Jump to content


dburkhead

Member Since 18 Jul 2006
Offline Last Active Nov 17 2017 11:37 AM

Topics I've Started

Computer getting glacially slow

12 October 2017 - 12:33 PM

Windows XP system.  After a fresh boot it runs fine for a while then gets extremely slow.  Other computers cannot access it because they time out.  The UI is so slow it's unusable.  Usually end up having to reboot three or four times a day to get any use out of it at all.

 

Malwarebytes seems to be a significant culprit.  When Malwarebytes is installed all the above problems are worse.  When we uninstalled it they were better but still troublesome.  Currently what I did was install malwarebytes to scan and get the log, then uninstall again so I could use the computer.

 

As part of the prep, I tried to run RGSA but it raised an error:

"Line 257 (File "C:\Documents and Settings\User\Desktop\Security\RGSA.exe")

Error:  The requested action with this object has failed"

 

Logs:

Malwarebytes

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 10/6/2017
Scan Time: 6:07:22 PM
Logfile: mbam-171006.txt
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2017.10.06.07
Rootkit Database: v2017.09.13.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: User
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 251759
Time Elapsed: 11 min, 52 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-10-2017
Ran by User (administrator) on ASM12 (12-10-2017 12:46:47)
Running from C:\Documents and Settings\User\Desktop\Security
Loaded Profiles: User (Available Profiles: User)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 6 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(CMS Products™, Inc.) C:\Program Files\CMS Products\BounceBack Express\BBWatcherService.exe
(Intel Corporation) C:\WINDOWS\system32\IPROSetMonitor.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.11.0.41\n360.exe
(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
(Canon Inc.) C:\Program Files\Canon\CAL\CALMAIN.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.11.0.41\n360.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
(Insight Software Solutions) C:\PROGRA~1\KEYBOA~1\keyexp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office\1033\MSOFFICE.EXE
() C:\Program Files\CMS Products\BounceBack Express\BBLauncher.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [RemoteControl10] => C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM\...\Run: [Intuit SyncManager] => C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [3776824 2015-02-27] (Intuit Inc. All rights reserved.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20064872 2011-10-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [DVDUpgrade] => DVDUpgrd.exe /async
HKU\S-1-5-21-3680450723-4200196162-3786228007-1003\...\Run: [GoogleDriveSync] => "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-3680450723-4200196162-3786228007-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk [2012-08-17]
ShortcutTarget: Acrobat Assistant.lnk -> C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Keyboard Express 3.lnk [2016-11-28]
ShortcutTarget: Keyboard Express 3.lnk -> C:\Program Files\Keyboard Express 3\keyexp.exe (Insight Software Solutions)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk [2012-08-14]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\ASM23.txt.lnk [2012-10-05]
ShortcutTarget: ASM23.txt.lnk -> C:\Documents and Settings\User\My Documents\ASM23.txt ()
Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\BounceBack Launcher.lnk [2014-08-29]
ShortcutTarget: BounceBack Launcher.lnk -> C:\Program Files\CMS Products\BounceBack Express\BBStartup.exe ()
GroupPolicy: Restriction ? <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{CE68ADDF-E41F-46CB-AEA8-29F083998EEE}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-3680450723-4200196162-3786228007-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.asmicro.com/applications/faq.htm
HKU\S-1-5-21-3680450723-4200196162-3786228007-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2014-05-08] (Adobe Systems Incorporated)
BHO: Watch for Browser Events -> {42A7CE31-CEE7-4CCE-A060-A44A7E52E062} -> C:\Program Files\Keyboard Express 3\kie.dll [2004-02-23] (Insight Software Solutions)
BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\22.11.0.41\coIEPlg.dll [2017-10-03] (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\22.11.0.41\coIEPlg.dll [2017-10-03] (Symantec Corporation)
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll [2016-06-01] (Intuit, Inc.)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\system32\mscoree.dll [2010-03-18] (Microsoft Corporation)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon [2017-06-08]
FF Plugin: @canon.com/MycameraPlugin -> C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3680450723-4200196162-3786228007-1003: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\User\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll [2014-05-15] (Citrix Online)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default [2017-10-12]
CHR Extension: (Google Docs) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-06]
CHR Extension: (Google Drive) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-03]
CHR Extension: (YouTube) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Norton Security Toolbar) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2017-06-15]
CHR Extension: (Google Search) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-03]
CHR Extension: (Google Docs Offline) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-26]
CHR Extension: (Norton Identity Safe) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-06-21]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-01-13]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-17]
CHR Extension: (Gmail) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-09]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.11.0.41\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [hkhkiakolggnnicallabhkobalpeplpi] - <no Path/update_url>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3680450723-4200196162-3786228007-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 BBWatcherService; C:\Program Files\CMS Products\BounceBack Express\BBWatcherService.exe [36864 2008-01-02] (CMS Products™, Inc.) [File not signed]
R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96334 2009-09-08] (Canon Inc.) [File not signed]
R2 Intel® PROSet Monitoring Service; C:\WINDOWS\system32\IProsetMonitor.exe [117920 2011-08-15] (Intel Corporation)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\22.11.0.41\N360.exe [288504 2017-10-04] (Symantec Corporation)
R2 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2015-02-27] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2015-02-27] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2011-12-06] (Intuit Inc.) [File not signed]
S2 EraserSvc11720; "C:\Program Files\Common Files\Symantec Shared\EENGINE\N360.exe" /h ccCommon [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R1 BHDrvx86; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\BASHDefs\20171010.001\BHDrvx86.sys [1367712 2017-09-07] (Symantec Corporation)
R1 ccSet_N360; C:\WINDOWS\system32\drivers\N360\160B000.029\ccSetx86.sys [147072 2017-10-03] (Symantec Corporation)
R3 e1qexpress; C:\WINDOWS\System32\DRIVERS\e1q5132.sys [192680 2011-06-21] (Intel Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [393344 2017-06-28] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [126592 2017-06-28] (Symantec Corporation)
R2 Hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [685056 2005-07-28] (Aladdin Knowledge Systems Ltd.)
R3 IDSxpx86; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\IPSDefs\20171011.003\IDSxpx86.sys [759448 2017-09-01] (Symantec Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
S3 NAL; C:\WINDOWS\system32\Drivers\iqvw32.sys [30368 2011-08-15] (Intel Corporation )
R1 SRTSP; C:\WINDOWS\System32\Drivers\N360\160B000.029\SRTSP.SYS [662688 2017-10-03] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\N360\160B000.029\SRTSPX.SYS [41120 2017-10-03] (Symantec Corporation)
R0 SymEFASI; C:\WINDOWS\System32\drivers\N360\160B000.029\SYMEFASI.SYS [1393792 2017-10-03] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [89264 2017-07-18] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\N360\160B000.029\Ironx86.SYS [241888 2017-10-03] (Symantec Corporation)
R1 SYMTDI; C:\WINDOWS\System32\Drivers\N360\160B000.029\SYMTDI.SYS [382216 2017-10-03] (Symantec Corporation)
S4 IntelIde; no ImagePath
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20160715.001\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20160715.001\NAVEX15.SYS [X]
U2 V2iMount; no ImagePath
U1 WS2IFSL; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-10-03 15:59 - 2017-10-03 15:59 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Start-off
2017-10-03 11:15 - 2017-10-02 13:35 - 000000527 ____N C:\Documents and Settings\User\Desktop\ASM23.txt.lnk
2017-10-02 13:37 - 2017-10-02 13:37 - 000000000 ____D C:\Documents and Settings\User\Local Settings\Application Data\CEF
2017-09-28 15:07 - 2017-09-28 15:07 - 000002070 ____N C:\Documents and Settings\User\Desktop\JRT-170928.txt
2017-09-28 15:00 - 2017-10-12 12:39 - 000000000 ____D C:\Documents and Settings\User\Desktop\Security
2017-09-26 17:07 - 2017-10-12 12:22 - 000000023 _____ C:\Documents and Settings\User\Desktop\mb-licenseinfo.txt
2017-09-14 12:34 - 2017-09-14 12:34 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\MB2Migration
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-10-12 12:47 - 2014-04-09 11:06 - 000000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-10-12 12:47 - 2011-12-05 11:44 - 000000000 ____D C:\Documents and Settings\User\Local Settings\Temp
2017-10-12 12:46 - 2017-07-31 10:54 - 000000000 ____D C:\FRST
2017-10-12 12:33 - 2017-08-18 17:27 - 000027700 _____ C:\Documents and Settings\User\Desktop\mb-clean-results.txt
2017-10-12 12:33 - 2016-11-28 14:05 - 000000000 ____D C:\Program Files\Keyboard Express 3
2017-10-12 12:33 - 2012-10-10 17:56 - 000000000 ____D C:\Shared docs
2017-10-12 12:30 - 2008-04-14 08:00 - 000012598 _____ C:\WINDOWS\system32\wpa.dbl
2017-10-12 12:29 - 2014-03-24 13:22 - 000000220 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2017-10-12 12:29 - 2013-06-06 12:21 - 000000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-10-12 12:28 - 2015-07-23 15:57 - 008405015 _____ C:\WINDOWS\TempFile
2017-10-12 12:28 - 2011-12-05 11:44 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-10-12 12:25 - 2011-12-05 11:44 - 000032580 _____ C:\WINDOWS\SchedLgU.Txt
2017-10-12 12:25 - 2011-12-05 11:44 - 000000178 ___SH C:\Documents and Settings\User\ntuser.ini
2017-10-12 11:26 - 2013-06-06 12:21 - 000000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-10-12 07:05 - 2015-06-04 13:04 - 000000000 ____D C:\WINDOWS\system32\Drivers\N360
2017-10-12 07:02 - 2015-08-11 16:27 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Norton Security Suite
2017-10-12 07:02 - 2015-06-04 13:05 - 000001994 _____ C:\Documents and Settings\All Users\Desktop\Norton Security Suite.LNK
2017-10-09 23:11 - 2014-08-29 13:34 - 000000000 ____D C:\Documents and Settings\User\Local Settings\Application Data\BounceBack Express
2017-10-08 15:00 - 2014-03-24 13:22 - 000000214 ____N C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2017-10-05 16:13 - 2016-10-05 11:26 - 000830736 ____N C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2017-10-04 17:20 - 2013-07-02 09:42 - 000000000 ____D C:\Documents and Settings\User\My Documents\My PSP8 Files
2017-10-04 17:01 - 2012-10-05 15:47 - 000004896 ____N C:\Documents and Settings\User\My Documents\ASM23.txt
2017-10-04 16:49 - 2012-10-06 19:33 - 001024165 ____N C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3680450723-4200196162-3786228007-1003-0.dat
2017-10-04 16:49 - 2012-10-06 19:33 - 000164638 ____N C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2017-10-03 15:56 - 2014-05-15 13:39 - 000000000 ____D C:\Documents and Settings\User\Local Settings\Application Data\Citrix
2017-10-03 13:45 - 2012-08-14 10:43 - 000002477 ____N C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Excel.lnk
2017-10-02 20:09 - 2012-08-14 10:43 - 000002465 ____N C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft PowerPoint.lnk
2017-09-30 16:18 - 2013-06-06 12:38 - 000000000 ___RD C:\Documents and Settings\User\My Documents\Google Drive
 
