSID\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} => key not found. "HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0" => key removed successfully. C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => moved successfully. C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki => moved successfully. CHR HKLM\...\Chrome\Extension: => Error: No automatic fix found for this entry. [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-06] => Error: No automatic fix found for this entry. "HKLM\SOFTWARE\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => key removed successfully. Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Scheduled to move on reboot. catchme => Service removed successfully. cccllq => Service removed successfully. Diag69xp => Service removed successfully. Sentinel => Service removed successfully. V2iMount => Service removed successfully. EmptyTemp: => 387.3 MB temporary data Removed. Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-07-09 09:19:45)<= "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Could not move ==== End of Fixlog 09:19:46 ==== Zoek-results.txt: Zoek.exe v5.0.0.0 Updated 04-May-2015 Tool run by user on Thu 07/09/2015 at 9:26:05.62. Running in: Normal Mode Internet Access Detected Launched: C:\Documents and Settings\user\Desktop\zoek.exe [scan all users] [script inserted] ==== Older Logs ====================== C:\zoek-results2015-07-08-211829.log 14594 bytes ==== System Restore Info ====================== ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Batch Command(s) Run By Tool====================== ==== Firefox Start and Search pages ====================== ProfilePath: C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\u0flkzf4.default user_pref("backup.old.browser.startup.homepage", " ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Home_Page"="http://www.dell.com" "Help_Page"="http://support.dell.com/support/index.aspx?c=us&l=en&s=gen" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Home_Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Help_Page"="http://go.microsoft.com/fwlink/?LinkId=69157" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" ==== Empty IE Cache ====================== C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\71UHBQPP will be deleted at reboot C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IHPCWNXQ will be deleted at reboot C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\U97N8S3A will be deleted at reboot C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Z6WHXXKK will be deleted at reboot C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\u0flkzf4.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=285 folders=35 4326150 bytes) ==== Empty Temp Folders ====================== C:\Documents and Settings\Administrator\Local Settings\temp emptied successfully C:\Documents and Settings\Default User\Local Settings\Temp emptied successfully C:\Documents and Settings\LocalService\Local Settings\temp emptied successfully C:\Documents and Settings\NetworkService\Local Settings\temp will be emptied at reboot C:\Documents and Settings\user\Local Settings\Temp will be emptied at reboot C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\DOCUME~1\user\LOCALS~1\Temp successfully emptied ==== Deleting Files / Folders ====================== "C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted "C:\Documents and Settings\NetworkService\Local Settings\temp\Perflib_Perfdata_25c.dat" not found "C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\71UHBQPP" not deleted "C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IHPCWNXQ" not deleted "C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\U97N8S3A" not deleted "C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Z6WHXXKK" not deleted ==== EOF on Thu 07/09/2015 at 9:48:15.00 ====================== Firefox reset and cache cleared. And still getting the same result. Try to log onto Facebook and get the following: Your Computer Needs to Be Cleaned It looks like your computer is being affected by malware. We’ll help you fix the problem to keep your account secure and prevent malware from spreading to friends. Malware is software that tries to steal personal information and causes problems when you use Facebook. Clicking or sharing links that contain spam can give your computer malware. Followed by a button to "get started" which I have left strictly alone.
