79 replies to this topic

[Android 8888]

Hello dburkhead.

The Farbar Service Scanner log shows that there are no problems in your system Services.

However, you are only using the built-in Firewall in Windows XP which in addition is disabled.

 

Firewalls are extremely important and are the first part of your computer's defense. A firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet.

 

Please note that the Windows XP Firewall only provides a basic level of protection from external attacks: it blocks unsolicited inbound connections to your computer and doesn't monitor or block outbound traffic and is therefore less effective than other free alternatives.

 

A strong firewall will check both incoming and outgoing internet traffic, and it may well stop outgoing traffic from programs that you have installed unless you tell it explicitly to allow them.

 

I can recommend you one of the following free products:

TinyWall
PrivateFirewall
ZoneAlarm Free Firewall

 

Android 8888

[dburkhead]

The Norton security which was provided by our ISP is supposed to have a Firewall and it claims the firewall is active.  Are you saying that is not the case?

[Android 8888]

Hello dburkhead.

You're right, I messed up. Please do not consider the suggestions in my previous post.
Okay, please keep testing the computer and let me know if there are any issues or concerns.

Thank you.

Android 8888

[dburkhead]

The computer will seem to be okay for a bit then get's really slow.  I click on the task bar to switch to another app and it will hesitate for 10-15 seconds before the window for that application opens and repaints.  Then, the computer will seem to be fine for the next few minutes.

 

Remote operation appears to be fine.  Opening files from the computer doesn't take longer than with any other computer.

[Android 8888]

The slowness issue is not malware related. Almost certainly one of the causes are the physical errors on the hard drive.

Go to Start > Control Panel > Add or Remove Programs and remove Zemana AntiMalware from the computer (if you have not already done it).

Then re-run Autoruns (double-click on the icon to open the program);
Select the tab 'Logon';
Uncheck the checkbox of the following lines (if they are present):
Adobe ARM
ZAM

Restart the computer.

Next, read the information on this link and perform a Disk Cleanup on your Windows XP.

After doing the steps above let me know how is the computer behavior.

Android 8888

[dburkhead]

I tried to unsintall Zemana Antimalware.  The process started but the progress bar has been stuck at three "baras" for the past four hours.  It is well and truly frozen.

[Android 8888]

Hello.

Please try to remove Zemana by using Revo Uninstaller and let me know if you are still having problems in removing the program.

Now I would like to see a new set of FRST logs.

 

Please delete the current FRST file (if you have not already done it).
Download a new version of FRST (32-Bit) from here and save it to the computer Desktop.
Double-click the FRST icon to open the tool and wait a few seconds so the tool can search for updates.
Click the Scan button.
When the scan is finished, it will open two logs (FRST.txt and Addition.txt) on your Desktop.
Please post the entire content of those logs in your next reply.

Thank you.

Android 8888

[dburkhead]

The Zemana uninstall had hung even overnight.  When I used the task manager to close the program I got a notice that "Zemana Anti-Malware has been successfully removed from your system" So I went on with the additional tasks from that iteration.  Have removed the lines from Autoruns.  About to do the restart and disk cleanup after I post this.

[dburkhead]

And now things are worse than they were before the last iteration.  Files and folders take an inordinate amount of time to open.

 

The logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-12-2017

Ran by User (administrator) on ASM12 (20-12-2017 12:49:53)

Running from C:\Documents and Settings\User\Desktop\Security

Loaded Profiles: User (Available Profiles: User)

Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)

Internet Explorer Version 6 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(CMS Products™, Inc.) C:\Program Files\CMS Products\BounceBack Express\BBWatcherService.exe

(Intel Corporation) C:\WINDOWS\system32\IPROSetMonitor.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.11.2.7\n360.exe

(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

(Intuit Inc.) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe

(Canon Inc.) C:\Program Files\Canon\CAL\CALMAIN.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.11.2.7\n360.exe

(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe

(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe

(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe

(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe

(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE

(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe

(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

(Insight Software Solutions) C:\PROGRA~1\KEYBOA~1\keyexp.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office\1033\MSOFFICE.EXE

() C:\Program Files\CMS Products\BounceBack Express\BBLauncher.exe

(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

(Intuit, Inc.) C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgr.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [RemoteControl10] => C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)

HKLM\...\Run: [Intuit SyncManager] => C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [3776824 2015-02-27] (Intuit Inc. All rights reserved.)

HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20064872 2011-10-14] (Realtek Semiconductor Corp.)

HKLM\...\Run: [DVDUpgrade] => DVDUpgrd.exe /async

HKU\S-1-5-21-3680450723-4200196162-3786228007-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk [2012-08-17]

ShortcutTarget: Acrobat Assistant.lnk -> C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Keyboard Express 3.lnk [2016-11-28]

ShortcutTarget: Keyboard Express 3.lnk -> C:\Program Files\Keyboard Express 3\keyexp.exe (Insight Software Solutions)

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk [2012-08-14]

ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\ASM23.txt.lnk [2012-10-05]

ShortcutTarget: ASM23.txt.lnk -> C:\Documents and Settings\User\My Documents\ASM23.txt ()

Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\BounceBack Launcher.lnk [2014-08-29]

