Jump to content


Photo

Computer getting glacially slow


  • Please log in to reply
8 replies to this topic

#1 dburkhead

dburkhead

    Advanced Member

  • Full Member
  • PipPipPip
  • 130 posts

Posted 12 October 2017 - 12:33 PM

Windows XP system.  After a fresh boot it runs fine for a while then gets extremely slow.  Other computers cannot access it because they time out.  The UI is so slow it's unusable.  Usually end up having to reboot three or four times a day to get any use out of it at all.

 

Malwarebytes seems to be a significant culprit.  When Malwarebytes is installed all the above problems are worse.  When we uninstalled it they were better but still troublesome.  Currently what I did was install malwarebytes to scan and get the log, then uninstall again so I could use the computer.

 

As part of the prep, I tried to run RGSA but it raised an error:

"Line 257 (File "C:\Documents and Settings\User\Desktop\Security\RGSA.exe")

Error:  The requested action with this object has failed"

 

Logs:

Malwarebytes

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 10/6/2017
Scan Time: 6:07:22 PM
Logfile: mbam-171006.txt
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2017.10.06.07
Rootkit Database: v2017.09.13.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: User
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 251759
Time Elapsed: 11 min, 52 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-10-2017
Ran by User (administrator) on ASM12 (12-10-2017 12:46:47)
Running from C:\Documents and Settings\User\Desktop\Security
Loaded Profiles: User (Available Profiles: User)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 6 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(CMS Products™, Inc.) C:\Program Files\CMS Products\BounceBack Express\BBWatcherService.exe
(Intel Corporation) C:\WINDOWS\system32\IPROSetMonitor.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.11.0.41\n360.exe
(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
(Canon Inc.) C:\Program Files\Canon\CAL\CALMAIN.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.11.0.41\n360.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
(Insight Software Solutions) C:\PROGRA~1\KEYBOA~1\keyexp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office\1033\MSOFFICE.EXE
() C:\Program Files\CMS Products\BounceBack Express\BBLauncher.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [RemoteControl10] => C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM\...\Run: [Intuit SyncManager] => C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [3776824 2015-02-27] (Intuit Inc. All rights reserved.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20064872 2011-10-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [DVDUpgrade] => DVDUpgrd.exe /async
HKU\S-1-5-21-3680450723-4200196162-3786228007-1003\...\Run: [GoogleDriveSync] => "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-3680450723-4200196162-3786228007-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk [2012-08-17]
ShortcutTarget: Acrobat Assistant.lnk -> C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Keyboard Express 3.lnk [2016-11-28]
ShortcutTarget: Keyboard Express 3.lnk -> C:\Program Files\Keyboard Express 3\keyexp.exe (Insight Software Solutions)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk [2012-08-14]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\ASM23.txt.lnk [2012-10-05]
ShortcutTarget: ASM23.txt.lnk -> C:\Documents and Settings\User\My Documents\ASM23.txt ()
Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\BounceBack Launcher.lnk [2014-08-29]
ShortcutTarget: BounceBack Launcher.lnk -> C:\Program Files\CMS Products\BounceBack Express\BBStartup.exe ()
GroupPolicy: Restriction ? <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{CE68ADDF-E41F-46CB-AEA8-29F083998EEE}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-3680450723-4200196162-3786228007-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.asmicro.com/applications/faq.htm
HKU\S-1-5-21-3680450723-4200196162-3786228007-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2014-05-08] (Adobe Systems Incorporated)
BHO: Watch for Browser Events -> {42A7CE31-CEE7-4CCE-A060-A44A7E52E062} -> C:\Program Files\Keyboard Express 3\kie.dll [2004-02-23] (Insight Software Solutions)
BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\22.11.0.41\coIEPlg.dll [2017-10-03] (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\22.11.0.41\coIEPlg.dll [2017-10-03] (Symantec Corporation)
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll [2016-06-01] (Intuit, Inc.)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\system32\mscoree.dll [2010-03-18] (Microsoft Corporation)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon [2017-06-08]
FF Plugin: @canon.com/MycameraPlugin -> C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3680450723-4200196162-3786228007-1003: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\User\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll [2014-05-15] (Citrix Online)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default [2017-10-12]
CHR Extension: (Google Docs) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-06]
CHR Extension: (Google Drive) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-03]
CHR Extension: (YouTube) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Norton Security Toolbar) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2017-06-15]
CHR Extension: (Google Search) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-03]
CHR Extension: (Google Docs Offline) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-26]
CHR Extension: (Norton Identity Safe) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-06-21]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-01-13]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-17]
CHR Extension: (Gmail) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-09]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.11.0.41\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [hkhkiakolggnnicallabhkobalpeplpi] - <no Path/update_url>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3680450723-4200196162-3786228007-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 BBWatcherService; C:\Program Files\CMS Products\BounceBack Express\BBWatcherService.exe [36864 2008-01-02] (CMS Products™, Inc.) [File not signed]
