Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus on PC - Slow Performance


  • This topic is locked This topic is locked
10 replies to this topic

#1 Brett998866

Brett998866

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:01:40 PM

Posted 02 July 2016 - 10:58 AM

Experiencing very slow performance when clicking on items from the desktop.  PC cpu usage at 100% for extended periods.  Ran virus scan, but nothing found, but virus is suspected nonetheless.  Any help would certainly be appreciated.  Brett

 

FRST log below and Addition.txt is attached as requested in the instructions.  Again, thank you.

 

FRST LOG:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-07-2016
Ran by HP_Owner (administrator) on YOUNGSPC (02-07-2016 10:49:42)
Running from C:\Documents and Settings\HP_Owner\My Documents\Downloads
Loaded Profiles: HP_Owner & UpdatusUser (Available Profiles: HP_Owner & UpdatusUser & Administrator)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(Seagate Technology LLC) C:\Program Files\Seagate\Seagate_Media\Sync\MediaAggreService.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Motive Communications, Inc.) C:\Program Files\Common Files\Motive\McciCMService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Valve Corporation) C:\Program Files\Steam\Steam.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(BitTorrent Inc.) C:\Documents and Settings\HP_Owner\Application Data\uTorrent\uTorrent.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(BitTorrent Inc.) C:\Documents and Settings\HP_Owner\Application Data\uTorrent\updates\3.4.7_42330\utorrentie.exe
(BitTorrent Inc.) C:\Documents and Settings\HP_Owner\Application Data\uTorrent\updates\3.4.7_42330\utorrentie.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Valve Corporation) C:\Program Files\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMUPDT.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Farbar) C:\Documents and Settings\HP_Owner\My Documents\Downloads\FRST (1).exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6133520 2015-11-06] (AVAST Software)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2015-04-10] (Oracle Corporation)
HKLM\...\Run: [CanonQuickMenu] => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE [1298456 2015-04-20] (CANON INC.)
HKU\S-1-5-21-3422957414-3089006648-1118624089-1008\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6495144 2015-09-16] (Piriform Ltd)
HKU\S-1-5-21-3422957414-3089006648-1118624089-1008\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [2917456 2016-06-14] (Valve Corporation)
HKU\S-1-5-21-3422957414-3089006648-1118624089-1008\...\Run: [uTorrent] => C:\Documents and Settings\HP_Owner\Application Data\uTorrent\uTorrent.exe [2133504 2016-05-19] (BitTorrent Inc.)
HKU\S-1-5-21-3422957414-3089006648-1118624089-1008\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\GPhotos.scr [4587520 2015-10-13] (Google Inc.)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-10-04] (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{570E448B-2E37-41F3-A83B-0C076AA62518}: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{80443072-5384-4D29-A197-604ECE8884D8}: [DhcpNameServer] 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3422957414-3089006648-1118624089-1008\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
HKU\S-1-5-21-3422957414-3089006648-1118624089-1008\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/
HKU\S-1-5-21-3422957414-3089006648-1118624089-1008\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3422957414-3089006648-1118624089-1008\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKU\S-1-5-21-3422957414-3089006648-1118624089-1009\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
HKU\S-1-5-21-3422957414-3089006648-1118624089-1009\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
HKU\S-1-5-21-3422957414-3089006648-1118624089-1009\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
HKU\S-1-5-21-3422957414-3089006648-1118624089-1009\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
HKU\S-1-5-21-3422957414-3089006648-1118624089-1009\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
URLSearchHook: HKU\S-1-5-21-3422957414-3089006648-1118624089-1009 - (No Name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3422957414-3089006648-1118624089-1008 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-05] (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-20] (Google Inc.)
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2012-08-02] ()
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-20] (Google Inc.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKU\S-1-5-21-3422957414-3089006648-1118624089-1008 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-20] (Google Inc.)
Toolbar: HKU\S-1-5-21-3422957414-3089006648-1118624089-1008 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2012-08-02] ()
Toolbar: HKU\S-1-5-21-3422957414-3089006648-1118624089-1008 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} 
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll [2012-08-02] ()
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-04-03] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin: @Microsoft.com/DownloadManager,version=1.1 -> C:\WINDOWS\ [] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3422957414-3089006648-1118624089-1008: @nsroblox.roblox.com/launcher -> C:\Documents and Settings\HP_Owner\Local Settings\Application Data\RobloxVersions\version-6cfc785e896545ae\\NPRobloxProxy.dll [2013-06-28] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-3422957414-3089006648-1118624089-1008: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll [2011-11-02] (Unity Technologies ApS)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-01-31] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-25]
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
CHR StartupUrls: Default -> "hxxp://www.yahoo.com/"
CHR Profile: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-14]
CHR Extension: (Google Docs Offline) - C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-22]
CHR Extension: (Avast Online Security) - C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-06-25]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-31]
CHR HKLM\...\Chrome\Extension: [meppmgfehplfblhnjfikekckcngogbai] - C:\Program Files\GetLyrics\Chrome.crx <not found>
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-09-13] (SUPERAntiSpyware.com)
S4 Alerter; C:\WINDOWS\system32\alrsvc.dll [17408 2008-04-13] (Microsoft Corporation) [File not signed]
R3 ALG; C:\WINDOWS\System32\alg.exe [44544 2008-04-13] (Microsoft Corporation) [File not signed]
R2 AudioSrv; C:\WINDOWS\System32\audiosrv.dll [42496 2008-04-13] (Microsoft Corporation) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-10-04] (AVAST Software)
R3 BITS; C:\WINDOWS\system32\qmgr.dll [409088 2008-04-13] (Microsoft Corporation) [File not signed]
S2 Browser; C:\WINDOWS\System32\browser.dll [78336 2012-07-06] (Microsoft Corporation) [File not signed]
S3 CiSvc; C:\WINDOWS\system32\cisvc.exe [5632 2008-04-13] (Microsoft Corporation) [File not signed]
S3 ClipSrv; C:\WINDOWS\system32\clipsrv.exe [33280 2008-04-13] (Microsoft Corporation) [File not signed]
R2 CryptSvc; C:\WINDOWS\System32\cryptsvc.dll [62464 2008-04-13] (Microsoft Corporation) [File not signed]
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1524512 2007-07-16] (Cisco Systems, Inc.)
R2 DcomLaunch; C:\WINDOWS\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) [File not signed]
R2 Dhcp; C:\WINDOWS\System32\dhcpcsvc.dll [126976 2008-04-13] (Microsoft Corporation) [File not signed]
S3 dmadmin; C:\WINDOWS\System32\dmadmin.exe [224768 2008-04-13] (Microsoft Corp., Veritas Software) [File not signed]
S3 dmserver; C:\WINDOWS\System32\dmserver.dll [23552 2008-04-13] (Microsoft Corp.) [File not signed]
R2 Dnscache; C:\WINDOWS\System32\dnsrslvr.dll [45568 2009-04-20] (Microsoft Corporation) [File not signed]
S3 Dot3svc; C:\WINDOWS\System32\dot3svc.dll [132096 2008-04-13] (Microsoft Corporation) [File not signed]
S3 EapHost; C:\WINDOWS\System32\eapsvc.dll [33792 2008-04-13] (Microsoft Corporation) [File not signed]
R2 ERSvc; C:\WINDOWS\System32\ersvc.dll [23040 2008-04-13] (Microsoft Corporation) [File not signed]
R2 Eventlog; C:\WINDOWS\system32\services.exe [110592 2009-02-06] (Microsoft Corporation) [File not signed]
R3 EventSystem; C:\WINDOWS\system32\es.dll [253952 2008-07-07] (Microsoft Corporation) [File not signed]
R3 FastUserSwitchingCompatibility; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation) [File not signed]
S3 Fax; C:\WINDOWS\system32\fxssvc.exe [267776 2008-04-13] (Microsoft Corporation) [File not signed]
R2 FreeAgentTheater Service; C:\Program Files\Seagate\Seagate_Media\Sync\MediaAggreService.exe [237248 2012-12-20] (Seagate Technology LLC)
R2 helpsvc; C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400 2008-04-13] (Microsoft Corporation) [File not signed]