ShortcutTarget: BounceBack Launcher.lnk -> C:\Program Files\CMS Products\BounceBack Express\BBStartup.exe ()

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{CE68ADDF-E41F-46CB-AEA8-29F083998EEE}: [DhcpNameServer] 192.168.1.1

 

Internet Explorer:

==================

HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <==== ATTENTION

SearchScopes: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}

BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2014-05-08] (Adobe Systems Incorporated)

BHO: Watch for Browser Events -> {42A7CE31-CEE7-4CCE-A060-A44A7E52E062} -> C:\Program Files\Keyboard Express 3\kie.dll [2004-02-23] (Insight Software Solutions)

BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\22.11.2.7\coIEPlg.dll [2017-11-10] (Symantec Corporation)

Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\22.11.2.7\coIEPlg.dll [2017-11-10] (Symantec Corporation)

Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll [2016-06-01] (Intuit, Inc.)

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\system32\mscoree.dll [2010-03-18] (Microsoft Corporation)

 

FireFox:

========

FF Plugin: @canon.com/MycameraPlugin -> C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.)

FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)

FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-3680450723-4200196162-3786228007-1003: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\User\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll [2014-05-15] (Citrix Online)

 

Chrome: 

=======

CHR DefaultProfile: Default

CHR Profile: C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default [2017-12-20]

CHR Extension: (Slides) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-27]

CHR Extension: (Docs) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-27]

CHR Extension: (Google Drive) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-10-27]

CHR Extension: (YouTube) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-27]

CHR Extension: (Norton Security Toolbar) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2017-10-27]

CHR Extension: (Sheets) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-27]

CHR Extension: (Google Docs Offline) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-11-01]

CHR Extension: (Norton Identity Safe) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2017-10-27]

CHR Extension: (Application Launcher for Drive (by Google)) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-10-27]

CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-27]

CHR Extension: (Gmail) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-10-27]

CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.11.2.7\Exts\Chrome.crx <not found>

CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

CHR HKU\S-1-5-21-3680450723-4200196162-3786228007-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

 

==================== Services (Whitelisted) ====================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 BBWatcherService; C:\Program Files\CMS Products\BounceBack Express\BBWatcherService.exe [36864 2008-01-02] (CMS Products™, Inc.) [File not signed]

R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96334 2009-09-08] (Canon Inc.) [File not signed]

R2 Intel® PROSet Monitoring Service; C:\WINDOWS\system32\IProsetMonitor.exe [117920 2011-08-15] (Intel Corporation)

R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\22.11.2.7\N360.exe [288504 2017-11-10] (Symantec Corporation)

R2 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2015-02-27] (Intuit) [File not signed]

S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2015-02-27] (Intuit Inc.) [File not signed]

R2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2011-12-06] (Intuit Inc.) [File not signed]

 

===================== Drivers (Whitelisted) ======================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)

R1 BHDrvx86; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\BASHDefs\20171218.003\BHDrvx86.sys [1367704 2017-10-11] (Symantec Corporation)

R1 ccSet_N360; C:\WINDOWS\system32\drivers\N360\160B020.007\ccSetx86.sys [147096 2017-11-10] (Symantec Corporation)

R3 e1qexpress; C:\WINDOWS\System32\DRIVERS\e1q5132.sys [192680 2011-06-21] (Intel Corporation)

R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [393368 2017-10-18] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [126616 2017-11-18] (Symantec Corporation)

R2 Hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [685056 2005-07-28] (Aladdin Knowledge Systems Ltd.)

R3 IDSxpx86; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\IPSDefs\20171219.001\IDSxpx86.sys [759448 2017-11-15] (Symantec Corporation)

S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)

R1 SRTSP; C:\WINDOWS\System32\Drivers\N360\160B020.007\SRTSP.SYS [662680 2017-11-10] (Symantec Corporation)

R1 SRTSPX; C:\WINDOWS\system32\drivers\N360\160B020.007\SRTSPX.SYS [41112 2017-11-10] (Symantec Corporation)

R0 SymEFASI; C:\WINDOWS\System32\drivers\N360\160B020.007\SYMEFASI.SYS [1459352 2017-11-10] (Symantec Corporation)

R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [89288 2017-11-16] (Symantec Corporation)

R1 SymIRON; C:\WINDOWS\system32\drivers\N360\160B020.007\Ironx86.SYS [241920 2017-11-10] (Symantec Corporation)

R1 SYMTDI; C:\WINDOWS\System32\Drivers\N360\160B020.007\SYMTDI.SYS [382216 2017-11-10] (Symantec Corporation)

R1 ZAM; C:\WINDOWS\System32\drivers\zam32.sys [181496 2017-10-17] (Zemana Ltd.)

