[RESOLVED] Running Very Slowly

**Ned Ludd** · August 15th, 2016, 04:07 PM

u r going to have to email me @ address sent this a.m. from acct i can respond to~typing via my tv now, cant post or pm via computer. tv is w/pointer, cant type much this way. i tried to post logs for 8 hrs 2day

**Broni** · August 15th, 2016, 07:03 PM

OK....

**Ned Ludd** · August 16th, 2016, 07:54 AM

i tried posting both logs with my wife's MAC and neighbor's PC....get same msg: "something went wrong
" posting from TV now so i cant copy/paste logs.....email me at upsetwithabrazo@gmail.com so i can send u the logs you asked for.

**fink** · August 16th, 2016, 10:17 AM

The "something went wrong" message is a different issue that's being investigated
by the IT dept. That problem is at our end. An admin will likely have a message for
you shortly.

**Steve R Jones** · August 16th, 2016, 10:26 AM

Please post your log files to NotePad and then attach the file to a post here.

I'll send the attachment to the IP people for the Went Wrong Error and Broni will review it also.

**Ned Ludd** · August 17th, 2016, 08:26 PM

how do i do that with a MAC?

i.e what do i copy the text to?

also, how do i attach the document? i don't see an icon for that.

**Ned Ludd** · August 21st, 2016, 10:59 AM

(15-08-2016 07:33:00)
Running from C:\Documents and Settings\Administrator\My Documents\Downloads
Loaded Profiles: Administrator (Available Profiles: Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 6 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20064872 2011-10-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [8900328 2016-08-09] (AVAST Software)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKU\S-1-5-21-1801674531-1343024091-1417001333-500\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6825888 2016-07-21] (SUPERAntiSpyware)
HKU\S-1-5-21-1801674531-1343024091-1417001333-500\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssmypics.scr [47104 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [RunNarrator] => C:\WINDOWS\system32\Narrator.exe [53760 2008-04-14] (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-07-14] (AVAST Software)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Forget Me Not.lnk [2014-05-06]
ShortcutTarget: Forget Me Not.lnk -> C:\Program Files\Broderbund\AG CreataCard\AGRemind.exe (TLC Productivity Properties LLC)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.25
Tcpip\..\Interfaces\{DE815E20-2943-44A0-9D8A-064C99FA7C3F}: [DhcpNameServer] 192.168.0.1 205.171.3.25

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1801674531-1343024091-1417001333-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1801674531-1343024091-1417001333-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
HKU\S-1-5-21-1801674531-1343024091-1417001333-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-1801674531-1343024091-1417001333-500 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)

FireFox:
========
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-07-14]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-07-14]

