Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

XP computer only runs in safe mode.


  • This topic is locked This topic is locked
6 replies to this topic

#1 Den.

Den.

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:54 AM

Posted 20 March 2017 - 09:24 PM

Trying to help my friend with her old E-Machine XP computer. When booted in normal mode any action such as double clicks to open a shortcut, folder or document is met by a delay of 2 minutes and 10 seconds. Also, resting the cursor on the bottom of the desktop to raise the quick launch toolbar is met by the same delay. When booted in safe mode this delay only very rarely occurs. Avast and Malwarebytes (set to look for root kits) find nothing. The hard drive is at about 86% free. I could not get FRST to run in normal mode only in safe mode. FRST below and ADDITION attached.  Thanks Den

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-12-2016 (ATTENTION: ====> FRSTversion is 93 days old and could be outdated)
Ran by Owner (administrator) on IZZYSKID4 (20-03-2017 21:30:41)
Running from C:\Documents and Settings\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner & Administrator)
Platform: Microsoft Windows XP Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 7 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Highresolution Enterprises) C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare\ASC.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare\ASCTray.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare\Monitor.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [XMouseButtonControl] => C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe [820208 2015-08-10] (Highresolution Enterprises)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-03-11] (AVAST Software)
HKLM\...\Run: [VerizonServicepoint.exe] => C:\Program Files\Verizon\VSP\VerizonServicepoint.exe [2065648 2007-11-16] (Verizon)
HKLM\...\Run: [TkBellExe] => C:\program files\real\realplayer\update\realsched.exe [273528 2011-10-23] (RealNetworks, Inc.)
HKLM\...\Run: [Adobe Photo Downloader] => C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [57344 2005-06-06] (Adobe Systems Incorporated)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll [2012-01-20] (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-21-2107033676-412105147-1544709382-1003\...\Policies\Explorer: [NoToolbarsOnTaskbar] 0
HKU\S-1-5-21-2107033676-412105147-1544709382-1003\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-2107033676-412105147-1544709382-1003\...\Policies\Explorer: [NoBandCustomize] 0
HKU\S-1-5-21-2107033676-412105147-1544709382-1003\...\Policies\Explorer: [NoMovingBands] 0
HKU\S-1-5-21-2107033676-412105147-1544709382-1003\...\Policies\Explorer: [NoCloseDragDropBands] 0
HKU\S-1-5-21-2107033676-412105147-1544709382-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ss3dfo.scr [704512 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [Power2GoExpress] => NA
HKU\S-1-5-18\...\Policies\Explorer: [CDRAutoRun] 0
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-03-11] (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864 2010-10-07] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{C70E55B1-05B5-4EE8-A28F-8B3623811622}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2107033676-412105147-1544709382-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2107033676-412105147-1544709382-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22] (Adobe Systems Incorporated)
BHO: eBay Toolbar Helper -> {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} -> C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll [2009-01-14] (eBay Inc.)
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-10-23] (RealPlayer)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2017-03-19] (Google Inc.)
BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> c:\windows\system32\BAE.dll [2006-02-01] (Gateway Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-08-31] (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-08-31] (Sun Microsystems, Inc.)
Toolbar: HKLM - eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll [2009-01-14] (eBay Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2017-03-19] (Google Inc.)
Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2017-03-19] (Google Inc.)
Toolbar: HKU\S-1-5-21-2107033676-412105147-1544709382-1003 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2017-03-19] (Google Inc.)
Toolbar: HKU\S-1-5-21-2107033676-412105147-1544709382-1003 -> No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} 
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qp3au4ww.default [2017-03-20]
FF user.js: detected! => C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qp3au4ww.default\user.js [2017-03-20]
FF Extension: (Mozilla Firefox distributed by RealNetworks) - C:\Program Files\Mozilla Firefox\extensions\realplayer@partners.mozilla.com [2006-10-11] [not signed]
