Solved Need a slimmer antivirus for a lagging XP system

April 10, 2018 at 18:02:36
Specs: WinXP SP3, P4/2G
I've been hanging on to my XP machine, delaying the installation of a W7 box, simply due to my avoidance of the "migration" that is necessary, to try to preserve things, many things that I'm probably not even aware of, that I'll miss, when I make the move from one box to the other.

So, as my XP machine gradually slows down, bloated with "stuff", not sure of which "stuff" is actually doing the "foot-dragging", causing me to wait, for instance, up to a minute or two just to open the browser window, etc.

I'm thinking, maybe it's the anti-virus program that's slowing me down considerably. (?)

I'm presently using Avast Free Antivirus, and I've been happy with it in the past, but now it's bloated and slow, with lots of "nagware" prompting me to "upgrade" amongst other things.

Is there a slimmer, more compact, less resource-hungry antivirus program that any here would suggest? I just want basic protection, in case I "acquire" something negative in my dealings on the internet.

I want to basically keep this machine useful, while I migrate to the newer one.

Or should I be focusing on my browser? I'm using the latest FF. Maybe it's the problem?

message edited by WinXP_straggler


See More: Need a slimmer antivirus for a lagging XP system

Reply ↓  Report •

✔ Best Answer
May 5, 2018 at 16:55:02
There is only 1 Fix, click it.


#1
April 10, 2018 at 18:59:22
If you turn off the Anti-virus, is there a significant boost in performance??

Why would you want to upgrade to Win 7? Support will stop in 2020 and you end up the same as your Win XP.
If you have a multi-core CPU thy the new OS on an Virtual Machine like Oracle Virtualbox (free) . Test all the applications you want to run on the new OS. Performance will be slow on the VM but you have an idea what works and doesn't work.
https://www.virtualbox.org/


Reply ↓  Report •

#2
April 10, 2018 at 19:56:43
Read the following about Firefox & XP: https://support.mozilla.org/en-US/k...

Do you regularly run a cleaner? If not, get CCleaner-Slim: https://www.ccleaner.com/ccleaner/b...

Run the cleaner & the registry scanner - be patient, it may take a while, especially the 1st time - remove everything they find. Then click Tools > Startup & disable all the unnecessary startup apps.

https://www.howtogeek.com/74523/how...

After doing all the above, reboot. Your system should boot quicker & perform better.


Reply ↓  Report •

#3
April 10, 2018 at 20:03:10
Forgot to mention AV. There are some here that still support XP: https://www.thebalance.com/best-fre...

Reply ↓  Report •

Related Solutions

#4
April 11, 2018 at 01:14:43

Reply ↓  Report •

#5
April 11, 2018 at 02:46:51
Have you tried to disbale all startup programs?
These could slow down your system considerably by eating up CPU&RAM

when you run out of RAM you can experience extreme lagging since the system tries to free up RAm by offloading to the pagefile, wihch is on your main drive(HDD or SSD)

loading this back into RAM would cause massive laggs/waiting times especially on an HDD

https://www.howtogeek.com/74523/how...

p.s. what does the task manager say about total RAM/memory used?
i have a feeling it's gonna be 100%

i5-6600K[delid]@4.8GHz/4.5GHz@1.385v | 2x4GB Crucial-DDR4-2133@14-14-14-30 1T 2800MHz@1.37v
ASUS Z170K | Samsung 250GB SSD 850 EVO
MSI Armor RX 570 4GB@1393@1.193v/1930 BiosMod


Reply ↓  Report •

#6
April 11, 2018 at 13:21:03
Malware can slow computers down.

Always pop back and let us know the outcome - thanks


Reply ↓  Report •

#7
April 12, 2018 at 15:59:19
Thanks for all the suggestions. I've been busy with health issues for the past few days, so couldn't get back to this issue before now.

I'm sending this from my wife's computer downstairs, which we use for our news, entertainment, shopping, communications, etc. The only issues with this computer are that Firefox freezes up frequently, and especially when she's been online on various shopping sites, as well as watching Netflix.

I do use CCleaner, on both machines. Sometimes I have to restart to get FF to let go of whatever is causing it to freeze.

My IT specialist son says he thinks it's because we don't have a video card, but are using the onboard video. I don't know.

I'll go ahead and try those other things mentioned, and get back.

Thanks again, see you soon.


Reply ↓  Report •

#8
April 12, 2018 at 16:18:29
"but are using the onboard video"
That's what I use on every comp I have.

"The only issues with this computer are that Firefox freezes up frequently"
Reset Firefox – easily fix most problems
https://support.mozilla.org/en-US/k...


Reply ↓  Report •

#9
April 12, 2018 at 16:49:28
If #8 doesn't fix it run this and if it finds anything copy/paste the log on here:

AdwCleaner:
https://www.malwarebytes.com/adwcle...
Download and "Save" the file somewhere. Go to the saved file then double click it to run the program. Use the "Scan" button, followed by the "Clean" button.

Always pop back and let us know the outcome - thanks


Reply ↓  Report •

#10
April 17, 2018 at 17:12:09
Lots of good help here, just getting started following all the links. I'm admittedly slow at responding, sorry. I'm 68 yrs old, FFS...

I'm just on #2, concerning FF not supporting XP,,

It's getting good. Thanks guys..

I'll be back soon when I've digested everything.

I do use CCleaner frequently. It helps "keep me regular",,lol.


Reply ↓  Report •

#11
April 17, 2018 at 17:24:21
"I do use CCleaner frequently"
But do you use the Registry cleaner as per post 2?

