Jump to content


Photo

Computer getting glacially slow


  • Please log in to reply
73 replies to this topic

#51 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,047 posts

Posted 07 December 2017 - 03:43 PM

Hello dburkhead.

The Farbar Service Scanner log shows that there are no problems in your system Services.

However, you are only using the built-in Firewall in Windows XP which in addition is disabled.

 

Firewalls are extremely important and are the first part of your computer's defense. A firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet.

 

Please note that the Windows XP Firewall only provides a basic level of protection from external attacks: it blocks unsolicited inbound connections to your computer and doesn't monitor or block outbound traffic and is therefore less effective than other free alternatives.

 

A strong firewall will check both incoming and outgoing internet traffic, and it may well stop outgoing traffic from programs that you have installed unless you tell it explicitly to allow them.

 

I can recommend you one of the following free products:

TinyWall
PrivateFirewall
ZoneAlarm Free Firewall

 

Android 8888


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#52 dburkhead

dburkhead

    Advanced Member

  • Full Member
  • PipPipPip
  • 166 posts

Posted 11 December 2017 - 02:07 PM

The Norton security which was provided by our ISP is supposed to have a Firewall and it claims the firewall is active.  Are you saying that is not the case?



#53 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,047 posts

Posted 11 December 2017 - 03:34 PM

Hello dburkhead.

You're right, I messed up. Please do not consider the suggestions in my previous post.
Okay, please keep testing the computer and let me know if there are any issues or concerns.

Thank you.

Android 8888


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#54 dburkhead

dburkhead

    Advanced Member

  • Full Member
  • PipPipPip
  • 166 posts

Posted 12 December 2017 - 03:02 PM

The computer will seem to be okay for a bit then get's really slow.  I click on the task bar to switch to another app and it will hesitate for 10-15 seconds before the window for that application opens and repaints.  Then, the computer will seem to be fine for the next few minutes.

 

Remote operation appears to be fine.  Opening files from the computer doesn't take longer than with any other computer.



#55 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,047 posts

Posted 13 December 2017 - 05:05 PM

The slowness issue is not malware related. Almost certainly one of the causes are the physical errors on the hard drive.

Go to Start > Control Panel > Add or Remove Programs and remove Zemana AntiMalware from the computer (if you have not already done it).

Then re-run Autoruns (double-click on the icon to open the program);
Select the tab 'Logon';
Uncheck the checkbox of the following lines (if they are present):
Adobe ARM
ZAM

Restart the computer.

Next, read the information on this link and perform a Disk Cleanup on your Windows XP.

After doing the steps above let me know how is the computer behavior.

Android 8888


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#56 dburkhead

dburkhead

    Advanced Member

  • Full Member
  • PipPipPip
  • 166 posts

Posted 14 December 2017 - 02:09 PM

I tried to unsintall Zemana Antimalware.  The process started but the progress bar has been stuck at three "baras" for the past four hours.  It is well and truly frozen.



#57 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,047 posts

Posted 15 December 2017 - 04:18 AM

Hello.

Please try to remove Zemana by using Revo Uninstaller and let me know if you are still having problems in removing the program.

Now I would like to see a new set of FRST logs.

 

Please delete the current FRST file (if you have not already done it).
Download a new version of FRST (32-Bit) from here and save it to the computer Desktop.
Double-click the FRST icon to open the tool and wait a few seconds so the tool can search for updates.
Click the Scan button.
When the scan is finished, it will open two logs (FRST.txt and Addition.txt) on your Desktop.
Please post the entire content of those logs in your next reply.

Thank you.

Android 8888


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#58 dburkhead

dburkhead

    Advanced Member

  • Full Member
  • PipPipPip
  • 166 posts

Posted 19 December 2017 - 09:27 AM

The Zemana uninstall had hung even overnight.  When I used the task manager to close the program I got a notice that "Zemana Anti-Malware has been successfully removed from your system" So I went on with the additional tasks from that iteration.  Have removed the lines from Autoruns.  About to do the restart and disk cleanup after I post this.



#59 dburkhead

dburkhead

    Advanced Member

  • Full Member
  • PipPipPip
  • 166 posts

Posted 20 December 2017 - 12:25 PM

And now things are worse than they were before the last iteration.  Files and folders take an inordinate amount of time to open.