R2 HidServ; C:\WINDOWS\System32\hidserv.dll [21504 2008-04-13] (Microsoft Corporation) [File not signed]
S3 hkmsvc; C:\WINDOWS\System32\kmsvc.dll [61440 2008-04-13] (Microsoft Corporation) [File not signed]
S3 HTTPFilter; C:\WINDOWS\System32\w3ssl.dll [15872 2008-04-13] (Microsoft Corporation) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S3 ImapiService; C:\WINDOWS\system32\imapi.exe [150528 2008-04-13] (Microsoft Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2016-01-02] (Oracle Corporation)
R2 lanmanserver; C:\WINDOWS\System32\srvsvc.dll [99840 2010-08-27] (Microsoft Corporation) [File not signed]
R2 lanmanworkstation; C:\WINDOWS\System32\wkssvc.dll [132096 2009-06-10] (Microsoft Corporation) [File not signed]
R2 LmHosts; C:\WINDOWS\System32\lmhsvc.dll [13824 2008-04-13] (Microsoft Corporation) [File not signed]
R2 McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [303104 2008-09-23] (Motive Communications, Inc.) [File not signed]
S4 Messenger; C:\WINDOWS\System32\msgsvc.dll [33792 2008-04-13] (Microsoft Corporation) [File not signed]
S3 mnmsrvc; C:\WINDOWS\system32\mnmsrvc.exe [32768 2008-04-13] (Microsoft Corporation) [File not signed]
S3 MSIServer; C:\WINDOWS\System32\msiexec.exe [95744 2008-05-19] (Microsoft Corporation) [File not signed]
S3 napagent; C:\WINDOWS\System32\qagentrt.dll [291328 2008-04-13] (Microsoft Corporation) [File not signed]
S4 NetDDE; C:\WINDOWS\system32\netdde.exe [111104 2008-04-13] (Microsoft Corporation) [File not signed]
S4 NetDDEdsdm; C:\WINDOWS\system32\netdde.exe [111104 2008-04-13] (Microsoft Corporation) [File not signed]
S3 Netlogon; C:\WINDOWS\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Netman; C:\WINDOWS\System32\netman.dll [198144 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Nla; C:\WINDOWS\System32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation) [File not signed]
S3 NtLmSsp; C:\WINDOWS\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation) [File not signed]
S3 NtmsSvc; C:\WINDOWS\system32\ntmssvc.dll [435200 2008-04-13] (Microsoft Corporation) [File not signed]
R2 PlugPlay; C:\WINDOWS\system32\services.exe [110592 2009-02-06] (Microsoft Corporation) [File not signed]
S4 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [69632 2006-03-03] (HP) [File not signed]
R2 PolicyAgent; C:\WINDOWS\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation) [File not signed]
R2 ProtectedStorage; C:\WINDOWS\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation) [File not signed]
S4 RasAuto; C:\WINDOWS\System32\rasauto.dll [88576 2008-04-13] (Microsoft Corporation) [File not signed]
R3 RasMan; C:\WINDOWS\System32\rasmans.dll [186368 2008-04-13] (Microsoft Corporation) [File not signed]
S3 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [141312 2008-04-13] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\WINDOWS\System32\mprdim.dll [53248 2008-04-13] (Microsoft Corporation) [File not signed]
S3 RpcLocator; C:\WINDOWS\system32\locator.exe [75264 2008-04-13] (Microsoft Corporation) [File not signed]
R2 RpcSs; C:\WINDOWS\System32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) [File not signed]
S3 RSVP; C:\WINDOWS\system32\rsvp.exe [132608 2004-08-04] (Microsoft Corporation) [File not signed]
R2 SamSs; C:\WINDOWS\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation) [File not signed]
S3 SCardSvr; C:\WINDOWS\System32\SCardSvr.exe [95744 2008-04-13] (Microsoft Corporation) [File not signed]
R2 Schedule; C:\WINDOWS\system32\schedsvc.dll [192512 2008-04-13] (Microsoft Corporation) [File not signed]
R2 seclogon; C:\WINDOWS\System32\seclogon.dll [18944 2008-04-13] (Microsoft Corporation) [File not signed]
R2 SENS; C:\WINDOWS\system32\sens.dll [39424 2008-04-13] (Microsoft Corporation) [File not signed]
R2 SharedAccess; C:\WINDOWS\System32\ipnathlp.dll [331264 2008-04-13] (Microsoft Corporation) [File not signed]
R2 ShellHWDetection; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation) [File not signed]
S4 SolutoLauncherService; C:\Program Files\Soluto\SolutoLauncherService.exe [166976 2013-10-29] (Soluto)
S4 SolutoRemoteService; C:\Program Files\Soluto\SolutoRemoteService.exe [1667584 2013-10-29] (GlavSoft LLC.) [File not signed]
S4 SolutoService; C:\Program Files\Soluto\SolutoService.exe [845376 2013-10-29] (Soluto)
R2 Spooler; C:\WINDOWS\system32\spoolsv.exe [58880 2010-08-17] (Microsoft Corporation) [File not signed]
R2 srservice; C:\WINDOWS\system32\srsvc.dll [171008 2008-04-13] (Microsoft Corporation) [File not signed]
R3 SSDPSRV; C:\WINDOWS\System32\ssdpsrv.dll [71680 2008-04-13] (Microsoft Corporation) [File not signed]
R2 stisvc; C:\WINDOWS\system32\wiaservc.dll [333824 2008-04-13] (Microsoft Corporation) [File not signed]
S3 SysmonLog; C:\WINDOWS\system32\smlogsvc.exe [89600 2008-04-13] (Microsoft Corporation) [File not signed]
R3 TapiSrv; C:\WINDOWS\System32\tapisrv.dll [249856 2008-04-13] (Microsoft Corporation) [File not signed]
R3 TermService; C:\WINDOWS\System32\termsrv.dll [295424 2008-04-13] (Microsoft Corporation) [File not signed]
R2 Themes; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation) [File not signed]
R2 TrkWks; C:\WINDOWS\system32\trkwks.dll [90112 2008-04-13] (Microsoft Corporation) [File not signed]
S3 upnphost; C:\WINDOWS\System32\upnphost.dll [185856 2008-04-13] (Microsoft Corporation) [File not signed]
S3 UPS; C:\WINDOWS\System32\ups.exe [18432 2008-04-13] (Microsoft Corporation) [File not signed]
S3 VSS; C:\WINDOWS\System32\vssvc.exe [289792 2008-04-13] (Microsoft Corporation) [File not signed]
R2 W32Time; C:\WINDOWS\system32\w32time.dll [175104 2008-04-13] (Microsoft Corporation) [File not signed]
R2 WebClient; C:\WINDOWS\System32\webclnt.dll [68096 2008-04-13] (Microsoft Corporation) [File not signed]
R2 winmgmt; C:\WINDOWS\system32\wbem\WMIsvc.dll [144896 2008-04-13] (Microsoft Corporation) [File not signed]
S3 WmdmPmSN; C:\WINDOWS\system32\mspmsnsv.dll [27136 2006-10-18] (Microsoft Corporation) [File not signed]
S3 WmiApSrv; C:\WINDOWS\system32\wbem\wmiapsrv.exe [126464 2008-04-13] (Microsoft Corporation) [File not signed]
S3 WMPNetworkSvc; C:\Program Files\Windows Media Player\WMPNetwk.exe [913408 2006-10-18] (Microsoft Corporation) [File not signed]
R2 wscsvc; C:\WINDOWS\system32\wscsvc.dll [80896 2008-04-13] (Microsoft Corporation) [File not signed]
R2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [6656 2008-04-13] (Microsoft Corporation) [File not signed]
S3 WudfSvc; C:\WINDOWS\System32\WUDFSvc.dll [55808 2006-09-28] (Microsoft Corporation) [File not signed]
R2 WZCSVC; C:\WINDOWS\System32\wzcsvc.dll [483840 2008-04-13] (Microsoft Corporation) [File not signed]
S3 xmlprov; C:\WINDOWS\System32\xmlprov.dll [129024 2008-04-13] (Microsoft Corporation) [File not signed]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 ACPI; C:\WINDOWS\System32\DRIVERS\ACPI.sys [187776 2008-04-13] (Microsoft Corporation) [File not signed]
S4 ACPIEC; C:\WINDOWS\system32\Drivers\ACPIEC.sys [11648 2004-08-04] (Microsoft Corporation) [File not signed]
S3 aec; C:\WINDOWS\System32\drivers\aec.sys [142592 2008-04-13] (Microsoft Corporation) [File not signed]
R1 AFD; C:\WINDOWS\System32\drivers\afd.sys [138496 2011-08-17] (Microsoft Corporation) [File not signed]
R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [36352 2005-03-09] (Advanced Micro Devices) [File not signed]
R3 Arp1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [60800 2008-04-13] (Microsoft Corporation) [File not signed]
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24016 2015-10-04] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [76000 2015-10-04] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-10-04] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49776 2015-10-04] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [794952 2015-11-06] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [435464 2015-11-06] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [157888 2015-10-04] (AVAST Software)
S3 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-10-04] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [208664 2015-10-04] (AVAST Software)
S3 AsyncMac; C:\WINDOWS\System32\DRIVERS\asyncmac.sys [14336 2008-04-13] (Microsoft Corporation) [File not signed]
R0 atapi; C:\WINDOWS\System32\DRIVERS\atapi.sys [96512 2008-04-13] (Microsoft Corporation) [File not signed]
S3 Atmarpc; C:\WINDOWS\System32\DRIVERS\atmarpc.sys [59904 2008-04-13] (Microsoft Corporation) [File not signed]
R3 audstub; C:\WINDOWS\System32\DRIVERS\audstub.sys [3072 2001-08-17] (Microsoft Corporation) [File not signed]
S3 BVRPMPR5; C:\WINDOWS\system32\drivers\BVRPMPR5.SYS [49904 2011-06-23] (Avanquest Software) [File not signed]
S1 Cdaudio; C:\WINDOWS\system32\Drivers\Cdaudio.sys [18688 2004-08-04] (Microsoft Corporation) [File not signed]
R4 Cdfs; C:\WINDOWS\system32\Drivers\Cdfs.sys [63744 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Cdrom; C:\WINDOWS\System32\DRIVERS\cdrom.sys [62976 2008-04-13] (Microsoft Corporation) [File not signed]