R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard32.sys [181496 2017-10-17] (Zemana Ltd.)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2017-11-28 09:55 - 2017-12-20 12:49 - 000050407 _____ C:\WINDOWS\ZAM.krnl.trace

2017-11-28 09:55 - 2017-12-20 12:49 - 000032190 _____ C:\WINDOWS\ZAM_Guard.krnl.trace

2017-11-25 19:14 - 2017-11-28 15:13 - 000001324 ____N C:\WINDOWS\system32\d3d9caps.dat

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2017-12-20 12:51 - 2017-10-22 10:14 - 000000000 ____D C:\Documents and Settings\User\Local Settings\Temp

2017-12-20 12:49 - 2017-09-28 14:00 - 000000000 ____D C:\Documents and Settings\User\Desktop\Security

2017-12-20 12:49 - 2017-07-31 09:54 - 000000000 ____D C:\FRST

2017-12-20 12:47 - 2014-04-09 10:06 - 000000830 ____C C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2017-12-20 12:38 - 2013-06-06 11:21 - 000000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2017-12-20 10:10 - 2012-10-10 16:56 - 000000000 ____D C:\Shared docs

2017-12-20 09:47 - 2011-12-05 10:44 - 000031910 _____ C:\WINDOWS\SchedLgU.Txt

2017-12-20 04:26 - 2011-12-05 05:16 - 000000000 RSHDC C:\WINDOWS\system32\dllcache

2017-12-20 01:30 - 2014-08-29 12:34 - 000000000 ____D C:\Documents and Settings\User\Local Settings\Application Data\BounceBack Express

2017-12-19 14:38 - 2013-06-06 11:21 - 000000882 ____N C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2017-12-19 13:36 - 2011-12-05 10:31 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files

2017-12-19 10:49 - 2016-11-28 13:05 - 000000000 ____D C:\Program Files\Keyboard Express 3

2017-12-19 10:47 - 2014-03-24 12:22 - 000000220 ____C C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job

2017-12-19 10:47 - 2008-04-14 07:00 - 000012598 ____C C:\WINDOWS\system32\wpa.dbl

2017-12-19 10:36 - 2015-07-23 14:57 - 008405015 ____N C:\WINDOWS\TempFile

2017-12-19 10:35 - 2011-12-05 10:44 - 000000006 ___HC C:\WINDOWS\Tasks\SA.DAT

2017-12-19 10:31 - 2011-12-05 10:44 - 000000178 __SHC C:\Documents and Settings\User\ntuser.ini

2017-12-15 09:24 - 2017-10-17 09:17 - 000000000 ____D C:\Program Files\Zemana AntiMalware

2017-12-08 15:00 - 2014-03-24 12:22 - 000000214 ____C C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job

2017-12-02 13:19 - 2011-12-05 05:16 - 000000000 ___HD C:\WINDOWS\inf

2017-11-28 15:16 - 2012-08-14 09:43 - 000002477 ____C C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Excel.lnk

2017-11-28 15:15 - 2012-08-14 09:43 - 000002479 ____C C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk

2017-11-28 09:57 - 2014-04-17 11:50 - 000458450 ____C C:\WINDOWS\ntbtlog.txt

2017-11-28 09:51 - 2016-10-05 10:26 - 000926456 ____N C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2017-11-22 13:43 - 2015-06-04 12:04 - 000000000 ____D C:\WINDOWS\system32\Drivers\N360

2017-11-22 13:42 - 2015-08-11 15:27 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Norton Security Suite

2017-11-22 13:42 - 2015-06-04 12:05 - 000001983 ____N C:\Documents and Settings\All Users\Desktop\Norton Security Suite.LNK

2017-11-22 13:38 - 2012-10-06 18:33 - 001188526 ____C C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3680450723-4200196162-3786228007-1003-0.dat

2017-11-22 13:38 - 2012-10-06 18:33 - 000164638 ____C C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat

 

==================== Files in the root of some directories =======

 

2017-07-25 21:04 - 2017-07-25 22:36 - 008111467 ____C () C:\Documents and Settings\User\Local Settings\Application Data\12C backup - 20140829133210-3281.BB

2008-02-05 14:28 - 2008-02-05 14:28 - 000000051 ____C () C:\Documents and Settings\User\Local Settings\Application Data\setup.txt

 

==================== Bamital & volsnap ======================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\dnsapi.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

 

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-12-2017

Ran by User (20-12-2017 12:52:04)

Running from C:\Documents and Settings\User\Desktop\Security

Microsoft Windows XP Professional Service Pack 3 (X86) (2017-05-11 18:55:48)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-3680450723-4200196162-3786228007-500 - Administrator - Enabled)

ASPNET (S-1-5-21-3680450723-4200196162-3786228007-1004 - Limited - Enabled)

Guest (S-1-5-21-3680450723-4200196162-3786228007-501 - Limited - Enabled)

HelpAssistant (S-1-5-21-3680450723-4200196162-3786228007-1005 - Limited - Disabled)

SUPPORT_388945a0 (S-1-5-21-3680450723-4200196162-3786228007-1002 - Limited - Disabled)

User (S-1-5-21-3680450723-4200196162-3786228007-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\User

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Norton Security Suite (Enabled - Up to date) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Security Suite (Disabled) {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

ACT! (HKLM\...\ACT!) (Version:  - )

Adobe Acrobat 5.0 (HKLM\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)

Adobe Flash Player 22 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated)

Adobe Reader X (10.1.11) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)

Advertising Center (HKLM\...\{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}) (Version: 0.0.0.1 - Nero AG) Hidden

AJC Directory Synchronizer v1.16.6 (HKLM\...\AJC Directory Synchronizer_is1) (Version:  - AJC Software)

BounceBack Express (HKU\S-1-5-21-3680450723-4200196162-3786228007-1003\...\{95632566-071E-4A02-92C1-4BD907065736}) (Version: 8.0 - CMS Products)

Canon Camera Access Library (HKLM\...\CAL) (Version: 8.5.0.2 - Canon Inc.)