 

The logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-12-2017
Ran by User (administrator) on ASM12 (20-12-2017 12:49:53)
Running from C:\Documents and Settings\User\Desktop\Security
Loaded Profiles: User (Available Profiles: User)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 6 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(CMS Products™, Inc.) C:\Program Files\CMS Products\BounceBack Express\BBWatcherService.exe
(Intel Corporation) C:\WINDOWS\system32\IPROSetMonitor.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.11.2.7\n360.exe
(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
(Canon Inc.) C:\Program Files\Canon\CAL\CALMAIN.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.11.2.7\n360.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
(Insight Software Solutions) C:\PROGRA~1\KEYBOA~1\keyexp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office\1033\MSOFFICE.EXE
() C:\Program Files\CMS Products\BounceBack Express\BBLauncher.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Intuit, Inc.) C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgr.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RemoteControl10] => C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM\...\Run: [Intuit SyncManager] => C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [3776824 2015-02-27] (Intuit Inc. All rights reserved.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20064872 2011-10-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [DVDUpgrade] => DVDUpgrd.exe /async
HKU\S-1-5-21-3680450723-4200196162-3786228007-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk [2012-08-17]
ShortcutTarget: Acrobat Assistant.lnk -> C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Keyboard Express 3.lnk [2016-11-28]
ShortcutTarget: Keyboard Express 3.lnk -> C:\Program Files\Keyboard Express 3\keyexp.exe (Insight Software Solutions)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk [2012-08-14]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\ASM23.txt.lnk [2012-10-05]
ShortcutTarget: ASM23.txt.lnk -> C:\Documents and Settings\User\My Documents\ASM23.txt ()
Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\BounceBack Launcher.lnk [2014-08-29]
ShortcutTarget: BounceBack Launcher.lnk -> C:\Program Files\CMS Products\BounceBack Express\BBStartup.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{CE68ADDF-E41F-46CB-AEA8-29F083998EEE}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <==== ATTENTION
SearchScopes: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2014-05-08] (Adobe Systems Incorporated)
BHO: Watch for Browser Events -> {42A7CE31-CEE7-4CCE-A060-A44A7E52E062} -> C:\Program Files\Keyboard Express 3\kie.dll [2004-02-23] (Insight Software Solutions)
BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\22.11.2.7\coIEPlg.dll [2017-11-10] (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\22.11.2.7\coIEPlg.dll [2017-11-10] (Symantec Corporation)
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll [2016-06-01] (Intuit, Inc.)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\system32\mscoree.dll [2010-03-18] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @canon.com/MycameraPlugin -> C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3680450723-4200196162-3786228007-1003: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\User\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll [2014-05-15] (Citrix Online)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default [2017-12-20]
CHR Extension: (Slides) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-27]
CHR Extension: (Docs) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-27]
CHR Extension: (Google Drive) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-10-27]
CHR Extension: (YouTube) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-27]
CHR Extension: (Norton Security Toolbar) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2017-10-27]
CHR Extension: (Sheets) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-27]
CHR Extension: (Google Docs Offline) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-11-01]
CHR Extension: (Norton Identity Safe) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2017-10-27]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-10-27]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-27]
CHR Extension: (Gmail) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-10-27]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.11.2.7\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3680450723-4200196162-3786228007-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 BBWatcherService; C:\Program Files\CMS Products\BounceBack Express\BBWatcherService.exe [36864 2008-01-02] (CMS Products™, Inc.) [File not signed]
R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96334 2009-09-08] (Canon Inc.) [File not signed]
R2 Intel® PROSet Monitoring Service; C:\WINDOWS\system32\IProsetMonitor.exe [117920 2011-08-15] (Intel Corporation)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\22.11.2.7\N360.exe [288504 2017-11-10] (Symantec Corporation)