R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96334 2009-09-08] (Canon Inc.) [File not signed]
R2 Intel® PROSet Monitoring Service; C:\WINDOWS\system32\IProsetMonitor.exe [117920 2011-08-15] (Intel Corporation)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\22.11.0.41\N360.exe [288504 2017-10-04] (Symantec Corporation)
R2 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2015-02-27] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2015-02-27] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2011-12-06] (Intuit Inc.) [File not signed]
S2 EraserSvc11720; "C:\Program Files\Common Files\Symantec Shared\EENGINE\N360.exe" /h ccCommon [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R1 BHDrvx86; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\BASHDefs\20171010.001\BHDrvx86.sys [1367712 2017-09-07] (Symantec Corporation)
R1 ccSet_N360; C:\WINDOWS\system32\drivers\N360\160B000.029\ccSetx86.sys [147072 2017-10-03] (Symantec Corporation)
R3 e1qexpress; C:\WINDOWS\System32\DRIVERS\e1q5132.sys [192680 2011-06-21] (Intel Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [393344 2017-06-28] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [126592 2017-06-28] (Symantec Corporation)
R2 Hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [685056 2005-07-28] (Aladdin Knowledge Systems Ltd.)
R3 IDSxpx86; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\IPSDefs\20171011.003\IDSxpx86.sys [759448 2017-09-01] (Symantec Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
S3 NAL; C:\WINDOWS\system32\Drivers\iqvw32.sys [30368 2011-08-15] (Intel Corporation )
R1 SRTSP; C:\WINDOWS\System32\Drivers\N360\160B000.029\SRTSP.SYS [662688 2017-10-03] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\N360\160B000.029\SRTSPX.SYS [41120 2017-10-03] (Symantec Corporation)
R0 SymEFASI; C:\WINDOWS\System32\drivers\N360\160B000.029\SYMEFASI.SYS [1393792 2017-10-03] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [89264 2017-07-18] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\N360\160B000.029\Ironx86.SYS [241888 2017-10-03] (Symantec Corporation)
R1 SYMTDI; C:\WINDOWS\System32\Drivers\N360\160B000.029\SYMTDI.SYS [382216 2017-10-03] (Symantec Corporation)
S4 IntelIde; no ImagePath
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20160715.001\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20160715.001\NAVEX15.SYS [X]
U2 V2iMount; no ImagePath
U1 WS2IFSL; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-10-03 15:59 - 2017-10-03 15:59 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Start-off
2017-10-03 11:15 - 2017-10-02 13:35 - 000000527 ____N C:\Documents and Settings\User\Desktop\ASM23.txt.lnk
2017-10-02 13:37 - 2017-10-02 13:37 - 000000000 ____D C:\Documents and Settings\User\Local Settings\Application Data\CEF
2017-09-28 15:07 - 2017-09-28 15:07 - 000002070 ____N C:\Documents and Settings\User\Desktop\JRT-170928.txt
2017-09-28 15:00 - 2017-10-12 12:39 - 000000000 ____D C:\Documents and Settings\User\Desktop\Security
2017-09-26 17:07 - 2017-10-12 12:22 - 000000023 _____ C:\Documents and Settings\User\Desktop\mb-licenseinfo.txt
2017-09-14 12:34 - 2017-09-14 12:34 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\MB2Migration
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-10-12 12:47 - 2014-04-09 11:06 - 000000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-10-12 12:47 - 2011-12-05 11:44 - 000000000 ____D C:\Documents and Settings\User\Local Settings\Temp
2017-10-12 12:46 - 2017-07-31 10:54 - 000000000 ____D C:\FRST
2017-10-12 12:33 - 2017-08-18 17:27 - 000027700 _____ C:\Documents and Settings\User\Desktop\mb-clean-results.txt
2017-10-12 12:33 - 2016-11-28 14:05 - 000000000 ____D C:\Program Files\Keyboard Express 3
2017-10-12 12:33 - 2012-10-10 17:56 - 000000000 ____D C:\Shared docs
2017-10-12 12:30 - 2008-04-14 08:00 - 000012598 _____ C:\WINDOWS\system32\wpa.dbl
2017-10-12 12:29 - 2014-03-24 13:22 - 000000220 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2017-10-12 12:29 - 2013-06-06 12:21 - 000000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-10-12 12:28 - 2015-07-23 15:57 - 008405015 _____ C:\WINDOWS\TempFile
2017-10-12 12:28 - 2011-12-05 11:44 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-10-12 12:25 - 2011-12-05 11:44 - 000032580 _____ C:\WINDOWS\SchedLgU.Txt
2017-10-12 12:25 - 2011-12-05 11:44 - 000000178 ___SH C:\Documents and Settings\User\ntuser.ini
2017-10-12 11:26 - 2013-06-06 12:21 - 000000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-10-12 07:05 - 2015-06-04 13:04 - 000000000 ____D C:\WINDOWS\system32\Drivers\N360
2017-10-12 07:02 - 2015-08-11 16:27 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Norton Security Suite
2017-10-12 07:02 - 2015-06-04 13:05 - 000001994 _____ C:\Documents and Settings\All Users\Desktop\Norton Security Suite.LNK
2017-10-09 23:11 - 2014-08-29 13:34 - 000000000 ____D C:\Documents and Settings\User\Local Settings\Application Data\BounceBack Express
2017-10-08 15:00 - 2014-03-24 13:22 - 000000214 ____N C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2017-10-05 16:13 - 2016-10-05 11:26 - 000830736 ____N C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2017-10-04 17:20 - 2013-07-02 09:42 - 000000000 ____D C:\Documents and Settings\User\My Documents\My PSP8 Files
2017-10-04 17:01 - 2012-10-05 15:47 - 000004896 ____N C:\Documents and Settings\User\My Documents\ASM23.txt
2017-10-04 16:49 - 2012-10-06 19:33 - 001024165 ____N C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3680450723-4200196162-3786228007-1003-0.dat
2017-10-04 16:49 - 2012-10-06 19:33 - 000164638 ____N C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2017-10-03 15:56 - 2014-05-15 13:39 - 000000000 ____D C:\Documents and Settings\User\Local Settings\Application Data\Citrix
2017-10-03 13:45 - 2012-08-14 10:43 - 000002477 ____N C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Excel.lnk
2017-10-02 20:09 - 2012-08-14 10:43 - 000002465 ____N C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft PowerPoint.lnk
2017-09-30 16:18 - 2013-06-06 12:38 - 000000000 ___RD C:\Documents and Settings\User\My Documents\Google Drive
 