FF Extension: (Google Toolbar for Firefox) - C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2006-09-19] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-01] [not signed]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: (Java Quick Starter) - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-08-31] [not signed]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: (RealPlayer Browser Record Plugin) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-10-23] [not signed]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml [2011-09-29]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll [2011-05-03] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw.dll [2011-02-02] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2011-02-22] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2011-10-17] (Google)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll [2011-08-30] ( Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=3.0 -> C:\Program Files\Virtual Earth 3D\ [] ()
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files\Virtual Earth 3D\ [] ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll [2011-09-30] (Google)
FF Plugin: @real.com/nppl3260;version=12.0.1.669 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2011-10-23] (RealNetworks, Inc.)
FF Plugin: @real.com/npracplug;version=1.0.0.0 -> C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll [2005-04-27] (RealNetworks)
FF Plugin: @real.com/nprjplug;version=12.0.1.669 -> c:\program files\real\realplayer\Netscape6\nprjplug.dll [2011-10-23] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=12.0.1.669 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2011-10-23] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=12.0.1.669 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2011-10-23] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=12.0.1.669 -> c:\program files\real\realplayer\Netscape6\nprpjplug.dll [2011-10-23] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-03-11] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-03-11] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2011-06-07] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeploytk.dll [2009-08-31] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2011-06-07] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2011-10-23] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2011-03-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2011-03-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2011-03-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2011-03-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2011-03-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2011-03-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2011-03-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npracplug.dll [2005-04-27] (RealNetworks)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll [2011-10-23] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll [2011-10-23] (RealNetworks, Inc.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2011-02-28]
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR DefaultSearchURL: Default -> hxxps://www.google.com/images/branding/product/ico/googleg_lodp.ico
CHR Profile: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default [2017-03-19]
CHR Extension: (Google Slides) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-03-11]
CHR Extension: (Google Docs) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-11]
CHR Extension: (Google Drive) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-11]
CHR Extension: (YouTube) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-11]
CHR Extension: (Google Sheets) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-03-11]
CHR Extension: (google - Google Search) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gaiobhoemhkokmncalpjdlieffmiogak [2017-03-11]
CHR Extension: (Google Docs Offline) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-11]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2017-03-11]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-11]
CHR Extension: (Gmail) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-11]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-10-23]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 AdvancedSystemCareService10; C:\Program Files\IObit\Advanced SystemCare\ASCService.exe [462624 2016-12-12] (IObit)
S4 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-03-11] (AVAST Software)
S4 dvpapi; C:\Program Files\Common Files\Command Software\dvpapi.exe [142416 2006-01-20] (Command Software Systems, Inc.) [File not signed]
S4 GoToAssist; C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe [13160 2012-01-20] (Citrix Online, a division of Citrix Systems, Inc.)