R2 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2015-02-27] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2015-02-27] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2011-12-06] (Intuit Inc.) [File not signed]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R1 BHDrvx86; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\BASHDefs\20171218.003\BHDrvx86.sys [1367704 2017-10-11] (Symantec Corporation)
R1 ccSet_N360; C:\WINDOWS\system32\drivers\N360\160B020.007\ccSetx86.sys [147096 2017-11-10] (Symantec Corporation)
R3 e1qexpress; C:\WINDOWS\System32\DRIVERS\e1q5132.sys [192680 2011-06-21] (Intel Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [393368 2017-10-18] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [126616 2017-11-18] (Symantec Corporation)
R2 Hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [685056 2005-07-28] (Aladdin Knowledge Systems Ltd.)
R3 IDSxpx86; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\IPSDefs\20171219.001\IDSxpx86.sys [759448 2017-11-15] (Symantec Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R1 SRTSP; C:\WINDOWS\System32\Drivers\N360\160B020.007\SRTSP.SYS [662680 2017-11-10] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\N360\160B020.007\SRTSPX.SYS [41112 2017-11-10] (Symantec Corporation)
R0 SymEFASI; C:\WINDOWS\System32\drivers\N360\160B020.007\SYMEFASI.SYS [1459352 2017-11-10] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [89288 2017-11-16] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\N360\160B020.007\Ironx86.SYS [241920 2017-11-10] (Symantec Corporation)
R1 SYMTDI; C:\WINDOWS\System32\Drivers\N360\160B020.007\SYMTDI.SYS [382216 2017-11-10] (Symantec Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam32.sys [181496 2017-10-17] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard32.sys [181496 2017-10-17] (Zemana Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-11-28 09:55 - 2017-12-20 12:49 - 000050407 _____ C:\WINDOWS\ZAM.krnl.trace
2017-11-28 09:55 - 2017-12-20 12:49 - 000032190 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-11-25 19:14 - 2017-11-28 15:13 - 000001324 ____N C:\WINDOWS\system32\d3d9caps.dat
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-12-20 12:51 - 2017-10-22 10:14 - 000000000 ____D C:\Documents and Settings\User\Local Settings\Temp
2017-12-20 12:49 - 2017-09-28 14:00 - 000000000 ____D C:\Documents and Settings\User\Desktop\Security
2017-12-20 12:49 - 2017-07-31 09:54 - 000000000 ____D C:\FRST
2017-12-20 12:47 - 2014-04-09 10:06 - 000000830 ____C C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-12-20 12:38 - 2013-06-06 11:21 - 000000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-12-20 10:10 - 2012-10-10 16:56 - 000000000 ____D C:\Shared docs
2017-12-20 09:47 - 2011-12-05 10:44 - 000031910 _____ C:\WINDOWS\SchedLgU.Txt
2017-12-20 04:26 - 2011-12-05 05:16 - 000000000 RSHDC C:\WINDOWS\system32\dllcache
2017-12-20 01:30 - 2014-08-29 12:34 - 000000000 ____D C:\Documents and Settings\User\Local Settings\Application Data\BounceBack Express
2017-12-19 14:38 - 2013-06-06 11:21 - 000000882 ____N C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-12-19 13:36 - 2011-12-05 10:31 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2017-12-19 10:49 - 2016-11-28 13:05 - 000000000 ____D C:\Program Files\Keyboard Express 3
2017-12-19 10:47 - 2014-03-24 12:22 - 000000220 ____C C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2017-12-19 10:47 - 2008-04-14 07:00 - 000012598 ____C C:\WINDOWS\system32\wpa.dbl
2017-12-19 10:36 - 2015-07-23 14:57 - 008405015 ____N C:\WINDOWS\TempFile
2017-12-19 10:35 - 2011-12-05 10:44 - 000000006 ___HC C:\WINDOWS\Tasks\SA.DAT
2017-12-19 10:31 - 2011-12-05 10:44 - 000000178 __SHC C:\Documents and Settings\User\ntuser.ini
2017-12-15 09:24 - 2017-10-17 09:17 - 000000000 ____D C:\Program Files\Zemana AntiMalware
2017-12-08 15:00 - 2014-03-24 12:22 - 000000214 ____C C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2017-12-02 13:19 - 2011-12-05 05:16 - 000000000 ___HD C:\WINDOWS\inf
2017-11-28 15:16 - 2012-08-14 09:43 - 000002477 ____C C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Excel.lnk
2017-11-28 15:15 - 2012-08-14 09:43 - 000002479 ____C C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
2017-11-28 09:57 - 2014-04-17 11:50 - 000458450 ____C C:\WINDOWS\ntbtlog.txt
2017-11-28 09:51 - 2016-10-05 10:26 - 000926456 ____N C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2017-11-22 13:43 - 2015-06-04 12:04 - 000000000 ____D C:\WINDOWS\system32\Drivers\N360
2017-11-22 13:42 - 2015-08-11 15:27 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Norton Security Suite
2017-11-22 13:42 - 2015-06-04 12:05 - 000001983 ____N C:\Documents and Settings\All Users\Desktop\Norton Security Suite.LNK
2017-11-22 13:38 - 2012-10-06 18:33 - 001188526 ____C C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3680450723-4200196162-3786228007-1003-0.dat
2017-11-22 13:38 - 2012-10-06 18:33 - 000164638 ____C C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
 