Canon DIGITAL CAMERA Solution Disk Software Guide (HKLM\...\Software Guide) (Version: 1.6.0.1 - Canon Inc.)

CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM\...\MyCamera Download Plugin) (Version: 3.1.1.2 - Canon Inc.)

Canon MOV Decoder (HKLM\...\Canon MOV Decoder) (Version: 1.9.0.8 - Canon Inc.)

Canon PowerShot SX150 IS Camera User Guide (HKLM\...\CameraUserGuide-PSSX150IS) (Version: 1.0.0.1 - Canon Inc.)

Canon Utilities CameraWindow DC 8 (HKLM\...\CameraWindowDC8) (Version: 8.6.0.11 - Canon Inc.)

Canon Utilities CameraWindow Launcher (HKLM\...\CameraWindowLauncher) (Version: 7.6.0.1 - Canon Inc.)

Canon Utilities Movie Uploader for YouTube (HKLM\...\MovieUploaderForYouTube) (Version: 1.3.0.3 - Canon Inc.)

Canon Utilities MyCamera (HKLM\...\MyCamera) (Version: 7.5.0.1 - Canon Inc.)

Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)

CD Catalog Expert 9.30.807.11 (HKLM\...\CD Catalog Expert_is1) (Version:  - eTeSoft)

Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

CyberLink PowerDVD 10 (HKLM\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.2312.02 - CyberLink Corp.)

DiscTrack Plus (HKLM\...\DiscTrack Plus) (Version:  - )

DolbyFiles (HKLM\...\{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}) (Version: 0.1 - Nero AG) Hidden

Dropbox (HKU\S-1-5-21-3680450723-4200196162-3786228007-1003\...\Dropbox) (Version: 2.0.26 - Dropbox, Inc.)

Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)

Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden

Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden

GoToMeeting 7.16.0.4800 (HKU\S-1-5-21-3680450723-4200196162-3786228007-1003\...\GoToMeeting) (Version: 7.16.0.4800 - CitrixOnline)

Hardlock Device Drivers (HKLM\...\Hardlock Device Drivers) (Version:  - )

Image Importer Wizard (HKLM\...\{20EDB9A7-887F-47ED-B1E6-E2831FAD276F}) (Version: 3.0 - )

ImagXpress (HKLM\...\{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}) (Version: 7.0.74.0 - Nero AG) Hidden

Intel® Network Connections 16.6.126.0 (HKLM\...\{357A82F9-B5FF-46C8-ABA2-104695E0F1D1}) (Version: 16.6.126.0 - Intel)

Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.10.5387 - Intel Corporation)

Jasc Paint Shop Pro 8 (HKLM\...\{81A34902-9D0B-4920-A25C-4CDC5D14B328}) (Version: 8.00.0000 - Jasc Software Inc)

Jasc Paint Shop Pro 8.10 Update Patch (HKLM\...\Jasc Paint Shop Pro 8.10 Update Patch) (Version:  - )

Keyboard Express 3 (HKLM\...\Keyboard Express 3) (Version: 3.0 - Insight Software Solutions, Inc.)

Menu Templates - Starter Kit (HKLM\...\{B78120A0-CF84-4366-A393-4D0A59BC546C}) (Version: 9.4.2.0 - Nero AG) Hidden

Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )

Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )

Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )

Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)

Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)

Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft Office 2000 Premium (HKLM\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)

Nanoscope 5.31r1 (HKLM\...\Nanoscope 5.31r1) (Version:  - )

Nero 9 Essentials (HKLM\...\{a01dd7e5-ef6c-43b7-aa39-be7be987539f}) (Version:  - Nero AG)

Network ScanGear Ver.1.4 (HKLM\...\{16EFC313-F083-4C16-AEB7-1FF1A4343540}) (Version:  - )

Norton Security Suite (HKLM\...\N360) (Version: 22.11.2.7 - Symantec Corporation)

QuickBooks (HKLM\...\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}) (Version: 22.0.4016.2206 - Intuit Inc.) Hidden

QuickBooks Pro 2012 (HKLM\...\{22057D8D-7CC8-46FF-AD8C-9BD24F9014F3}) (Version: 22.0.4016.2206 - Intuit Inc.)

QuickBooks Pro Timer (HKLM\...\{6D49994F-2E35-4932-B9ED-D2F4EEBF91A2}) (Version: 8.00.0000 - )

Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.6482 - Realtek Semiconductor Corp.)

Solid Edge Viewer ST4 (HKLM\...\{F2658C51-8FB6-4DAD-AF6E-71ECE035FBA4}) (Version: 104.00.00082 - Siemens)

TinyCAD 2.80.03 (HKLM\...\TinyCAD) (Version: 2.80.03 - TinyCAD)

WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden

WinDirStat 1.1.2 (HKU\S-1-5-21-3680450723-4200196162-3786228007-1003\...\WinDirStat) (Version:  - )

Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)

Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)

Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)

WinRAR 5.40 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{4A56F19E-9F50-4F43-93C8-050E44AA83A9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{4CA41277-032D-4a20-B225-371EBA96ABF2}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2012\qbw32.exe (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{5ED8AC89-B2DE-476D-8EEA-E170B2FCB058}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{7694F1CD-A55B-4B7C-8820-A90892EB4E9E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\1350\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)

CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2012\qbw32.exe (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll (Intuit, Inc.)

CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)

CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)

CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)

CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)

CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)

CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll (Intuit, Inc.)

CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{F2C593CC-74B2-4F71-8556-DD4D426D0409}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2012\qbw32.exe (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine\22.11.2.7\buShell.dll [2017-11-10] (Symantec Corporation)

ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine\22.11.2.7\buShell.dll [2017-11-10] (Symantec Corporation)

ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine\22.11.2.7\buShell.dll [2017-11-10] (Symantec Corporation)

ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.19.dll [2013-06-05] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.19.dll [2013-06-05] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.19.dll [2013-06-05] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.19.dll [2013-06-05] (Dropbox, Inc.)

ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll [2017-10-17] ()

ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Security Suite\Engine\22.11.2.7\buShell.dll [2017-11-10] (Symantec Corporation)

ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security Suite\Engine\22.11.2.7\NavShExt.dll [2017-11-10] (Symantec Corporation)

ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)

ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security Suite\Engine\22.11.2.7\NavShExt.dll [2017-11-10] (Symantec Corporation)

ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2011-09-30] (Intel Corporation)

ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll [2017-10-17] ()

ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Security Suite\Engine\22.11.2.7\buShell.dll [2017-11-10] (Symantec Corporation)

ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security Suite\Engine\22.11.2.7\NavShExt.dll [2017-11-10] (Symantec Corporation)

ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)

ContextMenuHandlers1_S-1-5-21-3680450723-4200196162-3786228007-1003: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.19.dll [2013-06-05] (Dropbox, Inc.)

ContextMenuHandlers4_S-1-5-21-3680450723-4200196162-3786228007-1003: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.19.dll [2013-06-05] (Dropbox, Inc.)

ContextMenuHandlers5_S-1-5-21-3680450723-4200196162-3786228007-1003: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.19.dll [2013-06-05] (Dropbox, Inc.)

 

==================== Scheduled Tasks=============================

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe

Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

 

==================== Shortcuts & WMI ========================

 

(The entries could be listed to be restored or removed.)

 

 

Shortcut: C:\Documents and Settings\User\NetHood\www.asmicro.com\target.lnk -> hxxp://www.asmicro.co

 

==================== Loaded Modules (Whitelisted) ==============

 

2012-08-17 15:38 - 2001-10-11 16:34 - 000077824 _____ () C:\Program Files\Adobe\Acrobat 5.0\Distillr\adistres.dll

2017-10-17 09:17 - 2017-10-17 09:17 - 000131952 ____C () C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll

2014-08-29 12:29 - 2008-01-02 13:17 - 000107832 _____ () C:\Program Files\CMS Products\BounceBack Express\BBLauncher.exe

2016-09-07 14:18 - 2016-09-06 11:00 - 005197312 ____C () C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.3.0.1\libglesv2.dll

2016-09-07 14:18 - 2016-09-06 11:00 - 000147456 ____C () C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.3.0.1\libegl.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\camsvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dps => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lfsvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\semgrsvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TokenBroker => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\camsvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dps => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lfsvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\semgrsvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\shellhwdetection => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TokenBroker => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

 

==================== Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2008-04-14 07:00 - 2017-10-31 12:31 - 000000855 ____N C:\WINDOWS\system32\Drivers\etc\hosts

 

127.0.0.1       localhost

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-3680450723-4200196162-3786228007-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

DNS Servers: 192.168.1.1

Windows Firewall is disabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

DomainProfile\AuthorizedApplications: [C:\Program Files\CyberLink\PowerDVD10\PowerDVD10.exe] => Enabled:CyberLink PowerDVD 10.0

StandardProfile\AuthorizedApplications: [C:\Program Files\CyberLink\PowerDVD10\PowerDVD10.exe] => Enabled:CyberLink PowerDVD 10.0

StandardProfile\AuthorizedApplications: [C:\Program Files\AJC Software\AJC Directory Synchronizer\AJCDirS.exe] => Enabled:AJC Directory Synchronizer

StandardProfile\AuthorizedApplications: [C:\Program Files\Intuit\QuickBooks 2012\QBDBMgrN.exe] => Enabled:QuickBooks 2012 Data Manager

StandardProfile\AuthorizedApplications: [C:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe] => Enabled:Dropbox

StandardProfile\AuthorizedApplications: [C:\WINDOWS\explorer.exe] => Enabled:Windows Explorer

StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome

DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004

DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005

DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001

DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002

StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007

StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008

StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004

StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005

StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001

StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002

 

==================== Restore Points =========================

 