S4 gupdate1c9a32f379a93fc; C:\Program Files\Google\Update\GoogleUpdate.exe [153752 2017-03-11] (Google Inc.)
S4 IHA_MessageCenter; C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [290832 2011-12-12] (Verizon) [File not signed]
S4 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2009-08-31] (Sun Microsystems, Inc.)
S4 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3303888 2017-01-20] (Malwarebytes)
S4 PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [172032 2006-02-16] (New Boundary Technologies, Inc.) [File not signed]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [34136 2017-03-11] (AVAST Software)
S2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [106392 2017-03-11] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [60632 2017-03-11] (AVAST Software)
S0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [62152 2017-03-11] (AVAST Software)
S1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [756200 2017-03-11] (AVAST Software)
S1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [465024 2017-03-11] (AVAST Software)
S3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [184208 2017-03-11] (AVAST Software)
S0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [278776 2017-03-11] (AVAST Software)
S3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.)
S2 CSS DVP; C:\WINDOWS\System32\DRIVERS\css-dvp.sys [783984 2006-01-20] (Command Software Systems, Inc.)
S1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae.sys [59968 2017-02-24] ()
S3 HdAudAddService; C:\WINDOWS\System32\drivers\HdAudio.sys [145920 2005-01-07] (Windows ® Server 2003 DDK provider)
S3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [1033600 2005-03-17] (Conexant Systems, Inc.)
S2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [148256 2017-03-19] (Malwarebytes)
S3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [39360 2017-03-19] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [219584 2017-03-19] (Malwarebytes)
S3 mferkdk; C:\WINDOWS\System32\drivers\mferkdk.sys [34248 2009-09-16] (McAfee, Inc.)
S3 mfesmfk; C:\WINDOWS\System32\drivers\mfesmfk.sys [40552 2009-09-16] (McAfee, Inc.)
S3 mxnic; C:\WINDOWS\System32\DRIVERS\mxnic.sys [19968 2001-08-17] (Macronix International Co., Ltd.                                               )
S1 P3; C:\WINDOWS\System32\DRIVERS\p3.sys [42752 2008-04-13] (Microsoft Corporation)
S4 RsFx0102; C:\WINDOWS\System32\DRIVERS\RsFx0102.sys [242712 2008-07-10] (Microsoft Corporation)
S3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
S3 60615357; no ImagePath
R3 catchme; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 TlntSvr; no ImagePath
U3 mbr; \??\C:\ComboFix\mbr.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-20 21:30 - 2017-03-20 21:31 - 00019643 _____ C:\Documents and Settings\Owner\Desktop\FRST.txt
2017-03-20 21:28 - 2017-03-20 21:30 - 00000000 ____D C:\FRST
2017-03-20 21:28 - 2016-12-19 20:40 - 01762304 _____ (Farbar) C:\Documents and Settings\Owner\Desktop\FRST.exe
2017-03-20 21:23 - 2017-03-20 21:23 - 00016363 _____ C:\WINDOWS\Tweaking.com - Technicians Toolbox Setup Log.txt
2017-03-20 21:23 - 2017-03-20 21:23 - 00001891 _____ C:\Documents and Settings\All Users\Desktop\Tweaking.com - Technicians Toolbox.lnk
2017-03-20 21:23 - 2017-03-20 21:23 - 00000000 ____D C:\Program Files\Tweaking.com
2017-03-20 21:23 - 2017-03-20 21:23 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
2017-03-20 21:06 - 2017-03-20 21:06 - 00018702 _____ C:\ComboFix.txt
2017-03-20 21:06 - 2017-03-20 21:06 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2017-03-20 21:06 - 2017-03-20 21:06 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\temp
2017-03-20 21:06 - 2017-03-20 21:06 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\temp
2017-03-20 20:40 - 2011-06-26 02:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2017-03-20 20:40 - 2010-11-07 13:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2017-03-20 20:40 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2017-03-20 20:40 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2017-03-20 20:40 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2017-03-20 20:40 - 2000-08-30 20:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2017-03-20 20:40 - 2000-08-30 20:00 - 00098816 _____ C:\WINDOWS\sed.exe
2017-03-20 20:40 - 2000-08-30 20:00 - 00080412 _____ C:\WINDOWS\grep.exe
2017-03-20 20:40 - 2000-08-30 20:00 - 00068096 _____ C:\WINDOWS\zip.exe
2017-03-20 18:28 - 2017-03-20 20:35 - 05659355 ____R (Swearware) C:\Documents and Settings\Owner\Desktop\ComboFix.exe
2017-03-20 17:51 - 2016-12-04 10:59 - 02030536 _____ (Bleeping Computer, LLC) C:\Documents and Settings\Owner\Desktop\rkill.exe
2017-03-19 15:58 - 2017-03-19 15:58 - 00148256 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-03-19 15:57 - 2017-03-19 16:09 - 00039360 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-03-19 15:56 - 2017-03-19 16:09 - 00219584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-03-19 15:54 - 2017-03-19 15:54 - 00001715 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes.lnk