==================== Files in the root of some directories =======
 
2017-07-25 21:04 - 2017-07-25 22:36 - 008111467 ____C () C:\Documents and Settings\User\Local Settings\Application Data\12C backup - 20140829133210-3281.BB
2008-02-05 14:28 - 2008-02-05 14:28 - 000000051 ____C () C:\Documents and Settings\User\Local Settings\Application Data\setup.txt
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-12-2017
Ran by User (20-12-2017 12:52:04)
Running from C:\Documents and Settings\User\Desktop\Security
Microsoft Windows XP Professional Service Pack 3 (X86) (2017-05-11 18:55:48)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3680450723-4200196162-3786228007-500 - Administrator - Enabled)
ASPNET (S-1-5-21-3680450723-4200196162-3786228007-1004 - Limited - Enabled)
Guest (S-1-5-21-3680450723-4200196162-3786228007-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-3680450723-4200196162-3786228007-1005 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-3680450723-4200196162-3786228007-1002 - Limited - Disabled)
User (S-1-5-21-3680450723-4200196162-3786228007-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\User
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Security Suite (Enabled - Up to date) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite (Disabled) {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ACT! (HKLM\...\ACT!) (Version:  - )
Adobe Acrobat 5.0 (HKLM\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe Flash Player 22 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Advertising Center (HKLM\...\{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}) (Version: 0.0.0.1 - Nero AG) Hidden
AJC Directory Synchronizer v1.16.6 (HKLM\...\AJC Directory Synchronizer_is1) (Version:  - AJC Software)
BounceBack Express (HKU\S-1-5-21-3680450723-4200196162-3786228007-1003\...\{95632566-071E-4A02-92C1-4BD907065736}) (Version: 8.0 - CMS Products)
Canon Camera Access Library (HKLM\...\CAL) (Version: 8.5.0.2 - Canon Inc.)
Canon DIGITAL CAMERA Solution Disk Software Guide (HKLM\...\Software Guide) (Version: 1.6.0.1 - Canon Inc.)
CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM\...\MyCamera Download Plugin) (Version: 3.1.1.2 - Canon Inc.)
Canon MOV Decoder (HKLM\...\Canon MOV Decoder) (Version: 1.9.0.8 - Canon Inc.)
Canon PowerShot SX150 IS Camera User Guide (HKLM\...\CameraUserGuide-PSSX150IS) (Version: 1.0.0.1 - Canon Inc.)
Canon Utilities CameraWindow DC 8 (HKLM\...\CameraWindowDC8) (Version: 8.6.0.11 - Canon Inc.)
Canon Utilities CameraWindow Launcher (HKLM\...\CameraWindowLauncher) (Version: 7.6.0.1 - Canon Inc.)
Canon Utilities Movie Uploader for YouTube (HKLM\...\MovieUploaderForYouTube) (Version: 1.3.0.3 - Canon Inc.)
Canon Utilities MyCamera (HKLM\...\MyCamera) (Version: 7.5.0.1 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
CD Catalog Expert 9.30.807.11 (HKLM\...\CD Catalog Expert_is1) (Version:  - eTeSoft)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink PowerDVD 10 (HKLM\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.2312.02 - CyberLink Corp.)
DiscTrack Plus (HKLM\...\DiscTrack Plus) (Version:  - )
DolbyFiles (HKLM\...\{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}) (Version: 0.1 - Nero AG) Hidden
Dropbox (HKU\S-1-5-21-3680450723-4200196162-3786228007-1003\...\Dropbox) (Version: 2.0.26 - Dropbox, Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 7.16.0.4800 (HKU\S-1-5-21-3680450723-4200196162-3786228007-1003\...\GoToMeeting) (Version: 7.16.0.4800 - CitrixOnline)
Hardlock Device Drivers (HKLM\...\Hardlock Device Drivers) (Version:  - )
Image Importer Wizard (HKLM\...\{20EDB9A7-887F-47ED-B1E6-E2831FAD276F}) (Version: 3.0 - )
ImagXpress (HKLM\...\{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}) (Version: 7.0.74.0 - Nero AG) Hidden
Intel® Network Connections 16.6.126.0 (HKLM\...\{357A82F9-B5FF-46C8-ABA2-104695E0F1D1}) (Version: 16.6.126.0 - Intel)
Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.10.5387 - Intel Corporation)
Jasc Paint Shop Pro 8 (HKLM\...\{81A34902-9D0B-4920-A25C-4CDC5D14B328}) (Version: 8.00.0000 - Jasc Software Inc)
Jasc Paint Shop Pro 8.10 Update Patch (HKLM\...\Jasc Paint Shop Pro 8.10 Update Patch) (Version:  - )
Keyboard Express 3 (HKLM\...\Keyboard Express 3) (Version: 3.0 - Insight Software Solutions, Inc.)
Menu Templates - Starter Kit (HKLM\...\{B78120A0-CF84-4366-A393-4D0A59BC546C}) (Version: 9.4.2.0 - Nero AG) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2000 Premium (HKLM\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Nanoscope 5.31r1 (HKLM\...\Nanoscope 5.31r1) (Version:  - )
Nero 9 Essentials (HKLM\...\{a01dd7e5-ef6c-43b7-aa39-be7be987539f}) (Version:  - Nero AG)
Network ScanGear Ver.1.4 (HKLM\...\{16EFC313-F083-4C16-AEB7-1FF1A4343540}) (Version:  - )
Norton Security Suite (HKLM\...\N360) (Version: 22.11.2.7 - Symantec Corporation)
QuickBooks (HKLM\...\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}) (Version: 22.0.4016.2206 - Intuit Inc.) Hidden
QuickBooks Pro 2012 (HKLM\...\{22057D8D-7CC8-46FF-AD8C-9BD24F9014F3}) (Version: 22.0.4016.2206 - Intuit Inc.)
QuickBooks Pro Timer (HKLM\...\{6D49994F-2E35-4932-B9ED-D2F4EEBF91A2}) (Version: 8.00.0000 - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.6482 - Realtek Semiconductor Corp.)
Solid Edge Viewer ST4 (HKLM\...\{F2658C51-8FB6-4DAD-AF6E-71ECE035FBA4}) (Version: 104.00.00082 - Siemens)
TinyCAD 2.80.03 (HKLM\...\TinyCAD) (Version: 2.80.03 - TinyCAD)
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden
WinDirStat 1.1.2 (HKU\S-1-5-21-3680450723-4200196162-3786228007-1003\...\WinDirStat) (Version:  - )
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
WinRAR 5.40 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{4A56F19E-9F50-4F43-93C8-050E44AA83A9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{4CA41277-032D-4a20-B225-371EBA96ABF2}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2012\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{5ED8AC89-B2DE-476D-8EEA-E170B2FCB058}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{7694F1CD-A55B-4B7C-8820-A90892EB4E9E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\1350\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2012\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{F2C593CC-74B2-4F71-8556-DD4D426D0409}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2012\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine\22.11.2.7\buShell.dll [2017-11-10] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine\22.11.2.7\buShell.dll [2017-11-10] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine\22.11.2.7\buShell.dll [2017-11-10] (Symantec Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.19.dll [2013-06-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.19.dll [2013-06-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.19.dll [2013-06-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.19.dll [2013-06-05] (Dropbox, Inc.)
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll [2017-10-17] ()
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Security Suite\Engine\22.11.2.7\buShell.dll [2017-11-10] (Symantec Corporation)
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security Suite\Engine\22.11.2.7\NavShExt.dll [2017-11-10] (Symantec Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security Suite\Engine\22.11.2.7\NavShExt.dll [2017-11-10] (Symantec Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2011-09-30] (Intel Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll [2017-10-17] ()
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Security Suite\Engine\22.11.2.7\buShell.dll [2017-11-10] (Symantec Corporation)
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security Suite\Engine\22.11.2.7\NavShExt.dll [2017-11-10] (Symantec Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-3680450723-4200196162-3786228007-1003: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.19.dll [2013-06-05] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-3680450723-4200196162-3786228007-1003: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.19.dll [2013-06-05] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-3680450723-4200196162-3786228007-1003: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.19.dll [2013-06-05] (Dropbox, Inc.)
 