  9. After running those I get the same issue. ADWCleaner log: # AdwCleaner v4.207 - Logfile created 08/07/2015 at 09:20:19 # Updated 21/06/2015 by Xplode # Database : 2015-07-05.2 [server] # Operating system : Microsoft Windows XP Service Pack 3 (x86) # Username : user - ASM17 # Running from : C:\Documents and Settings\user\Desktop\adwcleaner_4.207.exe # Option : Cleaning ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Program Files\Common Files\Viewpoint ***** [ Scheduled tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{090ACFA1-1580-11D1-8AC0-00C0F00910F9} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B4E90801-B83C-11D0-8B40-00C0F00AE35A} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21FA44EF-376D-4D53-9B0F-8A89D3229068} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{21FA44EF-376D-4D53-9B0F-8A89D3229068}] Key Deleted : HKU\.DEFAULT\Software\Viewpoint Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\93BAD29AC2E44034A96BCB446EB8552E Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E ***** [ Web browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 -\\ Mozilla Firefox v39.0 (x86 en-US) -\\ Google Chrome v43.0.2357.132 [C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms} [C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms} ************************* AdwCleaner[R0].txt - [11889 bytes] - [23/09/2013 14:33:08] AdwCleaner[R1].txt - [2159 bytes] - [08/07/2015 09:18:20] AdwCleaner[s0].txt - [11921 bytes] - [23/09/2013 14:33:43] AdwCleaner[s1].txt - [2108 bytes] - [08/07/2015 09:20:19] ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [2167 bytes] ########## Frst.txt: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-07-2015 Ran by user (administrator) on ASM17 on 08-07-2015 09:31:07 Running from C:\Documents and Settings\user\Desktop Loaded Profiles: user (Available Profiles: user & Administrator) Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States) Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\WINDOWS\system32\netdde.exe (CMS Products™, Inc.) C:\Program Files\CMS Products\BounceBack Express\BBWatcherService.exe (Symantec Corporation) C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe (Microsoft Corporation) C:\WINDOWS\system32\inetsrv\inetinfo.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Symantec Corporation) C:\Program Files\Norton Ghost\Agent\VProSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Symantec) C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE (CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (Symantec Corporation) C:\Program Files\Norton Ghost\Agent\VProTray.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Symantec Corporation) C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe (Realtek) C:\Program Files\Realtek\Diagnostics Utility\8169Diag.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMeeting\1767\g2mstart.exe (Insight Software Solutions) C:\Program Files\Keyboard Express 3\keyexp.exe (Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMeeting\1767\g2mcomm.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office\1033\MSOFFICE.EXE () C:\Program Files\ACT\SideACT.exe (WinZip Computing, Inc.) C:\Program Files\WinZip\WZQKPICK.EXE (Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMeeting\1767\g2mlauncher.exe (Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe () C:\Program Files\CMS Products\BounceBack Express\BBLauncher.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16806912 2008-08-18] (Realtek Semiconductor Corp.) HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128232 2009-02-04] (CyberLink Corp.) HKLM\...\Run: [Norton Ghost 15.0] => C:\Program Files\Norton Ghost\Agent\VProTray.exe [2596712 2009-10-01] (Symantec Corporation) HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2006-01-12] (Nero AG) HKLM\...\Run: [Microsoft Default Manager] => C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [233304 2009-02-03] (Microsoft Corp.) HKLM\...\Run: [iAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2008-12-04] (Intel Corporation) HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-08-13] (Google) HKLM\...\Run: [GhostStartTrayApp] => C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe [94208 2003-12-17] (Symantec Corporation) HKLM\...