2017-03-19 15:54 - 2017-03-19 15:54 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes
2017-03-19 15:54 - 2017-02-24 06:23 - 00059968 _____ C:\WINDOWS\system32\Drivers\mbae.sys
2017-03-19 15:53 - 2017-03-19 15:53 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-19 15:53 - 2017-03-19 15:53 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2017-03-19 15:04 - 2017-03-19 15:04 - 42868736 _____ C:\WINDOWS\system32\config\software.iobit
2017-03-19 15:04 - 2017-03-19 15:04 - 00335872 _____ C:\WINDOWS\system32\config\default.iobit
2017-03-19 15:04 - 2017-03-19 15:04 - 00065536 _____ C:\WINDOWS\system32\config\SECURITY.iobit
2017-03-19 15:04 - 2017-03-19 15:04 - 00028672 _____ C:\WINDOWS\system32\config\SAM.iobit
2017-03-19 11:45 - 2017-03-19 11:45 - 00892416 _____ (Farbar) C:\Documents and Settings\Owner\Desktop\MiniToolBox.exe
2017-03-17 22:13 - 2017-03-17 22:13 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2017-03-17 15:09 - 2017-03-17 15:09 - 00040624 _____ C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2017-03-17 15:09 - 2017-03-17 15:09 - 00000000 _____ C:\WINDOWS\system32\h323log.txt
2017-03-17 15:08 - 2017-03-17 15:08 - 00188200 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-03-17 15:08 - 2017-03-17 15:08 - 00000000 ____D C:\Program Files\xerox
2017-03-17 15:08 - 2017-03-17 15:08 - 00000000 ____D C:\Program Files\microsoft frontpage
2017-03-17 12:48 - 2017-03-17 12:48 - 00000000 ____D C:\Program Files\Defraggler
2017-03-17 12:48 - 2017-03-17 12:48 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Defraggler
2017-03-17 12:20 - 2017-03-17 12:20 - 00000000 ____D C:\Program Files\HD Tune Pro
2017-03-17 12:20 - 2017-03-17 12:20 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\HD Tune Pro
2017-03-17 12:20 - 2017-03-17 12:20 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\HD Tune Pro
2017-03-17 12:17 - 2017-03-20 21:06 - 00416148 _____ C:\WINDOWS\ntbtlog.txt
2017-03-17 11:13 - 2017-03-20 21:27 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\new tools
2017-03-11 18:51 - 2017-03-19 11:15 - 00000195 _____ C:\Documents and Settings\Owner\Desktop\BleepingComputer.com - News, Reviews, and Technical Support.url
2017-03-11 17:25 - 2017-03-11 17:25 - 00001689 _____ C:\Documents and Settings\Owner\Start Menu\Avast Free Antivirus.lnk
2017-03-11 17:24 - 2017-03-11 17:24 - 00001070 _____ C:\Documents and Settings\Owner\Start Menu\Shortcut to XMouseButtonControl.lnk
2017-03-11 17:04 - 2017-03-19 22:47 - 00032578 _____ C:\WINDOWS\SchedLgU.Txt
2017-03-11 16:56 - 2017-03-11 16:56 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\CEF
2017-03-11 16:56 - 2017-03-11 16:56 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\AVAST Software
2017-03-11 16:55 - 2017-03-11 16:55 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVAST Software
2017-03-11 16:55 - 2008-11-07 19:55 - 00016928 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsgXP_2k3.dll
2017-03-11 16:54 - 2017-03-19 16:09 - 00000308 ____H C:\WINDOWS\Tasks\Avast Emergency Update.job
2017-03-11 16:54 - 2017-03-11 16:54 - 00465024 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2017-03-11 16:54 - 2017-03-11 16:54 - 00278776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-03-11 16:54 - 2017-03-11 16:54 - 00184208 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys
2017-03-11 16:54 - 2017-03-11 16:54 - 00106392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-03-11 16:54 - 2017-03-11 16:54 - 00062152 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-03-11 16:54 - 2017-03-11 16:54 - 00060632 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2017-03-11 16:54 - 2017-03-11 16:54 - 00034136 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-03-11 16:54 - 2017-03-11 16:53 - 00921280 _____ (Microsoft Corporation) C:\WINDOWS\ucrtbase.dll
2017-03-11 16:54 - 2017-03-11 16:53 - 00756200 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-03-11 16:54 - 2017-03-11 16:53 - 00328208 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-03-11 16:51 - 2017-03-11 16:51 - 00000000 ____D C:\Program Files\AVAST Software
2017-03-11 16:48 - 2017-03-11 16:48 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2017-03-11 16:41 - 2017-03-11 16:41 - 00000049 _____ C:\Documents and Settings\Owner\Desktop\Google.url
2017-03-11 15:49 - 2017-03-20 21:31 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\temp
2017-03-11 15:17 - 2017-03-11 15:17 - 00000000 ____D C:\Documents and Settings\Owner\Start Menu\Programs\Chrome Apps
2017-03-11 15:15 - 2017-03-11 15:15 - 00001819 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome.lnk
2017-03-11 15:15 - 2017-03-11 15:15 - 00001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2017-03-11 14:54 - 2017-03-11 14:54 - 00000000 ____D C:\Program Files\Highresolution Enterprises