==================== Files in the root of some directories =======
 
2017-07-25 22:04 - 2017-07-25 23:36 - 008111467 ____N () C:\Documents and Settings\User\Local Settings\Application Data\12C backup - 20140829133210-3281.BB
2008-02-05 15:28 - 2008-02-05 15:28 - 000000051 ____N () C:\Documents and Settings\User\Local Settings\Application Data\setup.txt
 
Some files in TEMP:
====================
2014-04-20 01:48 - 2014-04-20 01:48 - 089581848 ____N (Microsoft Corporation) C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-1144e10b.exe
2014-04-30 17:48 - 2014-04-30 17:49 - 090833176 ____N (Microsoft Corporation) C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-38e4a304.exe
2014-04-27 01:48 - 2014-04-27 01:49 - 090412824 ____N (Microsoft Corporation) C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-8585e208.exe
2014-04-17 12:20 - 2014-04-17 12:21 - 089407256 ____N (Microsoft Corporation) C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-a521472f.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End of FRST.txt ============================
 
 
 

Addition.txt would not attach:  too big to upload.


MBAM not updating

21 June 2017 - 09:14 AM

I recently saw MBAM warning me that it was out of date.  I tried manually updating and it would get "searching for updates" but then would go back to the out of date warning.  I uninstalled and reinstalled MBAM from my original install set and it ran an update on install but less than an hour later it was warning me of being out of date and not updating.  I found a more recent version of MBAM at Bleeping Computer and installed that successfully but, again, I soon got the "out of date" warning.

 

Logs:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 6/21/17
Scan Time: 2:19 AM
Log File: mbam.txt
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.139
Update Package Version: 1.0.2060
License: Premium