Chrome:
=======
CHR StartupUrls: Default -> "hxxps://duckduckgo.com/"
CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Avast Online Security) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-06-19]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-06-14]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-08-12] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-07-14] (AVAST Software)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [34008 2016-07-14] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [35096 2016-07-14] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [91680 2016-07-14] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [64272 2016-07-14] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [60424 2016-07-14] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [816304 2016-07-14] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [438296 2016-07-14] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [184592 2016-07-14] (AVAST Software)
S3 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [66688 2016-07-14] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [224616 2016-08-05] (AVAST Software)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2008-01-24] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2008-01-24] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2008-01-24] (HP)
R3 IFXTPM; C:\WINDOWS\System32\DRIVERS\IFXTPM.SYS [44800 2008-07-23] (Infineon Technologies AG)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U3 TrueSight; C:\WINDOWS\system32\drivers\TrueSight.sys [24688 2016-08-11] ()
S3 catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys [X]
S0 cerc6; no ImagePath
S4 IntelIde; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-14 07:29 - 2016-08-15 07:33 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\temp
2016-08-14 07:29 - 2016-08-14 07:29 - 00008055 _____ C:\ComboFix.txt
2016-08-14 07:29 - 2016-08-14 07:29 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2016-08-14 07:23 - 2011-06-26 00:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2016-08-14 07:23 - 2010-11-07 11:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2016-08-14 07:23 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2016-08-14 07:23 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2016-08-14 07:23 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2016-08-14 07:23 - 2000-08-30 18:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2016-08-14 07:23 - 2000-08-30 18:00 - 00098816 _____ C:\WINDOWS\sed.exe
2016-08-14 07:23 - 2000-08-30 18:00 - 00080412 _____ C:\WINDOWS\grep.exe
2016-08-14 07:23 - 2000-08-30 18:00 - 00068096 _____ C:\WINDOWS\zip.exe
2016-08-14 07:22 - 2016-08-14 07:29 - 00000000 ____D C:\Qoobox
2016-08-14 07:22 - 2016-08-14 07:28 - 00000000 ____D C:\WINDOWS\erdnt
2016-08-14 07:22 - 2016-08-14 07:22 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents\My Videos
2016-08-12 06:04 - 2016-08-12 06:04 - 00003220 _____ C:\Documents and Settings\Administrator\Desktop\JRT.txt
2016-08-11 12:10 - 2016-08-11 12:10 - 00000000 ____D C:\AdwCleaner
2016-08-11 12:03 - 2016-08-11 12:03 - 00002947 _____ C:\Documents and Settings\Administrator\Desktop\MBAM Clip.CLP
2016-08-11 11:53 - 2016-08-11 11:53 - 00001066 _____ C:\Documents and Settings\Administrator\Desktop\MBAM2.txt
2016-08-11 11:51 - 2016-08-11 11:51 - 00001065 _____ C:\Documents and Settings\Administrator\Desktop\MBAM.txt
2016-08-11 10:58 - 2016-08-11 10:58 - 00006582 _____ C:\Documents and Settings\Administrator\Desktop\rk_40.tmp
2016-08-11 10:33 - 2016-08-11 10:33 - 00024688 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-08-11 10:33 - 2016-08-11 10:33 - 00000718 _____ C:\Documents and Settings\All Users\Desktop\RogueKiller.lnk
2016-08-11 10:33 - 2016-08-11 10:33 - 00000000 ____D C:\Program Files\RogueKiller
2016-08-11 10:33 - 2016-08-11 10:33 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\RogueKiller
2016-08-11 10:33 - 2016-08-11 10:33 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\RogueKiller
2016-08-10 15:50 - 2016-08-15 07:33 - 00000000 ____D C:\FRST
2016-07-19 07:37 - 2016-07-19 07:37 - 00106496 _____ C:\WINDOWS\Minidump\Mini071916-01.dmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-15 07:11 - 2014-05-01 08:21 - 00360124 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-08-15 07:08 - 2014-05-01 16:32 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2016-08-15 07:07 - 2016-06-15 07:08 - 00000480 _____ C:\WINDOWS\Tasks\SafeZone scheduled Autoupdate 1465996115.job
2016-08-15 07:07 - 2014-05-01 16:30 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-15 07:07 - 2014-05-01 14:36 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-14 09:23 - 2014-05-01 14:36 - 00032530 _____ C:\WINDOWS\SchedLgU.Txt
2016-08-14 09:23 - 2014-05-01 14:36 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2016-08-14 09:23 - 2014-05-01 14:36 - 00000000 ____D C:\Documents and Settings\Administrator
2016-08-14 08:54 - 2014-05-01 16:30 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-14 08:00 - 2014-05-01 16:42 - 00002515 _____ C:\Documents and Settings\Administrator\Desktop\Microsoft Office Word 2007.lnk
2016-08-14 07:28 - 2008-04-14 06:00 - 00000227 _____ C:\WINDOWS\system.ini
2016-08-14 07:22 - 2014-05-01 14:36 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents
2016-08-14 07:01 - 2008-04-14 06:00 - 00012984 _____ C:\WINDOWS\system32\wpa.dbl
2016-08-12 13:40 - 2014-05-07 08:07 - 00082944 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-08-11 11:55 - 2014-05-07 11:21 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-08-11 11:03 - 2014-05-07 11:21 - 00000777 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2016-08-11 11:03 - 2014-05-07 11:21 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-08-11 11:03 - 2014-05-07 11:21 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2016-08-05 08:21 - 2014-05-01 16:30 - 00224616 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys
2016-07-31 10:26 - 2014-05-06 12:35 - 00048560 _____ C:\WINDOWS\cdplayer.ini
2016-07-31 08:03 - 2014-05-08 11:13 - 00001534 _____ C:\Documents and Settings\All Users\Application Data\ss.ini
2016-07-22 10:24 - 2014-05-06 10:26 - 00000000 ____D C:\Program Files\SUPERAntiSpyware