==================== Files in the root of some directories =======
 
2017-07-25 22:04 - 2017-07-25 23:36 - 008111467 ____N () C:\Documents and Settings\User\Local Settings\Application Data\12C backup - 20140829133210-3281.BB
2008-02-05 15:28 - 2008-02-05 15:28 - 000000051 ____N () C:\Documents and Settings\User\Local Settings\Application Data\setup.txt
 
Some files in TEMP:
====================
2014-04-20 01:48 - 2014-04-20 01:48 - 089581848 ____N (Microsoft Corporation) C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-1144e10b.exe
2014-04-30 17:48 - 2014-04-30 17:49 - 090833176 ____N (Microsoft Corporation) C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-38e4a304.exe
2014-04-27 01:48 - 2014-04-27 01:49 - 090412824 ____N (Microsoft Corporation) C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-8585e208.exe
2014-04-17 12:20 - 2014-04-17 12:21 - 089407256 ____N (Microsoft Corporation) C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-a521472f.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End of FRST.txt ============================
 
 
 

Addition.txt would not attach:  too big to upload.



#2 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 985 posts

Posted 12 October 2017 - 06:48 PM

Hello dburkhead and welcome back!

 

 

Addition.txt would not attach:  too big to upload.

Okay, please copy and paste the entire contents of the Addition.txt log in your next reply. If the log is too extensive, you can divide it into several parts and post it in additional replies. I would like to see that log.

 

In your last topic you stated that you had problems with the updates of the version 3.1.2.1733 of Malwarebytes.

Please tell me, have you tried to install and run the latest version of Malwarebytes (3.2.2.) and check if the updates issue is already fixed or not?

 