==================== Scheduled Tasks=============================
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Documents and Settings\User\NetHood\www.asmicro.com\target.lnk -> hxxp://www.asmicro.co
 
==================== Loaded Modules (Whitelisted) ==============
 
2012-08-17 15:38 - 2001-10-11 16:34 - 000077824 _____ () C:\Program Files\Adobe\Acrobat 5.0\Distillr\adistres.dll
2017-10-17 09:17 - 2017-10-17 09:17 - 000131952 ____C () C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll
2014-08-29 12:29 - 2008-01-02 13:17 - 000107832 _____ () C:\Program Files\CMS Products\BounceBack Express\BBLauncher.exe
2016-09-07 14:18 - 2016-09-06 11:00 - 005197312 ____C () C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.3.0.1\libglesv2.dll
2016-09-07 14:18 - 2016-09-06 11:00 - 000147456 ____C () C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.3.0.1\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2008-04-14 07:00 - 2017-10-31 12:31 - 000000855 ____N C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3680450723-4200196162-3786228007-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.1.1
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
DomainProfile\AuthorizedApplications: [C:\Program Files\CyberLink\PowerDVD10\PowerDVD10.exe] => Enabled:CyberLink PowerDVD 10.0
StandardProfile\AuthorizedApplications: [C:\Program Files\CyberLink\PowerDVD10\PowerDVD10.exe] => Enabled:CyberLink PowerDVD 10.0
StandardProfile\AuthorizedApplications: [C:\Program Files\AJC Software\AJC Directory Synchronizer\AJCDirS.exe] => Enabled:AJC Directory Synchronizer
StandardProfile\AuthorizedApplications: [C:\Program Files\Intuit\QuickBooks 2012\QBDBMgrN.exe] => Enabled:QuickBooks 2012 Data Manager
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe] => Enabled:Dropbox
StandardProfile\AuthorizedApplications: [C:\WINDOWS\explorer.exe] => Enabled:Windows Explorer
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
==================== Restore Points =========================
 