-System Information-
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 296886
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 10 min, 16 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-06-2017 01
Ran by user (administrator) on ASM17 (20-06-2017 17:53:32)
Running from C:\Documents and Settings\user\Desktop\Security
Loaded Profiles: user (Available Profiles: user & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Microsoft Corporation) C:\WINDOWS\system32\netdde.exe
(CMS Products™, Inc.) C:\Program Files\CMS Products\BounceBack Express\BBWatcherService.exe
(Symantec Corporation) C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
(Microsoft Corporation) C:\WINDOWS\system32\inetsrv\inetinfo.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\n360.exe
(Symantec Corporation) C:\Program Files\Norton Ghost\Agent\VProSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\n360.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Symantec Corporation) C:\Program Files\Norton Ghost\Agent\VProTray.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(Symantec Corporation) C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
(Realtek) C:\Program Files\Realtek\Diagnostics Utility\8169Diag.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMeeting\1767\g2mstart.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
(Insight Software Solutions) C:\Program Files\Keyboard Express 3\keyexp.exe
(Symantec) C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office\1033\MSOFFICE.EXE
() C:\Program Files\ACT\SideACT.exe
(WinZip Computing, Inc.) C:\Program Files\WinZip\WZQKPICK.EXE
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMeeting\1767\g2mcomm.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMeeting\1767\g2mlauncher.exe
() C:\Program Files\CMS Products\BounceBack Express\BBLauncher.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\system32\inetsrv\davcdata.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16806912 2008-08-18] (Realtek Semiconductor Corp.)
HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128232 2009-02-04] (CyberLink Corp.)
HKLM\...\Run: [Norton Ghost 15.0] => C:\Program Files\Norton Ghost\Agent\VProTray.exe [2596712 2009-10-01] (Symantec Corporation)
HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2006-01-12] (Nero AG)
HKLM\...\Run: [Microsoft Default Manager] => C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [233304 2009-02-03] (Microsoft Corp.)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2008-12-04] (Intel Corporation)
HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-08-13] (Google)
HKLM\...\Run: [GhostStartTrayApp] => C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe [94208 2003-12-17] (Symantec Corporation)
HKLM\...\Run: [dscactivate] => C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [16384 2008-03-11] ( )
HKLM\...\Run: [ATICCC] => C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [90112 2006-09-25] ()
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [8169Diag] => C:\Program Files\Realtek\Diagnostics Utility\8169Diag.exe [909312 2008-02-26] (Realtek)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2008-07-21] (ATI Technologies Inc.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-1081035915-1334999037-3880933879-1005\...\Run: [GoToMeeting] => C:\Program Files\Citrix\GoToMeeting\1767\g2mstart.exe [40304 2014-09-26] (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-21-1081035915-1334999037-3880933879-1005\...\Run: [ISUSPM] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [218032 2006-09-11] (Macrovision Corporation)
HKU\S-1-5-21-1081035915-1334999037-3880933879-1005\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssbezier.scr [19968 2008-04-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\buShell.dll [2017-05-11] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\buShell.dll [2017-05-11] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\buShell.dll [2017-05-11] (Symantec Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Keyboard Express 3.lnk [2009-12-31]
ShortcutTarget: Keyboard Express 3.lnk -> C:\Program Files\Keyboard Express 3\keyexp.exe (Insight Software Solutions)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk [2014-08-05]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to announce.lnk [2013-06-12]
ShortcutTarget: Shortcut to announce.lnk -> C:\announce.txt ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SideACT!.lnk [2009-08-31]
ShortcutTarget: SideACT!.lnk -> C:\Program Files\ACT\SideACT.exe ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk [2009-08-31]
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
Startup: C:\Documents and Settings\user\Start Menu\Programs\Startup\BounceBack Launcher.lnk [2010-08-18]
ShortcutTarget: BounceBack Launcher.lnk -> C:\Program Files\CMS Products\BounceBack Express\BBStartup.exe ()
Startup: C:\Documents and Settings\user\Start Menu\Programs\Startup\Mozilla Thunderbird.lnk [2009-09-16]
ShortcutTarget: Mozilla Thunderbird.lnk -> C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
BootExecute: autocheck autochk /r \??\J:autocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{BB12FE0F-6522-40FD-BDB9-31B29FE52F51}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1081035915-1334999037-3880933879-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USSMB/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1081035915-1334999037-3880933879-1005\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1081035915-1334999037-3880933879-1005\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-1081035915-1334999037-3880933879-1005 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NSBU&chn=1122&geo=US&ver=22.9.3.13&locale=en_US&guid=98A651A1-8908-40FD-9AAE-6060FD3D8424&doi=2016-09-01&gct=sb&qsrc=2869
BHO: Watch for Browser Events -> {42A7CE31-CEE7-4CCE-A060-A44A7E52E062} -> C:\Program Files\Keyboard Express 3\kie.dll [2004-02-23] (Insight Software Solutions)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\coIEPlg.dll [2017-05-26] (Symantec Corporation)
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll => No File
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll => No File
BHO: MSN Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll => No File
BHO: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files\Windows Live\Toolbar\wltcore.dll => No File
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\coIEPlg.dll [2017-05-26] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1081035915-1334999037-3880933879-1005 -> &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll No File
Toolbar: HKU\S-1-5-21-1081035915-1334999037-3880933879-1005 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\coIEPlg.dll [2017-05-26] (Symantec Corporation)
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1249575361234
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2000-12-23] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\5hp6q9e0.default-1438895758359 [2017-06-20]
FF Homepage: C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\5hp6q9e0.default-1438895758359 -> hxxp://www.asmicro.com/Corporate/burkhead.htm
FF Session Restore: C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\5hp6q9e0.default-1438895758359 -> is enabled.
FF Extension: (Norton Identity Safe) - C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\5hp6q9e0.default-1438895758359\Extensions\idsafe@norton.com.xpi [2017-06-02]
FF Extension: (Java Console) - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2016-12-14] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-01-28] [not signed]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.7.0.76\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.7.0.76\coFFAddon [2017-05-26]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-20] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw.dll [2011-11-02] (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [No File]
FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-04] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1081035915-1334999037-3880933879-1005: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\user\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll [2013-07-26] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npcosmop211.dll [2007-09-23] (PLATINUM technology, inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default [2017-06-20]
CHR Extension: (Google Slides) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-06-19]
CHR Extension: (Google Docs) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-22]
CHR Extension: (Google Drive) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-04]
CHR Extension: (YouTube) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-22]
CHR Extension: (Google Search) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-11-22]
CHR Extension: (Google Sheets) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-04]
CHR Extension: (Google Docs Offline) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-04]
CHR Extension: (Norton Identity Safe) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2017-05-04]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-04]
CHR Extension: (Gmail) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-04]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\Exts\Chrome.crx [2017-06-06]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-06-20] (Adobe Systems Incorporated) [File not signed]
R2 BBWatcherService; C:\Program Files\CMS Products\BounceBack Express\BBWatcherService.exe [36864 2008-01-02] (CMS Products™, Inc.) [File not signed]
S3 GenericMount Helper Service; C:\Program Files\Norton Ghost\Shared\Drivers\GenericMountHelper.exe [1571336 2009-09-21] (Symantec)
R2 GhostStartService; C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe [200704 2003-12-17] (Symantec Corporation) [File not signed]
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-08-13] (Google)
R2 IISADMIN; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-14] (Microsoft Corporation)
S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE [2999664 2007-09-12] (Symantec Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3398608 2017-05-09] (Malwarebytes)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\N360.exe [288520 2017-05-26] (Symantec Corporation)
R2 Norton Ghost; C:\Program Files\Norton Ghost\Agent\VProSvc.exe [4584288 2009-10-01] (Symantec Corporation)
R2 SMTPSVC; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-14] (Microsoft Corporation)
S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [69632 2007-07-11] (MicroVision Development, Inc.) [File not signed]
R3 SymSnapService; C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe [1964528 2009-09-21] (Symantec)
S3 Visual Studio Analyzer RPC bridge; C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe [34036 1998-06-06] (Microsoft Corporation) [File not signed]
R2 W3SVC; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-14] (Microsoft Corporation)
S3 Symantec SymSnap VSS Provider; C:\WINDOWS\system32\dllhost.exe /Processid:{541078A4-D4C1-42FA-BA83-F0039487567F}