Android 8888


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#3 dburkhead

dburkhead

    Advanced Member

  • Full Member
  • PipPipPip
  • 130 posts

Posted 13 October 2017 - 08:37 AM

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-10-2017
Ran by User (12-10-2017 12:47:22)
Running from C:\Documents and Settings\User\Desktop\Security
Microsoft Windows XP Professional Service Pack 3 (X86) (2017-05-11 18:55:48)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3680450723-4200196162-3786228007-500 - Administrator - Enabled)
ASPNET (S-1-5-21-3680450723-4200196162-3786228007-1004 - Limited - Enabled)
Guest (S-1-5-21-3680450723-4200196162-3786228007-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-3680450723-4200196162-3786228007-1005 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-3680450723-4200196162-3786228007-1002 - Limited - Disabled)
User (S-1-5-21-3680450723-4200196162-3786228007-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\User
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Security Suite (Enabled - Up to date) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite (Disabled) {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ACT! (HKLM\...\ACT!) (Version:  - )
Adobe Acrobat 5.0 (HKLM\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe Flash Player 22 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Advertising Center (HKLM\...\{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}) (Version: 0.0.0.1 - Nero AG) Hidden
AJC Directory Synchronizer v1.16.6 (HKLM\...\AJC Directory Synchronizer_is1) (Version:  - AJC Software)
BounceBack Express (HKU\S-1-5-21-3680450723-4200196162-3786228007-1003\...\{95632566-071E-4A02-92C1-4BD907065736}) (Version: 8.0 - CMS Products)
Canon Camera Access Library (HKLM\...\CAL) (Version: 8.5.0.2 - Canon Inc.)
Canon DIGITAL CAMERA Solution Disk Software Guide (HKLM\...\Software Guide) (Version: 1.6.0.1 - Canon Inc.)
CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM\...\MyCamera Download Plugin) (Version: 3.1.1.2 - Canon Inc.)
Canon MOV Decoder (HKLM\...\Canon MOV Decoder) (Version: 1.9.0.8 - Canon Inc.)
Canon PowerShot SX150 IS Camera User Guide (HKLM\...\CameraUserGuide-PSSX150IS) (Version: 1.0.0.1 - Canon Inc.)
Canon Utilities CameraWindow DC 8 (HKLM\...\CameraWindowDC8) (Version: 8.6.0.11 - Canon Inc.)
Canon Utilities CameraWindow Launcher (HKLM\...\CameraWindowLauncher) (Version: 7.6.0.1 - Canon Inc.)
Canon Utilities Movie Uploader for YouTube (HKLM\...\MovieUploaderForYouTube) (Version: 1.3.0.3 - Canon Inc.)
Canon Utilities MyCamera (HKLM\...\MyCamera) (Version: 7.5.0.1 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
CD Catalog Expert 9.30.807.11 (HKLM\...\CD Catalog Expert_is1) (Version:  - eTeSoft)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink PowerDVD 10 (HKLM\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.2312.02 - CyberLink Corp.)
DiscTrack Plus (HKLM\...\DiscTrack Plus) (Version:  - )
DolbyFiles (HKLM\...\{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}) (Version: 0.1 - Nero AG) Hidden
Dropbox (HKU\S-1-5-21-3680450723-4200196162-3786228007-1003\...\Dropbox) (Version: 2.0.26 - Dropbox, Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 7.16.0.4800 (HKU\S-1-5-21-3680450723-4200196162-3786228007-1003\...\GoToMeeting) (Version: 7.16.0.4800 - CitrixOnline)
Hardlock Device Drivers (HKLM\...\Hardlock Device Drivers) (Version:  - )
Image Importer Wizard (HKLM\...\{20EDB9A7-887F-47ED-B1E6-E2831FAD276F}) (Version: 3.0 - )
ImagXpress (HKLM\...\{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}) (Version: 7.0.74.0 - Nero AG) Hidden
Intel® Network Connections 16.6.126.0 (HKLM\...\{357A82F9-B5FF-46C8-ABA2-104695E0F1D1}) (Version: 16.6.126.0 - Intel)
Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.10.5387 - Intel Corporation)
Jasc Paint Shop Pro 8 (HKLM\...\{81A34902-9D0B-4920-A25C-4CDC5D14B328}) (Version: 8.00.0000 - Jasc Software Inc)
Jasc Paint Shop Pro 8.10 Update Patch (HKLM\...\Jasc Paint Shop Pro 8.10 Update Patch) (Version:  - )
Keyboard Express 3 (HKLM\...\Keyboard Express 3) (Version: 3.0 - Insight Software Solutions, Inc.)
Menu Templates - Starter Kit (HKLM\...\{B78120A0-CF84-4366-A393-4D0A59BC546C}) (Version: 9.4.2.0 - Nero AG) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2000 Premium (HKLM\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Nanoscope 5.31r1 (HKLM\...\Nanoscope 5.31r1) (Version:  - )
Nero 9 Essentials (HKLM\...\{a01dd7e5-ef6c-43b7-aa39-be7be987539f}) (Version:  - Nero AG)
Network ScanGear Ver.1.4 (HKLM\...\{16EFC313-F083-4C16-AEB7-1FF1A4343540}) (Version:  - )
Norton Security Suite (HKLM\...\N360) (Version: 22.11.0.41 - Symantec Corporation)
QuickBooks (HKLM\...\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}) (Version: 22.0.4016.2206 - Intuit Inc.) Hidden
QuickBooks Pro 2012 (HKLM\...\{22057D8D-7CC8-46FF-AD8C-9BD24F9014F3}) (Version: 22.0.4016.2206 - Intuit Inc.)
QuickBooks Pro Timer (HKLM\...\{6D49994F-2E35-4932-B9ED-D2F4EEBF91A2}) (Version: 8.00.0000 - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.6482 - Realtek Semiconductor Corp.)
Solid Edge Viewer ST4 (HKLM\...\{F2658C51-8FB6-4DAD-AF6E-71ECE035FBA4}) (Version: 104.00.00082 - Siemens)
TinyCAD 2.80.03 (HKLM\...\TinyCAD) (Version: 2.80.03 - TinyCAD)
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden
WinDirStat 1.1.2 (HKU\S-1-5-21-3680450723-4200196162-3786228007-1003\...\WinDirStat) (Version:  - )
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
WinRAR 5.40 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx => No File
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx => No File
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBFinder.dll => No File
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\COMObjectFactory.dll => No File
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{4A56F19E-9F50-4F43-93C8-050E44AA83A9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{4CA41277-032D-4a20-B225-371EBA96ABF2}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2012\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{5ED8AC89-B2DE-476D-8EEA-E170B2FCB058}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No File
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{7694F1CD-A55B-4B7C-8820-A90892EB4E9E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\1350\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2012\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBCtrIPMDS2.dll => No File
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No File
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{D9BC6FC1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No File
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{F2C593CC-74B2-4F71-8556-DD4D426D0409}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2012\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine\22.11.0.41\buShell.dll [2017-10-03] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine\22.11.0.41\buShell.dll [2017-10-03] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine\22.11.0.41\buShell.dll [2017-10-03] (Symantec Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.19.dll [2013-06-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.19.dll [2013-06-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.19.dll [2013-06-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.19.dll [2013-06-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  -> No File
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Security Suite\Engine\22.11.0.41\buShell.dll [2017-10-03] (Symantec Corporation)
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security Suite\Engine\22.11.0.41\NavShExt.dll [2017-10-04] (Symantec Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security Suite\Engine\22.11.0.41\NavShExt.dll [2017-10-04] (Symantec Corporation)
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2011-09-30] (Intel Corporation)
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Security Suite\Engine\22.11.0.41\buShell.dll [2017-10-03] (Symantec Corporation)
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security Suite\Engine\22.11.0.41\NavShExt.dll [2017-10-04] (Symantec Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-3680450723-4200196162-3786228007-1003: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.19.dll [2013-06-05] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-3680450723-4200196162-3786228007-1003: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.19.dll [2013-06-05] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-3680450723-4200196162-3786228007-1003: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.19.dll [2013-06-05] (Dropbox, Inc.)
 