2017-03-11 14:54 - 2017-03-11 14:54 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Highresolution Enterprises
2017-03-11 14:54 - 2017-03-11 14:54 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Highresolution Enterprises
2017-03-11 14:37 - 2017-03-11 14:38 - 00002602 _____ C:\Documents and Settings\Administrator\Desktop\Rkill.txt
2017-03-10 23:30 - 2017-03-10 23:30 - 00000552 _____ C:\WINDOWS\system32\d3d8caps.dat
2017-03-10 22:02 - 2017-03-17 23:17 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ProductData
2017-03-10 21:50 - 2017-03-10 21:50 - 00001828 _____ C:\Documents and Settings\All Users\Desktop\IObit Uninstaller.lnk
2017-03-10 21:50 - 2017-03-10 21:50 - 00000000 ____D C:\Program Files\Common Files\IObit
2017-03-10 21:50 - 2017-03-10 21:50 - 00000000 ____D C:\Documents and Settings\Owner\AppData\LocalLow\IObit
2017-03-10 21:50 - 2017-03-10 21:50 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\{74E9F814-C737-42CC-B721-DBBC4059367A}
2017-03-10 21:49 - 2017-03-19 22:47 - 00000276 _____ C:\WINDOWS\Tasks\ASC10_PerformanceMonitor.job
2017-03-10 21:49 - 2017-03-19 13:36 - 00001806 _____ C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 10.lnk
2017-03-10 21:49 - 2017-03-10 21:49 - 00000000 ____D C:\WINDOWS\Tasks\ImCleanDisabled
2017-03-10 21:48 - 2017-03-10 22:10 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\IObit
2017-03-10 21:48 - 2017-03-10 21:49 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Advanced SystemCare
2017-03-10 21:48 - 2017-03-10 21:48 - 00000000 ____D C:\Program Files\IObit
2017-03-10 21:45 - 2017-03-11 17:05 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\IObit
2017-03-10 17:20 - 2017-03-10 17:28 - 00000000 ____D C:\AdwCleaner
2017-03-10 17:07 - 2017-03-10 17:07 - 00000322 _____ C:\Documents and Settings\Owner\Desktop\Shortcut to adwcleaner_6.040 (1).lnk
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-20 21:06 - 2011-04-25 15:09 - 00000000 ____D C:\Qoobox
2017-03-20 21:06 - 2004-08-26 14:08 - 00000000 __SHD C:\Documents and Settings\NetworkService
2017-03-20 21:06 - 2004-08-26 14:08 - 00000000 __SHD C:\Documents and Settings\LocalService
2017-03-20 21:02 - 2004-08-26 12:12 - 00000227 _____ C:\WINDOWS\system.ini
2017-03-20 17:47 - 2004-08-26 06:54 - 00607360 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-20 17:46 - 2004-08-26 12:12 - 00001170 _____ C:\WINDOWS\system32\wpa.dbl
2017-03-19 22:47 - 2004-08-26 14:09 - 00000278 ___SH C:\Documents and Settings\Owner\ntuser.ini
2017-03-19 22:47 - 2004-08-26 14:09 - 00000000 ____D C:\Documents and Settings\Owner
2017-03-19 22:47 - 2004-08-26 14:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-19 22:10 - 2010-01-06 11:23 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-03-19 16:41 - 2004-08-26 12:12 - 00000528 _____ C:\WINDOWS\win.ini
2017-03-19 16:41 - 2004-08-26 12:12 - 00000327 __RSH C:\boot.ini
2017-03-19 16:34 - 2012-01-19 23:26 - 00000278 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-2107033676-412105147-1544709382-1003.job
2017-03-19 16:34 - 2010-01-06 11:23 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-03-19 16:09 - 2010-07-26 18:20 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2017-03-19 12:16 - 2011-06-10 15:04 - 00000820 _____ C:\WINDOWS\Tasks\Google Software Updater.job
2017-03-19 11:10 - 2010-05-16 15:19 - 00000803 _____ C:\Documents and Settings\Owner\Start Menu\Programs\Internet Explorer.lnk
2017-03-17 20:46 - 2006-06-14 23:52 - 00000000 ____D C:\WINDOWS\pss
2017-03-17 12:13 - 2011-05-09 21:30 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\Passion
2017-03-17 12:13 - 2006-02-16 10:30 - 00000000 ___RD C:\Documents and Settings\Owner\My Documents\My Pictures
2017-03-17 12:12 - 2007-01-13 21:00 - 00000000 ____D C:\WINDOWS\ie7updates
2017-03-17 11:52 - 2011-03-09 15:19 - 00000000 ____D C:\WINDOWS\system32\NtmsData
2017-03-17 11:52 - 2009-01-10 23:06 - 00000000 ____D C:\Documents and Settings\Owner\Start Menu\Programs\MP3 Firm ware Backup Tool
2017-03-17 11:52 - 2004-08-27 05:54 - 00000000 ____D C:\WINDOWS\OPTIONS
2017-03-17 11:52 - 2004-08-26 06:45 - 00000000 ____D C:\WINDOWS\repair
2017-03-17 11:50 - 2009-08-11 12:11 - 00000000 __SHD C:\Documents and Settings\Owner\PrivacIE
2017-03-17 11:50 - 2009-08-11 12:11 - 00000000 __SHD C:\Documents and Settings\Owner\IECompatCache
2017-03-11 19:56 - 2009-01-10 23:04 - 00000000 ____D C:\Program Files\AMT
2017-03-11 16:54 - 2004-08-26 06:45 - 00000000 ____D C:\WINDOWS\inf
2017-03-11 15:49 - 2004-08-26 06:54 - 00000000 ____D C:\Documents and Settings\Default User
2017-03-11 15:46 - 2006-02-16 10:30 - 00000000 ___RD C:\Documents and Settings\Owner\My Documents
2017-03-11 15:14 - 2006-02-16 10:49 - 00000000 ____D C:\Program Files\Google
2017-03-11 14:41 - 2011-04-25 12:26 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
 