Follow these SS (screenshot) steps.
http://i.imgur.com/UUecMp3.gif
http://i.imgur.com/715LOZY.gif
http://i.imgur.com/oWJFPUA.gif
http://i.imgur.com/CFRA6GW.gif
http://i.imgur.com/r0c6HFr.gif
http://i.imgur.com/Htjr1Mj.gif

message edited by Johnw


Reply ↓  Report •

#12
April 17, 2018 at 19:01:39
Yes, actually, when I run CCleaner, I frequently use the Registry cleaner in the process. It always seems to come up with "installation remnants" to delete, and I just check them all and click "fix", and it does, seemingly, "fix" these entries.

Onward and upward,, I'm climbin outta this hole, come hell or high water...


Reply ↓  Report •

#13
April 17, 2018 at 19:20:08
"I'm climbin outta this hole, come hell or high water..."
Step by step, you will get there.

Reply ↓  Report •

#14
April 17, 2018 at 20:35:04
Concerning #5, regarding the RAM being used, yes, it does say "100%", and I'm not really doing much at all, just a couple tabs open, and one extra window.

Okay, now it's down to under 50%, dipping as low as 11, while "PF usage" is remaining around 765 MB.

It took around a minute and a half to open FF, even after I CCleaned, checked Startup, and restarted.

Now, it's using 30% CPU, average.

Could it be due to having too many tabs open, or having "a billion" bookmarks saved?

edit: after I clicked "submit changes" (below this edit), it jumped back up to "100%", and the PF jumped up around 850 MB.

still, it's taking a while to post, read pages, etc. I get used to watching the "activity" in the lower left corner ( "reading...". ), while things post, or I'm navigating from one site to another, etc.

message edited by WinXP_straggler


Reply ↓  Report •

#15
April 17, 2018 at 20:52:20
Run AdwCleaner as per post 9, Copy & Paste the contents of the Clean log in your reply.

Reply ↓  Report •

#16
April 17, 2018 at 20:53:08
Concerning #8, (johnw), regarding "resetting FFox":

I'm presently using a program called "NoScript", because I'm still using XP as my OS, and it was suggested to me by, I think, one of your members, in order to avoid script vulnerabilities, I'm assuming.

Will "resetting" FFox disable this program, and if so, will I be "suddenly vulnerable", or only if I'm on, or navigate to a questionable site?

edit:
concerning #15, concerning running AdAware, I'm almost there, sometime tonight.

Oops, I meant "AdwareCleaner"

message edited by WinXP_straggler


Reply ↓  Report •

#17
April 17, 2018 at 21:12:16
"Will "resetting" FFox disable this program"
Maybe.

"suddenly vulnerable"
No more then usual, go to any Malware forum & no matter what defenses they had installed, they still got infected.
You cannot stop User error, they click when they shouldn't.


Reply ↓  Report •

#18
April 17, 2018 at 21:34:37
Okay, I just reset FFox, per msg #8, on the box downstairs, the one my wife uses (W7), the one having the FF freezing problem. I'll be back to report on the results. So far, no freezing.

Reply ↓  Report •

#19
April 20, 2018 at 00:23:01
Tried to post earlier, but forgot to log-in in order to send, so lost the post.

Anyway,, per #8, I've reset the Firefox browser on both the downstairs and upstairs machines, and it seems to have made huge improvements, mostly to the speed of my XP machine, though I think it may have also cleared up the freezing problem downstairs as well. Anyway, this computer is showing renewed signs of life.

I'm guessing that "NoScript" was using a lot of CPU time, or interrupting the flow somehow, since it's gone now that the browser has been reset, and things are running much faster.

I'll get to AdwCleaner sometime in the near future.


Reply ↓  Report •

#20
April 20, 2018 at 04:01:26
Step by step. Sometimes we need to take a little time to clear out some junk and build up. The better job you do now, the longer it might last until next time. Good work.

You have to be a little bit crazy to keep you from going insane.


Reply ↓  Report •

#21
April 23, 2018 at 19:40:28
It's teaching me a lesson, one I've always known, but just reminding me, again, that it's silly to do a lot of customizing that won't last through, for instance, an OS re-install, etc.

It's best to stay simple, lean, trim. Use the 'puter as a handy tool, but don't let it become "indispensible". Don't get bogged down, like someone that moves into a house, only to fill up the garage with collections of junk, making it a huge project next time you decide to move.

Clutter is the enemy. Gotta stay "light on your feet", virtually speaking.


Reply ↓  Report •

#22
April 23, 2018 at 20:04:19
"I'll get to AdwCleaner sometime in the near future"
That is a very important step, we need to fix the causes of your problems..


Reply ↓  Report •

#23
April 24, 2018 at 06:56:40
It only takes a few minutes to run ADWCleaner (you just double click the downloaded file) and it can clear up a lot. Go for it.

Always pop back and let us know the outcome - thanks


Reply ↓  Report •

#24
April 30, 2018 at 18:32:19
Okay, back to the task at hand.

Hmmm,, AdwCleaner,

Okay, going to download.


Reply ↓  Report •

#25
April 30, 2018 at 18:41:37
So, I d'ld the file (adwcleaner), ran it, and got the following error alert:

adwcleaner_7.1.1.exe - Unable To Locate Component

This application has failed to start because dwmapi.dll was not found. Re-installing the application may fix this problem.

[OK]


Reply ↓  Report •

#26
April 30, 2018 at 19:17:43
"Re-installing the application may fix this problem"
Did you?

Before reinstalling.
Close all open programs and internet browsers.

How to Temporarily Disable your Anti-virus
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...


Reply ↓  Report •

#27
April 30, 2018 at 19:28:53
If you still can't get AdwCleaner to work, try this.