S3 CVirtA; C:\WINDOWS\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.) [File not signed]
R2 CVPNDRVA; C:\WINDOWS\system32\Drivers\CVPNDRVA.sys [306299 2007-07-16] (Cisco Systems, Inc.) [File not signed]
R0 Disk; C:\WINDOWS\System32\DRIVERS\disk.sys [36352 2008-04-13] (Microsoft Corporation) [File not signed]
S4 dmboot; C:\WINDOWS\System32\drivers\dmboot.sys [799744 2008-04-13] (Microsoft Corp., Veritas Software) [File not signed]
S4 dmio; C:\WINDOWS\System32\drivers\dmio.sys [153344 2008-04-13] (Microsoft Corp., Veritas Software) [File not signed]
S4 dmload; C:\WINDOWS\System32\drivers\dmload.sys [5888 2004-08-04] (Microsoft Corp., Veritas Software.) [File not signed]
S3 DMusic; C:\WINDOWS\System32\drivers\DMusic.sys [52864 2008-04-13] (Microsoft Corporation) [File not signed]
R3 DNE; C:\WINDOWS\System32\DRIVERS\dne2000.sys [127376 2007-01-31] (Deterministic Networks, Inc.)
S3 drmkaud; C:\WINDOWS\System32\drivers\drmkaud.sys [2944 2008-04-13] (Microsoft Corporation) [File not signed]
R4 Fastfat; C:\WINDOWS\system32\Drivers\Fastfat.sys [143744 2008-04-13] (Microsoft Corporation) [File not signed]
S1 Fdc; C:\WINDOWS\system32\Drivers\Fdc.sys [27392 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Fips; C:\WINDOWS\system32\Drivers\Fips.sys [44544 2008-04-13] (Microsoft Corporation) [File not signed]
S1 Flpydisk; C:\WINDOWS\system32\Drivers\Flpydisk.sys [20480 2008-04-13] (Microsoft Corporation) [File not signed]
R0 FltMgr; C:\WINDOWS\System32\drivers\fltmgr.sys [129792 2008-04-13] (Microsoft Corporation) [File not signed]
U1 Fs_Rec; C:\WINDOWS\system32\Drivers\Fs_Rec.sys [7936 2004-08-04] (Microsoft Corporation) [File not signed]
R0 Ftdisk; C:\WINDOWS\System32\DRIVERS\ftdisk.sys [125056 2004-08-04] (Microsoft Corporation) [File not signed]
R3 Gpc; C:\WINDOWS\System32\DRIVERS\msgpc.sys [35072 2008-04-13] (Microsoft Corporation) [File not signed]
R3 HDAudBus; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows ® Server 2003 DDK provider) [File not signed]
R3 HidUsb; C:\WINDOWS\System32\DRIVERS\hidusb.sys [10368 2008-04-13] (Microsoft Corporation) [File not signed]
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49664 2006-04-12] (HP) [File not signed]
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2006-04-12] (HP) [File not signed]
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2006-04-12] (HP) [File not signed]
R3 HSXHWBS2; C:\WINDOWS\System32\DRIVERS\HSXHWBS2.sys [241664 2005-12-06] (Conexant Systems, Inc.) [File not signed]
R3 HSX_DP; C:\WINDOWS\System32\DRIVERS\HSX_DP.sys [936448 2005-12-06] (Conexant Systems, Inc.) [File not signed]
R3 HTTP; C:\WINDOWS\System32\Drivers\HTTP.sys [265728 2009-10-20] (Microsoft Corporation) [File not signed]
R1 i8042prt; C:\WINDOWS\System32\DRIVERS\i8042prt.sys [52480 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Imapi; C:\WINDOWS\System32\DRIVERS\imapi.sys [42112 2008-04-13] (Microsoft Corporation) [File not signed]
R3 IntcAzAudAddService; C:\WINDOWS\System32\drivers\RtkHDAud.sys [4299264 2006-06-14] (Realtek Semiconductor Corp.) [File not signed]
R0 IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [5504 2008-04-13] (Microsoft Corporation) [File not signed]
S4 intelppm; C:\WINDOWS\System32\DRIVERS\intelppm.sys [36352 2008-04-13] (Microsoft Corporation) [File not signed]
S3 Ip6Fw; C:\WINDOWS\System32\drivers\ip6fw.sys [36608 2008-04-13] (Microsoft Corporation) [File not signed]
S3 IpFilterDriver; C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [32896 2004-08-04] (Microsoft Corporation) [File not signed]
S3 IpInIp; C:\WINDOWS\System32\DRIVERS\ipinip.sys [20864 2008-04-13] (Microsoft Corporation) [File not signed]
R3 IpNat; C:\WINDOWS\System32\DRIVERS\ipnat.sys [152832 2008-04-13] (Microsoft Corporation) [File not signed]
R1 IPSec; C:\WINDOWS\System32\DRIVERS\ipsec.sys [75264 2008-04-13] (Microsoft Corporation) [File not signed]
S3 IRENUM; C:\WINDOWS\System32\DRIVERS\irenum.sys [11264 2008-04-13] (Microsoft Corporation) [File not signed]
R0 isapnp; C:\WINDOWS\System32\DRIVERS\isapnp.sys [37248 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Kbdclass; C:\WINDOWS\System32\DRIVERS\kbdclass.sys [24576 2008-04-13] (Microsoft Corporation) [File not signed]
R1 kbdhid; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [14592 2008-04-13] (Microsoft Corporation) [File not signed]
R3 kmixer; C:\WINDOWS\System32\drivers\kmixer.sys [172416 2008-04-13] (Microsoft Corporation) [File not signed]
R0 KSecDD; C:\WINDOWS\system32\Drivers\KSecDD.sys [92928 2009-06-24] (Microsoft Corporation) [File not signed]
R2 mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [12544 2005-10-05] (Conexant) [File not signed]
R1 mnmdd; C:\WINDOWS\system32\Drivers\mnmdd.sys [4224 2004-08-04] (Microsoft Corporation) [File not signed]
R3 Modem; C:\WINDOWS\system32\Drivers\Modem.sys [30080 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Mouclass; C:\WINDOWS\System32\DRIVERS\mouclass.sys [23040 2008-04-13] (Microsoft Corporation) [File not signed]
S3 mouhid; C:\WINDOWS\System32\DRIVERS\mouhid.sys [12160 2001-08-17] (Microsoft Corporation) [File not signed]
R0 MountMgr; C:\WINDOWS\system32\Drivers\MountMgr.sys [42368 2008-04-13] (Microsoft Corporation) [File not signed]
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2008-09-23] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2008-09-23] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R3 MRxDAV; C:\WINDOWS\System32\DRIVERS\mrxdav.sys [180608 2008-04-13] (Microsoft Corporation) [File not signed]
R1 MRxSmb; C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [456320 2011-07-15] (Microsoft Corporation) [File not signed]
S3 MSKSSRV; C:\WINDOWS\System32\drivers\MSKSSRV.sys [7552 2008-04-13] (Microsoft Corporation) [File not signed]
S3 MSPCLOCK; C:\WINDOWS\System32\drivers\MSPCLOCK.sys [5376 2008-04-13] (Microsoft Corporation) [File not signed]
S3 MSPQM; C:\WINDOWS\System32\drivers\MSPQM.sys [4992 2008-04-13] (Microsoft Corporation) [File not signed]
R3 mssmbios; C:\WINDOWS\System32\DRIVERS\mssmbios.sys [15488 2008-04-13] (Microsoft Corporation) [File not signed]
R0 Mup; C:\WINDOWS\system32\Drivers\Mup.sys [105472 2011-04-21] (Microsoft Corporation) [File not signed]
R0 NDIS; C:\WINDOWS\system32\Drivers\NDIS.sys [182656 2008-04-13] (Microsoft Corporation) [File not signed]
R3 NdisTapi; C:\WINDOWS\System32\DRIVERS\ndistapi.sys [10496 2011-07-08] (Microsoft Corporation) [File not signed]
R3 Ndisuio; C:\WINDOWS\System32\DRIVERS\ndisuio.sys [14592 2008-04-13] (Microsoft Corporation) [File not signed]
R3 NdisWan; C:\WINDOWS\System32\DRIVERS\ndiswan.sys [91520 2008-04-13] (Microsoft Corporation) [File not signed]
R3 NDProxy; C:\WINDOWS\system32\Drivers\NDProxy.sys [40960 2013-11-27] (Microsoft Corporation) [File not signed]
R1 NetBIOS; C:\WINDOWS\System32\DRIVERS\netbios.sys [34688 2008-04-13] (Microsoft Corporation) [File not signed]
R1 NetBT; C:\WINDOWS\System32\DRIVERS\netbt.sys [162816 2008-04-13] (Microsoft Corporation) [File not signed]
R3 NIC1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [61824 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Npfs; C:\WINDOWS\system32\Drivers\Npfs.sys [30848 2008-04-13] (Microsoft Corporation) [File not signed]
R4 Ntfs; C:\WINDOWS\system32\Drivers\Ntfs.sys [574976 2008-04-13] (Microsoft Corporation) [File not signed]
S3 NuidFltr; C:\WINDOWS\System32\DRIVERS\NuidFltr.sys [21784 2011-08-01] (Microsoft Corporation)
R1 Null; C:\WINDOWS\system32\Drivers\Null.sys [2944 2004-08-04] (Microsoft Corporation) [File not signed]
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [34176 2006-03-03] (NVIDIA Corporation) [File not signed]
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [13056 2006-03-03] (NVIDIA Corporation) [File not signed]
S3 NwlnkFlt; C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys [12416 2004-08-04] (Microsoft Corporation) [File not signed]
S3 NwlnkFwd; C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys [32512 2004-08-04] (Microsoft Corporation) [File not signed]
R0 ohci1394; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [61696 2008-04-13] (Microsoft Corporation) [File not signed]
S3 Parport; C:\WINDOWS\System32\DRIVERS\parport.sys [80128 2008-04-13] (Microsoft Corporation) [File not signed]
R0 PartMgr; C:\WINDOWS\system32\Drivers\PartMgr.sys [19712 2008-04-13] (Microsoft Corporation) [File not signed]
S4 ParVdm; C:\WINDOWS\system32\Drivers\ParVdm.sys [6784 2004-08-04] (Microsoft Corporation) [File not signed]
R0 PCI; C:\WINDOWS\System32\DRIVERS\pci.sys [68224 2008-04-13] (Microsoft Corporation) [File not signed]
R0 PCIIde; C:\WINDOWS\System32\DRIVERS\pciide.sys [3328 2001-08-18] (Microsoft Corporation) [File not signed]
S4 Pcmcia; C:\WINDOWS\system32\Drivers\Pcmcia.sys [120192 2008-04-13] (Microsoft Corporation) [File not signed]
R3 PptpMiniport; C:\WINDOWS\System32\DRIVERS\raspptp.sys [48384 2008-04-13] (Microsoft Corporation) [File not signed]