==================== Files in the root of some directories =======
 
2007-01-01 14:36 - 2007-01-01 14:35 - 0774144 _____ (RealNetworks, Inc.) C:\Program Files\RngInterstitial.dll
2011-04-24 19:23 - 2011-04-25 14:46 - 0013560 ___SH () C:\Documents and Settings\Owner\Local Settings\Application Data\7y6774w28t81a
2011-04-24 19:23 - 2011-04-25 14:46 - 0013560 ___SH () C:\Documents and Settings\All Users\Application Data\7y6774w28t81a
2011-04-22 20:09 - 2011-04-22 20:09 - 8892928 _____ () C:\Documents and Settings\All Users\Application Data\atscie.msi
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End of FRST.txt ============================

Attached Files


Edited by Den., 20 March 2017 - 09:30 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 37,023 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:54 AM

Posted 22 March 2017 - 08:45 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2107033676-412105147-1544709382-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-2107033676-412105147-1544709382-1003 -> No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
FF user.js: detected! => C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qp3au4ww.default\user.js [2017-03-20]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-11]
S3 60615357; no ImagePath
R3 catchme; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys [X]
U3 TlntSvr; no ImagePath
U3 mbr; \??\C:\ComboFix\mbr.sys [X]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

===

Please Download Tweaking.com - Windows Repair from Here

  • Install and then run the program
  • Execute the instructions on Step 1 Important
  • Click Next on Step 2 Optional, do the Pre Scan skip Step 3 and 4 Optional for now.
  • On Step 5 Backup System Restore Do a Registry backup. When you have completed this click Next
  • Click Repairs - Open Repairs in the bottom right corner
  • Uncheck the All repair button then select just the item(s) listed below

  • 01 - Repair Registry Permissions
    03 - Reset Service permissions
    04 - Register System Files
    05 - Repair WMI
    08 - Repair MDAC/MS Jet
    10 - Remove Policies Set By Infections
    13 - Repair Winsock & DNS Cache
    19 - Repair Volume Shadow Copy Service
    21 - Repair MSI (Windows Installer)
    26 - Restore Important Windows Services
    27 - Set Windows Service to Default Startup
    
  • Click the Start button and let the process run to completion. Copy any error messages into Notepad, Save it on your Desktop. ( Reboot if asked to do so)
  • Please copy and paste the Contents of this file on your next reply.

  • ===

    Restart the computer normally.


    Please post the logs and let me know what problem persists with this computer.









Edited by nasdaq, 22 March 2017 - 08:45 AM.


#3 Den.

Den.
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:54 AM

Posted 22 March 2017 - 08:34 PM

Hi...The XP computer seems to be running fine now although it does take about 10  minutes to "start windows" during normal startup. Below find the requested logs. The instructions for the Tweak WINDOWS REPAIR tool recommended running the tool again after the reboot so I will include both logs.  Thanks, Den.
 
Fix result of Farbar Recovery Scan Tool (x86) Version: 17-12-2016
Ran by Owner (22-03-2017 13:39:13) Run:1
Running from C:\Documents and Settings\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner & Administrator)
Boot Mode: Safe Mode (with Networking)
 
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2107033676-412105147-1544709382-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-2107033676-412105147-1544709382-1003 -> No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
FF user.js: detected! => C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qp3au4ww.default\user.js [2017-03-20]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-11]
S3 60615357; no ImagePath
R3 catchme; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys [X]
U3 TlntSvr; no ImagePath
U3 mbr; \??\C:\ComboFix\mbr.sys [X]
 
End
*****************
 
Error: Restore point can only be created in normal mode.
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-2107033676-412105147-1544709382-1003\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
HKU\S-1-5-21-2107033676-412105147-1544709382-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} => value removed successfully.
HKCR\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E} => key not found. 
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qp3au4ww.default\user.js => moved successfully
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qp3au4ww.default\user.js => not found.
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
60615357 => service removed successfully.
catchme => service removed successfully.
TlntSvr => service removed successfully.
mbr => service not found.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache => 26626 B
Java, Flash, Steam htmlcache => 1559 B
Windows/system/dllcache/drivers => 781 B
Edge => 0 B
Chrome => 9777920 B
Firefox => 44417587 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Documents and Settings => 0 B
Default User => 66110 B
All Users => 0 B
systemprofile => 99082 B
LocalService => 196901 B
NetworkService => 66228 B
Owner => 300910 B
Administrator => 177724 B
 
RecycleBin => 0 B
EmptyTemp: => 52.6 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 13:39:21 ====
 
 
Log:
Tweaking.com - Windows Repair v3.9.27
--------------------------------------------------------------------------------
 