Run Malwarebytes Anti-Malware ( MBAM ) Use Threat Scan.
http://www.softpedia.com/get/Antivi...
http://www.freewarefiles.com/Malwar...
http://www.freewarefiles.com/screen...
http://www.malwarebytes.org/downloads/
Forum
http://www.malwarebytes.org/forums/
After the Free trial, I choose this.
http://fs5.directupload.net/images/...
You then get this screen.
http://fs5.directupload.net/images/...
Or,
Deactivate Malwarebytes for Windows Premium Trial
https://support.malwarebytes.com/do...
At the end of a scan, you will get something like this.
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...
After clicking on > View Report & then > Export. Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.


Reply ↓  Report •

#28
April 30, 2018 at 23:25:52
First, I'm not quite sure which "program" they want me to "re-install". AdwCleaner?

All I did was to dl the exe file, and double click on it. That's when the error message showed up. It didn't get as far as to "install" in the first place, so where's the "re" in "re-install"?

Or do they want me to "re-install" the OS?

Lots of info on how to dl the allegedly missing file, "dwmapi.dll", even specific to XP


Reply ↓  Report •

#29
May 1, 2018 at 00:34:19
"Or do they want me to "re-install" the OS?"
No.
Move on & try Malwarebytes.

"Lots of info on how to dl the allegedly missing file, "dwmapi.dll", even specific to XP"
I checked 2 XP comps & dwmapi.dll is not in either.


Reply ↓  Report •

#30
May 1, 2018 at 01:44:45
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/30/18
Scan Time: 11:52 PM
Log File: 44ef11b8-4d0c-11e8-9267-00301b158f66.json
Administrator: Yes

-Software Information-
Version: 3.4.4.2398
Components Version: 1.0.322
Update Package Version: 1.0.4934
License: Trial

-System Information-
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: JOSEPHINE\Bobby Boombatz

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 191499
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 1 hr, 42 min, 44 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)


Reply ↓  Report •

#31
May 1, 2018 at 02:40:19
Malwarebytes is clean.
Extract from the log.
"Time Elapsed: 1 hr, 42 min, 44 sec"
That is far, far to long, 20mins is about average.

Lets have a look at this side of things. Run chkdsk. I do it this way.

https://i.imgur.com/sDm4IMw.gif
https://i.imgur.com/Swu7iI0.gif
https://i.imgur.com/pBBo4TL.gif
https://i.imgur.com/FqOzcPc.gif
https://i.imgur.com/XcM7KYr.gif

message edited by Johnw


Reply ↓  Report •

#32
May 1, 2018 at 08:14:22
So, I ran chkdsk, twice, once through the cmd prompt and once through the Windows menu, and both times it came out clean.


Reply ↓  Report •

#33
May 1, 2018 at 15:59:16
Please download Farbar Recovery Scan Tool and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://www.bleepingcomputer.com/dow...
If we have to run Farbar more than once, refer this SS.
http://i.imgur.com/yUxNw0j.gif
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the Desktop.
The first time the tool is run, it makes also another log (Addition.txt) on the Desktop.
The logs are large, upload them using one of these. No time delays/Captcha-I'm not a Robot/account/registration needed. Give us the links please.
http://www.fileconvoy.com/index.php

Reply ↓  Report •

#34
May 5, 2018 at 12:33:53
JohnW:

"The logs are large, upload them using one of these. "

I dl'd Farbar, moved it to the desktop, ran it, and it gave me the two txt files mentioned, "FRST.txt", and "Addition.txt". Each of these files is approximately 20KB in size. How is this considered "large"?

Anyway, I'm looking at the "FileConvoy" page. Not sure just how to use it to move the two txt files from my desktop to here.

For instance, do I check the box for "email notifications"?

When I get to where I "submit the form", after having checked the "terms of use" box, how does this shuffle the files over here, to this site?

message edited by WinXP_straggler


Reply ↓  Report •

#35
May 5, 2018 at 12:41:53
Okay, I figured it out,,,here's the link to the two files:

http://www.fileconvoy.com/dfl.php?i...


Reply ↓  Report •

#36
May 5, 2018 at 14:26:52
" Each of these files is approximately 20KB in size. How is this considered "large"?"
Don't know if it still applies, previously when that amount of text is pasted into a reply, it was rejected & a message asking for it to be broken up into smaller pieces was received.

Try it & you can confirm for me.


Reply ↓  Report •

#37
May 5, 2018 at 14:40:07
Okay, I understand. I hadn't connected all the dots when I asked that. I was only thinking in terms of an email, not a straight across copy-and-paste from the file to the post. I doubt whether it would fly that way. But I'm too lazy to try it at this time,,haha,,

Well,,now I'm curious. I'll try it in this post. Here goes:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23.04.2018
Ran by Bobby Boombatz (administrator) on JOSEPHINE (05-05-2018 12:21:05)
Running from E:\Documents and Settings\Bobby Boombatz\Desktop
Loaded Profiles: Bobby Boombatz (Available Profiles: Bobby Boombatz & Harmonicaman)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topi...

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) E:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Windows (R) Codename Longhorn DDK provider) E:\Program Files\UPHClean\uphclean.exe
(Malwarebytes) E:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(AVAST Software) E:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Microsoft Corporation) E:\WINDOWS\system32\wbem\unsecapp.exe
(Malwarebytes) E:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Piriform Ltd) E:\Program Files\CCleaner\CCleaner.exe
(AVAST Software) E:\Program Files\AVAST Software\Avast\AvastUI.exe
(Mozilla Corporation) E:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [VTPreset] => E:\WINDOWS\system32\VTPreset.exe [45056 2004-02-24] (S3 Graphics, Inc.)
HKLM\...\Run: [AvastUI.exe] => E:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-04-10] (AVAST Software)
HKU\S-1-5-21-1614895754-113007714-1060284298-1003\...\Run: [CCleaner Monitoring] => E:\Program Files\CCleaner\CCleaner.exe [13619968 2018-04-12] (Piriform Ltd)
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => E:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation)
GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{B93B59C8-A91B-4BD2-9A1C-E2C67969EF71}: [DhcpNameServer] 209.18.47.62 209.18.47.61