12-09-2017 11:08:51 System Checkpoint

13-09-2017 16:36:48 System Checkpoint

16-09-2017 01:57:22 System Checkpoint

17-09-2017 03:56:27 System Checkpoint

20-09-2017 19:24:34 System Checkpoint

22-09-2017 11:59:07 System Checkpoint

23-09-2017 12:05:00 System Checkpoint

25-09-2017 21:18:20 System Checkpoint

27-09-2017 13:26:45 System Checkpoint

28-09-2017 14:05:44 JRT Pre-Junkware Removal

01-10-2017 18:31:10 System Checkpoint

03-10-2017 07:42:43 System Checkpoint

03-10-2017 14:53:21 Removed Backup and Sync from Google

03-10-2017 14:56:05 Removed Citrix Online Launcher

05-10-2017 16:00:55 System Checkpoint

06-10-2017 16:21:04 System Checkpoint

16-10-2017 09:19:27 Restore Point Created by FRST

16-10-2017 09:43:18 JRT Pre-Junkware Removal

18-10-2017 02:32:58 System Checkpoint

19-10-2017 13:45:00 System Checkpoint

21-10-2017 08:57:55 System Checkpoint

22-10-2017 10:01:04 zoek.exe restore point

23-10-2017 10:42:05 System Checkpoint

28-10-2017 07:43:40 System Checkpoint

31-10-2017 01:56:46 System Checkpoint

01-11-2017 02:00:52 Software Distribution Service 3.0

02-11-2017 02:15:39 System Checkpoint

03-11-2017 05:07:13 System Checkpoint

04-11-2017 05:44:43 System Checkpoint

05-11-2017 06:44:48 System Checkpoint

06-11-2017 07:44:44 System Checkpoint

09-11-2017 12:27:50 System Checkpoint

11-11-2017 16:49:40 System Checkpoint

15-11-2017 03:00:36 Software Distribution Service 3.0

16-11-2017 12:29:54 System Checkpoint

20-11-2017 12:22:38 System Checkpoint

22-11-2017 10:43:26 System Checkpoint

22-11-2017 13:22:37 Revo Uninstaller's restore point - Secunia PSI (3.0.0.11005)

24-11-2017 01:45:10 System Checkpoint

27-11-2017 11:18:18 System Checkpoint

05-12-2017 13:11:31 System Checkpoint

06-12-2017 13:28:16 System Checkpoint

08-12-2017 20:20:54 System Checkpoint

09-12-2017 20:56:03 System Checkpoint

11-12-2017 16:26:21 System Checkpoint

14-12-2017 03:51:20 System Checkpoint

15-12-2017 05:02:01 System Checkpoint

 

==================== Faulty Device Manager Devices =============

 

Name: PS/2 Compatible Mouse

Description: PS/2 Compatible Mouse

Class Guid: {4D36E96F-E325-11CE-BFC1-08002BE10318}

Manufacturer: Microsoft

Service: i8042prt

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (12/19/2017 01:30:41 PM) (Source: QuickBooks) (EventID: 4) (User: )

Description: An unexpected error has occured in "QuickBooks":

Returning NULL QBWinInstance Handle

 

Error: (12/19/2017 01:30:41 PM) (Source: QuickBooks) (EventID: 4) (User: )

Description: An unexpected error has occured in "QuickBooks":

Returning NULL QBWinInstance Handle

 

Error: (12/19/2017 01:30:41 PM) (Source: QuickBooks) (EventID: 4) (User: )

Description: An unexpected error has occured in "QuickBooks":

Returning NULL QBWinInstance Handle

 

Error: (12/19/2017 10:16:17 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Hanging application chrome.exe, version 49.0.2623.112, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

 

Error: (12/18/2017 02:44:22 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Hanging application autoruns.exe, version 13.80.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

 

Error: (12/11/2017 11:32:19 AM) (Source: QuickBooks) (EventID: 4) (User: )

Description: An unexpected error has occured in "QuickBooks":

Returning NULL QBWinInstance Handle

 

Error: (12/11/2017 11:32:19 AM) (Source: QuickBooks) (EventID: 4) (User: )

Description: An unexpected error has occured in "QuickBooks":

Returning NULL QBWinInstance Handle

 

Error: (12/11/2017 11:32:19 AM) (Source: QuickBooks) (EventID: 4) (User: )

Description: An unexpected error has occured in "QuickBooks":

Returning NULL QBWinInstance Handle

 

Error: (11/28/2017 03:12:41 PM) (Source: QuickBooks) (EventID: 4) (User: )

Description: An unexpected error has occured in "QuickBooks":

Returning NULL QBWinInstance Handle

 

Error: (11/28/2017 03:12:41 PM) (Source: QuickBooks) (EventID: 4) (User: )

Description: An unexpected error has occured in "QuickBooks":

Returning NULL QBWinInstance Handle

 

 

System errors:

=============

Error: (12/19/2017 06:00:22 PM) (Source: 0) (EventID: 7) (User: )

Description: Event-ID 7

 

Error: (12/19/2017 06:00:22 PM) (Source: 0) (EventID: 7) (User: )

Description: Event-ID 7

 

Error: (12/19/2017 10:40:48 AM) (Source: 0) (EventID: 4321) (User: )

Description: Event-ID 4321

 

Error: (12/19/2017 10:36:09 AM) (Source: 0) (EventID: 4311) (User: )

Description: Event-ID 4311

 

Error: (12/19/2017 09:55:51 AM) (Source: 0) (EventID: 4311) (User: )

Description: Event-ID 4311

 

Error: (12/19/2017 09:52:26 AM) (Source: 0) (EventID: 4321) (User: )