System Variables
--------------------------------------------------------------------------------
OS: Microsoft Windows XP
OS Architecture: 32-bit
OS Version: 5.1.2600
OS Service Pack: Service Pack 3
Computer Name: IZZYSKID4
Windows Drive: C:\
Windows Path: C:\WINDOWS
Program Files: C:\Program Files
Current Profile: C:\Documents and Settings\Owner
Current Profile SID: S-1-5-21-2107033676-412105147-1544709382-1003
Current Profile Classes: S-1-5-21-2107033676-412105147-1544709382-1003_Classes
Profiles Location: C:\Documents and Settings
Profiles Location 2: C:\WINDOWS\ServiceProfiles
Local Settings AppData: C:\Documents and Settings\Owner\Local Settings\Application Data
--------------------------------------------------------------------------------
 
System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 01:06:35
 
Process Count: 16
Commit Total: 106.93 MB
Commit Limit: 1.20 GB
Commit Peak: 118.16 MB
Handle Count: 3000
Kernel Total: 28.05 MB
Kernel Paged: 22.84 MB
Kernel Non Paged: 5.21 MB
System Cache: 384.13 MB
Thread Count: 191
--------------------------------------------------------------------------------
 
Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 501.90 MB
Memory Used: 224.70 MB(44.7703%)
Memory Avail.: 277.20 MB
--------------------------------------------------------------------------------
 
Cleaning Memory Before Starting Repairs...
 
Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 501.90 MB
Memory Used: 115.40 MB(22.9922%)
Memory Avail.: 386.50 MB
--------------------------------------------------------------------------------
 
Starting Repairs...
   Started at (3/22/2017 6:33:31 PM)
 
Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 95
 
01 - Reset Registry Permissions 01/02
   HKEY_CURRENT_USER & Sub Keys
   Start (3/22/2017 6:33:35 PM)
 
   Running Repair Under Current User Account
   Done (3/22/2017 6:33:44 PM)
 
01 - Reset Registry Permissions 02/02
   HKEY_LOCAL_MACHINE & Sub Keys
   Start (3/22/2017 6:33:44 PM)
 
   Running Repair Under System Account
   Done (3/22/2017 6:35:22 PM)
 
03 - Reset Service Permissions
   Start (3/22/2017 6:35:22 PM)
 
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/22/2017 6:37:04 PM)
 
04 - Register System Files
   Start (3/22/2017 6:37:04 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/22/2017 6:40:30 PM)
 
05 - Repair WMI
   Start (3/22/2017 6:40:30 PM)
 
   Starting Security Center So We Can Export The Security Info.
 
   Exporting Antivirus Info...
   No Antivirus Products Reported.
 
   Exporting 3rd Party Firewall Info...
   No 3rd Party Firewall Products Reported.
 
   Running Repair Under Current User Account
   Done (3/22/2017 6:49:37 PM)
 
08 - Repair MDAC/MS Jet
   Start (3/22/2017 6:49:37 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/22/2017 6:49:51 PM)
 
10 - Remove Policies Set By Infections
   Start (3/22/2017 6:49:51 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/22/2017 6:49:58 PM)
 
13 - Repair Network
   Start (3/22/2017 6:49:58 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/22/2017 6:50:14 PM)
 
19 - Repair Volume Shadow Copy Service
   Start (3/22/2017 6:50:14 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/22/2017 6:50:37 PM)
 
21 - Repair MSI (Windows Installer)
   Start (3/22/2017 6:50:37 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/22/2017 6:50:53 PM)
 
26 - Restore Important Windows Services
   Start (3/22/2017 6:50:54 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/22/2017 6:51:01 PM)
 
27 - Set Windows Services To Default Startup
   Start (3/22/2017 6:51:01 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/22/2017 6:51:15 PM)
 
Cleaning up empty logs...
 
All Selected Repairs Done.
   Done at (3/22/2017 6:51:16 PM)
   Total Repair Time: 00:17:48
 
 
...YOU MUST RESTART YOUR SYSTEM...
 
Log:
Tweaking.com - Windows Repair v3.9.27
--------------------------------------------------------------------------------
 
System Variables
--------------------------------------------------------------------------------
OS: Microsoft Windows XP
OS Architecture: 32-bit
OS Version: 5.1.2600
OS Service Pack: Service Pack 3
Computer Name: IZZYSKID4
Windows Drive: C:\
Windows Path: C:\WINDOWS
Program Files: C:\Program Files
Current Profile: C:\Documents and Settings\Owner
Current Profile SID: S-1-5-21-2107033676-412105147-1544709382-1003
Current Profile Classes: S-1-5-21-2107033676-412105147-1544709382-1003_Classes
Profiles Location: C:\Documents and Settings
Profiles Location 2: C:\WINDOWS\ServiceProfiles
Local Settings AppData: C:\Documents and Settings\Owner\Local Settings\Application Data
--------------------------------------------------------------------------------
 
System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 00:10:44
 
Process Count: 18
Commit Total: 115.88 MB
Commit Limit: 1.20 GB
Commit Peak: 126.91 MB
Handle Count: 3465
Kernel Total: 28.45 MB
Kernel Paged: 23.16 MB
Kernel Non Paged: 5.29 MB
System Cache: 372.45 MB
Thread Count: 209
--------------------------------------------------------------------------------
 
Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 501.90 MB
Memory Used: 240.79 MB(47.9745%)
Memory Avail.: 261.12 MB
--------------------------------------------------------------------------------
 
Cleaning Memory Before Starting Repairs...
 
Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 501.90 MB
Memory Used: 127.11 MB(25.3255%)
Memory Avail.: 374.79 MB
--------------------------------------------------------------------------------
 
Starting Repairs...
   Started at (3/22/2017 7:24:58 PM)
 
Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 0
 
01 - Reset Registry Permissions 01/02
   HKEY_CURRENT_USER & Sub Keys
   Start (3/22/2017 7:25:00 PM)
 
   Running Repair Under Current User Account
   Done (3/22/2017 7:25:09 PM)
 
01 - Reset Registry Permissions 02/02
   HKEY_LOCAL_MACHINE & Sub Keys
   Start (3/22/2017 7:25:09 PM)
 
   Running Repair Under System Account
   Done (3/22/2017 7:26:45 PM)
 
03 - Reset Service Permissions
   Start (3/22/2017 7:26:45 PM)
 
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/22/2017 7:27:50 PM)
 
04 - Register System Files
   Start (3/22/2017 7:27:51 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/22/2017 7:31:15 PM)
 
05 - Repair WMI
   Start (3/22/2017 7:31:15 PM)
 
   Starting Security Center So We Can Export The Security Info.
 
   Exporting Antivirus Info...
   No Antivirus Products Reported.
 
   Exporting 3rd Party Firewall Info...
   No 3rd Party Firewall Products Reported.
 
   Running Repair Under Current User Account
   Done (3/22/2017 7:34:31 PM)
 
08 - Repair MDAC/MS Jet
   Start (3/22/2017 7:34:31 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/22/2017 7:34:45 PM)
 
10 - Remove Policies Set By Infections
   Start (3/22/2017 7:34:46 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/22/2017 7:34:52 PM)
 
13 - Repair Network
   Start (3/22/2017 7:34:52 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/22/2017 7:35:07 PM)
 
19 - Repair Volume Shadow Copy Service
   Start (3/22/2017 7:35:08 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/22/2017 7:35:29 PM)
 
21 - Repair MSI (Windows Installer)
   Start (3/22/2017 7:35:29 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/22/2017 7:35:45 PM)
 
26 - Restore Important Windows Services
   Start (3/22/2017 7:35:45 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/22/2017 7:35:52 PM)
 
27 - Set Windows Services To Default Startup
   Start (3/22/2017 7:35:52 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/22/2017 7:36:05 PM)
 
Cleaning up empty logs...
 
All Selected Repairs Done.
   Done at (3/22/2017 7:36:06 PM)
   Total Repair Time: 00:11:12
 
 
...YOU MUST RESTART YOUR SYSTEM...

Edited by Den., 22 March 2017 - 10:07 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 37,023 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:54 AM

Posted 23 March 2017 - 07:23 AM


Cleaning the Prefetch folder may help the boot time.
http://www.majorgeeks.com/files/details/windows_xp_prefetch_clean_and_control.html

Read the note on the topic.

===

#5 Den.

Den.
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:54 AM

Posted 23 March 2017 - 02:29 PM

Hi... Her computer is running great now. The "10 minute" boot up problem disappeared even before running the Prefetch cleaner. I'd like to ask a question though. What were the items and what were the problems with those items that you compiled to put into the "code box" to be fixed by running FRST?  Thanks, Den



#6 nasdaq

nasdaq

  • Malware Response Team
  • 37,023 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:54 AM

Posted 24 March 2017 - 07:09 AM

I remove some restrictions, and clean items that were not required.

The Tweaking tool was used to reset some important services.

Nothing very malicious was removed.

As you know Microsoft is no longer supporting XP.
Make sure you have a backup of all your important files.

Issues with XP not related to infections can possibly be solved by XP operating system expert in this Forum.
https://www.bleepingcomputer.com/forums/f/56/windows-xp-home-and-professional/

#7 Den.

Den.
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:54 AM

Posted 25 March 2017 - 07:30 PM

I'm glad to discover that it was not a virus/rootkit problem. The computer has been running fine these past few days. I think we can close this case unless there are any final instructions. Thanks again, Den






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users