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1614895754-113007714-1060284298-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope value is missing
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> E:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-16] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> E:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-02-15] (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> E:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-16] (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - E:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-02-15] (AVAST Software)

FireFox:
========
FF ProfilePath: E:\Documents and Settings\Bobby Boombatz\Application Data\Mozilla\Firefox\Profiles\vbhzmvtq.default-1524035376569 [2018-05-05]
FF Homepage: E:\Documents and Settings\Bobby Boombatz\Application Data\Mozilla\Firefox\Profiles\vbhzmvtq.default-1524035376569 -> hxxps://www.google.com/
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - E:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - E:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-04-16] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> E:\WINDOWS\system32\Macromed\Flash\NPSWF32_29_0_0_140.dll [2018-04-10] ()
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> E:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> E:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-16] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> E:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> E:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin: @videolan.org/vlc,version=2.1.2 -> E:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin: @videolan.org/vlc,version=2.1.3 -> E:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin: Adobe Reader -> E:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1614895754-113007714-1060284298-1003: @citrixonline.com/appdetectorplugin -> E:\Documents and Settings\Bobby Boombatz\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll [2016-03-06] (Citrix Online)

Chrome:
=======
CHR Profile: E:\Documents and Settings\Bobby Boombatz\Local Settings\Application Data\Google\Chrome\User Data\Default [2018-05-05]
CHR Extension: (Slides) - E:\Documents and Settings\Bobby Boombatz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-13]
CHR Extension: (Google Docs) - E:\Documents and Settings\Bobby Boombatz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-30]
CHR Extension: (Google Drive) - E:\Documents and Settings\Bobby Boombatz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-30]
CHR Extension: (YouTube) - E:\Documents and Settings\Bobby Boombatz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-30]
CHR Extension: (Avast Passwords) - E:\Documents and Settings\Bobby Boombatz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik [2017-11-13]
CHR Extension: (Sheets) - E:\Documents and Settings\Bobby Boombatz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-13]
CHR Extension: (Google Docs Offline) - E:\Documents and Settings\Bobby Boombatz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-30]
CHR Extension: (Chrome Web Store Payments) - E:\Documents and Settings\Bobby Boombatz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-08]
CHR Extension: (Gmail) - E:\Documents and Settings\Bobby Boombatz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-30]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - E:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; E:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2018-04-10] (Adobe Systems Incorporated) [File not signed]
R3 aswbIDSAgent; E:\Program Files\AVAST Software\Avast\aswidsagent.exe [5947256 2018-04-10] (AVAST Software)
R2 avast! Antivirus; E:\Program Files\AVAST Software\Avast\AvastSvc.exe [313640 2018-04-10] (AVAST Software)
S3 Imapi Helper; E:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe [163840 2006-01-05] (Alex Feinman) [File not signed]
R2 MBAMService; E:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4675872 2018-03-03] (Malwarebytes)
R2 UPHClean; E:\Program Files\UPHClean\uphclean.exe [399872 2010-09-13] (Windows (R) Codename Longhorn DDK provider) [File not signed]
S3 WmdmPmSN; C:\WINDOWS\system32\mspmsnsv.dll [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswArPot; E:\WINDOWS\System32\drivers\aswArPot.sys [167040 2018-04-10] (AVAST Software)
R1 aswbidsdriver; E:\WINDOWS\System32\drivers\aswbidsdriverx.sys [185432 2018-03-09] (AVAST Software)
R0 aswbidsh; E:\WINDOWS\System32\drivers\aswbidshx.sys [157368 2018-03-09] (AVAST Software)
R0 aswblog; E:\WINDOWS\System32\drivers\aswblogx.sys [276688 2018-03-09] (AVAST Software)
R0 aswbuniv; E:\WINDOWS\System32\drivers\aswbunivx.sys [50336 2018-03-09] (AVAST Software)
R1 aswHdsKe; E:\WINDOWS\System32\drivers\aswHdsKe.sys [180984 2018-04-10] (AVAST Software)
S3 aswHwid; E:\WINDOWS\System32\drivers\aswHwid.sys [42808 2018-04-10] (AVAST Software)
R2 aswMonFlt; E:\WINDOWS\System32\drivers\aswMonFlt.sys [124392 2018-04-12] (AVAST Software)
R1 aswRdr; E:\WINDOWS\System32\drivers\aswRdr.sys [70576 2018-04-10] (AVAST Software)
R0 aswRvrt; E:\WINDOWS\System32\drivers\aswRvrt.sys [70816 2018-04-10] (AVAST Software)
R1 aswSnx; E:\WINDOWS\System32\drivers\aswSnx.sys [783600 2018-04-10] (AVAST Software)
R1 aswSP; E:\WINDOWS\System32\drivers\aswSP.sys [391856 2018-04-10] (AVAST Software)
R3 aswStmXP; E:\WINDOWS\System32\drivers\aswStmXP.sys [205352 2018-04-10] (AVAST Software)
R0 aswVmm; E:\WINDOWS\System32\drivers\aswVmm.sys [310784 2018-04-10] (AVAST Software)
R1 ESProtectionDriver; E:\WINDOWS\system32\drivers\mbae.sys [58664 2018-01-18] ()
R3 FETND5BV; E:\WINDOWS\System32\DRIVERS\fetnd5bv.sys [42496 2004-12-16] (VIA Technologies, Inc. )
S3 FETNDIS; E:\WINDOWS\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc. )
R3 gameenum; E:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation)
R2 mbamchameleon; E:\WINDOWS\system32\drivers\mbamchameleon.sys [151160 2018-04-30] (Malwarebytes)