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
S3 akshasp; C:\WINDOWS\System32\DRIVERS\akshasp.sys [327808 2005-07-20] (Aladdin Knowledge Systems Ltd.)
S3 aksusb; C:\WINDOWS\System32\DRIVERS\aksusb.sys [100096 2005-07-20] (Aladdin Knowledge Systems Ltd.)
R2 Aspi32; C:\WINDOWS\system32\Drivers\Aspi32.sys [17005 2003-12-17] (Adaptec)
R1 BHDrvx86; C:\Program Files (x86)\Norton Security Suite\NortonData\22.7.0.76\Definitions\BASHDefs\20170616.005\BHDrvx86.sys [1359488 2017-06-13] (Symantec Corporation)
R1 ccSet_N360; C:\WINDOWS\system32\drivers\N360\1609040.008\ccSetx86.sys [137880 2017-05-11] (Symantec Corporation)
R2 DLABMFSM; C:\WINDOWS\System32\Drivers\DLABMFSM.SYS [37360 2007-07-23] (Roxio)
R2 DLABOIOM; C:\WINDOWS\System32\Drivers\DLABOIOM.SYS [32848 2007-07-23] (Roxio)
R2 DLADResM; C:\WINDOWS\System32\Drivers\DLADResM.SYS [9104 2007-07-23] (Roxio)
R2 DLAIFS_M; C:\WINDOWS\System32\Drivers\DLAIFS_M.SYS [108752 2007-07-23] (Roxio)
R2 DLAOPIOM; C:\WINDOWS\System32\Drivers\DLAOPIOM.SYS [27216 2007-07-23] (Roxio)
R2 DLAPoolM; C:\WINDOWS\System32\Drivers\DLAPoolM.SYS [16304 2007-07-23] (Roxio)
R2 DLAUDFAM; C:\WINDOWS\System32\Drivers\DLAUDFAM.SYS [93552 2007-07-23] (Roxio)
R2 DLAUDF_M; C:\WINDOWS\System32\Drivers\DLAUDF_M.SYS [98448 2007-07-23] (Roxio)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [392352 2017-05-10] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [124576 2017-05-10] (Symantec Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae.sys [59936 2017-05-31] ()
R3 GenericMount; C:\WINDOWS\System32\DRIVERS\GenericMount.sys [46192 2009-09-21] (Symantec Corporation)
R1 GhPciScan; C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys [5632 2003-12-17] (Symantec Corporation) [File not signed]
R2 Hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [685056 2005-07-28] (Aladdin Knowledge Systems Ltd.)
R3 IDSxpx86; C:\Program Files (x86)\Norton Security Suite\NortonData\22.7.0.76\Definitions\IPSDefs\20170619.001\IDSxpx86.sys [756864 2017-05-20] (Symantec Corporation)
R0 JRAID; C:\WINDOWS\System32\DRIVERS\jraid.sys [79960 2008-08-18] (JMicron Technology Corp.)
S2 LANPkt; C:\WINDOWS\System32\DRIVERS\LANPkt.sys [8960 2007-11-20] (Realtek Semiconductor Corporation)
R0 MBAMChameleon; C:\WINDOWS\System32\drivers\MBAMChameleon.sys [147232 2017-06-20] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [39840 2017-06-20] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [220576 2017-06-20] (Malwarebytes)
R0 MtxDma0; C:\WINDOWS\System32\drivers\MtxDma0.sys [179164 2001-12-13] (Matrox Electronic Systems Ltd.) [File not signed]
S3 RTLVLAN; C:\WINDOWS\System32\DRIVERS\RTLVLAN.SYS [16640 2007-11-20] (Realtek Semiconductor Corporation)
S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
R3 SRTSP; C:\WINDOWS\System32\Drivers\N360\1609040.008\SRTSP.SYS [624280 2017-05-11] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\N360\1609040.008\SRTSPX.SYS [41112 2017-05-11] (Symantec Corporation)
R0 SymEFASI; C:\WINDOWS\System32\drivers\N360\1609040.008\SYMEFASI.SYS [1344664 2017-05-11] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [89296 2017-05-20] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\N360\1609040.008\Ironx86.SYS [232600 2017-05-11] (Symantec Corporation)
R1 SYMTDI; C:\WINDOWS\System32\Drivers\N360\1609040.008\SYMTDI.SYS [382008 2017-02-20] (Symantec Corporation)
S3 VProEventMonitor; C:\WINDOWS\System32\DRIVERS\vproeventmonitor.sys [15096 2009-09-21] (Symantec Corporation)
U0 aswVmm; no ImagePath
S3 catchme; \??\C:\DOCUME~1\user\LOCALS~1\Temp\catchme.sys [X]
S0 cccllq; System32\drivers\qvilowj.sys [X]
S3 Diag69xp; System32\Drivers\Diag69xp.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.7.0.76\Definitions\SDSDefs\20170116.017\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.7.0.76\Definitions\SDSDefs\20170116.017\NAVEX15.SYS [X]
S2 Sentinel; \SystemRoot\System32\Drivers\SENTINEL.SYS [X]
U2 V2iMount; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-20 17:53 - 2017-06-20 17:53 - 00000000 ____D C:\FRST
2017-06-20 17:52 - 2017-06-20 17:53 - 00000000 ____D C:\Documents and Settings\user\Desktop\Security
2017-06-12 10:08 - 2017-06-20 16:35 - 00147232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-06-12 10:08 - 2017-06-20 16:35 - 00039840 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-06-12 10:08 - 2017-06-20 16:33 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes
2017-06-12 10:08 - 2017-05-31 11:09 - 00059936 _____ C:\WINDOWS\system32\Drivers\mbae.sys
2017-06-12 10:06 - 2017-06-20 16:35 - 00220576 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-06-12 10:06 - 2017-06-12 10:08 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-20 17:55 - 2013-09-23 10:39 - 00000000 ____D C:\Documents and Settings\user\Local Settings\temp
2017-06-20 17:41 - 2014-08-26 14:55 - 00000000 ____D C:\Documents and Settings\user\Local Settings\Application Data\Adobe
2017-06-20 17:41 - 2012-04-05 14:07 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-06-20 17:40 - 2012-04-05 14:07 - 00803328 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2017-06-20 17:40 - 2011-06-07 10:06 - 00144896 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2017-06-20 17:40 - 2008-04-25 17:27 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-06-20 17:12 - 2013-10-16 09:55 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-06-20 13:30 - 2008-04-25 17:32 - 00032470 _____ C:\WINDOWS\SchedLgU.Txt
2017-06-20 09:37 - 2009-08-31 14:36 - 00000000 ____D C:\Documents and Settings\user\My Documents\My PSP8 Files
2017-06-20 09:12 - 2013-10-16 09:55 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-06-20 08:23 - 2016-11-21 17:41 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2017-06-20 00:16 - 2008-04-25 05:17 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2017-06-19 22:19 - 2010-08-18 12:33 - 00000000 ____D C:\Documents and Settings\user\Local Settings\Application Data\BounceBack Express
2017-06-19 15:17 - 2014-03-26 17:28 - 00000220 ____N C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2017-06-19 15:17 - 2013-09-23 10:39 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2017-06-19 15:17 - 2009-12-30 13:57 - 00000000 ____D C:\Program Files\Keyboard Express 3
2017-06-19 15:17 - 2009-07-21 17:21 - 00000000 ____D C:\Documents and Settings\user\Local Settings\Application Data\ApplicationHistory
2017-06-19 15:17 - 2008-04-25 17:26 - 00000000 ____D C:\WINDOWS\Registration
2017-06-19 15:17 - 2008-04-25 12:16 - 00002206 ____N C:\WINDOWS\system32\wpa.dbl
2017-06-19 15:16 - 2009-08-31 16:09 - 08405015 ____N C:\WINDOWS\TempFile
2017-06-19 15:16 - 2008-04-25 17:32 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-06-19 11:19 - 2009-10-05 13:06 - 00000000 ____D C:\Program Files\dtpdemotest
2017-06-16 14:19 - 2009-08-31 17:37 - 00029184 ____N C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-06-16 13:31 - 2012-04-26 10:55 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-06-16 09:34 - 2016-12-14 23:12 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-06-15 20:02 - 2010-01-31 17:18 - 00000000 ____D C:\David
2017-06-12 10:08 - 2010-07-01 09:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2017-06-12 10:04 - 2009-08-31 16:01 - 00000000 ____D C:\Temp
2017-06-09 15:07 - 2017-01-16 12:14 - 00000000 ____D C:\WINDOWS\system32\Drivers\N360
2017-06-09 15:06 - 2017-01-16 12:14 - 00002002 ____N C:\Documents and Settings\All Users\Desktop\Norton Security Suite.LNK
2017-06-09 15:06 - 2017-01-16 12:14 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Norton Security Suite
2017-06-09 15:03 - 2009-07-21 17:21 - 00000178 ___SH C:\Documents and Settings\user\ntuser.ini
2017-06-09 15:03 - 2009-07-11 20:22 - 00524288 ____N C:\WINDOWS\system32\config\ACEEvent.evt
2017-06-08 15:00 - 2014-03-26 17:28 - 00000214 ____N C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2017-06-07 12:59 - 2008-04-25 17:27 - 00000117 ____N C:\WINDOWS\vbaddin.ini
2017-05-30 15:02 - 2009-08-31 16:19 - 00000000 ____D C:\source
2017-05-30 12:12 - 2015-02-09 12:05 - 00135168 ____N C:\WINDOWS\system32\MSCOMCT2.oca
2017-05-30 12:12 - 2015-02-09 12:05 - 00035328 ____N C:\WINDOWS\system32\COMCT332.oca
2017-05-30 12:01 - 2009-09-21 12:32 - 00000000 ____D C:\arwork
2017-05-27 13:30 - 2013-02-16 17:26 - 00000000 ____D C:\Documents and Settings\user\My Documents\SQL Server Management Studio Express