==================== Files in the root of some directories =======

2014-05-07 08:07 - 2016-08-12 13:40 - 0082944 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-11 12:41 - 2014-05-11 12:42 - 0000339 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2014-05-08 11:13 - 2016-07-31 08:03 - 0001534 _____ () C:\Documents and Settings\All Users\Application Data\ss.ini

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-08-2016
Ran by Administrator (2016-08-15 07:33:33)
Running from C:\Documents and Settings\Administrator\My Documents\Downloads
Microsoft Windows XP Professional Service Pack 3 (X86) (2014-05-01 20:32:56)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1801674531-1343024091-1417001333-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Guest (S-1-5-21-1801674531-1343024091-1417001333-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1801674531-1343024091-1417001333-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1801674531-1343024091-1417001333-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

American Greetings CreataCard Select 6 (HKLM\...\{9770A25C-45A7-478E-AF50-4FDE53EED270}) (Version: - )
Avast Free Antivirus (HKLM\...\Avast) (Version: 12.1.2272 - AVAST Software)
Click'N Design 3D for AfterBurner(tm) (HKLM\...\Click'N Design 3D for AfterBurner(tm)) (Version: 4.x - Stomp Inc.)
Defraggler (HKLM\...\Defraggler) (Version: 2.16 - Piriform)
Feurio! CD-Writer (HKLM\...\Feurio) (Version: - )
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Web Publishing Wizard 1.52 (HKLM\...\WebPost) (Version: - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.6482 - Realtek Semiconductor Corp.)
RogueKiller version 12 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12 - Adlice Software)
Roxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - )
SafeZone Stable 1.48.2066.114 (Version: 1.48.2066.114 - Avast Software) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\SafeZone scheduled Autoupdate 1465996115.job => C:\Program Files\AVAST Software\SZBrowser\launcher.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-print-preview

==================== Loaded Modules (Whitelisted) ==============

2016-07-14 10:12 - 2016-07-14 10:12 - 00146232 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-07-14 10:12 - 2016-07-14 10:12 - 00479288 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-08-15 07:08 - 2016-08-15 07:08 - 03016192 _____ () C:\Program Files\AVAST Software\Avast\defs\16081500\algo.dll
2016-07-14 10:12 - 2016-07-14 10:12 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2008-04-14 06:00 - 2008-04-14 06:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2008-04-14 06:00 - 2008-04-14 06:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2016-07-13 09:40 - 2016-07-06 18:01 - 17602240 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\22.0.0.209\pepflashplayer.dll
2014-05-05 14:25 - 2014-02-10 13:44 - 04592128 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-05-05 14:25 - 2014-02-10 13:44 - 00112128 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2008-04-14 06:00 - 2016-08-14 07:28 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1801674531-1343024091-1417001333-500\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.0.1 - 205.171.3.25
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE] => Enabled:Microsoft Office Outlook
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\GROOVE.EXE] => Enabled:Microsoft Office Groove
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE] => Enabled:Microsoft Office OneNote
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Disabled:Google Chrome