==================== Scheduled Tasks=============================
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Documents and Settings\User\NetHood\www.asmicro.com\target.lnk -> hxxp://www.asmicro.co
 
==================== Loaded Modules (Whitelisted) ==============
 
2012-08-17 16:38 - 2001-10-11 17:34 - 000077824 _____ () C:\Program Files\Adobe\Acrobat 5.0\Distillr\adistres.dll
2014-08-29 13:29 - 2008-01-02 14:17 - 000107832 ____N () C:\Program Files\CMS Products\BounceBack Express\BBLauncher.exe
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2008-04-14 08:00 - 2008-04-14 08:00 - 000000734 ____N C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3680450723-4200196162-3786228007-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.1.1
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
DomainProfile\AuthorizedApplications: [C:\Program Files\CyberLink\PowerDVD10\PowerDVD10.exe] => Enabled:CyberLink PowerDVD 10.0
StandardProfile\AuthorizedApplications: [C:\Program Files\CyberLink\PowerDVD10\PowerDVD10.exe] => Enabled:CyberLink PowerDVD 10.0
StandardProfile\AuthorizedApplications: [C:\Program Files\AJC Software\AJC Directory Synchronizer\AJCDirS.exe] => Enabled:AJC Directory Synchronizer
StandardProfile\AuthorizedApplications: [C:\Program Files\Intuit\QuickBooks 2012\QBDBMgrN.exe] => Enabled:QuickBooks 2012 Data Manager
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe] => Enabled:Dropbox
StandardProfile\AuthorizedApplications: [C:\WINDOWS\explorer.exe] => Enabled:Windows Explorer
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
==================== Restore Points =========================
 
12-09-2017 12:08:51 System Checkpoint
13-09-2017 17:36:48 System Checkpoint
16-09-2017 02:57:22 System Checkpoint
17-09-2017 04:56:27 System Checkpoint
20-09-2017 20:24:34 System Checkpoint
22-09-2017 12:59:07 System Checkpoint
23-09-2017 13:05:00 System Checkpoint
25-09-2017 22:18:20 System Checkpoint
27-09-2017 14:26:45 System Checkpoint
28-09-2017 15:05:44 JRT Pre-Junkware Removal
01-10-2017 19:31:10 System Checkpoint
03-10-2017 08:42:43 System Checkpoint
03-10-2017 15:53:21 Removed Backup and Sync from Google
03-10-2017 15:56:05 Removed Citrix Online Launcher
05-10-2017 17:00:55 System Checkpoint
06-10-2017 17:21:04 System Checkpoint
 
==================== Faulty Device Manager Devices =============
 
Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/09/2017 09:32:11 AM) (Source: Userenv) (EventID: 1512) (User: NT AUTHORITY)
Description: Windows cannot unload your registry file. The memory used by the registry has not been freed. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. If this problem persists, contact your administrator.  
 
 
DETAIL - Insufficient system resources exist to complete the requested service.
 
Error: (10/04/2017 03:18:05 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
 
Error: (10/04/2017 03:18:05 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
 
Error: (10/04/2017 03:18:05 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
 
Error: (10/03/2017 03:46:32 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
 
Error: (10/03/2017 03:46:32 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
 
Error: (10/03/2017 03:46:32 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
 
Error: (10/03/2017 02:50:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application WINWORD.EXE, version 9.0.0.2717, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (10/03/2017 12:18:33 PM) (Source: Userenv) (EventID: 1512) (User: NT AUTHORITY)
Description: Windows cannot unload your registry file. The memory used by the registry has not been freed. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. If this problem persists, contact your administrator.  
 
 
DETAIL - Insufficient system resources exist to complete the requested service.
 
Error: (09/30/2017 04:12:29 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
 
 
System errors:
=============
Error: (10/12/2017 12:29:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Symantec Eraser Service service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (10/12/2017 11:38:56 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The QBIDPService service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (10/12/2017 11:38:51 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The QBCFMonitorService service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (10/12/2017 09:03:34 AM) (Source: 0) (EventID: 8003) (User: )
Description: Event-ID 8003
 
Error: (10/12/2017 07:02:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Symantec Eraser Service service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (10/10/2017 12:48:02 PM) (Source: 0) (EventID: 8003) (User: )
Description: Event-ID 8003
 
Error: (10/09/2017 01:14:19 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.
 
Error: (10/09/2017 12:55:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Symantec Eraser Service service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (10/09/2017 09:35:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Symantec Eraser Service service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (10/09/2017 09:30:08 AM) (Source: 0) (EventID: 2020) (User: )
Description: Event-ID 2020
 
 
==================== Memory info =========================== 
 
Processor:  Intel® Core™ i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 20%
Total physical RAM: 3488.02 MB
Available physical RAM: 2773.02 MB
Total Virtual: 5369.89 MB
Available Virtual: 4598.12 MB
 
==================== Drives ================================
 
Drive c: (WinXP) (Fixed) (Total:465.76 GB) (Free:357.27 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: (D) (Fixed) (Total:465.76 GB) (Free:277.37 GB) NTFS
Drive g: (ASM8123(WD)) (Fixed) (Total:1862.98 GB) (Free:1573.94 GB) NTFS
Drive r: (My Disc) (CDROM) (Total:0.08 GB) (Free:0 GB) CDFS
Drive t: (ASM8112) (Fixed) (Total:2794.45 GB) (Free:1336.66 GB) NTFS
Drive x: () (Network) (Total:465.76 GB) (Free:357.27 GB) 
Drive y: () (Network) (Total:465.76 GB) (Free:357.27 GB) 
Drive z: () (Network) (Total:465.76 GB) (Free:277.37 GB) 
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 8FDF8FDF)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 7FD359D6)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 2.
 
========================================================
Disk: 3 (Size: 1863 GB) (Disk ID: C4E192C5)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#4 dburkhead

dburkhead

    Advanced Member

  • Full Member
  • PipPipPip
  • 130 posts

Posted 13 October 2017 - 08:45 AM

Malwarebytes had originally recommended we roll back from an earlier version 3 to 2.2.  We let the software update to 3.2.2 recently and that seemed to work for the Malwarebytes related problem (database not updating) but it seemed to exacerbate the slowness issue.  Since the update was from within Malwarebytes I did not have an install set for that version ready to hand when I reinstalled to get the scan log to post here.  That was 2.2.