\Run: [dscactivate] => C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [16384 2008-03-11] ( ) HKLM\...\Run: [ATICCC] => C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [90112 2006-09-25] () HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [8169Diag] => C:\Program Files\Realtek\Diagnostics Utility\8169Diag.exe [909312 2008-02-26] (Realtek) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-21] (Avast Software s.r.o.) Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2008-07-21] (ATI Technologies Inc.) HKLM\...\Policies\Explorer: [NoCDBurning] 0 HKU\S-1-5-21-1081035915-1334999037-3880933879-1005\...\Run: [GoToMeeting] => C:\Program Files\Citrix\GoToMeeting\1767\g2mstart.exe [40304 2014-09-26] (Citrix Online, a division of Citrix Systems, Inc.) HKU\S-1-5-21-1081035915-1334999037-3880933879-1005\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssbezier.scr [19968 2008-04-14] (Microsoft Corporation) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Keyboard Express 3.lnk [2013-09-25] ShortcutTarget: Keyboard Express 3.lnk -> C:\Program Files\Keyboard Express 3\keyexp.exe (Insight Software Solutions) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk [2014-08-05] ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to announce.lnk [2013-09-25] ShortcutTarget: Shortcut to announce.lnk -> C:\announce.txt () Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SideACT!.lnk [2013-09-25] ShortcutTarget: SideACT!.lnk -> C:\Program Files\ACT\SideACT.exe () Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk [2013-09-25] ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.) Startup: C:\Documents and Settings\user\Start Menu\Programs\Startup\BounceBack Launcher.lnk [2013-09-25] ShortcutTarget: BounceBack Launcher.lnk -> C:\Program Files\CMS Products\BounceBack Express\BBStartup.exe () Startup: C:\Documents and Settings\user\Start Menu\Programs\Startup\Mozilla Thunderbird.lnk [2013-09-25] ShortcutTarget: Mozilla Thunderbird.lnk -> C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-05-21] (Avast Software s.r.o.) BootExecute: autocheck autochk /r \??\J:autocheck autochk * ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-1081035915-1334999037-3880933879-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1 HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1081035915-1334999037-3880933879-1005\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-1081035915-1334999037-3880933879-1005\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Watch for Browser Events -> {42A7CE31-CEE7-4CCE-A060-A44A7E52E062} -> C:\Program Files\Keyboard Express 3\kie.dll [2004-02-23] (Insight Software Solutions) BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll No File BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-21] (Avast Software s.r.o.) BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll No File BHO: MSN Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll No File BHO: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files\Windows Live\Toolbar\wltcore.dll No File DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1249575361234 Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2000-12-23] (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{BB12FE0F-6522-40FD-BDB9-31B29FE52F51}: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\u0flkzf4.default FF Homepage: hxxp://www.asmicro.com/Corporate/burkhead.htm FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-06-23] () FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw.dll [2011-11-02] (Adobe Systems, Inc.) FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll No File FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-04] (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1081035915-1334999037-3880933879-1005: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\user\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll [2013-07-26] (Citrix Online) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npcosmop211.dll [2007-09-23] (PLATINUM technology, inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.) FF Extension: FireFTP - C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\u0flkzf4.