==================== Files in the root of some directories =======

2010-01-12 12:33 - 2010-01-14 19:08 - 0006772 ____N () C:\Documents and Settings\user\Local Settings\Application Data\admin.anduril
2010-01-15 15:27 - 2010-03-17 10:41 - 0009686 ____N () C:\Documents and Settings\user\Local Settings\Application Data\dburkhead.anduril
2010-02-05 10:54 - 2010-03-16 18:36 - 0001853 ____N () C:\Documents and Settings\user\Local Settings\Application Data\dbuser.anduril
2009-08-31 17:37 - 2017-06-16 14:19 - 0029184 ____N () C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-07-21 17:21 - 2009-07-21 17:22 - 0000127 ____N () C:\Documents and Settings\user\Local Settings\Application Data\fusioncache.dat
2015-08-06 17:16 - 2015-08-06 17:16 - 0000036 ____N () C:\Documents and Settings\user\Local Settings\Application Data\housecall.guid.cache
2013-10-21 14:24 - 2016-10-07 17:27 - 0000004 ____N () C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameR.txt

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

Result of Security Analysis by Rocket Grannie (x86) Updated: 15th June, 2017
Running from:C:\Documents and Settings\user\Desktop\Security (10:09:14 - 06/21/2017)
***---------------------------------------------------------***
Microsoft Windows XP Professional X86 Service Pack 3
WARNING! Windows XP is no longer supported
Internet Explorer 8
Default Browser: Firefox
***------------Antivirus - Antispyware - Firewall-----------***
Malwarebytes (Enabled - out of Date)
Norton Security Suite (Enabled - up to Date)
 

Note when I ran RGSA I got an error message:

"Line 257 (File "C:\Documents and settings\user\Desktop\Security\RGSA.exe"):

Error:  The requested action with this object has failed."

So I presume it did not finish.

 


Extremely slow when MBAW running

10 April 2017 - 08:41 AM

When MBAW is running, the PC is extremely slow.  Also some applications, like Microsoft Excel, won't open if MBAW is running.

 

Windows XP system with AVG antivirus and the WIndows firewall.

 

Logs:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/10/17
Scan Time: 2:48 AM
Logfile:
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.96
Update Package Version: 1.0.1694
License: Premium