==================== Restore Points =========================

16-05-2016 08:22:06 System Checkpoint
17-05-2016 11:18:30 System Checkpoint
19-05-2016 11:58:33 System Checkpoint
25-05-2016 09:45:40 System Checkpoint
31-05-2016 07:59:32 System Checkpoint
01-06-2016 08:59:07 System Checkpoint
03-06-2016 11:23:42 System Checkpoint
14-06-2016 13:13:21 Installed Windows XP Wdf01009.
19-06-2016 09:20:56 System Checkpoint
27-06-2016 15:12:52 System Checkpoint
29-06-2016 06:45:25 System Checkpoint
30-06-2016 08:38:22 System Checkpoint
01-07-2016 08:59:36 System Checkpoint
05-07-2016 14:34:07 System Checkpoint
14-07-2016 10:14:27 Installed Windows XP Wdf01009.
15-07-2016 10:31:45 System Checkpoint
18-07-2016 15:45:14 System Checkpoint
20-07-2016 15:24:28 System Checkpoint
25-07-2016 06:56:53 System Checkpoint
26-07-2016 07:12:53 System Checkpoint
27-07-2016 11:20:19 System Checkpoint
28-07-2016 17:27:43 System Checkpoint
30-07-2016 11:34:24 System Checkpoint
01-08-2016 10:19:11 System Checkpoint
03-08-2016 14:02:23 System Checkpoint
05-08-2016 08:37:43 System Checkpoint
10-08-2016 12:33:34 System Checkpoint
11-08-2016 14:54:23 System Checkpoint
12-08-2016 06:03:24 JRT Pre-Junkware Removal
14-08-2016 07:23:16 ComboFix created restore point

==================== Faulty Device Manager Devices =============

Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Class Guid: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (07/23/2016 01:45:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application explorer.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (10/25/2015 11:45:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application svchost.exe, version 5.1.2600.5512, faulting module wiaservc.dll, version 5.1.2600.5512, fault address 0x000223dd.
Processing media-specific event for [svchost.exe!ws!]

System errors:
=============
Error: (08/15/2016 07:07:55 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
i8042prt

Error: (08/14/2016 09:17:40 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
i8042prt

Error: (08/14/2016 08:02:03 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
i8042prt

Error: (08/14/2016 07:02:21 AM) (Source: System Error) (EventID: 1003) (User: )
Description: Error code 10000050, parameter1 e1475000, parameter2 00000001, parameter3 bf8ebdad, parameter4 00000001.

Error: (08/14/2016 07:01:55 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
i8042prt

Error: (08/12/2016 09:31:25 AM) (Source: System Error) (EventID: 1003) (User: )
Description: Error code 10000050, parameter1 e5b44000, parameter2 00000001, parameter3 bf8ebdad, parameter4 00000001.

Error: (08/12/2016 06:03:26 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (08/12/2016 05:55:08 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
i8042prt

Error: (08/11/2016 03:05:01 PM) (Source: DCOM) (EventID: 10010) (User: USER-90126D2629)
Description: The server {520CCA63-51A5-11D3-9144-00104BA11C5E} did not register with DCOM within the required timeout.

Error: (08/11/2016 11:54:47 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
i8042prt

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz
Percentage of memory in use: 13%
Total physical RAM: 3575.23 MB
Available physical RAM: 3100.2 MB
Total Virtual: 5457.55 MB
Available Virtual: 5058.71 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:149 GB) (Free:115.55 GB) NTFS ==>[drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: C06CC06C)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