#5 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 985 posts

Posted 13 October 2017 - 07:03 PM

Hello dburkhead and thank you for the MBAM information and for the logs.
 
You have either Windows Firewall and Norton Security Suite Firewall disabled. A firewall is a software or hardware that creates a protective barrier between your computer and potentially damaging content on the Internet. It helps guard your computer against malicious users and against many computer viruses and other threats. Browsing the Internet without a Firewall enabled is a high security risk.

 

Please enable your Norton Security Suite Firewall.

Now, please proceed with the following set of instructions:

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Open Notepad (Start > All Programs > Accessories > Notepad). Please copy the entire contents of the code box below.
To do this highlight the contents of the box below and right click on it and select Copy.
Paste this into the open Notepad.
 

Start
CreateRestorePoint:
CloseProcesses:
Folder: C:\WINDOWS\TempFile
GroupPolicy: Restriction ? <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-3680450723-4200196162-3786228007-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.asmicro.com/applications/faq.htm
HKU\S-1-5-21-3680450723-4200196162-3786228007-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.11.0.41\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [hkhkiakolggnnicallabhkobalpeplpi] - <no Path/update_url>
S2 EraserSvc11720; "C:\Program Files\Common Files\Symantec Shared\EENGINE\N360.exe" /h ccCommon [X]
S4 IntelIde; no ImagePath
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20160715.001\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20160715.001\NAVEX15.SYS [X]
U2 V2iMount; no ImagePath
U1 WS2IFSL; no ImagePath
2017-10-12 12:33 - 2017-08-18 17:27 - 000027700 _____ C:\Documents and Settings\User\Desktop\mb-clean-results.txt
2014-04-20 01:48 - 2014-04-20 01:48 - 089581848 ____N (Microsoft Corporation) C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-1144e10b.exe
2014-04-30 17:48 - 2014-04-30 17:49 - 090833176 ____N (Microsoft Corporation) C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-38e4a304.exe
2014-04-27 01:48 - 2014-04-27 01:49 - 090412824 ____N (Microsoft Corporation) C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-8585e208.exe
2014-04-17 12:20 - 2014-04-17 12:21 - 089407256 ____N (Microsoft Corporation) C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-a521472f.exe
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx => No File
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx => No File
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBFinder.dll => No File
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\COMObjectFactory.dll => No File
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No File
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBCtrIPMDS2.dll => No File
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No File
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{D9BC6FC1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No File
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  -> No File
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
CMD: ipconfig /flushdns
EmptyTemp:
End

Save the file as fixlist.txt in to the same location of FRST.
Run FRST and click Fix only once and wait.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post its contents to your next reply.

NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.


Next,

 

Download Junkware Removal Tool (JRT) and move it to your computer's Desktop;

Double-click on JRT.exe and accept the disclaimer to run the tool;

Press on any key to launch the scan and let it complete;

Once the scan is complete, a log will open. Please post the contents of that log in your next reply.

 

 

Next,

 

Download AdwCleaner and move it to your computer's Desktop;

Double-click on AdwCleaner.exe and accept the disclaimer to run the tool;

Let the database update, then click on Scan;

Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button.

Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;

After the restart, a log will open when logging in. Please post the contents of that log in your next reply.

 

 

Next,

 

Please download the right version of RogueKiller for your Windows version (32-bit);

Once done, move the executable file to your computer's Desktop, double-click on it to open RogueKiller;

Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner);

Wait for the scan to complete;

On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner);

This will open the report in Notepad. Please copy and paste its content in your next reply.

 

IMPORTANT: Please do not remove any entry, just do the scan and post the results.

 

 

To summarize, in your next reply please post the contents of:
Fixlog.txt
JRT.txt
AdwCleaner clean log
RKLog.txt

How is the computer behavior? Does it still slow? Can you access it from another computer now?

Android 8888


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#6 dburkhead

dburkhead

    Advanced Member

  • Full Member
  • PipPipPip
  • 130 posts

Posted 16 October 2017 - 11:03 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Microsoft Windows XP x86 
Ran by User (Administrator) on Mon 10/16/2017 at 10:43:01.12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 8 
 
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\496F8HI3 (Temporary Internet Files Folder) 
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GCAEDZH2 (Temporary Internet Files Folder) 
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GTODDTJT (Temporary Internet Files Folder) 
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\K0U1EIM1 (Temporary Internet Files Folder) 
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\496F8HI3 (Temporary Internet Files Folder) 
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GCAEDZH2 (Temporary Internet Files Folder) 
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GTODDTJT (Temporary Internet Files Folder) 
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\K0U1EIM1 (Temporary Internet Files Folder) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 10/16/2017 at 10:45:36.73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Attempting to run adwcleaner_7.0.3.1.exe gets an error "is not a valid Win32 application".
I have an earlier version available:  adwcleaner_6.047.exe.  Running that (best I can do at the moment pending further instructions) gets the following results:
 
# AdwCleaner v6.047 - Logfile created 16/10/2017 at 11:01:05
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-05-19.1 [Local]
# Operating System : Microsoft Windows XP Service Pack 3 (X86)
# Username : User - ASM12
# Running from : C:\Documents and Settings\User\Desktop\Security\adwcleaner_6.047.exe
# Mode: Scan
 
 
 
***** [ Services ] *****
 
No malicious services found.
 
 
***** [ Folders ] *****
 
No malicious folders found.
 