12-09-2017 11:08:51 System Checkpoint
13-09-2017 16:36:48 System Checkpoint
16-09-2017 01:57:22 System Checkpoint
17-09-2017 03:56:27 System Checkpoint
20-09-2017 19:24:34 System Checkpoint
22-09-2017 11:59:07 System Checkpoint
23-09-2017 12:05:00 System Checkpoint
25-09-2017 21:18:20 System Checkpoint
27-09-2017 13:26:45 System Checkpoint
28-09-2017 14:05:44 JRT Pre-Junkware Removal
01-10-2017 18:31:10 System Checkpoint
03-10-2017 07:42:43 System Checkpoint
03-10-2017 14:53:21 Removed Backup and Sync from Google
03-10-2017 14:56:05 Removed Citrix Online Launcher
05-10-2017 16:00:55 System Checkpoint
06-10-2017 16:21:04 System Checkpoint
16-10-2017 09:19:27 Restore Point Created by FRST
16-10-2017 09:43:18 JRT Pre-Junkware Removal
18-10-2017 02:32:58 System Checkpoint
19-10-2017 13:45:00 System Checkpoint
21-10-2017 08:57:55 System Checkpoint
22-10-2017 10:01:04 zoek.exe restore point
23-10-2017 10:42:05 System Checkpoint
28-10-2017 07:43:40 System Checkpoint
31-10-2017 01:56:46 System Checkpoint
01-11-2017 02:00:52 Software Distribution Service 3.0
02-11-2017 02:15:39 System Checkpoint
03-11-2017 05:07:13 System Checkpoint
04-11-2017 05:44:43 System Checkpoint
05-11-2017 06:44:48 System Checkpoint
06-11-2017 07:44:44 System Checkpoint
09-11-2017 12:27:50 System Checkpoint
11-11-2017 16:49:40 System Checkpoint
15-11-2017 03:00:36 Software Distribution Service 3.0
16-11-2017 12:29:54 System Checkpoint
20-11-2017 12:22:38 System Checkpoint
22-11-2017 10:43:26 System Checkpoint
22-11-2017 13:22:37 Revo Uninstaller's restore point - Secunia PSI (3.0.0.11005)
24-11-2017 01:45:10 System Checkpoint
27-11-2017 11:18:18 System Checkpoint
05-12-2017 13:11:31 System Checkpoint
06-12-2017 13:28:16 System Checkpoint
08-12-2017 20:20:54 System Checkpoint
09-12-2017 20:56:03 System Checkpoint
11-12-2017 16:26:21 System Checkpoint
14-12-2017 03:51:20 System Checkpoint
15-12-2017 05:02:01 System Checkpoint
 
==================== Faulty Device Manager Devices =============
 
Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/19/2017 01:30:41 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
 
Error: (12/19/2017 01:30:41 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
 
Error: (12/19/2017 01:30:41 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
 
Error: (12/19/2017 10:16:17 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application chrome.exe, version 49.0.2623.112, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (12/18/2017 02:44:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application autoruns.exe, version 13.80.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (12/11/2017 11:32:19 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
 
Error: (12/11/2017 11:32:19 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
 
Error: (12/11/2017 11:32:19 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
 
Error: (11/28/2017 03:12:41 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
 
Error: (11/28/2017 03:12:41 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
 
 
System errors:
=============
Error: (12/19/2017 06:00:22 PM) (Source: 0) (EventID: 7) (User: )
Description: Event-ID 7
 
Error: (12/19/2017 06:00:22 PM) (Source: 0) (EventID: 7) (User: )
Description: Event-ID 7
 
Error: (12/19/2017 10:40:48 AM) (Source: 0) (EventID: 4321) (User: )
Description: Event-ID 4321
 
Error: (12/19/2017 10:36:09 AM) (Source: 0) (EventID: 4311) (User: )
Description: Event-ID 4311
 
Error: (12/19/2017 09:55:51 AM) (Source: 0) (EventID: 4311) (User: )
Description: Event-ID 4311
 
Error: (12/19/2017 09:52:26 AM) (Source: 0) (EventID: 4321) (User: )
Description: Event-ID 4321
 
Error: (12/19/2017 09:40:19 AM) (Source: 0) (EventID: 4321) (User: )
Description: Event-ID 4321
 
Error: (12/19/2017 09:28:15 AM) (Source: 0) (EventID: 4321) (User: )
Description: Event-ID 4321
 
Error: (12/19/2017 09:16:08 AM) (Source: 0) (EventID: 4321) (User: )
Description: Event-ID 4321
 
Error: (12/19/2017 09:04:02 AM) (Source: 0) (EventID: 4321) (User: )
Description: Event-ID 4321
 
 
==================== Memory info =========================== 
 
Processor:  Intel® Core™ i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 33%
Total physical RAM: 3488.02 MB
Available physical RAM: 2313.59 MB
Total Virtual: 5369.82 MB
Available Virtual: 4041.48 MB
 
==================== Drives ================================
 
Drive c: (WinXP) (Fixed) (Total:465.76 GB) (Free:368.56 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: (D) (Fixed) (Total:465.76 GB) (Free:276.75 GB) NTFS
Drive t: (ASM8112) (Fixed) (Total:2794.45 GB) (Free:1325.25 GB) NTFS
Drive x: () (Network) (Total:465.76 GB) (Free:368.56 GB) 
Drive y: () (Network) (Total:465.76 GB) (Free:368.56 GB) 
Drive z: () (Network) (Total

#60 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,047 posts

Posted 24 December 2017 - 12:11 PM

Hello dburkhead and Merry Christmas!