R3 MBAMProtection; E:\WINDOWS\system32\drivers\mbam.sys [41352 2018-05-05] (Malwarebytes)
R3 MBAMSwissArmy; E:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [220896 2018-05-05] (Malwarebytes)
R3 ms_mpu401; E:\WINDOWS\System32\drivers\msmpu401.sys [2944 2001-08-17] (Microsoft Corporation)
R3 S3Psddr; E:\WINDOWS\System32\DRIVERS\s3gnbm.sys [167168 2004-08-13] (S3 Graphics, Inc.)
S3 S3SavageNB; E:\WINDOWS\System32\DRIVERS\s3gnbm.sys [167168 2004-08-13] (S3 Graphics, Inc.)
U3 TrueSight; E:\WINDOWS\system32\drivers\TrueSight.sys [14336 2012-12-02] () [File not signed]
R0 viaagp1; E:\WINDOWS\System32\DRIVERS\viaagp1.sys [32128 2002-07-24] (VIA Technologies, Inc.)
R3 VIAudio; E:\WINDOWS\System32\drivers\vinyl97.sys [207488 2007-06-27] (VIA Technologies, Inc.)
S3 69617853; system32\drivers\26924203.sys [X]
S3 catchme; \??\E:\DOCUME~1\BOBBYB~1\LOCALS~1\Temp\catchme.sys [X]
S4 IntelIde; no ImagePath
U5 Tcpip6; E:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-05 12:21 - 2018-05-05 12:21 - 000012050 _____ E:\Documents and Settings\Bobby Boombatz\Desktop\FRST.txt
2018-05-05 12:20 - 2018-05-05 12:21 - 000000000 ____D E:\FRST
2018-05-05 12:11 - 2018-05-05 12:13 - 002066432 _____ (Farbar) E:\Documents and Settings\Bobby Boombatz\Desktop\FRST.exe
2018-05-01 01:41 - 2018-05-01 01:41 - 000001251 _____ E:\Documents and Settings\Bobby Boombatz\Desktop\rslts.txt
2018-04-30 23:49 - 2018-05-05 11:47 - 000041352 _____ (Malwarebytes) E:\WINDOWS\system32\Drivers\mbam.sys
2018-04-30 23:48 - 2018-04-30 23:48 - 000151160 _____ (Malwarebytes) E:\WINDOWS\system32\Drivers\mbamchameleon.sys
2018-04-30 23:47 - 2018-05-05 11:46 - 000220896 _____ (Malwarebytes) E:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2018-04-30 23:47 - 2018-04-30 23:47 - 000001720 _____ E:\Documents and Settings\All Users\Desktop\Malwarebytes.lnk
2018-04-30 23:47 - 2018-04-30 23:47 - 000000000 ____D E:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes
2018-04-30 23:47 - 2018-01-18 08:03 - 000058664 _____ E:\WINDOWS\system32\Drivers\mbae.sys
2018-04-30 23:46 - 2018-04-30 23:46 - 000000000 ____D E:\Program Files\Malwarebytes
2018-04-30 23:45 - 2018-04-30 23:45 - 000000000 ____D E:\Documents and Settings\All Users\Application Data\MB2Migration
2018-04-10 11:55 - 2018-04-10 11:55 - 000320728 _____ (AVAST Software) E:\WINDOWS\system32\aswBoot.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-05 12:21 - 2017-02-10 11:58 - 000000000 ____D E:\Documents and Settings\Bobby Boombatz\Local Settings\Temp
2018-05-05 12:17 - 2016-05-29 13:12 - 000000830 _____ E:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2018-05-05 11:56 - 2017-10-06 20:54 - 000000358 ____H E:\WINDOWS\Tasks\Avast Emergency Update.job
2018-05-05 11:52 - 2014-04-02 17:20 - 000000240 _____ E:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2018-05-05 11:52 - 2011-08-09 01:58 - 000000276 _____ E:\WINDOWS\Tasks\WGASetup.job
2018-05-05 11:45 - 2017-10-27 14:58 - 000000298 ____H E:\WINDOWS\Tasks\CCleaner Update.job
2018-05-05 11:45 - 2011-08-08 23:34 - 000000006 ____H E:\WINDOWS\Tasks\SA.DAT
2018-05-05 11:45 - 2001-08-23 05:00 - 000002206 _____ E:\WINDOWS\system32\wpa.dbl
2018-05-05 11:31 - 2011-08-09 01:17 - 000000178 ___SH E:\Documents and Settings\Bobby Boombatz\ntuser.ini
2018-05-05 11:31 - 2011-08-09 01:17 - 000000000 ____D E:\Documents and Settings\Bobby Boombatz
2018-05-05 11:31 - 2011-08-08 23:34 - 000032388 _____ E:\WINDOWS\SchedLgU.Txt
2018-05-05 10:48 - 2018-03-13 07:17 - 000000880 _____ E:\WINDOWS\Tasks\Adobe Flash Player NPAPI Notifier.job
2018-05-05 10:45 - 2011-08-08 23:22 - 000000000 ____D E:\WINDOWS\system32\Macromed
2018-05-04 18:00 - 2015-06-06 05:32 - 000000474 _____ E:\WINDOWS\Tasks\Baidu Antivirus Update.job
2018-05-01 06:13 - 2012-04-25 13:34 - 000000000 ____D E:\Program Files\Mozilla Maintenance Service
2018-04-30 23:46 - 2014-10-21 18:51 - 000000000 ____D E:\Program Files\Malwarebytes Anti-Malware
2018-04-30 23:46 - 2011-08-09 03:19 - 000000000 ____D E:\Documents and Settings\All Users\Application Data\Malwarebytes
2018-04-30 18:27 - 2017-12-28 19:07 - 000000000 ____D E:\Program Files\Mozilla Firefox
2018-04-28 12:55 - 2017-10-06 20:22 - 000000687 _____ E:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2018-04-18 00:09 - 2016-06-01 08:20 - 000000000 ____D E:\Documents and Settings\Bobby Boombatz\Desktop\Old Firefox Data
2018-04-12 11:56 - 2017-10-06 20:54 - 000124392 _____ (AVAST Software) E:\WINDOWS\system32\Drivers\aswMonFlt.sys
2018-04-10 11:57 - 2011-08-08 15:31 - 000000000 ___HD E:\WINDOWS\inf
2018-04-10 11:55 - 2018-01-05 03:39 - 000180984 _____ (AVAST Software) E:\WINDOWS\system32\Drivers\aswHdsKe.sys
2018-04-10 11:55 - 2017-11-15 16:47 - 000167040 _____ (AVAST Software) E:\WINDOWS\system32\Drivers\aswArPot.sys
2018-04-10 11:55 - 2017-10-06 20:54 - 000783600 _____ (AVAST Software) E:\WINDOWS\system32\Drivers\aswSnx.sys
2018-04-10 11:55 - 2017-10-06 20:54 - 000391856 _____ (AVAST Software) E:\WINDOWS\system32\Drivers\aswSP.sys
2018-04-10 11:55 - 2017-10-06 20:54 - 000310784 _____ (AVAST Software) E:\WINDOWS\system32\Drivers\aswVmm.sys
2018-04-10 11:55 - 2017-10-06 20:54 - 000205352 _____ (AVAST Software) E:\WINDOWS\system32\Drivers\aswStmXP.sys
2018-04-10 11:55 - 2017-10-06 20:54 - 000070816 _____ (AVAST Software) E:\WINDOWS\system32\Drivers\aswRvrt.sys
2018-04-10 11:55 - 2017-10-06 20:54 - 000070576 _____ (AVAST Software) E:\WINDOWS\system32\Drivers\aswRdr.sys
2018-04-10 11:55 - 2017-10-06 20:54 - 000042808 _____ (AVAST Software) E:\WINDOWS\system32\Drivers\aswHwid.sys
2018-04-10 07:18 - 2016-05-29 13:12 - 000804864 _____ (Adobe Systems Incorporated) E:\WINDOWS\system32\FlashPlayerApp.exe
2018-04-10 07:18 - 2016-05-29 13:12 - 000144896 _____ (Adobe Systems Incorporated) E:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2018-04-09 18:03 - 2018-04-03 16:34 - 000000379 _____ E:\Documents and Settings\Bobby Boombatz\Desktop\04_Apr_2018.txt
2018-04-08 15:02 - 2014-04-02 17:20 - 000000234 _____ E:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job