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2015-06-01] FF Extension: Firebug - C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\u0flkzf4.default\Extensions\firebug@software.joehewitt.com.xpi [2012-12-18] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-07-03] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-01-28] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-05-02] Chrome: ======= CHR Profile: C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-02] CHR Extension: (Google Drive) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-02] CHR Extension: (YouTube) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-02] CHR Extension: (Google Search) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-02] CHR Extension: (Avast SafePrice) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2014-11-09] CHR Extension: (Bookmark Manager) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-06] CHR Extension: (Avast Online Security) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-05-02] CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-03] CHR Extension: (Google Wallet) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-02] CHR Extension: (Gmail) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-02] CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-06] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-21] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-21] (Avast Software s.r.o.) R2 BBWatcherService; C:\Program Files\CMS Products\BounceBack Express\BBWatcherService.exe [36864 2008-01-02] (CMS Products™, Inc.) [File not signed] S3 GenericMount Helper Service; C:\Program Files\Norton Ghost\Shared\Drivers\GenericMountHelper.exe [1571336 2009-09-21] (Symantec) R2 GhostStartService; C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe [200704 2003-12-17] (Symantec Corporation) [File not signed] S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-08-13] (Google) R2 IISADMIN; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-14] (Microsoft Corporation) S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE [2999664 2007-09-12] (Symantec Corporation) R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation) R2 Norton Ghost; C:\Program Files\Norton Ghost\Agent\VProSvc.exe [4584288 2009-10-01] (Symantec Corporation) R2 SMTPSVC; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-14] (Microsoft Corporation) S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [69632 2007-07-11] (MicroVision Development, Inc.) [File not signed] R3 SymSnapService; C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe [1964528 2009-09-21] (Symantec) S3 Visual Studio Analyzer RPC bridge; C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe [34036 1998-06-06] (Microsoft Corporation) [File not signed] R2 W3SVC; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-14] (Microsoft Corporation) S3 Symantec SymSnap VSS Provider; C:\WINDOWS\system32\dllhost.exe /Processid:{541078A4-D4C1-42FA-BA83-F0039487567F} ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation) S3 akshasp; C:\WINDOWS\System32\DRIVERS\akshasp.sys [327808 2005-07-20] (Aladdin Knowledge Systems Ltd.) S3 aksusb; C:\WINDOWS\System32\DRIVERS\aksusb.sys [100096 2005-07-20] (Aladdin Knowledge Systems Ltd.) R2 Aspi32; C:\WINDOWS\system32\Drivers\Aspi32.sys [17005 2003-12-17] (Adaptec) R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24144 2015-05-21] () R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [74976 2015-05-21] (Avast Software s.r.o.) R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-05-21] (Avast Software s.r.o.) R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49904 2015-05-21] () R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787760 2015-05-21] (Avast Software s.r.o.) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [428120 2015-06-26] (Avast Software s.r.o.) R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-05-21] (Avast Software s.r.o.) R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [209048 2015-05-21] () R2 DLABMFSM; C:\WINDOWS\System32\Drivers\DLABMFSM.SYS [37360 2007-07-23] (Roxio) R2 DLABOIOM; C:\WINDOWS\System32\Drivers\DLABOIOM.SYS [32848 2007-07-23] (Roxio) R2 DLADResM; C:\WINDOWS\System32\Drivers\DLADResM.SYS [9104 2007-07-23] (Roxio) R2 DLAIFS_M; C:\WINDOWS\System32\Drivers\DLAIFS_M.SYS [108752 2007-07-23] (Roxio) R2 DLAOPIOM; C:\WINDOWS\System32\Drivers\DLAOPIOM.SYS [27216 2007-07-23] (Roxio) R2 DLAPoolM; C:\WINDOWS\System32\Drivers\DLAPoolM.SYS [16304 2007-07-23] (Roxio) R2 DLAUDFAM; C:\WINDOWS\System32\Drivers\DLAUDFAM.SYS [93552 2007-07-23] (Roxio) R2 DLAUDF_M; C:\WINDOWS\System32\Drivers\DLAUDF_M.SYS [98448 2007-07-23] (Roxio) R3 GenericMount; C:\WINDOWS\System32\DRIVERS\GenericMount.sys [46192 2009-09-21] (Symantec Corporation) R1 GhPciScan; C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys [5632 2003-12-17] (Symantec Corporation) [File not signed] R2 Hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [685056 2005-07-28] (Aladdin Knowledge Systems Ltd.) R0 JRAID; C:\WINDOWS\System32\DRIVERS\jraid.sys [79960 2008-08-18] (JMicron Technology Corp.) S2 LANPkt; C:\WINDOWS\System32\DRIVERS\LANPkt.sys [8960 2007-11-20] (Realtek Semiconductor Corporation) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [98520 2015-07-08] (Malwarebytes Corporation) R0 MtxDma0; C:\WINDOWS\System32\drivers\MtxDma0.sys [179164 2001-12-13] (Matrox Electronic Systems Ltd.) [File not signed] S3 RTLVLAN; C:\WINDOWS\System32\DRIVERS\RTLVLAN.SYS [16640 2007-11-20] (Realtek Semiconductor Corporation) S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation) S3 VProEventMonitor; C:\WINDOWS\System32\DRIVERS\vproeventmonitor.sys [15096 2009-09-21] (Symantec Corporation) S3 catchme; \??\C:\DOCUME~1\user\LOCALS~1\Temp\catchme.sys [X] S0 cccllq; System32\drivers\qvilowj.sys [X] S3 Diag69xp; System32\Drivers\Diag69xp.sys [X] S2 Sentinel; \SystemRoot\System32\Drivers\SENTINEL.SYS [X] U2 V2iMount; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-08 09:31 - 2015-07-08 09:31 - 00021904 _____ C:\Documents and Settings\user\Desktop\FRST.txt 2015-07-08 09:30 - 2015-07-08 09:31 - 00000000 ____D C:\FRST 2015-07-08 09:29 - 2015-07-08 09:29 - 01636352 _____ (Farbar) C:\Documents and Settings\user\Desktop\FRST.exe 2015-07-08 09:23 - 2015-07-08 09:23 - 00102400 _____ C:\WINDOWS\Minidump\Mini070815-01.dmp 2015-07-08 09:16 - 2015-07-08 09:16 - 02244096 _____ C:\Documents and Settings\user\Desktop\adwcleaner_4.207.exe 2015-07-07 14:16 - 2015-07-07 14:16 - 00019844 ____N C:\Documents and Settings\user\Desktop\attach.txt 2015-07-07 14:16 - 2015-07-07 14:15 - 00011203 ____N C:\Documents and Settings\user\Desktop\dds.txt 2015-07-03 15:14 - 2015-07-06 09:15 - 00000000 ____D C:\Program Files\Mozilla Firefox 2015-07-01 12:40 - 2015-05-21 08:51 - 00291312 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\aswBoot.exe 2015-06-23 19:30 - 2015-06-23 19:30 - 18174128 ____N (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-08 09:32 - 2013-09-23 10:39 - 00000000 ____D C:\Documents and Settings\user\Local Settings\temp 2015-07-08 09:30 - 2012-04-05 14:07 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-07-08 09:27 - 2008-04-25 05:17 - 00000000 ____D C:\WINDOWS\system32\inetsrv 2015-07-08 09:26 - 2013-09-23 14:32 - 00000000 ____D C:\AdwCleaner 2015-07-08 09:26 - 2008-04-25 17:28 - 01177724 _____ C:\WINDOWS\WindowsUpdate.log 2015-07-08 09:25 - 2009-12-30 13:57 - 00000000 ____D C:\Program Files\Keyboard Express 3 2015-07-08 09:24 - 2014-05-19 11:43 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-07-08 09:24 - 2014-05-02 16:35 - 00000316 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job 2015-07-08 09:24 - 2008-04-25 12:16 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl 2015-07-08 09:23 - 2014-03-26 17:28 - 00000220 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job 2015-07-08 09:23 - 2013-10-16 09:55 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-07-08 09:23 - 2013-09-23 10:39 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp 2015-07-08 09:23 - 2010-03-24 18:40 - 00000000 ____D C:\WINDOWS\Minidump 2015-07-08 09:23 - 2009-08-31 16:09 - 08405015 _____ C:\WINDOWS\TempFile 2015-07-08 09:23 - 2008-04-25 17:32 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-07-08 09:23 - 2008-04-25 05:25 - 00000159 _____ C:\WINDOWS\wiadebug.log 2015-07-08 09:23 - 2008-04-25 05:25 - 00000048 _____ C:\WINDOWS\wiaservc.log 