S1 Processor; C:\WINDOWS\System32\DRIVERS\processr.sys [35840 2008-04-13] (Microsoft Corporation) [File not signed]
R3 PSched; C:\WINDOWS\System32\DRIVERS\psched.sys [69120 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Ptilink; C:\WINDOWS\System32\DRIVERS\ptilink.sys [17792 2004-08-04] (Parallel Technologies, Inc.) [File not signed]
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [36624 2006-11-02] (Sonic Solutions) [File not signed]
R1 RasAcd; C:\WINDOWS\System32\DRIVERS\rasacd.sys [8832 2004-08-04] (Microsoft Corporation) [File not signed]
R3 Rasl2tp; C:\WINDOWS\System32\DRIVERS\rasl2tp.sys [51328 2008-04-13] (Microsoft Corporation) [File not signed]
R3 RasPppoe; C:\WINDOWS\System32\DRIVERS\raspppoe.sys [41472 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Raspti; C:\WINDOWS\System32\DRIVERS\raspti.sys [16512 2004-08-04] (Microsoft Corporation) [File not signed]
R1 Rdbss; C:\WINDOWS\System32\DRIVERS\rdbss.sys [175744 2008-04-13] (Microsoft Corporation) [File not signed]
R1 RDPCDD; C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [4224 2004-08-04] (Microsoft Corporation) [File not signed]
R1 redbook; C:\WINDOWS\System32\DRIVERS\redbook.sys [57600 2008-04-13] (Microsoft Corporation) [File not signed]
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [20480 2007-11-13] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
S2 Serial; C:\WINDOWS\system32\Drivers\Serial.sys [64512 2008-04-13] (Microsoft Corporation) [File not signed]
S0 Soluto; C:\WINDOWS\System32\DRIVERS\Soluto.sys [51144 2013-10-29] (Soluto LTD.)
S3 splitter; C:\WINDOWS\System32\drivers\splitter.sys [6272 2008-04-13] (Microsoft Corporation) [File not signed]
R0 sr; C:\WINDOWS\System32\DRIVERS\sr.sys [73472 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Srv; C:\WINDOWS\System32\DRIVERS\srv.sys [357888 2011-02-17] (Microsoft Corporation) [File not signed]
R3 swenum; C:\WINDOWS\System32\DRIVERS\swenum.sys [4352 2008-04-13] (Microsoft Corporation) [File not signed]
S3 swmidi; C:\WINDOWS\System32\drivers\swmidi.sys [56576 2008-04-13] (Microsoft Corporation) [File not signed]
R3 sysaudio; C:\WINDOWS\System32\drivers\sysaudio.sys [60800 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [361600 2008-06-20] (Microsoft Corporation) [File not signed]
S3 TDPIPE; C:\WINDOWS\system32\Drivers\TDPIPE.sys [12040 2008-04-13] (Microsoft Corporation) [File not signed]
S3 TDTCP; C:\WINDOWS\system32\Drivers\TDTCP.sys [21896 2008-04-13] (Microsoft Corporation) [File not signed]
R1 TermDD; C:\WINDOWS\System32\DRIVERS\termdd.sys [40840 2008-04-13] (Microsoft Corporation) [File not signed]
U3 TrueSight; C:\WINDOWS\system32\drivers\TrueSight.sys [33512 2016-06-26] ()
R3 Update; C:\WINDOWS\System32\DRIVERS\update.sys [384768 2008-04-13] (Microsoft Corporation) [File not signed]
R3 usbccgp; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [32384 2013-08-08] (Microsoft Corporation) [File not signed]
R3 usbehci; C:\WINDOWS\System32\DRIVERS\usbehci.sys [30336 2009-03-18] (Microsoft Corporation) [File not signed]
R3 usbhub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [59520 2008-04-13] (Microsoft Corporation) [File not signed]
R3 usbohci; C:\WINDOWS\System32\DRIVERS\usbohci.sys [17152 2008-04-13] (Microsoft Corporation) [File not signed]
S3 usbprint; C:\WINDOWS\System32\DRIVERS\usbprint.sys [25856 2008-04-13] (Microsoft Corporation) [File not signed]
S3 usbscan; C:\WINDOWS\System32\DRIVERS\usbscan.sys [14976 2013-07-02] (Microsoft Corporation) [File not signed]
R3 usbstor; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [26368 2008-04-13] (Microsoft Corporation) [File not signed]
S3 usbuhci; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [20608 2008-04-13] (Microsoft Corporation) [File not signed]
S3 usb_rndisx; C:\WINDOWS\System32\DRIVERS\usb8023x.sys [12928 2013-02-11] (Microsoft Corporation) [File not signed]
R1 VgaSave; C:\WINDOWS\System32\drivers\vga.sys [20992 2008-04-13] (Microsoft Corporation) [File not signed]
R0 ViaIde; C:\WINDOWS\System32\DRIVERS\viaide.sys [5376 2008-04-13] (Microsoft Corporation) [File not signed]
R0 VolSnap; C:\WINDOWS\system32\Drivers\VolSnap.sys [52352 2008-04-13] (Microsoft Corporation) [File not signed]
S3 vsdatant; C:\WINDOWS\system32\vsdatant.sys [280344 2005-01-26] (Zone Labs LLC)
R3 Wanarp; C:\WINDOWS\System32\DRIVERS\wanarp.sys [34560 2008-04-13] (Microsoft Corporation) [File not signed]
R3 wdmaud; C:\WINDOWS\System32\drivers\wdmaud.sys [83072 2008-04-13] (Microsoft Corporation) [File not signed]
R3 winachsx; C:\WINDOWS\System32\DRIVERS\HSX_CNXT.sys [670208 2005-12-06] (Conexant Systems, Inc.) [File not signed]
R1 WS2IFSL; C:\WINDOWS\System32\drivers\ws2ifsl.sys [12032 2004-08-04] (Microsoft Corporation) [File not signed]
S3 WudfPf; C:\WINDOWS\System32\DRIVERS\WudfPf.sys [77568 2006-09-28] (Microsoft Corporation) [File not signed]
S3 AIDA64Driver; \??\C:\Documents and Settings\HP_Owner\Desktop\aida64extreme250\kerneld.x32 [X]
S3 catchme; \??\C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\catchme.sys [X]
S3 cpuz136; \??\C:\WINDOWS\TEMP\cpuz136\cpuz136_x32.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) [File not signed]
U3 TlntSvr; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-26 18:53 - 2016-07-02 10:51 - 00000000 ____D C:\Documents and Settings\HP_Owner\Local Settings\temp
2016-06-26 18:53 - 2016-06-26 18:53 - 00013762 _____ C:\ComboFix.txt
2016-06-26 18:53 - 2016-06-26 18:53 - 00000000 ____D C:\Documents and Settings\UpdatusUser\Local Settings\temp
2016-06-26 18:53 - 2016-06-26 18:53 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2016-06-26 18:53 - 2016-06-26 18:53 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\temp
2016-06-26 10:24 - 2016-07-02 04:57 - 00032574 _____ C:\WINDOWS\SchedLgU.Txt
2016-06-26 10:03 - 2016-06-30 22:09 - 00236446 _____ C:\WINDOWS\ntbtlog.txt
2016-06-03 09:48 - 2016-06-03 10:21 - 00000054 _____ C:\Documents and Settings\HP_Owner\My Documents\login_yahoo_com
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-07-02 10:49 - 2013-05-20 21:09 - 00000000 ____D C:\FRST
2016-07-02 10:48 - 2014-01-01 12:43 - 00000000 ____D C:\Documents and Settings\HP_Owner\Application Data\uTorrent
2016-07-02 10:41 - 2013-11-02 15:38 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2016-07-02 10:37 - 2015-12-22 22:25 - 00000000 ____D C:\Program Files\Steam
2016-07-02 10:34 - 2012-01-29 11:15 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-02 10:34 - 2005-12-05 03:05 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-07-02 10:15 - 2012-01-29 11:15 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-02 09:57 - 2012-05-28 10:54 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-07-02 08:16 - 2012-01-27 19:48 - 00000428 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{C133C753-E9D3-4FD9-A743-3F3603EC1EC1}.job
2016-07-01 15:34 - 2012-07-22 16:10 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2016-07-01 07:33 - 2015-09-14 19:13 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\temp
2016-07-01 07:33 - 2007-01-27 15:19 - 00000000 __SHD C:\Documents and Settings\LocalService
2016-07-01 07:31 - 2012-01-22 18:37 - 00000178 ___SH C:\Documents and Settings\HP_Owner\ntuser.ini
2016-06-30 12:55 - 2012-01-31 09:59 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat
2016-06-26 18:53 - 2013-10-22 21:06 - 00000000 ____D C:\Qoobox
2016-06-26 18:51 - 2005-12-04 18:44 - 00000227 _____ C:\WINDOWS\system.ini
2016-06-26 18:35 - 2014-09-01 11:15 - 00033512 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-06-26 11:47 - 2016-04-26 20:26 - 00165434 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2016-06-26 11:27 - 2012-01-22 18:36 - 00000000 ____D C:\Documents and Settings\HP_Owner
2016-06-26 10:25 - 2007-01-27 15:19 - 00000000 __SHD C:\Documents and Settings\NetworkService
2016-06-26 10:24 - 2014-05-15 21:17 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-06-26 10:22 - 2012-01-25 21:40 - 05181440 _____ C:\Documents and Settings\HP_Owner\My Documents\Brett_new2.mny
2016-06-26 10:22 - 2012-01-22 18:37 - 00000000 ___RD C:\Documents and Settings\HP_Owner\My Documents
2016-06-26 09:09 - 2012-01-29 09:58 - 00038400 _____ C:\Documents and Settings\HP_Owner\My Documents\Copy of credit card passwords for web2.xls
2016-06-26 09:05 - 2014-08-09 09:03 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-06-26 09:04 - 2015-09-09 19:21 - 00000788 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2016-06-26 09:04 - 2015-09-09 19:21 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2016-06-26 09:04 - 2015-09-09 19:20 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-06-25 12:39 - 2015-09-14 18:50 - 05659224 ____R (Swearware) C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
2016-06-15 18:30 - 2013-08-14 18:16 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-06-15 18:09 - 2012-01-22 20:06 - 139785240 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-06-08 15:00 - 2014-03-23 20:53 - 00000222 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
 