==================== Files in the root of some directories =======

2018-03-03 02:10 - 2018-03-03 02:10 - 000005632 _____ () E:\Documents and Settings\Bobby Boombatz\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-17 15:42 - 2015-05-17 15:42 - 000209700 _____ () E:\Documents and Settings\All Users\Application Data\1431901994.bdinstall.bin
2015-05-19 19:01 - 2015-05-19 19:01 - 000037462 _____ () E:\Documents and Settings\All Users\Application Data\1432087311.bdinstall.bin
2015-05-19 19:05 - 2015-05-19 19:05 - 000096424 _____ () E:\Documents and Settings\All Users\Application Data\1432087316.bdinstall.bin

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

E:\WINDOWS\explorer.exe => File is digitally signed
E:\WINDOWS\system32\winlogon.exe => File is digitally signed
E:\WINDOWS\system32\svchost.exe => File is digitally signed
E:\WINDOWS\system32\services.exe => File is digitally signed
E:\WINDOWS\system32\User32.dll => File is digitally signed
E:\WINDOWS\system32\userinit.exe => File is digitally signed
E:\WINDOWS\system32\rpcss.dll => File is digitally signed
E:\WINDOWS\system32\dnsapi.dll => File is digitally signed
E:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================


Reply ↓  Report •

#38
May 5, 2018 at 14:41:03
And here's the 2nd file:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23.04.2018
Ran by Bobby Boombatz (05-05-2018 12:23:11)
Running from E:\Documents and Settings\Bobby Boombatz\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2011-08-09 06:32:24)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1614895754-113007714-1060284298-500 - Administrator - Enabled)
Bobby Boombatz (S-1-5-21-1614895754-113007714-1060284298-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Bobby Boombatz
Guest (S-1-5-21-1614895754-113007714-1060284298-501 - Limited - Enabled)
Harmonicaman (S-1-5-21-1614895754-113007714-1060284298-1006 - Limited - Enabled) => %SystemDrive%\Documents and Settings\Harmonicaman
HelpAssistant (S-1-5-21-1614895754-113007714-1060284298-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1614895754-113007714-1060284298-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {D4AC7077-9720-47B0-8B38-DFAF3AA21DB6}
AV: Avast Antivirus (Enabled - Up to date) {7591db91-41f0-48a3-b128-1a293fd8233d}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1614895754-113007714-1060284298-1003\...\uTorrent) (Version: 3.4.2.32239 - BitTorrent Inc.)
ACDSee Classic (HKLM\...\ACDSee Classic) (Version: - )
Adobe Flash Player 29 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 29.0.0.140 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 18.3.2333 - AVAST Software)
Awesome Duplicate Photo Finder v. 1.0.1 (HKLM\...\Awesome Duplicate Photo Finder_is1) (Version: - Duplicate-Finder.com)
CCleaner (HKLM\...\CCleaner) (Version: 5.42 - Piriform)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
Image Uploader version 1.2.7 (HKLM\...\{24F211C6-2732-4564-B602-CDA2DE2A13FC}_is1) (Version: 1.2.7 - ZendeN)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
ISO Recorder (HKLM\...\{DFC6573E-124D-4026-BFA4-B433C9D3FF21}) (Version: 2.0.0 - Alex Feinman)
Java 8 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Malwarebytes version 3.4.4.2398 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.4.2398 - Malwarebytes)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 52.7.4 ESR (x86 en-US) (HKLM\...\Mozilla Firefox 52.7.4 ESR (x86 en-US)) (Version: 52.7.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.7.4.6691 - Mozilla)
OpenOffice.org 3.3 (HKLM\...\{3E171899-0175-47CC-84C4-562ACDD4C021}) (Version: 3.3.9567 - OpenOffice.org)
Platform (HKLM\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.24 - VIA Technologies, Inc.) Hidden
ProSavageDDR and Utilities (HKLM\...\P4M266) (Version: - )
Revo Uninstaller 1.94 (HKLM\...\Revo Uninstaller) (Version: 1.94 - VS Revo Group)
S3Display (HKLM\...\S3Display) (Version: - )
S3Gamma2 (HKLM\...\S3Gamma2) (Version: - )
S3Info2 (HKLM\...\S3Info2) (Version: - )
S3Overlay (HKLM\...\S3Overlay) (Version: - )
UltraSearch V1.7.1 (HKLM\...\UltraSearch_is1) (Version: 1.7.1 - JAM Software)
User Profile Hive Cleanup Service (HKLM\...\{7D15B945-2725-4443-AB3F-D900556612FE}) (Version: 1.6.36 - Microsoft Corporation)
VIA Platform Device Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.24 - VIA Technologies, Inc.)
VIA Rhine-Family Fast Ethernet Adapter (HKLM\...\VN_VUIns_Rhine_VIA) (Version: - )
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden
Winamp (HKLM\...\Winamp) (Version: 5.622 - Nullsoft, Inc)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format Runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
WizTree v1.07 (HKLM\...\WizTree_is1) (Version: - Antibody Software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => E:\Program Files\AVAST Software\Avast\ashShell.dll [2018-04-10] (AVAST Software)
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => -> No File
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => E:\Program Files\AVAST Software\Avast\ashShell.dll [2018-04-10] (AVAST Software)
ContextMenuHandlers1: [Baidu_Scan] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CB} => -> No File
ContextMenuHandlers2: [Baidu_Scan] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CB} => -> No File
ContextMenuHandlers2: [Record To CD] -> {34F4B935-17DC-4885-8BC9-CCD1ADF42F93} => E:\Program Files\Alex Feinman\ISO Recorder\ISORecorder.dll [2006-01-05] (Alex Feinman)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => E:\Program Files\AVAST Software\Avast\ashShell.dll [2018-04-10] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => E:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
ContextMenuHandlers4: [Fb2kShellExt] -> {511D48AF-9E45-4CB8-8F02-9C1BE4BC3CF8} => -> No File
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => E:\Program Files\AVAST Software\Avast\ashShell.dll [2018-04-10] (AVAST Software)
ContextMenuHandlers6: [Baidu_Scan] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CB} => -> No File
ContextMenuHandlers6: [Create ISO Image from directory] -> {34F4B935-17DC-4885-8BC9-CCD1ADF42F93} => E:\Program Files\Alex Feinman\ISO Recorder\ISORecorder.dll [2006-01-05] (Alex Feinman)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => E:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)

==================== Scheduled Tasks=============================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: E:\WINDOWS\Tasks\Adobe Flash Player NPAPI Notifier.job => E:\WINDOWS\system32\Macromed\Flash\FlashUtil32_29_0_0_140_Plugin.exe
Task: E:\WINDOWS\Tasks\Adobe Flash Player Updater.job => E:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: E:\WINDOWS\Tasks\Avast Emergency Update.job => E:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task: E:\WINDOWS\Tasks\Baidu Antivirus Update.job => E:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.148966.1\BavUpdater.exe
Task: E:\WINDOWS\Tasks\CCleaner Update.job => E:\Program Files\CCleaner\CCUpdate.exe
Task: E:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => E:\WINDOWS\system32\xp_eos.exe
Task: E:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => E:\WINDOWS\system32\xp_eos.exe
Task: E:\WINDOWS\Tasks\WGASetup.job => E:\WINDOWS\system32\KB905474\wgasetup.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-04-10 11:55 - 2018-04-10 11:55 - 000349912 _____ () E:\Program Files\AVAST Software\Avast\streamback_avast.dll
2018-04-10 11:55 - 2018-04-10 11:55 - 000295640 _____ () E:\Program Files\AVAST Software\Avast\streamback.dll
2018-04-10 11:55 - 2018-04-10 11:55 - 000282840 _____ () E:\Program Files\AVAST Software\Avast\tasks_core.dll
2018-04-10 11:55 - 2018-04-10 11:55 - 000763608 _____ () E:\Program Files\AVAST Software\Avast\ffl2.dll
2018-04-10 11:55 - 2018-04-10 11:55 - 000888536 _____ () E:\Program Files\AVAST Software\Avast\anen.dll
2018-04-10 11:55 - 2018-04-10 11:55 - 000172760 _____ () E:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-04-10 11:55 - 2018-04-10 11:55 - 000969944 _____ () E:\Program Files\AVAST Software\Avast\shepherdsync.dll
2018-04-10 11:55 - 2018-04-10 11:55 - 000501464 _____ () E:\Program Files\AVAST Software\Avast\gui_cache.dll
2018-05-05 11:49 - 2018-05-05 11:49 - 005854864 _____ () E:\Program Files\AVAST Software\Avast\defs\18050504\algo.dll
2018-04-30 23:47 - 2018-02-05 14:44 - 001935136 _____ () E:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-04-10 11:55 - 2018-04-10 11:55 - 000624856 _____ () e:\Program Files\AVAST Software\Avast\vaarclient.dll
2017-10-06 20:54 - 2017-10-06 20:54 - 048936448 _____ () E:\Program Files\AVAST Software\Avast\libcef.dll
2008-04-14 06:42 - 2013-01-01 23:49 - 001292288 _____ () E:\WINDOWS\system32\quartz.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\69617853.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\69617853.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1614895754-113007714-1060284298-1003\...\verizon.net -> hxxps://activate.verizon.net