2015-07-08 09:21 - 2009-07-11 20:22 - 00458752 _____ C:\WINDOWS\system32\config\ACEEvent.evt 2015-07-08 09:21 - 2008-04-25 17:32 - 00032578 _____ C:\WINDOWS\SchedLgU.Txt 2015-07-08 09:20 - 2009-07-21 17:21 - 00000178 ___SH C:\Documents and Settings\user\ntuser.ini 2015-07-08 09:19 - 2014-01-24 02:33 - 00000512 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1081035915-1334999037-3880933879-1005.job 2015-07-08 08:59 - 2013-10-16 09:55 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-07-08 08:21 - 2015-05-30 07:43 - 00000608 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1081035915-1334999037-3880933879-1005.job 2015-07-07 21:57 - 2010-08-18 12:33 - 00000000 ____D C:\Documents and Settings\user\Local Settings\Application Data\BounceBack Express 2015-07-07 21:00 - 2014-05-02 16:35 - 00001846 ____N C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk 2015-07-07 15:56 - 2009-08-31 14:36 - 00000000 ____D C:\Documents and Settings\user\My Documents\My PSP8 Files 2015-07-07 15:54 - 2009-10-05 13:06 - 00000000 ____D C:\Program Files\dtpdemotest 2015-07-07 15:28 - 2009-09-21 12:32 - 00000000 ____D C:\arwork 2015-07-06 14:19 - 2014-08-26 14:55 - 00000000 ____D C:\Documents and Settings\user\Local Settings\Application Data\Adobe 2015-07-06 09:15 - 2012-04-26 10:55 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2015-07-03 17:13 - 2008-04-25 17:26 - 00131766 ____N C:\WINDOWS\wmsetup.log 2015-07-03 15:55 - 2009-10-07 18:56 - 00000116 ____N C:\WINDOWS\NeroDigital.ini 2015-07-01 12:41 - 2014-11-24 10:46 - 00001722 ____N C:\Documents and Settings\All Users\Desktop\Avast Free Antivirus.lnk 2015-06-30 09:21 - 2014-05-19 11:43 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware 2015-06-26 15:49 - 2014-05-02 16:34 - 00428120 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSP.sys 2015-06-23 19:30 - 2012-04-05 14:07 - 00778416 ____N (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2015-06-23 19:30 - 2011-06-07 10:06 - 00142512 ____N (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2015-06-22 17:28 - 2012-12-04 15:34 - 00000000 ____D C:\Documents and Settings\user\Application Data\Canon 2015-06-18 08:41 - 2014-05-19 11:43 - 00121560 ____N (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-06-18 08:41 - 2014-05-05 11:30 - 00023256 ____N (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-06-15 14:50 - 2009-08-31 17:37 - 00247808 ____N C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-06-15 12:17 - 2009-10-20 09:50 - 00677104 ____N C:\WINDOWS\setupapi.log 2015-06-15 12:17 - 2009-07-12 03:10 - 00006801 ____N C:\WINDOWS\setupact.log 2015-06-15 03:00 - 2009-08-05 16:52 - 136900096 ____N (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-06-08 15:00 - 2014-03-26 17:28 - 00000214 ____N C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job ==================== Files in the root of some directories ======= 2010-01-12 12:33 - 2010-01-14 19:08 - 0006772 ____N () C:\Documents and Settings\user\Local Settings\Application Data\admin.anduril 2010-01-15 15:27 - 2010-03-17 10:41 - 0009686 ____N () C:\Documents and Settings\user\Local Settings\Application Data\dburkhead.anduril 2010-02-05 10:54 - 2010-03-16 18:36 - 0001853 ____N () C:\Documents and Settings\user\Local Settings\Application Data\dbuser.anduril 2009-08-31 17:37 - 2015-06-15 14:50 - 0247808 ____N () C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2009-07-21 17:21 - 2009-07-21 17:22 - 0000127 ____N () C:\Documents and Settings\user\Local Settings\Application Data\fusioncache.dat Some files in TEMP: ==================== C:\Documents and Settings\user\Local Settings\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwm4tmb.dll C:\Documents and Settings\user\Local Settings\temp\G2MInstallerExtractor.exe C:\Documents and Settings\user\Local Settings\temp\GLF6.EXE C:\Documents and Settings\user\Local Settings\temp\install_flashplayer11x32_mssd_aaa_aih.exe C:\Documents and Settings\user\Local Settings\temp\jre-7u45-windows-i586-iftw.exe C:\Documents and Settings\user\Local Settings\temp\Quarantine.exe C:\Documents and Settings\user\Local Settings\temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End of log ============================ attach.txt