Description: Event-ID 4321

 

Error: (12/19/2017 09:40:19 AM) (Source: 0) (EventID: 4321) (User: )

Description: Event-ID 4321

 

Error: (12/19/2017 09:28:15 AM) (Source: 0) (EventID: 4321) (User: )

Description: Event-ID 4321

 

Error: (12/19/2017 09:16:08 AM) (Source: 0) (EventID: 4321) (User: )

Description: Event-ID 4321

 

Error: (12/19/2017 09:04:02 AM) (Source: 0) (EventID: 4321) (User: )

Description: Event-ID 4321

 

 

==================== Memory info =========================== 

 

Processor:  Intel® Core™ i5-2500K CPU @ 3.30GHz

Percentage of memory in use: 33%

Total physical RAM: 3488.02 MB

Available physical RAM: 2313.59 MB

Total Virtual: 5369.82 MB

Available Virtual: 4041.48 MB

 

==================== Drives ================================

 

Drive c: (WinXP) (Fixed) (Total:465.76 GB) (Free:368.56 GB) NTFS ==>[drive with boot components (Windows XP)]

Drive d: (D) (Fixed) (Total:465.76 GB) (Free:276.75 GB) NTFS

Drive t: (ASM8112) (Fixed) (Total:2794.45 GB) (Free:1325.25 GB) NTFS

Drive x: () (Network) (Total:465.76 GB) (Free:368.56 GB) 

Drive y: () (Network) (Total:465.76 GB) (Free:368.56 GB) 

Drive z: () (Network) (Total

• Back to top

[Android 8888]

Hello dburkhead and Merry Christmas!

I'm sorry for the delay.

Please enable your Norton Security Suite Firewall.

Now let's cleanup some remnants with FRST.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Press the Windows key + R on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and click the OK button.
Please copy the entire contents of the code box below. To do this highlight the contents of the box and right click on it and select Copy.
Paste this into the open Notepad.
 

Start::
CreateRestorePoint:
CloseProcesses:
EmptyTemp:
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <==== ATTENTION
SearchScopes: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.11.2.7\Exts\Chrome.crx <not found>
R1 ZAM; C:\WINDOWS\System32\drivers\zam32.sys [181496 2017-10-17] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard32.sys [181496 2017-10-17] (Zemana Ltd.)
2017-11-28 09:55 - 2017-12-20 12:49 - 000050407 _____ C:\WINDOWS\ZAM.krnl.trace
2017-11-28 09:55 - 2017-12-20 12:49 - 000032190 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
C:\WINDOWS\System32\drivers\zam32.sys
C:\WINDOWS\System32\drivers\zamguard32.sys
End::

Save the file as fixlist.txt in to the same folder as FRST.
Right-click the FRST icon and select Run as administrator to run the tool.
Click the Fix button only once and wait.
When finished FRST will generate a log (Fixlog.txt) on the same folder where FRST is located. Please post its content to your next reply.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.


Next,

I need you perform a Clean boot on your Windows XP. The clean boot can help you find out if a program is conflicting and causing the slowness.

Please read carefully the instructions on the link below and perform a clean boot on your Windows XP.
https://www.pctechgu...p/clean-booting

In your next reply, please post the Fixlog.txt and let me know if you have any improvement regarding the slowness.

Android 8888

[dburkhead]

running FRST now while on my way out the door.  Will report after the holiday weekend

[Android 8888]

Hello dburkhead.

 

I will wait for your reply.

 

Happy New Year! :thumbsup:

 

Android 8888

[dburkhead]

FRST froze somewhere along the way.  A fixlog.text file was nevertheless generated.  Here's the result.

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 26-12-2017

Ran by User (29-12-2017 18:28:47) Run:2

Running from C:\Documents and Settings\User\Desktop\Security

Loaded Profiles: User (Available Profiles: User)

Boot Mode: Normal

 

==============================================

 

fixlist content:

*****************

CreateRestorePoint:

CloseProcesses:

EmptyTemp:

HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <==== ATTENTION

SearchScopes: HKU\S-1-5-21-3680450723-4200196162-3786228007-1003 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}

CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.11.2.7\Exts\Chrome.crx <not found>

R1 ZAM; C:\WINDOWS\System32\drivers\zam32.sys [181496 2017-10-17] (Zemana Ltd.)

R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard32.sys [181496 2017-10-17] (Zemana Ltd.)

2017-11-28 09:55 - 2017-12-20 12:49 - 000050407 _____ C:\WINDOWS\ZAM.krnl.trace

2017-11-28 09:55 - 2017-12-20 12:49 - 000032190 _____ C:\WINDOWS\ZAM_Guard.krnl.trace

C:\WINDOWS\System32\drivers\zam32.sys

C:\WINDOWS\System32\drivers\zamguard32.sys

 

*****************

 

Restore point was successfully created.

Processes closed successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => value restored successfully

"HKU\S-1-5-21-3680450723-4200196162-3786228007-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}" => removed successfully.

HKLM\Software\Classes\CLSID\{012E1000-F331-11DB-8314-0800200C9A66} => not found

"HKLM\SOFTWARE\Google\Chrome\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe" => removed successfully.

[Android 8888]

Hello dburkhead.