-System Information-
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 394126
Time Elapsed: 1 hr, 59 min, 33 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Disabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-03-2017
Ran by User (administrator) on ASM21 (10-04-2017 09:24:56)
Running from C:\Documents and Settings\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\Av\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgcsrvx.exe
() C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe
(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\AtService.exe
() C:\WINDOWS\system32\WLTRYSVC.EXE
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgwdsvcx.exe
(CMS Products™, Inc.) C:\Program Files\CMS Products\BounceBack Express\BBWatcherService.exe
(Broadcom Corporation) C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
() C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgemcx.exe
(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.3.7\ToolbarUpdater.exe
(Dell Inc.) C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
(Dell Inc.) C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Andrea Electronics Corporation) C:\WINDOWS\system32\AESTFltr.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
(Broadcom Corporation) C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgui.exe
() C:\Program Files\AVG Web TuneUp\vprot.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
(Dell Inc.) C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
(Intel Corporation) C:\WINDOWS\system32\igfxext.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Intuit Inc.) C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE
() C:\Program Files\ACT\SideACT.exe
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
() C:\Program Files\CMS Products\BounceBack Express\BBLauncher.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2010-01-13] (IDT, Inc.)
HKLM\...\Run: [AESTFltr] => C:\WINDOWS\system32\AESTFltr.exe [737280 2009-07-07] (Andrea Electronics Corporation)
HKLM\...\Run: [DellControlPoint] => C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe [657920 2009-11-02] (Dell Inc.)
HKLM\...\Run: [WavXMgr] => C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe [158592 2010-01-14] (Wave Systems Corp.)
HKLM\...\Run: [USCService] => C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe [34232 2010-01-14] (Broadcom Corporation)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\WINDOWS\system32\WLTRAY.exe
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [292208 2010-06-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2012-06-23] (Google)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [998104 2015-07-07] (Adobe Systems Incorporated)
HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [220944 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [220944 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Intuit SyncManager] => C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [2215768 2011-12-06] (Intuit Inc. All rights reserved.)
HKLM\...\Run: [vProt] => C:\Program Files\AVG Web TuneUp\vprot.exe [2183752 2017-04-04] ()
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKU\S-1-5-21-329068152-115176313-1417001333-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-329068152-115176313-1417001333-1003\...\MountPoints2: {e268b314-3248-11e1-a5bd-9ce2db649b82} - F:\LaunchU3.exe -a
HKU\S-1-5-21-329068152-115176313-1417001333-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssstars.scr [14336 2008-04-13] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2012-06-23] (Google)
Lsa: [Authentication Packages] msv1_0 wvauth
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll [2009-11-24] (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll [2009-11-24] (Wave Systems Corp.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk [2015-10-30]
ShortcutTarget: Acrobat Assistant.lnk -> C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell ControlPoint System Manager.lnk [2011-05-16]
ShortcutTarget: Dell ControlPoint System Manager.lnk -> C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe (Dell Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2015-09-05]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk [2011-04-03]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2015-09-05]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2015-09-05]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE (Intuit Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to announce.lnk [2012-01-26]
ShortcutTarget: Shortcut to announce.lnk -> C:\announce.txt ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SideACT!.lnk [2011-05-17]
ShortcutTarget: SideACT!.lnk -> C:\Program Files\ACT\SideACT.exe ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TdmNotify.lnk [2011-05-16]
ShortcutTarget: TdmNotify.lnk -> C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe (Wave Systems Corp.)
Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\BounceBack Launcher.lnk [2012-01-27]
ShortcutTarget: BounceBack Launcher.lnk -> C:\Program Files\CMS Products\BounceBack Express\BBStartup.exe ()
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\Av\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{85FEDF78-354C-4151-AE00-02247ADA006A}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-329068152-115176313-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={712B9163-B44E-4C39-A2AD-173115600501}&mid=06edc568455747cd9054310b1a355905-8eca9f657db18d8442aebdca48e14b4f9aaf8545&lang=en&ds=AVG&coid=avgtbavg&cmpid=0316avz&pr=fr&d=2016-03-11 22:12:40&v=4.3.7.452&pid=wtu&sg=&sap=hp
HKU\S-1-5-21-329068152-115176313-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-329068152-115176313-1417001333-1003 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={712B9163-B44E-4C39-A2AD-173115600501}&mid=06edc568455747cd9054310b1a355905-8eca9f657db18d8442aebdca48e14b4f9aaf8545&lang=en&ds=AVG&coid=avgtbavg&cmpid=0816tb&pr=fr&d=2016-03-11 22:12:40&v=4.3.7.452&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-329068152-115176313-1417001333-1003 -> {70D46D94-BF1E-45ED-B567-48701376298E} URL = hxxp://127.0.0.1:4664/search&s=CtcMogZGNVf-G-hu32O2IMXt-9E?q={searchTerms}
SearchScopes: HKU\S-1-5-21-329068152-115176313-1417001333-1003 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={712B9163-B44E-4C39-A2AD-173115600501}&mid=06edc568455747cd9054310b1a355905-8eca9f657db18d8442aebdca48e14b4f9aaf8545&lang=en&ds=AVG&coid=avgtbavg&cmpid=0816tb&pr=fr&d=2016-03-11 22:12:40&v=4.3.7.452&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2012-09-23] (Adobe Systems Incorporated)
BHO: Watch for Browser Events -> {42A7CE31-CEE7-4CCE-A060-A44A7E52E062} -> C:\Program Files\Keyboard Express 3\kie.dll [2004-02-23] (Insight Software Solutions)
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.3.7.452\AVG Web TuneUp.dll [2017-04-04] (AVG)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll [2011-12-06] (Intuit, Inc.)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\system32\mscoree.dll [2010-03-18] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\wei4omjr.default [2017-04-10]
FF Homepage: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\wei4omjr.default -> hxxp://www.asmicro.com/applications/faq.htm
FF NetworkProxy: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\wei4omjr.default -> type", 0
FF Extension: (AVG Web TuneUp) - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\wei4omjr.default\Extensions\avg@toolbar.xpi [2017-02-07]
FF SearchPlugin: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\wei4omjr.default\searchplugins\avg-secure-search.xml [2017-02-07]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-08-03] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_23_0_0_205.dll [2016-11-01] ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.7\\npsitesafety.dll [No File]
FF Plugin: @java.com/DTPlugin,version=1.6.0_35 -> C:\WINDOWS\system32\npdeployJava1.dll [2012-10-09] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-329068152-115176313-1417001333-1003: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\User\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll [2015-09-08] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2001-09-10] (Adobe Systems Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1803584 2010-03-03] (AuthenTec, Inc.)
R2 AVGIDSAgent; C:\Program Files\AVG\Av\avgidsagent.exe [4153408 2017-03-23] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [935184 2016-12-06] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\Av\avgwdsvcx.exe [606360 2017-03-23] (AVG Technologies CZ, s.r.o.)
R2 BBWatcherService; C:\Program Files\CMS Products\BounceBack Express\BBWatcherService.exe [36864 2008-01-02] (CMS Products™, Inc.) [File not signed]
R2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [127488 2010-06-29] (Broadcom Corporation) [File not signed]
R2 buttonsvc32; C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe [278304 2009-11-20] (Dell Inc.)
R2 dcpsysmgrsvc; C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [376608 2009-12-10] (Dell Inc.)
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2012-06-23] (Google)
R2 InstallFilterService; C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [60928 2010-01-10] () [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3303888 2017-01-20] (Malwarebytes)
R2 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2011-12-06] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2011-12-06] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2011-12-06] (Intuit Inc.) [File not signed]
S3 SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [1032192 2009-11-18] (Wave Systems Corp.) [File not signed]
R2 STacSV; c:\program files\idt\wdm\stacsv.exe [229458 2010-01-13] (IDT, Inc.)
S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1273856 2008-11-12] () [File not signed]
R2 TdmService; C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe [1148264 2009-11-24] (Wave Systems Corp.)
R2 vToolbarUpdater40.3.7; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.3.7\ToolbarUpdater.exe [1354312 2017-04-04] (AVG Secure Search)
R2 WtuSystemSupport; C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe [981576 2017-04-04] ()
U2 wltrysvc; %SystemRoot%\System32\WLTRYSVC.EXE %SystemRoot%\System32\bcmwltry.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Acceler; C:\WINDOWS\System32\DRIVERS\Accelern.sys [42672 2010-01-18] (ST Microelectronics)
R3 AESTAud; C:\WINDOWS\System32\drivers\AESTAud.sys [113664 2009-04-21] (Andrea Electronics Corporation)
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [134912 2016-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [247552 2017-02-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [207616 2016-10-05] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [31664 2015-11-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [244992 2016-11-30] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [287008 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [197376 2016-09-26] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [47360 2016-06-01] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [231680 2016-07-27] (AVG Technologies CZ, s.r.o.)
R0 avgunivx; C:\WINDOWS\System32\DRIVERS\avgunivx.sys [65280 2016-06-20] (AVG Technologies CZ, s.r.o.)
R2 BASFND; C:\Program Files\Broadcom\MgmtAgent\BASFND.sys [10520 2011-02-09] (Broadcom Corporation) [File not signed]
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [2696448 2010-02-03] (Broadcom Corporation)
R1 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [148256 2017-03-23] (Malwarebytes)
R0 PBADRV; C:\WINDOWS\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc)
R0 stdflt; C:\WINDOWS\System32\DRIVERS\stdfltn.sys [17072 2010-01-18] (ST Microelectronics)
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1656403 2010-01-13] (IDT, Inc.)
R2 WavxDMgr; C:\WINDOWS\System32\DRIVERS\WavxDMgr.sys [214656 2010-01-14] (Wave Systems Corp.)
S0 cerc6; no ImagePath
S4 IntelIde; no ImagePath
S2 portD; system32\DRIVERS\portd2k.sys [X]
U1 WS2IFSL; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-10 09:24 - 2017-04-10 09:25 - 00019932 _____ C:\Documents and Settings\User\Desktop\FRST.txt
2017-04-10 09:24 - 2017-04-10 09:24 - 01766912 _____ (Farbar) C:\Documents and Settings\User\Desktop\FRST.exe
2017-04-10 09:24 - 2017-04-10 09:24 - 00000000 ____D C:\FRST
2017-04-10 09:22 - 2017-04-10 09:22 - 00001089 _____ C:\Documents and Settings\User\Desktop\MBAW report.txt
2017-03-23 07:30 - 2017-04-07 15:13 - 00220088 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-03-23 07:30 - 2017-04-07 15:13 - 00039360 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-03-23 07:30 - 2017-03-23 07:30 - 00148256 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-03-23 07:29 - 2017-03-31 22:16 - 00059904 _____ C:\WINDOWS\system32\Drivers\mbae.sys
2017-03-23 07:29 - 2017-03-23 07:29 - 00001715 ____N C:\Documents and Settings\All Users\Desktop\Malwarebytes.lnk
2017-03-23 07:29 - 2017-03-23 07:29 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-23 07:29 - 2017-03-23 07:29 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-10 09:25 - 2010-12-26 00:47 - 00000000 ____D C:\Documents and Settings\User\Local Settings\Temp
2017-04-10 09:21 - 2012-01-27 11:27 - 00000000 ____D C:\Documents and Settings\User\Local Settings\Application Data\BounceBack Express
2017-04-10 08:50 - 2015-09-08 00:36 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-04-10 04:38 - 2015-09-04 17:37 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2017-04-10 04:25 - 2016-09-20 12:33 - 00000314 ____H C:\WINDOWS\Tasks\AVG EUpdate Task.job
2017-04-08 15:00 - 2014-03-20 19:51 - 00000214 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2017-04-08 05:50 - 2010-12-26 00:45 - 00032616 _____ C:\WINDOWS\SchedLgU.Txt
2017-04-07 22:52 - 2014-03-27 03:11 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2017-04-07 15:41 - 2015-09-05 17:20 - 00000000 ____D C:\QBtemp
2017-04-07 15:41 - 2011-04-03 22:33 - 00002477 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Excel.lnk
2017-04-07 15:25 - 2011-05-16 20:43 - 00000000 _____ C:\Documents and Settings\User\Local Settings\Application Data\WavXMapDrive.bat
2017-04-07 15:25 - 2008-04-13 19:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2017-04-07 15:24 - 2014-03-20 19:51 - 00000220 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2017-04-07 15:11 - 2010-12-26 00:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-04-07 15:08 - 2015-09-05 17:07 - 00159026 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2017-04-07 15:08 - 2010-12-26 00:47 - 00000278 ___SH C:\Documents and Settings\User\ntuser.ini
2017-04-07 11:32 - 2010-12-25 19:02 - 00000000 ___HD C:\WINDOWS\inf
2017-04-06 08:50 - 2011-12-29 15:14 - 00000000 ____D C:\Documents and Settings\User\Application Data\U3
2017-04-06 08:46 - 2011-08-04 20:15 - 00000000 ____D C:\Jon
2017-04-06 08:23 - 2011-05-16 22:21 - 00000000 ____D C:\Documents and Settings\User\My Documents\My PSP8 Files
2017-04-06 07:21 - 2015-09-04 17:36 - 00000617 _____ C:\Documents and Settings\All Users\Desktop\AVG.lnk
2017-04-06 07:21 - 2015-09-04 17:36 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG Zen
2017-04-05 18:05 - 2011-08-01 12:14 - 00000000 ____D C:\Act6Copy
2017-04-05 06:19 - 2015-12-13 07:04 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2017-04-05 04:50 - 2015-09-05 15:54 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\QuickBooks
2017-04-04 23:58 - 2016-03-11 23:12 - 00000000 ____D C:\Program Files\AVG Web TuneUp
2017-04-04 23:58 - 2016-03-11 23:12 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG Web TuneUp
2017-04-02 06:46 - 2015-09-04 17:58 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2017-03-31 22:31 - 2012-04-25 14:09 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-03-30 18:26 - 2016-11-18 02:08 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-03-29 13:57 - 2011-04-03 22:33 - 00002479 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
2017-03-23 07:29 - 2012-05-08 15:30 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2017-03-21 02:11 - 2015-09-05 17:07 - 00159026 ____N C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-329068152-115176313-1417001333-1003-0.dat
2017-03-17 14:47 - 2010-12-25 19:10 - 00590352 ____N C:\WINDOWS\system32\PerfStringBackup.INI