  10. Tried to update Flash Player a few days ago. Got a very unhelpful "install failed" error message.
  11. And Avast did not find any viruses but "Grimefighter" said there was "grime" on the computer.
  12. Just tried to log onto Facebook and got a warning "Your computer needs to be cleaned...." It then wants me to go on and run an online check. Let's just say that I'm a little less than trusting of that. I can connect to FB via my phone just fine. It's just the desktop that's the issue. I use Avast Free Program version 2015.10.2218. Definitions up to date. And malwarebytes Home (Premium) with real time malware and malicious website protection turned on. So, I'm guessing probably a hijack. Here are my logs: Malwarebytes Anti Malware: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 7/7/2015 Scan Time: 1:59:18 PM Logfile: Administrator: Yes Version: 2.1.8.1057 Malware Database: v2015.07.07.04 Rootkit Database: v2015.07.07.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows XP Service Pack 3 CPU: x86 File System: NTFS User: user Scan Type: Threat Scan Result: Completed Objects Scanned: 372398 Time Elapsed: 30 min, 25 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Warn PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) DDS: DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 Run by user at 14:13:58 on 2015-07-07 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2044.457 [GMT -4:00] . AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . ============== Running Processes ================ . C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\netdde.exe C:\WINDOWS\system32\msdtc.exe C:\Program Files\CMS Products\BounceBack Express\BBWatcherService.exe C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\Program Files\Norton Ghost\Agent\VProSvc.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Norton Ghost\Agent\VProTray.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Program Files\Realtek\Diagnostics Utility\8169Diag.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Citrix\GoToMeeting\1767\g2mstart.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Keyboard Express 3\keyexp.exe C:\Program Files\Citrix\GoToMeeting\1767\g2mcomm.exe C:\Program Files\ACT\SideACT.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Microsoft Office\Office\1033\msoffice.exe C:\Program Files\Citrix\GoToMeeting\1767\g2mlauncher.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Mozilla Thunderbird\thunderbird.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Program Files\CMS Products\BounceBack Express\BBLauncher.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Malwarebytes Anti-Malware\mbam.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch C:\WINDOWS\system32\svchost.exe -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\svchost.exe -k netsvcs . ============== Pseudo HJT Report =============== . uStart Page = about:blank BHO: Watch for Browser Events: {42A7CE31-CEE7-4CCE-A060-A44A7E52E062} - c:\program files\keyboard express 3\kie.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned> BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - uRun: [GoToMeeting] "c:\program files\citrix\gotomeeting\1767\g2mstart.exe" "/Trigger RunAtLogon" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe" mRun: [Norton Ghost 15.0] "c:\program files\norton ghost\agent\VProTray.exe" mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [GhostStartTrayApp] c:\program files\symantec\norton ghost 2003\GhostStartTrayApp.exe mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe" mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [8169Diag] c:\program files\realtek\diagnostics utility\8169Diag.exe /hw mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui StartupFolder: c:\docume~1\user\startm~1\programs\startup\bounce~1.lnk - c:\program files\cms products\bounceback express\BBStartup.exe StartupFolder: c:\docume~1\user\startm~1\programs\startup\mozill~1.lnk - c:\program files\mozilla thunderbird\thunderbird.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\keyboa~1.lnk - c:\program files\keyboard express 3\keyexp.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\shortc~1.lnk - c:\announce.txt StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sideact!.lnk - c:\program files\act\SideACT.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE uPolicies-Explorer: NoDriveAutoRun = dword:67108863 uPolicies-Explorer: NoDrives = dword:0 uPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 mPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-System: SoftwareSASGeneration = dword:1 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1249575361234 TCP: NameServer = 192.168.1.1 TCP: Interfaces\{BB12FE0F-6522-40FD-BDB9-31B29FE52F51} : DHCPNameServer = 192.168.1.1 Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\43.0.2357.130\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\u0flkzf4.