==================== Files in the root of some directories =======
 
2012-01-25 21:41 - 2016-04-10 22:13 - 0089600 _____ () C:\Documents and Settings\HP_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-08 14:01 - 2013-06-08 14:01 - 0000131 _____ () C:\Documents and Settings\HP_Owner\Local Settings\Application Data\fusioncache.dat
2013-03-17 19:44 - 2013-03-18 20:23 - 0000190 _____ () C:\Documents and Settings\HP_Owner\Local Settings\Application Data\rbxcsettings.rbx
2007-01-27 15:42 - 2012-01-28 10:22 - 0003249 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2013-11-01 18:43 - 2013-11-01 18:43 - 0000098 _____ () C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
2014-06-14 09:27 - 2014-06-14 09:27 - 0001738 _____ () C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\dnsapi.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 RayS

RayS

  • Malware Study Hall Senior
  • 2,224 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:40 PM

Posted 07 July 2016 - 12:16 AM

Hello Brett,

My name is Ray and I'll be assisting you with your issue. Please give me about a day to review your logs and prepare a reply. Since I'm still a trainee, all my posts have to be reviewed by my instructor prior to being posted to make sure that you receive the best assistance possible.

Thank you for your understanding, I'll be with you shortly!

RayS


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#3 Brett998866

Brett998866
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:01:40 PM

Posted 07 July 2016 - 04:58 PM

OK, thank you, Ray.  Brett



#4 RayS

RayS

  • Malware Study Hall Senior
  • 2,224 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:40 PM

Posted 09 July 2016 - 11:00 PM

Hello Brett, and welcome to Bleeping Computer.

I will be helping you with your computer problem. My friends call me Ray.

  • Please do not attach any log files to your replies unless specifically requested. Instead, please copy and paste the entire text of the logs into the body of your reply. Use separate consecutive posts if that's easier for you.
  • Please do not try to fix anything without being asked.
  • Always read my entire message before you begin to follow my instructions.
  • It may be helpful for you to print my instructions for easy reference.
  • Perform my instructions in the order as given.
  • Any fixes I provide are for this specific problem on this machine only.
  • Removing malware is hazardous. I will not knowingly advise actions that will damage your computer, but it is impossible to guarantee the safety of your system. It may even become necessary to re-format and re-install your operating system. Before we proceed, you should back up all your data -- preferably to a different computer or to off-line storage.

 

 

uTorrent Warning

Going over your logs, I noticed that you have uTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and trojans spread across P2P file sharing networks, gaming, and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however, that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned. Please let me know whether you will refrain from using uTorrent or will delete it.
 
 

Describe slow performance

  • Please describe more fully "very slow performance when clicking on items from the desktop."
  • Is only the launch slow, or do the programs continue to lag after they have fully loaded?
  • Does slow performance affect only specific programs, or do you get lagging performance regardless of the mix of programs you are running?
  • When did slow performance begin?
  • Are there any symptoms other than slow performance that lead you to believe your PC is infected? Provide verbatim copies of error messages if any.

 

 

 

Let's run Farbar Recovery Scan Tool (FRST) in FIX mode

Save your work and exit all programs because Farbar Recovery Scan Tool may reboot your computer.

Press the Windows key Windows_Logo_key.gif+ R on your keyboard at the same time. This will open the Run dialog box.
Type Notepad into the Run box and click OK.
Please copy and paste the entire contents of the code box below into a new file.

CloseProcesses:
EmptyTemp:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3422957414-3089006648-1118624089-1008\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-3422957414-3089006648-1118624089-1009 - (No Name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
FF Plugin: @Microsoft.com/DownloadManager,version=1.1 -> C:\WINDOWS\ [] ()
CHR HKLM\...\Chrome\Extension: [meppmgfehplfblhnjfikekckcngogbai] - C:\Program Files\GetLyrics\Chrome.crx <not found>
S3 AIDA64Driver; \??\C:\Documents and Settings\HP_Owner\Desktop\aida64extreme250\kerneld.x32 [X]
S3 catchme; \??\C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\catchme.sys [X]
S3 cpuz136; \??\C:\WINDOWS\TEMP\cpuz136\cpuz136_x32.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
CMD: type "C:\ComboFix.txt"
U3 TlntSvr; no ImagePath
File: C:\Documents and Settings\All Users\Application Data\{EDFE7EE4-D4F4-4384-846E-9E153E9C9FA3}\Query.dl

On the Notepad menu, click Format and remove the checkmark from Word Wrap.
Save the file as fixlist.txt into the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST.exe and click Fix only once and wait until the program completes execution.

If requested, restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt). Please post it into your reply.





Submit a file to VirusTotal.com

The following file may or may not be legitimate. Please submit it to VirusTotal for an online scan:

C:\Documents and Settings\All Users\Application Data\{EDFE7EE4-D4F4-4384-846E-9E153E9C9FA3}\Query.dl

  • Please visit https://www.virustotal.com/.
  • Click the File tab.
  • Click Choose File.
  • Use the File Upload window to navigate to the file named above on your local PC and click Open.
  • Click the Scan it! button on the VirusTotal website.
  • If a File already analyzed window pops up, click Reanalyze.
  • After a short time, the analysis will be presented on a web page.
  • Please copy the URL of that page (https:// etc.) and paste it into your reply to me.

Note: If your system is not configured to show hidden files, please follow the instructions in the tutorial at:
http://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows/
 
 
 

Scan with AdwCleaner

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click AdwCleaner.exe to run the tool.
  • Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click I agree.
  • Click Scan.
  • AdwCleaner will begin... be patient as the scan may take some time to complete.
  • Copy and paste the contents of the logfile into your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when the tool was run.

 

 

 

In your next reply...

  • Please confirm that you have backed up all your important files.
  • Please tell me whether you have deleted uTorrent or agree that you will not use this or any other peer-to-peer file sharing program while we are working together.
  • Copy and paste the entire contents of Fixlog.txt into the body of your message.
  • Copy and paste the entire contents of the AdwCleaner log into the body of your message.
  • Please give me the address of the VirusTotal analysis for the file you submitted to them.
  • Describe more fully "very slow performance when clicking on items from the desktop".
  • Please tell me whether you have noticed any improvement after running the steps above?

Thank you,

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#5 Brett998866

Brett998866
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:01:40 PM

Posted 10 July 2016 - 02:07 PM

Ray, 

 

Thank you for the reply.  I will repy in 2 posts.  First will answer your questions you asked and the second will the be the logs you requested to see.  To your questions:

 

  • Please describe more fully "very slow performance when clicking on items from the desktop."  When clicking on certain icons, the cpu performance goes to 100% and stays there, thereby freezing up the pc for extended periods of time.  I have to turn the pc off and back on to free up the CPU resources.
  • Is only the launch slow, or do the programs continue to lag after they have fully loaded?  The applications don't launch.  They freeze up and the program does not come up.  Biggest problem is with MS Word and Excel
  • Does slow performance affect only specific programs, or do you get lagging performance regardless of the mix of programs you are running?  Biggest problem with MS programs
  • When did slow performance begin?  Perhaps 2-3 weeks ago, roughly?
  • Are there any symptoms other than slow performance that lead you to believe your PC is infected? Provide verbatim copies of error messages if any.  No error messages, only cpu usage at 100% per my comments above.

 

Other comments:

 

-  Yes, I have uninstalled Utorrent

-  yes, files have been backed up

-  I am showing all hidden files/folders, but I cannot find the file you listed above.  I went to the folder you indicated, but the file you listed is not there.  

-  Will post the 2 logs in the next post.  

 

Brett



#6 Brett998866

Brett998866
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:01:40 PM

Posted 10 July 2016 - 02:09 PM

Fixlog Log below:

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 09-07-2016
Ran by HP_Owner (2016-07-10 09:19:33) Run:4
Running from C:\Documents and Settings\HP_Owner\My Documents\Downloads
Loaded Profiles: HP_Owner & UpdatusUser (Available Profiles: HP_Owner & UpdatusUser & Administrator)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
CloseProcesses:
EmptyTemp:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3422957414-3089006648-1118624089-1008\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-3422957414-3089006648-1118624089-1009 - (No Name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
FF Plugin: @Microsoft.com/DownloadManager,version=1.1 -> C:\WINDOWS\ [] ()
CHR HKLM\...\Chrome\Extension: [meppmgfehplfblhnjfikekckcngogbai] - C:\Program Files\GetLyrics\Chrome.crx <not found>
S3 AIDA64Driver; \??\C:\Documents and Settings\HP_Owner\Desktop\aida64extreme250\kerneld.x32 [X]
S3 catchme; \??\C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\catchme.sys [X]
S3 cpuz136; \??\C:\WINDOWS\TEMP\cpuz136\cpuz136_x32.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
CMD: type "C:\ComboFix.txt"
U3 TlntSvr; no ImagePath
File: C:\Documents and Settings\All Users\Application Data\{EDFE7EE4-D4F4-4384-846E-9E153E9C9FA3}\Query.dl
*****************
 
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-3422957414-3089006648-1118624089-1008\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
HKU\S-1-5-21-3422957414-3089006648-1118624089-1009\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => value removed successfully.
"HKLM\Software\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1" => key removed successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\meppmgfehplfblhnjfikekckcngogbai" => key removed successfully.
AIDA64Driver => service removed successfully.
catchme => service removed successfully.
cpuz136 => service removed successfully.
MREMP50a64 => service removed successfully.
MRESP50a64 => service removed successfully.
 