==================== Files in the root of some directories =======

2012-06-23 17:30 - 2015-10-29 20:12 - 0005120 ____N () C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-05-16 20:43 - 2017-04-07 15:25 - 0000000 _____ () C:\Documents and Settings\User\Local Settings\Application Data\WavXMapDrive.bat

Some files in TEMP:
====================
2015-09-28 06:15 - 2015-09-28 06:59 - 0012800 ____N () C:\Documents and Settings\User\Local Settings\Temp\00ixi1rq.dll
2016-06-23 11:24 - 2016-05-18 13:03 - 0186640 ____N (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\User\Local Settings\Temp\avguirn_081131403087.exe
2015-09-16 11:05 - 2015-08-20 16:32 - 0091048 ____N (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\User\Local Settings\Temp\avguirn_081171497270.exe
2016-08-22 12:40 - 2016-07-20 14:01 - 0186640 ____N (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\User\Local Settings\Temp\avguirn_081376362929.exe
2015-09-30 18:11 - 2015-09-10 10:54 - 0091048 ____N (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\User\Local Settings\Temp\avguirn_081389774009.exe
2016-06-01 10:58 - 2016-04-22 10:01 - 0186640 ____N (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\User\Local Settings\Temp\avguirn_081412823630.exe
2016-02-24 11:22 - 2016-01-12 17:23 - 0179624 ____N (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\User\Local Settings\Temp\avguirn_08148611852.exe
2015-10-20 04:23 - 2015-09-22 13:13 - 0091048 ____N (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\User\Local Settings\Temp\avguirn_08163636161.exe
2016-07-27 06:15 - 2016-06-21 18:49 - 0186640 ____N (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\User\Local Settings\Temp\avguirn_082083955714.exe
2016-01-15 22:11 - 2015-12-08 08:23 - 0091048 ____N (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\User\Local Settings\Temp\avguirn_08341710729.exe
2016-01-05 13:09 - 2015-11-12 17:54 - 0091048 ____N (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\User\Local Settings\Temp\avguirn_08388909063.exe
2016-05-13 14:21 - 2016-04-14 17:29 - 0186640 ____N (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\User\Local Settings\Temp\avguirn_08558079619.exe
2015-11-18 08:43 - 2015-10-16 13:30 - 0091048 ____N (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\User\Local Settings\Temp\avguirn_08563171609.exe
2016-04-08 16:26 - 2016-02-18 13:09 - 0179624 ____N (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\User\Local Settings\Temp\avguirn_08646450834.exe
2009-07-17 20:12 - 2009-07-17 20:12 - 1957206 ____N (Adobe Systems Incorporated) C:\Documents and Settings\User\Local Settings\Temp\FP_AX_MSI_INSTALLER.exe
2012-09-17 18:06 - 2012-09-17 18:06 - 10217672 ____N (Adobe Systems Incorporated) C:\Documents and Settings\User\Local Settings\Temp\fp_pl_pfs_installer.exe
2013-06-14 09:59 - 2013-06-14 09:59 - 1037120 ____N (Solid State Networks) C:\Documents and Settings\User\Local Settings\Temp\install_reader11_en_mssd_aaa_aih.exe
2015-09-05 15:48 - 2015-09-05 15:48 - 0464896 ____N (Intuit) C:\Documents and Settings\User\Local Settings\Temp\Intuit.Spc.Map.EntitlementClient.Install.dll
2012-08-29 08:07 - 2012-08-29 08:07 - 0908272 ____N (Sun Microsystems, Inc.) C:\Documents and Settings\User\Local Settings\Temp\jre-6u35-windows-i586-iftw.exe
2012-10-26 11:05 - 2012-10-26 11:05 - 0912368 ____N (Sun Microsystems, Inc.) C:\Documents and Settings\User\Local Settings\Temp\jre-6u37-windows-i586-iftw.exe
2013-01-31 14:20 - 2013-01-31 14:20 - 0915376 ____N (Sun Microsystems, Inc.) C:\Documents and Settings\User\Local Settings\Temp\jre-6u39-windows-i586-iftw.exe
2013-02-16 01:00 - 2013-02-16 01:00 - 0897448 ____N (Oracle Corporation) C:\Documents and Settings\User\Local Settings\Temp\jre-7u15-windows-i586-iftw.exe
2013-03-05 19:59 - 2013-03-05 19:59 - 0897448 ____N (Oracle Corporation) C:\Documents and Settings\User\Local Settings\Temp\jre-7u17-windows-i586-iftw.exe
2013-06-13 11:36 - 2013-06-13 11:36 - 0903592 ____N (Oracle Corporation) C:\Documents and Settings\User\Local Settings\Temp\jre-7u25-windows-i586-iftw.exe
2013-08-28 12:09 - 2013-08-28 12:09 - 0913832 ____N (Oracle Corporation) C:\Documents and Settings\User\Local Settings\Temp\jre-7u40-windows-i586-iftw.exe
2013-10-08 14:27 - 2013-10-08 14:27 - 0915368 ____N (Oracle Corporation) C:\Documents and Settings\User\Local Settings\Temp\jre-7u45-windows-i586-iftw.exe
2015-09-20 04:46 - 2015-09-20 14:34 - 0012800 ____N () C:\Documents and Settings\User\Local Settings\Temp\nne0nujd.dll
2015-09-05 15:48 - 2015-09-05 15:48 - 0624488 ____N (Intuit Inc.) C:\Documents and Settings\User\Local Settings\Temp\qbinstal.dll
2015-09-05 15:48 - 2015-09-05 15:48 - 0643072 ____N (STLport Consulting, Inc.) C:\Documents and Settings\User\Local Settings\Temp\stlport_r50.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

Result of Security Analysis by Rocket Grannie (x86) Updated: 5th April, 2017
Running from:C:\Documents and Settings\User\Desktop (09:34:28 - 04/10/2017)
***---------------------------------------------------------***
Microsoft Windows XP Professional X86 Service Pack 3
*WARNING* Windows XP is no longer supported
Internet Explorer 8
Default Browser: Firefox
***------------Antivirus - Antispyware - Firewall-----------***
Malwarebytes (Disabled - Up to Date)
AVG AntiVirus Free Edition (Enabled - Up to Date)
Windows Firewall (Enabled)
*No other Firewall Installed*
***-------Security Programs - Browsers - Miscellaneous------***
Adobe Flash Player 24 NPAPI (version 23.0.0.205) is *out of Date*
Firefox (version 52)
Malwarebytes (version 3.0.6.1469)

Adobe Reader XI (version 11.0.08) is *out of Date*

***----------------Analysis Complete-------------------------***


Facebook says computer infected?

07 July 2015 - 01:44 PM

Just tried to log onto Facebook and got a warning "Your computer needs to be cleaned...."

 

It then wants me to go on and run an online check.  Let's just say that I'm a little less than trusting of that.  I can connect to FB via my phone just fine.   It's just the desktop that's the issue.