 
***** [ Files ] *****
 
No malicious files found.
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
No malicious task found.
 
 
***** [ Registry ] *****
 
No malicious registry entries found.
 
 
***** [ Web browsers ] *****
 
No malicious Firefox based browser items found.
No malicious Chromium based browser items found.
 
*************************
 
C:\AdwCleaner\AdwCleaner[S0].txt - [1029 Bytes] - [16/10/2017 11:01:05]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1102 Bytes] ##########
 
 
When I click on the "RogueKiller" link I get that "This Site can't provide a secure connection".  I was, however, able to download it on a different PC/Browser combination.
 
Results:
(As instructed, I did not remove the item found)
RogueKiller V12.11.20.0 [Oct 16 2017] (Free) by Adlice Software
 
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : User [Administrator]
Started from : C:\Documents and Settings\User\Desktop\Security\RogueKiller_portable32.exe
Mode : Scan -- Date : 10/16/2017 11:21:15 (Duration : 00:28:03)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 1 ¤¤¤
[PUM.StartMenu] HKEY_USERS\S-1-5-21-3680450723-4200196162-3786228007-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 2  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD5002AALX-00J37A0 +++++
--- User ---
[MBR] 2c950d96bf3e7004c305190c65bb3941
[BSP] 20cb7d8659bb553fa310df9bd8cbb4e3 : Windows XP|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 476937 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: ST3500418AS +++++
--- User ---
[MBR] 9e461e4f2895378b1a8983bba4973cc0
[BSP] d8cbdfebf57b4e45cc50dc546b2090c3 : Windows XP|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 476937 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive2: WD My Book 1230 USB Device +++++
Error reading User MBR! ([57] The parameter is incorrect. )
Error reading LL1 MBR! ([79] The semaphore timeout period has expired. )
Error reading LL2 MBR! ([32] The request is not supported. )
 
At present the computer is still extremely slow.


#7 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 985 posts

Posted 16 October 2017 - 06:31 PM

Hello dburkhead.

 

Thank you for the logs.

 

Attempting to run adwcleaner_7.0.3.1.exe gets an error "is not a valid Win32 application".
I have an earlier version available:  adwcleaner_6.047.exe.  Running that (best I can do at the moment pending further instructions) gets the following results:

Yes, the latest version of AdwCleaner does not run on Windows XP anymore, only on Windows 7 and above. We are getting limited in running some updated tools on Windows XP.

 

You did not posted the Fixlog.txt. Did you ran the fixlist.txt script with FRST as instructed? If not, please run the fix and post the created log (Fixlog.txt).

 

 

Next,

 

Please download Zemana AntiMalware and save it to your computer's Desktop.

  • Right-click on the icon and select Run as administrator to install the program.
  • Click Yes to accept the UAC security warning that may appear.
  • Select the language and click the OK button.
  • Click the Next button, accept the EULA warning and follow the instructions to continue and install the program.
  • Once the installation is complete it will start automatically. Wait a few seconds until the update of signature database is complete.
  • Without changing any options, click Scan to begin.
  • After the short scan is finished, if threats are detected click Next to remove them.
    Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please re-boot your computer manually.
  • Click on the Back button.
  • On the top right corner click on Reports icon (the one with three bars) and double click on the latest report.
  • Now click File > Save As, then choose your computer's Desktop and click the Save button.

Please post the entire contents of the saved report in to your next reply.

 

 

Please post:

Fixlog.txt

Zemana AntiMalware log.

 

After performing the steps above, let me know how is the state of the computer.

 

Android 8888


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#8 dburkhead

dburkhead

    Advanced Member

  • Full Member
  • PipPipPip
  • 130 posts

Posted 17 October 2017 - 11:00 AM

Sorry.  I just forgot to include the fixlog last time.  Here it is.

Fix result of Farbar Recovery Scan Tool (x86) Version: 15-10-2017
Ran by User (16-10-2017 10:17:59) Run:1
Running from C:\Documents and Settings\User\Desktop\Security
Loaded Profiles: User (Available Profiles: User)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
Folder: C:\WINDOWS\TempFile
GroupPolicy: Restriction ? <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-3680450723-4200196162-3786228007-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.asmicro.com/applications/faq.htm
HKU\S-1-5-21-3680450723-4200196162-3786228007-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.11.0.41\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [hkhkiakolggnnicallabhkobalpeplpi] - <no Path/update_url>
S2 EraserSvc11720; "C:\Program Files\Common Files\Symantec Shared\EENGINE\N360.exe" /h ccCommon [X]
S4 IntelIde; no ImagePath
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20160715.001\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20160715.001\NAVEX15.SYS [X]
U2 V2iMount; no ImagePath
U1 WS2IFSL; no ImagePath
2017-10-12 12:33 - 2017-08-18 17:27 - 000027700 _____ C:\Documents and Settings\User\Desktop\mb-clean-results.txt
2014-04-20 01:48 - 2014-04-20 01:48 - 089581848 ____N (Microsoft Corporation) C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-1144e10b.exe
2014-04-30 17:48 - 2014-04-30 17:49 - 090833176 ____N (Microsoft Corporation) C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-38e4a304.exe
2014-04-27 01:48 - 2014-04-27 01:49 - 090412824 ____N (Microsoft Corporation) C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-8585e208.exe
2014-04-17 12:20 - 2014-04-17 12:21 - 089407256 ____N (Microsoft Corporation) C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-a521472f.exe
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx => No File
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx => No File
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBFinder.dll => No File
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\COMObjectFactory.dll => No File
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No File
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBCtrIPMDS2.dll => No File
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No File
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{D9BC6FC1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No File
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  -> No File
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
CMD: ipconfig /flushdns
EmptyTemp:
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
 