 

I apologize for the delay in responding.

 

It appears that the contents of Fixlog.txt are not complete. Please open the Fixlog.txt file and make sure you copied and pasted the entire contents in your previous reply. If not, please do it now.

 

Did you already tried to do a clean boot as instructed in my post #60? If not, please do it and let me know how you get on.

 

Android 8888

[dburkhead]

As I mentioned FRST froze somewhere along the way so I don't think it finished running.  The fixlog.txt was whatever it had completed up to the point of freezing.

 

I hadn't gotten to the clean boot part because running FRST came before that and it had frozen.  Let me look at that now.

[dburkhead]

I tried the clean boot for a little bit.  Applications seemed to open quickly.  Of course, with the services shut down I didn't have network access.  I could not use the computer in this configuration so for the time being I have stored normal startup.  I can do a more thorough exploration later if I can get a chance to take the computer completely offline for a while.

[dburkhead]

My boss is getting quite frustrated by the time it is taking to figure this out (this is not really a criticism--the back and forth and step by step approach takes time--but in the meantime the computer is not working as it should and is slowing down our operation).  His proposal is to abandon this, back up the computer to save any data, then roll back to an earlier backup of the computer from before the problem appeared.  And if we move our data off the program drive, should the problem recur again, we simply roll back again.

 

At this point I don't really have a counter-argument to offer him.

 

Thoughts or suggestions?

[Android 8888]

Hello dburkhead.

Yes, the step by step approach takes time and I undersMy tand that time is money. As I already stated in a previous post, this problem is not malware related.

First of all, I suggest you made a complete backup of all your important and necessary data.

The next point is restore the computer to an earlier point to the emergence of the problem and check if the slowness issue remains.

If the issue persists, I strongly suggest you reinstall the Operating System from scratch.

IMPORTANT: Prior to a new install and due to the physical damages (bad sectors) that were found in your Hard Disk Drive --- see the CHKDSK results in post #33 --- I highly recommend you replace the present Hard Disk Drive as soon as possible. I recommend the replacement with a Solid State Drive for the re-installation of the Operating System and programs and suggest the other important data storage on an external Hard Disk Drive.

Also be aware that if you reinstall Windows XP from scratch and unless you have the Service Pack 3 disk, you may loose many important and critical updates, although it is an Operating System which Microsoft support ended in April 2014!

Please let me know what you decide to do.

Android 8888

[dburkhead]

That was one of the questions my boss had.  Making sure we got all critical updates.  Also, have their been any updates other than the wannacrypt patch since end of support?

[Android 8888]

As far as I know, I don't think that happened.

After Windows XP Support ended, Microsoft has no longer been issuing any security updates for this operating system. The WannaCrypt patch was an exception.

 

So, if a new flaw in Windows XP Operating System is discovered, it will go unpatched. Potentially, this means that hackers could target the new flaw, letting them infect a Windows XP computer.

[dburkhead]

We have migrated our boot drive to a 256 GB SSD drive.  So far that, right there, seems to have solved the speed issue.  We're doing some extended testing before considering the problem solved but so far it looks good.

 

With using the SSD drive, we are also wanting to move the data off it as much as possible and leave it strictly for programs (and, I think, the Windows swapfile).  Back the day I reorganized my then computer (a W2K machine) to put the "My Documents" on a separate physical drive from the boot/program drive for much the same reason, to separate programs from data. As I recall it was a real chore, involving copying the folder then hand editing the registry so that every reference pointed to the new location.

 

I would like to do the same thing with drive on this one if possible. Or maybe not just "My Documents" but the whole "Documents and settings" heirarchy. Is there an easier way (and less peril fraught--I am always nervous about making extensive hand-edits to the registry) to do that than what I had to do with my old W2K machine? (On a separate note, not as part of the current problem, I might want to do the same on another computer running Win7.)

Edited by dburkhead, 17 January 2018 - 12:39 PM.

[Android 8888]

Hello dburkhead.

Great news about the speed of the computer.

 

As I recall it was a real chore, involving copying the folder then hand editing the registry so that every reference pointed to the new location.

You do not need to touch in the Registry to do that.

Read the information in the following link and see if that can help you:

How to move your libraries to a second drive or partition

Please keep me posted.

 

Android 8888

[dburkhead]

That set of procedures does not seem to apply to Windows XP.  At least the first step (after drives are set up) for opening user folder does not work in XP.

[Android 8888]

Okay, try the following one:
 
How to Change the Default Location of the My Documents Folder

[dburkhead]

So far the computer in question is working very well.  In fact, it's working well enough that my boss is considering replacing the boot drives of all the "regular use" computers here with SSD's.

[Android 8888]

I'm glad to hear that the computer is working well.

Yes, nowadays a Solid State Drive is an excellent option in order to increase some speed in the computers.

Are there any issues or concerns with this computer?

[dburkhead]

So far, so good.  We're continuing to exercise the computer and so are not quite ready to close this out in case we run into further problems.  I'll touch base as needed if that's okay.

[Android 8888]

Good. No problem at all.

 

Please keep me updated.

 

Android 8888

[Android 8888]

Glad we could help.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

Everyone else, please begin a new topic.

[Android 8888]

Glad we could help.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

Everyone else, please begin a new topic.