**Broni** · August 21st, 2016, 12:43 PM

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

**Ned Ludd** · August 22nd, 2016, 07:14 AM

Fix result of Farbar Recovery Scan Tool (x86) Version: 10-08-2016
Ran by Administrator (2016-08-22 05:12:11) Run:1
Running from C:\Documents and Settings\Administrator\My Documents\Downloads
Loaded Profiles: Administrator (Available Profiles: Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1801674531-1343024091-1417001333-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
S3 catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys [X]
S0 cerc6; no ImagePath
S4 IntelIde; no ImagePath
2014-05-07 08:07 - 2016-08-12 13:40 - 0082944 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-11 12:41 - 2014-05-11 12:42 - 0000339 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2014-05-08 11:13 - 2016-07-31 08:03 - 0001534 _____ () C:\Documents and Settings\All Users\Application Data\ss.ini

*****************

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-1801674531-1343024091-1417001333-500\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => value restored successfully
catchme => service removed successfully.
cerc6 => service removed successfully.
IntelIde => service removed successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
C:\Documents and Settings\All Users\Application Data\hpzinstall.log => moved successfully
C:\Documents and Settings\All Users\Application Data\ss.ini => moved successfully

==== End of Fixlog 05:12:12 ====

**Broni** · August 22nd, 2016, 07:28 PM

Last scans...

Download Security Check from here or here and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center
Windows Update
Windows Defender
Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

Double click the icon and select Run
Click Next
Select I accept the terms in this license agreement, then click Next twice
Click Install
Click Finish to launch the program
Once the virus database has been updated click Start Scanning
If any threats are found click Details, then View log file... (bottom left hand corner)
Copy and paste the results in your reply
Close the Notepad document, close the Threat Details screen, then click Start cleanup
Click Exit to close the program

**Ned Ludd** · August 23rd, 2016, 09:13 AM

First Log

Results of screen317's Security Check version 1.014 --- 12/23/15
Windows XP Service Pack 3 x86
Internet Explorer 6 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Please wait while WMIC is being installed.d
i
s
p
l
a
y
N
a
m
e
ECHO is off.
a
v
a
s
t
!
ECHO is off.
A
n
t
i
v
i
r
u
s
ECHO is off.
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware
Google Chrome (49.0.2623.110)
Google Chrome (49.0.2623.112)
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 26% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

**Ned Ludd** · August 23rd, 2016, 09:17 AM

Second Log

Farbar Service Scanner Version: 27-01-2016
Ran by Administrator (administrator) on 23-08-2016 at 07:15:49
Running from "C:\Documents and Settings\Administrator\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Policy:
========================

Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Other Services:
==============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\afd.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\netbt.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\tcpip.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\ipsec.sys => File is digitally signed
C:\WINDOWS\system32\dnsrslvr.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\ipnathlp.dll => File is digitally signed
C:\WINDOWS\system32\netman.dll => File is digitally signed
C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
C:\WINDOWS\system32\srsvc.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\sr.sys => File is digitally signed
C:\WINDOWS\system32\wscsvc.dll => File is digitally signed
C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
C:\WINDOWS\system32\wuauserv.dll => File is digitally signed
C:\WINDOWS\system32\qmgr.dll => File is digitally signed
C:\WINDOWS\system32\es.dll => File is digitally signed
C:\WINDOWS\system32\cryptsvc.dll => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed

Extra List:
=======
aswTdi(8) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x080000000500000001000000020000000300000004000000080000000600000007000000
IpSec Tag value is correct.

**** End of log ****

**Ned Ludd** · August 23rd, 2016, 10:51 AM

After running Sophos the msg was "your computer is clean" 0 Threats found

**Broni** · August 23rd, 2016, 09:50 PM

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download

DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

Activate UAC (optional; some users prefer to keep it off)
Remove disinfection tools
Create registry backup
Purge System Restore
Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tuto...r-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/foru.../#entry3187642

12. Please, let me know, how your computer is doing.

**Ned Ludd** · August 25th, 2016, 04:22 PM

thank you

Q: "If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!"

where would i find these? which log, etc?

Thread: [RESOLVED] Running Very Slowly

Thread Tools

Search Thread

Display

Thread Information

Users Browsing this Thread

Tags for this Thread

Posting Permissions