========================= Folder: C:\WINDOWS\TempFile ========================
 
C:\WINDOWS\TempFile => File
 
====== End of Folder: ======
 
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKU\S-1-5-21-3680450723-4200196162-3786228007-1003\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-3680450723-4200196162-3786228007-1003\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe => key removed successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\hkhkiakolggnnicallabhkobalpeplpi => key removed successfully.
HKLM\System\CurrentControlSet\Services\EraserSvc11720 => key could not remove. Access Denied.
HKLM\System\CurrentControlSet\Services\IntelIde => key removed successfully.
IntelIde => service removed successfully.
HKLM\System\CurrentControlSet\Services\NAVENG => key could not remove. Access Denied.
HKLM\System\CurrentControlSet\Services\NAVEX15 => key could not remove. Access Denied.
HKLM\System\CurrentControlSet\Services\V2iMount => key removed successfully.
V2iMount => service removed successfully.
HKLM\System\CurrentControlSet\Services\WS2IFSL => key removed successfully.
WS2IFSL => service removed successfully.
C:\Documents and Settings\User\Desktop\mb-clean-results.txt => moved successfully
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-1144e10b.exe => moved successfully
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-38e4a304.exe => moved successfully
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-8585e208.exe => moved successfully
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-a521472f.exe => moved successfully
HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C} => key removed successfully.
HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B} => key removed successfully.
HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176} => key removed successfully.
HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C} => key removed successfully.
HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B} => key removed successfully.
HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9} => key removed successfully.
HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9} => key removed successfully.
HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9} => key removed successfully.
HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9} => key removed successfully.
HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64} => key removed successfully.
HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71} => key removed successfully.
HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708} => key removed successfully.
HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537} => key removed successfully.
HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375} => key removed successfully.
HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{D9BC6FC1-A54B-11D4-A516-0050DA68678D} => key removed successfully.
HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D} => key removed successfully.
HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F} => key removed successfully.
HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313} => key removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key removed successfully.
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GDriveSharedOverlay => key removed successfully.
HKLM\Software\Classes\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => key not found. 
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avast => key removed successfully.
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
 
========= ipconfig /flushdns =========
 
 
 
Windows IP Configuration
 
 
 
Successfully flushed the DNS Resolver Cache.
 
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 9773 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache => 835243 B
Java, Flash, Steam htmlcache => 5760 B
Windows/system/dllcache/drivers => 715515 B
Edge => 0 B
Chrome => 455589327 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Documents and Settings => 0 B
Default User => 66228 B
All Users => 0 B
systemprofile => 388876390 B
LocalService => 360 B
NetworkService => 2113958 B
User => 61828079 B
 
RecycleBin => 631380301 B
EmptyTemp: => 1.4 GB temporary data Removed.
 
================================
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 16-10-2017 10:25:13)
 
 
Result of scheduled keys to remove after reboot:
 
HKLM\System\CurrentControlSet\Services\EraserSvc11720 => key could not remove. Access Denied.
HKLM\System\CurrentControlSet\Services\NAVENG => key could not remove. Access Denied.
HKLM\System\CurrentControlSet\Services\NAVEX15 => key could not remove. Access Denied.
 
==== End of Fixlog 10:25:13 ====
 
 
Zemana found no threats:
Zemana AntiMalware 2.74.2.150 (Installed)
 
-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2017/10/17
Operating System       : Windows XP 32-bit
Processor              : 4X Intel® Core™ i5-2500K CPU @ 3.30GHz
BIOS Mode              : Legacy
CUID                   : 14E6AE83A031651B7246AE
Scan Type              : System Scan
Duration               : 55m 17s
Scanned Objects        : 241540
Detected Objects       : 0
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : Enabled
Detect All Extensions  : Disabled
Scan Documents         : Disabled
Domain Info            : LAB,0,2
 
Detected Objects
-------------------------------------------------------
 
No threats detected
 
The computer does not seem to be quite as bad as it was before but it is still painfully slow.  I can access files remotely (one of the main purposes of this computer is as a common file repository) but the lag is frustrating.


#9 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 985 posts

Posted 17 October 2017 - 04:02 PM

Hi dburkhead and thanks for the logs.

Okay, perform the following scan with ESET Online Scanner.

  • Click on this link to open ESET Online Scanner in a new window.
    • Click on the Scan Now button to download the esetonlinescanner_enu.exe file. Save it to your Desktop.
    • Close all your programs and browsers and disconnect any USB flash drives from the computer.
    • Please disable your antivirus program to avoid potential conflicts, improve the performance and speed up the scan.
    • Double click on esetonlinescanner_enu.exe to start ESET Online Scanner. It will open a window with the Terms of Use.
  • Check mark Download latest version of ESET Online Scanner and click the Accept button.
  • Click Yes to accept any security warnings that may appear.
  • Under Computer scan settings, check mark Enable detection of potentially unwanted applications.
  • Then click Advanced settings and check mark the following options:
    • Enable detection of potentially unsafe applications
    • Clean threats automatically
  • Click the Scan button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats.
  • Click Export, and save the file to your Desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Note: If nothing is found, it will not produce a log.

Re-enable your antivirus program.

In your next reply please post the entire contents of the ESET log (if it produced one).

Android 8888


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.




2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users

Member of

Support SpywareInfo Forum - click the button
PayPal - The safer, easier way to pay online!