 

I use Avast Free Program version 2015.10.2218.  Definitions up to date.  And malwarebytes Home (Premium) with real time malware and malicious website protection turned on.

 

So, I'm guessing probably a hijack.  Here are my logs:

 

Malwarebytes Anti Malware:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/7/2015
Scan Time: 1:59:18 PM
Logfile:
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.07.07.04
Rootkit Database: v2015.07.07.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: user

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 372398
Time Elapsed: 30 min, 25 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

DDS:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by user at 14:13:58 on 2015-07-07
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2044.457 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\CMS Products\BounceBack Express\BBWatcherService.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Realtek\Diagnostics Utility\8169Diag.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Citrix\GoToMeeting\1767\g2mstart.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Keyboard Express 3\keyexp.exe
C:\Program Files\Citrix\GoToMeeting\1767\g2mcomm.exe
C:\Program Files\ACT\SideACT.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\Program Files\Citrix\GoToMeeting\1767\g2mlauncher.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\CMS Products\BounceBack Express\BBLauncher.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: Watch for Browser Events: {42A7CE31-CEE7-4CCE-A060-A44A7E52E062} - c:\program files\keyboard express 3\kie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} -
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} -
uRun: [GoToMeeting] "c:\program files\citrix\gotomeeting\1767\g2mstart.exe" "/Trigger RunAtLogon"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Norton Ghost 15.0] "c:\program files\norton ghost\agent\VProTray.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [GhostStartTrayApp] c:\program files\symantec\norton ghost 2003\GhostStartTrayApp.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [8169Diag] c:\program files\realtek\diagnostics utility\8169Diag.exe /hw
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
StartupFolder: c:\docume~1\user\startm~1\programs\startup\bounce~1.lnk - c:\program files\cms products\bounceback express\BBStartup.exe
StartupFolder: c:\docume~1\user\startm~1\programs\startup\mozill~1.lnk - c:\program files\mozilla thunderbird\thunderbird.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\keyboa~1.lnk - c:\program files\keyboard express 3\keyexp.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\shortc~1.lnk - c:\announce.txt
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sideact!.lnk - c:\program files\act\SideACT.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-System: SoftwareSASGeneration = dword:1
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1249575361234
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{BB12FE0F-6522-40FD-BDB9-31B29FE52F51} : DHCPNameServer = 192.168.1.1
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\43.0.2357.130\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\u0flkzf4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.asmicro.com/Corporate/burkhead.htm
FF - plugin: c:\documents and settings\user\local settings\application data\citrix\plugins\104\npappdetector.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.27.5\npGoogleUpdate3.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_17_0_0_190.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-5-2 49904]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-5-2 209048]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-5-2 787760]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-5-2 428120]
R1 GhPciScan;GhostPciScanner;c:\program files\symantec\norton ghost 2003\GhPciScan.sys [2003-12-17 5632]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-5-2 24144]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-5-2 74976]
R3 GenericMount;Generic Mount Driver;c:\windows\system32\drivers\GenericMount.sys [2009-9-21 46192]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-5-5 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-5-19 98520]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S0 cccllq;cccllq;c:\windows\system32\drivers\qvilowj.sys --> c:\windows\system32\drivers\qvilowj.sys [?]
S2 LANPkt;Realtek LANPkt Protocol Driver;c:\windows\system32\drivers\LANPkt.sys [2009-7-11 8960]
S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys --> c:\windows\system32\drivers\Diag69xp.sys [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2013-9-24 27064]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [2009-7-11 16640]
.
=============== File Associations ===============
.
ShellExec: FRONTPG.EXE: edit=c:\progra~1\mi1933~1\office\FRONTPG.EXE
.
=============== Created Last 30 ================
.
2015-06-23 23:30:11    18174128    ------w-    c:\windows\system32\FlashPlayerInstaller.exe
.
==================== Find3M  ====================
.
2015-07-07 17:59:17    98520    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-06-23 23:30:16    778416    ------w-    c:\windows\system32\FlashPlayerApp.exe
2015-06-23 23:30:16    142512    ------w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2015-06-18 12:41:46    121560    ------w-    c:\windows\system32\drivers\mbamchameleon.sys
2015-06-18 12:41:36    23256    ------w-    c:\windows\system32\drivers\mbam.sys
2015-05-29 15:19:42    227328    ------w-    c:\windows\system32\ltocx12n.oca
2015-05-29 15:19:41    300544    ------w-    c:\windows\system32\ltdlg12n.oca
2015-05-21 12:51:55    74976    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2015-05-21 12:51:55    49904    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2015-05-21 12:51:55    24144    ----a-w-    c:\windows\system32\drivers\aswHwid.sys
2015-05-21 12:51:55    209048    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2015-05-21 12:51:51    43112    ------w-    c:\windows\avastSS.scr
2015-05-21 12:51:40    787760    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2015-05-18 19:46:01    265728    ------w-    c:\windows\system32\MSCOMCTL.oca
2015-05-18 19:46:00    132096    ------w-    c:\windows\system32\olch3x32.oca
2015-05-18 19:45:59    35840    ------w-    c:\windows\system32\Comdlg32.oca
2015-05-18 19:45:59    159232    ------w-    c:\windows\system32\olch2x32.oca
.
============= FINISH: 14:15:51.89 ===============
 

Security Check:

  Results of screen317's Security Check version 1.004  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Out of date HijackThis  installed!
 Norton Ghost    
 HijackThis 2.0.2    
 Adobe Flash Player 10 Flash Player out of Date!
  Adobe Flash Player     17.0.0.190 Flash Player out of Date!  
 Adobe Reader XI  
 Mozilla Firefox (39.0)
 Mozilla Thunderbird (31.7.0)
 Google Chrome (43.0.2357.124)
 Google Chrome (43.0.2357.130)
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 20% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 


PC positively glacial after removing McAfee

20 September 2013 - 02:29 PM

I had been using "AT&T Internet Security Powered by McAfee" on one computer.  However, we switched from AT&T to another internet provider and, so I was in the process of switching to a different antiviruse (Microsoft Security Essentials).
 
AT&T's instructions for removal of McAfee simply called for using Add-Remove Programs.  This I did.  Then, when so instructed, I restarted.
 
When it restarted chkdsk ran, reported some corrupted attributes and a couple of orphaned clusters which it proceeded to automatically fix.
 
After starting, several of my "startup" programs failed to start.  I have Thunderbird set up to start automatically when Windows boots,  ditto the Office Shortcut Bar.  A couple of other things.  But they wouldn't start.
 
There's a short text file that does open.  And that did open.
 
I checked "performance" in the task bar but both CPU and Memory use is quite low.  In the processes, there's nothing using a bunch of CPU time.  Biggest process is "system idle."
 
When I tried to shut down to reboot  shutting down takes an extremely long time and I get several "xxx can't open because Windows is shutting down" as well as a few things that need manual shutdown. (Sorry, I don't have a specific list at this time.  If the details matter, I can try running through this again and note them as they pass.)  I presume that this means that stuff that was opening in startup never finished opening despite waiting better than an hour.
 
Under these circumstances I can't even run something like HiJack This.
 
So, any idea what went wrong?
 
Can I fix it without having to restore from backup? (We have a complete backup from a couple months ago and have run daily data backups since--also a lot of the data files are not stored on this computer, so we're not completely dead.  Still, restoring is troublesome and time consuming.  The only question is whether "fixing it" is more troublesome and time consuming.)
 
David L. Burkhead
 
 
Edit: Please reboot into 'Safe mode with networking' (hit F8 several times while booting to get the boot menu).

Then you should be able to read the Instructions and post the requested logs (MBAM, DDS, Security Check). We need the information in order to help you.


Member of

Support SpywareInfo Forum - click the button
PayPal - The safer, easier way to pay online!