I'm sorry for the delay.

Please enable your Norton Security Suite Firewall.

Now let's cleanup some remnants with FRST.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Press the Windows key + R on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and click the OK button.
Please copy the entire contents of the code box below. To do this highlight the contents of the box and right click on it and select Copy.
Paste this into the open Notepad.
 

Start::
CreateRestorePoint:
CloseProcesses:
EmptyTemp:
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <==== ATTENTION
SearchScopes: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.11.2.7\Exts\Chrome.crx <not found>
R1 ZAM; C:\WINDOWS\System32\drivers\zam32.sys [181496 2017-10-17] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard32.sys [181496 2017-10-17] (Zemana Ltd.)
2017-11-28 09:55 - 2017-12-20 12:49 - 000050407 _____ C:\WINDOWS\ZAM.krnl.trace
2017-11-28 09:55 - 2017-12-20 12:49 - 000032190 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
C:\WINDOWS\System32\drivers\zam32.sys
C:\WINDOWS\System32\drivers\zamguard32.sys
End::

Save the file as fixlist.txt in to the same folder as FRST.
Right-click the FRST icon and select Run as administrator to run the tool.
Click the Fix button only once and wait.
When finished FRST will generate a log (Fixlog.txt) on the same folder where FRST is located. Please post its content to your next reply.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.


Next,

I need you perform a Clean boot on your Windows XP. The clean boot can help you find out if a program is conflicting and causing the slowness.

Please read carefully the instructions on the link below and perform a clean boot on your Windows XP.
https://www.pctechgu...p/clean-booting

In your next reply, please post the Fixlog.txt and let me know if you have any improvement regarding the slowness.

Android 8888


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#61 dburkhead

dburkhead

    Advanced Member

  • Full Member
  • PipPipPip
  • 166 posts

Posted 29 December 2017 - 05:12 PM

running FRST now while on my way out the door.  Will report after the holiday weekend



#62 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,047 posts

Posted 31 December 2017 - 07:04 AM

Hello dburkhead.

 

I will wait for your reply.

 

Happy New Year! :thumbsup:

 

Android 8888


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#63 dburkhead

dburkhead

    Advanced Member

  • Full Member
  • PipPipPip
  • 166 posts

Posted 02 January 2018 - 10:21 AM

FRST froze somewhere along the way.  A fixlog.text file was nevertheless generated.  Here's the result.

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 26-12-2017
Ran by User (29-12-2017 18:28:47) Run:2
Running from C:\Documents and Settings\User\Desktop\Security
Loaded Profiles: User (Available Profiles: User)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
EmptyTemp:
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <==== ATTENTION
SearchScopes: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.11.2.7\Exts\Chrome.crx <not found>
R1 ZAM; C:\WINDOWS\System32\drivers\zam32.sys [181496 2017-10-17] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard32.sys [181496 2017-10-17] (Zemana Ltd.)
2017-11-28 09:55 - 2017-12-20 12:49 - 000050407 _____ C:\WINDOWS\ZAM.krnl.trace
2017-11-28 09:55 - 2017-12-20 12:49 - 000032190 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
C:\WINDOWS\System32\drivers\zam32.sys
C:\WINDOWS\System32\drivers\zamguard32.sys
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => value restored successfully
"HKU\S-1-5-21-3680450723-4200196162-3786228007-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}" => removed successfully.
HKLM\Software\Classes\CLSID\{012E1000-F331-11DB-8314-0800200C9A66} => not found
"HKLM\SOFTWARE\Google\Chrome\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe" => removed successfully.


#64 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,047 posts

Posted 07 January 2018 - 06:50 AM

Hello dburkhead.

 

I apologize for the delay in responding.

 

It appears that the contents of Fixlog.txt are not complete. Please open the Fixlog.txt file and make sure you copied and pasted the entire contents in your previous reply. If not, please do it now.

 

Did you already tried to do a clean boot as instructed in my post #60? If not, please do it and let me know how you get on.

 

Android 8888


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#65 dburkhead

dburkhead

    Advanced Member

  • Full Member
  • PipPipPip
  • 166 posts

Posted 08 January 2018 - 08:44 AM

As I mentioned FRST froze somewhere along the way so I don't think it finished running.  The fixlog.txt was whatever it had completed up to the point of freezing.

 

I hadn't gotten to the clean boot part because running FRST came before that and it had frozen.  Let me look at that now.