=========  type "C:\ComboFix.txt" =========
 
ComboFix 16-06-01.01 - HP_Owner 06/26/2016  18:38:57.27.1 - x86 NETWORK
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.3006.2639 [GMT -4:00]
Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\offitems.log
K:\autorun.inf
.
.
(((((((((((((((((((((((((   Files Created from 2016-05-26 to 2016-06-26  )))))))))))))))))))))))))))))))
.
.
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-06-26 22:35 . 2014-09-01 15:15 33512 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-06-26 13:05 . 2014-08-09 13:03 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-04-08 01:47 . 2012-05-28 14:54 797376 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-04-08 01:47 . 2012-03-03 22:07 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-10-04 12:27 696120 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2015-09-16 6495144]
"Steam"="c:\program files\Steam\steam.exe" [2016-06-15 2917456]
"uTorrent"="c:\documents and settings\HP_Owner\Application Data\uTorrent\uTorrent.exe" [2016-05-19 2133504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-11-07 6133520]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2013-05-01 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2015-04-10 271744]
"CanonQuickMenu"="c:\program files\Canon\Quick Menu\CNQMMAIN.EXE" [2015-04-20 1298456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2015-03-20 22:12 60712 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileHippo.com]
2012-11-23 08:22 307712 ----a-w- c:\program files\FileHippo.com\UpdateChecker.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2015-04-07 04:29 157480 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 07:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2005-07-23 06:14 237568 ----a-w- c:\windows\SMINST\Recguard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-06-14 03:05 16239616 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2015-04-10 20:22 271744 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2016-05-19 22:56 2133504 ----a-w- c:\documents and settings\HP_Owner\Application Data\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"c:\\Program Files\\Soluto\\SolutoRemoteDirect.exe"=
"c:\\Program Files\\Soluto\\Soluto.exe"=
"c:\\Program Files\\Soluto\\SolutoCleanup.exe"=
"c:\\Program Files\\Soluto\\SolutoConsole.exe"=
"c:\\Program Files\\Soluto\\SolutoUpdateService.exe"=
"c:\\Program Files\\Soluto\\SolutoService.exe"=
"c:\\Documents and Settings\\HP_Owner\\Application Data\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\SIERRA\\Half-Life\\hl.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Battle.net\\Agent\\Agent.2880\\Agent.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\bin\\steamwebhelper.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\Terraria\\Terraria.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\Terraria\\TerrariaServer.exe"=
.
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [10/10/2013 6:54 PM 142648]
S0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [11/2/2013 3:35 PM 49776]
S0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [11/2/2013 3:35 PM 208664]
S0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [11/1/2013 6:42 PM 51144]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [11/2/2013 3:35 PM 794952]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/2/2013 3:35 PM 435464]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [4/29/2014 11:09 PM 24016]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [11/2/2013 3:35 PM 76000]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [6/15/2012 9:59 PM 24328]
S2 FreeAgentTheater Service;Seagate Media;c:\program files\Seagate\Seagate_Media\Sync\MediaAggreService.exe [12/20/2012 4:13 PM 237248]
S3 AIDA64Driver;FinalWire AIDA64 Kernel Driver;\??\c:\documents and settings\HP_Owner\Desktop\aida64extreme250\kerneld.x32 --> c:\documents and settings\HP_Owner\Desktop\aida64extreme250\kerneld.x32 [?]
S3 aswStmXP;Avast StreamFilter Driver;c:\windows\system32\drivers\aswStmXP.sys [8/5/2015 4:32 PM 157888]
S3 cpuz136;cpuz136;\??\c:\windows\TEMP\cpuz136\cpuz136_x32.sys --> c:\windows\TEMP\cpuz136\cpuz136_x32.sys [?]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\drivers\dc3d.sys [2/23/2013 10:20 PM 45288]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [5/16/2013 8:02 PM 27064]
S4 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [10/12/2010 1:59 PM 206072]
S4 SolutoLauncherService;Soluto Launcher Service;c:\program files\Soluto\SolutoLauncherService.exe [10/29/2013 9:30 AM 166976]
S4 SolutoRemoteService;Soluto Remote Service;c:\program files\Soluto\SolutoRemoteService.exe [10/29/2013 9:24 AM 1667584]
S4 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [10/29/2013 9:30 AM 845376]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MDMXSDK
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-04-12 02:09 1106072 ----a-w- c:\program files\Google\Chrome\Application\49.0.2623.112\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2016-06-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-28 01:48]
.
2016-06-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2016-06-26 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2015-10-04 12:27]
.
2016-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-29 15:45]
.
2016-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-29 15:45]
.
2016-06-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-22 01:59]
.
2016-06-26 c:\windows\Tasks\User_Feed_Synchronization-{C133C753-E9D3-4FD9-A743-3F3603EC1EC1}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 10.0.0.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2016-06-26 18:51
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AIDA64Driver]
"ImagePath"="\??\c:\documents and settings\HP_Owner\Desktop\aida64extreme250\kerneld.x32"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-484763869-2025429265-1177238915-1003_Classes\CLSID\{396C8391-1211-4FA3-9013-50637D6512C8}\InprocServer32]
@Denied: (C D 2 3 6) (Everyone)
@Allowed: (Read) (S-1-5-21-3422957414-3089006648-1118624089-1008)
"ThreadingModel"="Apartment"
@="c:\\Documents and Settings\\All Users\\Application Data\\{EDFE7EE4-D4F4-4384-846E-9E153E9C9FA3}\\Query.dll"
.
[HKEY_USERS\S-1-5-21-484763869-2025429265-1177238915-1003_Classes\Drive\ShellEx\FolderExtensions\{396C8391-1211-4FA3-9013-50637D6512C8}]
@Denied: (C D 2 3 6) (Everyone)
@Allowed: (Read) (S-1-5-21-3422957414-3089006648-1118624089-1008)
"DriveMask"=dword:ffffffff
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{396C8391-1211-4FA3-9013-50637D6512C8}\InprocServer32]
@Denied: (C D 2 3 6) (Everyone)
"ThreadingModel"="Apartment"
@="c:\\Documents and Settings\\All Users\\Application Data\\{EDFE7EE4-D4F4-4384-846E-9E153E9C9FA3}\\Query.dll"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_21_0_0_213_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_21_0_0_213_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Drive\shellex\FolderExtensions\{396C8391-1211-4FA3-9013-50637D6512C8}]
@Denied: (C D 2 3 6) (Everyone)
"DriveMask"=dword:ffffffff
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
Completion time: 2016-06-26  18:53:45
ComboFix-quarantined-files.txt  2016-06-26 22:53
ComboFix2.txt  2016-06-26 14:20
ComboFix3.txt  2016-06-25 22:06
ComboFix4.txt  2016-06-04 14:45
ComboFix5.txt  2016-06-26 22:37
.
Pre-Run: 27,807,580,160 bytes free
Post-Run: 27,865,186,304 bytes free
.
- - End Of File - - 172A5D2557634B4BAD6EEDFCA085993A
8F558EB6672622401DA993E1E865C861
 
========= End of CMD: =========
 
TlntSvr => service removed successfully.
 
========================= File: C:\Documents and Settings\All Users\Application Data\{EDFE7EE4-D4F4-4384-846E-9E153E9C9FA3}\Query.dl ========================
 
"C:\Documents and Settings\All Users\Application Data\{EDFE7EE4-D4F4-4384-846E-9E153E9C9FA3}\Query.dl" => not found.
====== End of File: ======
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 9735 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache => 171965 B
Java, Flash, Steam htmlcache => 11220811 B
Windows/system/dllcache/drivers => 1265732 B
Edge => 0 B
Chrome => 142462079 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default User => 0 B
All Users => 0 B
systemprofile => 577325116 B
LocalService => 904 B
NetworkService => 885059 B
HP_Owner => 61974517 B
UpdatusUser => 0 B
Administrator => 0 B
 
RecycleBin => 0 B
EmptyTemp: => 758.5 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 09:20:10 ====
 
 
Adware Log Below:
# AdwCleaner v3.016 - Report created 05/01/2014 at 18:59:54
# Updated 23/12/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : HP_Owner - YOUNGSPC
# Running from : C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\8K3SWZL4\adwcleaner[1].exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Documents and Settings\HP_Owner\Application Data\Search Protection
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Google Chrome v31.0.1650.63
 
[ File : C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [4032 octets] - [14/12/2013 20:58:25]
AdwCleaner[R1].txt - [1344 octets] - [05/01/2014 18:56:48]
AdwCleaner[S0].txt - [4154 octets] - [14/12/2013 20:59:31]
AdwCleaner[S1].txt - [1273 octets] - [05/01/2014 18:59:54]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1333 octets] ##########
# AdwCleaner v5.201 - Logfile created 10/07/2016 at 11:07:29
# Updated 30/06/2016 by ToolsLib
# Database : 2016-07-10.1 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (X86)
# Username : HP_Owner - YOUNGSPC
# Running from : C:\Documents and Settings\HP_Owner\My Documents\Downloads\AdwCleaner (2).exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
Folder Found : C:\WINDOWS\system32\config\systemprofile\AppData\LocalLow\Fast Free Converter
Folder Found : C:\extensions
 