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.asmicro.com/Corporate/burkhead.htm FF - plugin: c:\documents and settings\user\local settings\application data\citrix\plugins\104\npappdetector.dll FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.27.5\npGoogleUpdate3.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_17_0_0_190.dll . ============= SERVICES / DRIVERS =============== . R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-5-2 49904] R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-5-2 209048] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-5-2 787760] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-5-2 428120] R1 GhPciScan;GhostPciScanner;c:\program files\symantec\norton ghost 2003\GhPciScan.sys [2003-12-17 5632] R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-5-2 24144] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-5-2 74976] R3 GenericMount;Generic Mount Driver;c:\windows\system32\drivers\GenericMount.sys [2009-9-21 46192] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-5-5 23256] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-5-19 98520] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520] S0 cccllq;cccllq;c:\windows\system32\drivers\qvilowj.sys --> c:\windows\system32\drivers\qvilowj.sys [?] S2 LANPkt;Realtek LANPkt Protocol Driver;c:\windows\system32\drivers\LANPkt.sys [2009-7-11 8960] S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys --> c:\windows\system32\drivers\Diag69xp.sys [?] S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2013-9-24 27064] S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [2009-7-11 16640] . =============== File Associations =============== . ShellExec: FRONTPG.EXE: edit=c:\progra~1\mi1933~1\office\FRONTPG.EXE . =============== Created Last 30 ================ . 2015-06-23 23:30:11 18174128 ------w- c:\windows\system32\FlashPlayerInstaller.exe . ==================== Find3M ==================== . 2015-07-07 17:59:17 98520 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2015-06-23 23:30:16 778416 ------w- c:\windows\system32\FlashPlayerApp.exe 2015-06-23 23:30:16 142512 ------w- c:\windows\system32\FlashPlayerCPLApp.cpl 2015-06-18 12:41:46 121560 ------w- c:\windows\system32\drivers\mbamchameleon.sys 2015-06-18 12:41:36 23256 ------w- c:\windows\system32\drivers\mbam.sys 2015-05-29 15:19:42 227328 ------w- c:\windows\system32\ltocx12n.oca 2015-05-29 15:19:41 300544 ------w- c:\windows\system32\ltdlg12n.oca 2015-05-21 12:51:55 74976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2015-05-21 12:51:55 49904 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2015-05-21 12:51:55 24144 ----a-w- c:\windows\system32\drivers\aswHwid.sys 2015-05-21 12:51:55 209048 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2015-05-21 12:51:51 43112 ------w- c:\windows\avastSS.scr 2015-05-21 12:51:40 787760 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2015-05-18 19:46:01 265728 ------w- c:\windows\system32\MSCOMCTL.oca 2015-05-18 19:46:00 132096 ------w- c:\windows\system32\olch3x32.oca 2015-05-18 19:45:59 35840 ------w- c:\windows\system32\Comdlg32.oca 2015-05-18 19:45:59 159232 ------w- c:\windows\system32\olch2x32.oca . ============= FINISH: 14:15:51.89 =============== Security Check: Results of screen317's Security Check version 1.004 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Out of date HijackThis installed! Norton Ghost HijackThis 2.0.2 Adobe Flash Player 10 Flash Player out of Date! Adobe Flash Player 17.0.0.190 Flash Player out of Date! Adobe Reader XI Mozilla Firefox (39.0) Mozilla Thunderbird (31.7.0) Google Chrome (43.0.2357.124) Google Chrome (43.0.2357.130) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Malware mbamscheduler.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 20% Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log``````````````````````
  13. I've got a laptop computer that my daughter uses (P4 running Windows XP with, I think, 2 GB of memory, Avast Antivirus, and Malwarebytes Premium both running). I have an administrator account for myself. That is the only account authorized to install software on the computer. (She has to get me to install anything on it.) My daughter's account is a "user" account with limited privileges. For some reason the computer runs much slower in her account than in the admin account. I'm trying to figure out why since it's reached the point (and past) where it's a real usability problem. I don't have a problem when logged in as an administrator. She doesn't have software install privileges so it's not something she installed. Any suggestions? Please read Instructions for posting requested logs and post the requested logs (Security Check, DDS, and Malwarebytes Anti-Malware). We need to information to be able to assist you.
  14. A bit late to get back but everything is fine now. Thanks.
  15. We seem to be golden. One problem appears to be that the SQL database isn't now accessible from remote computers but I think that's because of the reinstall of security and I have to go back and reset the proper exceptions in Windows Firewall. That will be a task for tomorrow. Thanks a whole bunch.