#66 dburkhead

dburkhead

    Advanced Member

  • Full Member
  • PipPipPip
  • 166 posts

Posted 08 January 2018 - 11:51 AM

I tried the clean boot for a little bit.  Applications seemed to open quickly.  Of course, with the services shut down I didn't have network access.  I could not use the computer in this configuration so for the time being I have stored normal startup.  I can do a more thorough exploration later if I can get a chance to take the computer completely offline for a while.



#67 dburkhead

dburkhead

    Advanced Member

  • Full Member
  • PipPipPip
  • 166 posts

Posted 09 January 2018 - 08:50 AM

My boss is getting quite frustrated by the time it is taking to figure this out (this is not really a criticism--the back and forth and step by step approach takes time--but in the meantime the computer is not working as it should and is slowing down our operation).  His proposal is to abandon this, back up the computer to save any data, then roll back to an earlier backup of the computer from before the problem appeared.  And if we move our data off the program drive, should the problem recur again, we simply roll back again.

 

At this point I don't really have a counter-argument to offer him.

 

Thoughts or suggestions?



#68 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,047 posts

Posted 09 January 2018 - 03:50 PM

Hello dburkhead.

Yes, the step by step approach takes time and I undersMy tand that time is money. As I already stated in a previous post, this problem is not malware related.

First of all, I suggest you made a complete backup of all your important and necessary data.

The next point is restore the computer to an earlier point to the emergence of the problem and check if the slowness issue remains.

If the issue persists, I strongly suggest you reinstall the Operating System from scratch.

IMPORTANT: Prior to a new install and due to the physical damages (bad sectors) that were found in your Hard Disk Drive --- see the CHKDSK results in post #33 --- I highly recommend you replace the present Hard Disk Drive as soon as possible. I recommend the replacement with a Solid State Drive for the re-installation of the Operating System and programs and suggest the other important data storage on an external Hard Disk Drive.

Also be aware that if you reinstall Windows XP from scratch and unless you have the Service Pack 3 disk, you may loose many important and critical updates, although it is an Operating System which Microsoft support ended in April 2014!

Please let me know what you decide to do.

Android 8888


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#69 dburkhead

dburkhead

    Advanced Member

  • Full Member
  • PipPipPip
  • 166 posts

Posted 09 January 2018 - 04:25 PM

That was one of the questions my boss had.  Making sure we got all critical updates.  Also, have their been any updates other than the wannacrypt patch since end of support?



#70 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,047 posts

Posted 10 January 2018 - 02:23 PM

As far as I know, I don't think that happened.

After Windows XP Support ended, Microsoft has no longer been issuing any security updates for this operating system. The WannaCrypt patch was an exception.

 

So, if a new flaw in Windows XP Operating System is discovered, it will go unpatched. Potentially, this means that hackers could target the new flaw, letting them infect a Windows XP computer.


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#71 dburkhead

dburkhead

    Advanced Member

  • Full Member
  • PipPipPip
  • 166 posts

Posted Yesterday, 12:27 PM

We have migrated our boot drive to a 256 GB SSD drive.  So far that, right there, seems to have solved the speed issue.  We're doing some extended testing before considering the problem solved but so far it looks good.

 

With using the SSD drive, we are also wanting to move the data off it as much as possible and leave it strictly for programs (and, I think, the Windows swapfile).  Back the day I reorganized my then computer (a W2K machine) to put the "My Documents" on a separate physical drive from the boot/program drive for much the same reason, to separate programs from data. As I recall it was a real chore, involving copying the folder then hand editing the registry so that every reference pointed to the new location.

 
I would like to do the same thing with drive on this one if possible. Or maybe not just "My Documents" but the whole "Documents and settings" heirarchy. Is there an easier way (and less peril fraught--I am always nervous about making extensive hand-edits to the registry) to do that than what I had to do with my old W2K machine? (On a separate note, not as part of the current problem, I might want to do the same on another computer running Win7.)

Edited by dburkhead, Yesterday, 12:39 PM.


#72 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,047 posts

Posted Yesterday, 03:40 PM

Hello dburkhead.

Great news about the speed of the computer.

 

As I recall it was a real chore, involving copying the folder then hand editing the registry so that every reference pointed to the new location.

You do not need to touch in the Registry to do that.

Read the information in the following link and see if that can help you:

How to move your libraries to a second drive or partition

Please keep me posted.

 

Android 8888


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#73 dburkhead

dburkhead

    Advanced Member

  • Full Member
  • PipPipPip
  • 166 posts

Posted Yesterday, 04:22 PM

That set of procedures does not seem to apply to Windows XP.  At least the first step (after drives are set up) for opening user folder does not work in XP.



#74 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,047 posts

Posted Yesterday, 06:09 PM

Okay, try the following one:
 
How to Change the Default Location of the My Documents Folder


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.




Member of

Support SpywareInfo Forum - click the button
PayPal - The safer, easier way to pay online!