***** [ Files ] *****
 
 
***** [ DLL ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\Classes\AppID\SuperfishIEAddon.DLL
Key Found : HKLM\SOFTWARE\Classes\Applications\Torch.exe
Key Found : HKLM\SOFTWARE\Classes\Applications\iLividSetup-r394-n-bi[1].exe
Key Found : HKLM\SOFTWARE\Classes\Applications\iLividSetup-r421-n-bi[1].exe
Key Found : HKLM\SOFTWARE\Classes\Applications\iLividSetup[1].exe
Key Found : HKLM\SOFTWARE\Classes\GameTreatWidget.GameTreatWidget.1
Key Found : HKLM\SOFTWARE\Classes\protector_dll.Protector
Key Found : HKLM\SOFTWARE\Classes\protector_dll.Protector.1
Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
Key Found : HKLM\SOFTWARE\Classes\Sample.BrowserHandler
Key Found : HKLM\SOFTWARE\Classes\Sample.BrowserHandler.1
Key Found : HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample
Key Found : HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample.1
Key Found : HKLM\SOFTWARE\Classes\SuperfishIEAddon.ExtentionUI
Key Found : HKLM\SOFTWARE\Classes\SuperfishIEAddon.ExtentionUI.1
Key Found : HKLM\SOFTWARE\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1241cebd-9777-4bc6-aae5-2a77e25db246}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3D592FCB-FEFD-43A6-9A4F-BDE2D4607D07}
Key Found : HKLM\SOFTWARE\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6818868a-1b3d-4e35-a561-fa964a96cd3b}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9193e23b-4182-493f-a38e-682307a7c463}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ae0f4663-eae3-437f-be60-9ec9b745dbfa}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{44D07CAA-4FC4-5A84-9951-A485AD808D0E}
Key Found : HKU\S-1-5-21-3422957414-3089006648-1118624089-1009\Software\Yahoo\Companion
Key Found : HKU\S-1-5-21-3422957414-3089006648-1118624089-1009\Software\Yahoo\YFriendsBar
Key Found : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Key Found : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966d4C29D35B1C9
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Key Found : HKU\S-1-5-21-3422957414-3089006648-1118624089-1008\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
 
***** [ Web browsers ] *****
 
 
*************************
 
C:\AdwCleaner\AdwCleaner[C3].txt - [8792 bytes] - [01/09/2015 20:50:12]
C:\AdwCleaner\AdwCleaner[C4].txt - [1800 bytes] - [13/09/2015 17:35:17]
C:\AdwCleaner\AdwCleaner[R0].txt - [4032 bytes] - [14/12/2013 21:58:25]
C:\AdwCleaner\AdwCleaner[R1].txt - [1344 bytes] - [05/01/2014 19:56:48]
C:\AdwCleaner\AdwCleaner[S0].txt - [4154 bytes] - [14/12/2013 21:59:31]
C:\AdwCleaner\AdwCleaner[S1].txt - [5273 bytes] - [05/01/2014 19:59:54]
C:\AdwCleaner\AdwCleaner[S3].txt - [8234 bytes] - [01/09/2015 20:45:12]
C:\AdwCleaner\AdwCleaner[S4].txt - [1676 bytes] - [13/09/2015 17:33:23]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [5492 bytes] ##########
 


#7 RayS

RayS

  • Malware Study Hall Senior
  • 2,224 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:40 PM

Posted 11 July 2016 - 12:52 PM

Hi Brett,

Thank you for the logs.

My intention was for you to run the AdwCleaner Scan function only. I would then have reviewed the log with you for possible retention of selected entries. In this instance, it doesn't appear that running the Clean function on your own did any harm. In future, I will modify my instructions to emphasize not running the Clean function until after review.


I asked:

Please tell me whether you have noticed any improvement after running the steps above?

Do applications still fail to launch or launch only after long delays?
 
 
 
We may want to uninstall and reinstall Office 97 later. Do you have original installation media for Office 97?


From Addition.txt, I see:
Microsoft Office 97, Professional Edition (HKLM\...\Office8.0) (Version: - )

Quoting: https://support.microsoft.com/en-us/gp/lifeoffice
 

Office 97 – Assisted support options for Office 97 ended on January 16, 2004. Mainstream hotfix support for Office 97 ended on August 31, 2001. Extended hotfix support ended on February 28, 2002. Self-help online support will be available for at least one year after assisted support concludes.

When was the last time you installed Office 97 updates?

You are probably aware that Windows XP support has ended. Here's a quote from that linked article:

If you continue to use Windows XP now that support has ended, your computer will still work but it might become more vulnerable to security risks and viruses. Internet Explorer 8 is also no longer supported, so if your Windows XP PC is connected to the Internet and you use Internet Explorer 8 to surf the web, you might be exposing your PC to additional threats. Also, as more software and hardware manufacturers continue to optimize for more recent versions of Windows, you can expect to encounter more apps and devices that do not work with Windows XP.

It is possible that some components of WinXP have become corrupted by obsolescence not due to malware. Please also be realistic about the limitations of your PC. It has a relatively weak processor and only 1.9GB of available physical RAM. Performance will suffer if you open extra tabs in your browser or too many programs simultaneously.


 
 
 

Biggest problem is with MS Word and Excel

 
Let's enter Safe Mode with Networking and run Excel and Word one-at-a-time without any other programs running to see if performance improves.


Enter Safe Mode With Networking

  • Restart your computer.
  • Press the F8 key rapidly as soon as your PC begins to boot up.
  • A black Advanced Boot Options window will open.
  • Use your down arrow key to select Safe Mode with Networking then press Enter.
  • You can see additional info here.

Test Excel and Word and other programs in Safe Mode

  • Does Excel launch in a normal amount of time?
  • Does Excel perform normally after launch?
  • Close Excel and then answer the same questions for Word.
  • Try other non-Office programs. Do they perform adequately?



GSmartControl for Windows
-------------------

  • Download GSmartControl for Windows and save it to your desktop
  • Double click gsmartcontrol.exe and follow the prompts to install the program all the way through the Finish button
  • Hit the Windows Key + E at the same time
  • Navigate to and double click C:\Program Files (86)\gsmartcontrol (select the application and not the Icon)
  • Allow the program to search for and list your hard drive(s)
  • Double click your drive
  • Go to the PERFORM TESTS tab
  • Make sure that the TEST TYPE is set to SHORT SELF-TEST
  • Click the EXECUTE button
  • After the test completes, click the VIEW OUTPUT button and copy and paste the contents into your reply

 

 

In your next reply...

  • After you ran the FRST fix and AdwCleaner, did performance improve?
  • Do you have original install media for Office 97?
  • When did you most recently update Office 97?
  • Give me results of tests performed in Safe Mode with Networking.
  • Copy and paste test results of disk analysis into the body of your message.
  • How is your computer running now?

Thank you,

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#8 Brett998866

Brett998866
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:01:40 PM

Posted 12 July 2016 - 10:51 PM

Ray,

 

Things seem to be better.  I can now launch Excel and Word from my desktop.  previously, I could not.  

 

  • After you ran the FRST fix and AdwCleaner, did performance improve?  Yes, performance seems to be better now
  • Do you have original install media for Office 97? Yes, I do have the install disks.
  • When did you most recently update Office 97?  A long time ago
  • Give me results of tests performed in Safe Mode with Networking.  I can access Excel and Word
  • Copy and paste test results of disk analysis into the body of your message.  Scans below for my 2 hard drives(really a partition on one drive)
  • How is your computer running now?  Much better

 

First Drive scan:

smartctl 5.43 2012-06-30 r3573 [i686-w64-mingw32-xp-sp3] (sf-5.43-1)
Copyright © 2002-12 by Bruce Allen, http://smartmontools.sourceforge.net
 
=== START OF INFORMATION SECTION ===
Model Family:     Seagate Barracuda 7200.9
Device Model:     ST3160812AS
Serial Number:    5LS6G4BH
Firmware Version: 3.AHL
User Capacity:    160,041,885,696 bytes [160 GB]
Sector Size:      512 bytes logical/physical
Device is:        In smartctl database [for details use: -P show]
ATA Version is:   7
ATA Standard is:  Exact ATA specification draft version not indicated
Local Time is:    Tue Jul 12 21:07:51 2016 EDT
SMART support is: Available - device has SMART capability.
SMART support is: Enabled
 
=== START OF READ SMART DATA SECTION ===
SMART overall-health self-assessment test result: PASSED
 
General SMART Values:
Offline data collection status:  (0x82) Offline data collection activity
was completed without error.
Auto Offline Data Collection: Enabled.
Self-test execution status:      (   0) The previous self-test routine completed
without error or no self-test has ever 
been run.
Total time to complete Offline 
data collection: (  433) seconds.
Offline data collection
capabilities: (0x5b) SMART execute Offline immediate.
Auto Offline data collection on/off support.
Suspend Offline collection upon new
command.
Offline surface scan supported.
Self-test supported.
No Conveyance Self-test supported.
Selective Self-test supported.
SMART capabilities:            (0x0003) Saves SMART data before entering
power-saving mode.
Supports SMART auto save timer.
Error logging capability:        (0x01) Error logging supported.
General Purpose Logging supported.
Short self-test routine 
recommended polling time: (   2) minutes.
Extended self-test routine
recommended polling time: (  54) minutes.
SCT capabilities:       (0x0009) SCT Status supported.
SCT Error Recovery Control supported.
 
SMART Attributes Data Structure revision number: 10
Vendor Specific SMART Attributes with Thresholds:
ID# ATTRIBUTE_NAME          FLAG     VALUE WORST THRESH TYPE      UPDATED  WHEN_FAILED RAW_VALUE
  1 Raw_Read_Error_Rate     0x000f   100   253   006    Pre-fail  Always       -       0
  3 Spin_Up_Time            0x0002   095   094   000    Old_age   Always       -       0
  4 Start_Stop_Count        0x0033   084   084   020    Pre-fail  Always       -       16990
  5 Reallocated_Sector_Ct   0x0033   100   100   036    Pre-fail  Always       -       13
  7 Seek_Error_Rate         0x000f   089   060   030    Pre-fail  Always       -       827000727
  9 Power_On_Hours          0x0032   039   039   000    Old_age   Always       -       53670
 10 Spin_Retry_Count        0x0013   100   100   097    Pre-fail  Always       -       0
 12 Power_Cycle_Count       0x0033   086   086   020    Pre-fail  Always       -       15294
187 Reported_Uncorrect      0x0032   100   100   000    Old_age   Always       -       0
189 High_Fly_Writes         0x003a   100   100   000    Old_age   Always       -       0
190 Airflow_Temperature_Cel 0x0022   061   057   045    Old_age   Always       -       39 (Min/Max 37/41)
194 Temperature_Celsius     0x0022   039   043   000    Old_age   Always       -       39 (0 13 0 0 0)
195 Hardware_ECC_Recovered  0x001a   048   046   000    Old_age   Always       -       32530844
197 Current_Pending_Sector  0x0012   100   100   000    Old_age   Always       -       0
198 Offline_Uncorrectable   0x0010   100   100   000    Old_age   Offline      -       0
199 UDMA_CRC_Error_Count    0x003e   200   200   000    Old_age   Always       -       0
200 Multi_Zone_Error_Rate   0x0000   100   253   000    Old_age   Offline      -       0
202 Data_Address_Mark_Errs  0x0032   100   253   000    Old_age   Always       -       0
 
SMART Error Log Version: 1
No Errors Logged
 
SMART Self-test log structure revision number 1
Num  Test_Description    Status                  Remaining  LifeTime(hours)  LBA_of_first_error
# 1  Short offline       Completed without error       00%     53670         -
# 2  Short offline       Completed without error       00%     26313         -
# 3  Short offline       Completed without error       00%         0         -
 
SMART Selective self-test log data structure revision number 1
 SPAN  MIN_LBA  MAX_LBA  CURRENT_TEST_STATUS
    1        0        0  Not_testing
    2        0        0  Not_testing
    3        0        0  Not_testing
    4        0        0  Not_testing
    5        0        0  Not_testing
Selective self-test flags (0x0):
  After scanning selected spans, do NOT read-scan remainder of disk.

 

If Selective self-test is pending on power-up, resume after 0 minute delay.
 
 
Second Drive scan:
smartctl 5.43 2012-06-30 r3573 [i686-w64-mingw32-xp-sp3] (sf-5.43-1)
Copyright © 2002-12 by Bruce Allen, http://smartmontools.sourceforge.net
 
=== START OF INFORMATION SECTION ===
Model Family:     Seagate Barracuda 7200.12
Device Model:     ST3500418AS
Serial Number:    5VM78NMR
LU WWN Device Id: 5 000c50 01f44a33a
Firmware Version: CC38
User Capacity:    500,107,862,016 bytes [500 GB]
Sector Size:      512 bytes logical/physical
Device is:        In smartctl database [for details use: -P show]
ATA Version is:   8
ATA Standard is:  ATA-8-ACS revision 4
Local Time is:    Tue Jul 12 21:20:03 2016 EDT
SMART support is: Available - device has SMART capability.
SMART support is: Enabled
 
=== START OF READ SMART DATA SECTION ===
SMART overall-health self-assessment test result: PASSED
 
General SMART Values:
Offline data collection status:  (0x82) Offline data collection activity
was completed without error.
Auto Offline Data Collection: Enabled.
Self-test execution status:      (   0) The previous self-test routine completed
without error or no self-test has ever 
been run.
Total time to complete Offline 
data collection: (  600) seconds.
Offline data collection
capabilities: (0x7b) SMART execute Offline immediate.
Auto Offline data collection on/off support.
Suspend Offline collection upon new
command.
Offline surface scan supported.
Self-test supported.
Conveyance Self-test supported.
Selective Self-test supported.
SMART capabilities:            (0x0003) Saves SMART data before entering
power-saving mode.
Supports SMART auto save timer.
Error logging capability:        (0x01) Error logging supported.
General Purpose Logging supported.
Short self-test routine 
recommended polling time: (   1) minutes.
Extended self-test routine
recommended polling time: (  87) minutes.
Conveyance self-test routine
recommended polling time: (   2) minutes.
SCT capabilities:       (0x103f) SCT Status supported.
SCT Error Recovery Control supported.
SCT Feature Control supported.
SCT Data Table supported.
 
SMART Attributes Data Structure revision number: 10
Vendor Specific SMART Attributes with Thresholds:
ID# ATTRIBUTE_NAME          FLAG     VALUE WORST THRESH TYPE      UPDATED  WHEN_FAILED RAW_VALUE
  1 Raw_Read_Error_Rate     0x000f   108   100   006    Pre-fail  Always       -       15708450
  3 Spin_Up_Time            0x0003   097   097   000    Pre-fail  Always       -       0
  4 Start_Stop_Count        0x0032   093   093   020    Old_age   Always       -       7336
  5 Reallocated_Sector_Ct   0x0033   100   100   036    Pre-fail  Always       -       0
  7 Seek_Error_Rate         0x000f   071   060   030    Pre-fail  Always       -       13129381
  9 Power_On_Hours          0x0032   046   046   000    Old_age   Always       -       47464
 10 Spin_Retry_Count        0x0013   100   100   097    Pre-fail  Always       -       0
 12 Power_Cycle_Count       0x0032   100   100   020    Old_age   Always       -       75
183 Runtime_Bad_Block       0x0032   100   100   000    Old_age   Always       -       0
184 End-to-End_Error        0x0032   100   100   099    Old_age   Always       -       0
187 Reported_Uncorrect      0x0032   100   100   000    Old_age   Always       -       0
188 Command_Timeout         0x0032   100   100   000    Old_age   Always       -       0
189 High_Fly_Writes         0x003a   100   100   000    Old_age   Always       -       0
190 Airflow_Temperature_Cel 0x0022   067   052   045    Old_age   Always       -       33 (Min/Max 27/33)
194 Temperature_Celsius     0x0022   033   048   000    Old_age   Always       -       33 (0 13 0 0 0)
195 Hardware_ECC_Recovered  0x001a   021   018   000    Old_age   Always       -       15708450
197 Current_Pending_Sector  0x0012   100   100   000    Old_age   Always       -       0
198 Offline_Uncorrectable   0x0010   100   100   000    Old_age   Offline      -       0
199 UDMA_CRC_Error_Count    0x003e   200   200   000    Old_age   Always       -       0
240 Head_Flying_Hours       0x0000   100   253   000    Old_age   Offline      -       12614318949175
241 Total_LBAs_Written      0x0000   100   253   000    Old_age   Offline      -       2120020564
242 Total_LBAs_Read         0x0000   100   253   000    Old_age   Offline      -       1287213720
 
SMART Error Log Version: 1
No Errors Logged
 
SMART Self-test log structure revision number 1
Num  Test_Description    Status                  Remaining  LifeTime(hours)  LBA_of_first_error
# 1  Short offline       Completed without error       00%     47464         -
# 2  Short offline       Completed without error       00%     20312         -
 
SMART Selective self-test log data structure revision number 1
 SPAN  MIN_LBA  MAX_LBA  CURRENT_TEST_STATUS
    1        0        0  Not_testing
    2        0        0  Not_testing
    3        0        0  Not_testing
    4        0        0  Not_testing
    5        0        0  Not_testing
Selective self-test flags (0x0):
  After scanning selected spans, do NOT read-scan remainder of disk.
If Selective self-test is pending on power-up, resume after 0 minute delay.


#9 RayS

RayS

  • Malware Study Hall Senior
  • 2,224 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:40 PM

Posted 14 July 2016 - 01:00 PM

Hi Brett,

I'm glad to hear your PC is performing better.

The disk diagnostic shows two separate physical drives

C drive:

Model Family:     Seagate Barracuda 7200.9
Device Model:     ST3160812AS
Serial Number:    5LS6G4BH

K drive:

Model Family:     Seagate Barracuda 7200.12
Device Model:     ST3500418AS
Serial Number:    5VM78NMR

I'm concerned about some of the results.

C drive:

  7 Seek_Error_Rate         0x000f   089   060   030    Pre-fail  Always       -       827000727
195 Hardware_ECC_Recovered  0x001a   048   046   000    Old_age   Always       -       32530844

K drive:

 1 Raw_Read_Error_Rate     0x000f   108   100   006    Pre-fail  Always       -       15708450
7 Seek_Error_Rate         0x000f   071   060   030    Pre-fail  Always       -       13129381
195 Hardware_ECC_Recovered  0x001a   021   018   000    Old_age   Always       -       15708450

 

 

I would like you to run SeaTools, a disk diagnostic application intended specifically for Seagate products.

Run Seagate's disk diagnostic tool

Note: In the unlikely event that a disk fails during this test, do not attempt to use this tool to repair it because permanent data loss may result. Just report the exact error message and abort the testing.

  • Please visit http://www.seagate.com/support/internal-hard-drives/laptop-hard-drives/spinpoint-m-series/
  • Download and install SeaTools for Windows.
  • After installation, you will see a shortcut for SeaTools for Windows on your desktop. Double-click the shortcut and allow the tool sufficient time to detect your physical drive(s).
  • Place checkmarks next to all detected drives.
  • Exit all other programs to allow uninterrupted testing.
  • On the menu bar, click Basic Tests and select Short Drive Self Test (DST).
  • Observe light blue progress bar in right-hand Test Status column. (Note: it takes about 8 minutes to test a 1TB drive.)
  • When test is complete, the Drive Status column should show Short DST in green.
  • Click Help and select View Log File.
  • A Windows Explorer window will open with the log file name preselected. Click Open.
  • If the log shows anything other than "Pass", copy and paste the results into your reply.
  • If your drive passes the short test, Click Basic Tests again and select Long Generic. (Note: This test takes about two hours on a 1TB drive. Be sure your power management plan allows sufficient time for test completion.)
  • If the log shows anything other than "Pass", copy and paste the results into your reply.

 

 

In your next reply...

  • Let me know whether both disks passed, otherwise, copy and paste all disk diagnostic results into the body of your message.
  • Tell me how your PC is running now. Please be specific.

Thank you,

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#10 RayS

RayS

  • Malware Study Hall Senior
  • 2,224 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:40 PM

Posted 18 July 2016 - 02:37 PM

3 Day Bump

It has been more than 3 days since my last post.

  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

 

Thank you,

 

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,587 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:40 AM

Posted 21 July 2016 - 08:05 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users