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2001-08-23 05:00 - 2001-08-23 05:00 - 000000734 _____ E:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1614895754-113007714-1060284298-1003\Control Panel\Desktop\\Wallpaper -> E:\Documents and Settings\Bobby Boombatz\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 209.18.47.62 - 209.18.47.61
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: E:^Documents and Settings^Bobby Boombatz^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => E:\WINDOWS\pss\OpenOffice.org 3.3.lnkStartup
MSCONFIG\startupreg: Adobe ARM => "E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AudioDeck => E:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1
MSCONFIG\startupreg: ctfmon.exe => E:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: MSMSGS => "E:\Program Files\Messenger\msmsgs.exe" /background
MSCONFIG\startupreg: SunJavaUpdateSched => "E:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: uTorrent => "E:\Documents and Settings\Bobby Boombatz\Application Data\uTorrent\uTorrent.exe"
MSCONFIG\startupreg: WinampAgent => "E:\Program Files\Winamp\winampa.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [E:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe] => Enabled:True Vector
StandardProfile\AuthorizedApplications: [E:\Documents and Settings\Bobby Boombatz\Application Data\uTorrent\uTorrent.exe] => Enabled:µTorrent
StandardProfile\AuthorizedApplications: [E:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe] => Enabled:True Vector
StandardProfile\AuthorizedApplications: [E:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (E:\Program Files\Mozilla Firefox)
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/30/2018 11:49:57 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (04/30/2018 11:49:52 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (04/17/2018 05:06:16 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (04/17/2018 05:06:11 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (04/17/2018 11:13:24 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (04/17/2018 08:48:35 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (04/17/2018 08:48:35 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (04/17/2018 08:48:34 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


System errors:
=============
Error: (05/01/2018 07:34:21 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The aswbIDSAgent service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (05/01/2018 07:34:21 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the aswbIDSAgent service to connect.

Error: (05/01/2018 06:18:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The aswbIDSAgent service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (05/01/2018 06:18:00 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the aswbIDSAgent service to connect.


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) 4 CPU 1.80GHz
Percentage of memory in use: 57%
Total physical RAM: 2015.48 MB
Available physical RAM: 852.55 MB
Total Virtual: 1865.65 MB
Available Virtual: 949.64 MB

==================== Drives ================================

Drive c: (W2000) (Fixed) (Total:19.52 GB) (Free:9.46 GB) FAT32 ==>[drive with boot components (Windows XP)]
Drive d: (Barracuda) (Fixed) (Total:148.44 GB) (Free:69.89 GB) NTFS
Drive e: (WinXP) (Fixed) (Total:19.53 GB) (Free:7.64 GB) NTFS
Drive f: (Space, The Final Frontier) (Fixed) (Total:18.19 GB) (Free:18.11 GB) NTFS


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 57.3 GB) (Disk ID: 403E1F61)
Partition 1: (Active) - (Size=19.5 GB) - (Type=0C)
Partition 2: (Not Active) - (Size=37.7 GB) - (Type=0F Extended)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 149.1 GB) (Disk ID: 13A0139F)
Partition 1: (Not Active) - (Size=148.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


Reply ↓  Report •

#39
May 5, 2018 at 14:53:27
"Well,,now I'm curious. I'll try it in this post. Here goes:"
All complete, change of policy, thanks.

I'll be back in about 10 mins with your next step, if you want to hang around.


Reply ↓  Report •

#40
May 5, 2018 at 15:01:23
I'll be here off and on for the next hour or so.

Reply ↓  Report •

#41
May 5, 2018 at 15:09:33
Extract from your log, Min is usually Ok.
"ATTENTION: System Restore is disabled"


Reply ↓  Report •

#42
May 5, 2018 at 15:10:48
Copy & Paste the text in Blue below & save it into Notepad on your Desktop & name it fixlist.txt
NOTE: It is important that Notepad is used. The fix will not work if Word or some other program is used.
NOTE: It is important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

CreateRestorePoint:
emptytemp:
closeprocesses:
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => -> No File
ContextMenuHandlers1: [Baidu_Scan] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CB} => -> No File
ContextMenuHandlers2: [Baidu_Scan] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CB} => -> No File
ContextMenuHandlers4: [Fb2kShellExt] -> {511D48AF-9E45-4CB8-8F02-9C1BE4BC3CF8} => -> No File
ContextMenuHandlers6: [Baidu_Scan] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CB} => -> No File
GroupPolicy: Restriction ? <==== ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
FF Plugin: @videolan.org/vlc,version=2.0.8 -> E:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin: @videolan.org/vlc,version=2.1.2 -> E:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin: @videolan.org/vlc,version=2.1.3 -> E:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - E:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
S3 WmdmPmSN; C:\WINDOWS\system32\mspmsnsv.dll [X]
R1 ESProtectionDriver; E:\WINDOWS\system32\drivers\mbae.sys [58664 2018-01-18] ()
S3 69617853; system32\drivers\26924203.sys [X]
S3 catchme; \??\E:\DOCUME~1\BOBBYB~1\LOCALS~1\Temp\catchme.sys [X]
S4 IntelIde; no ImagePath

Open FRST and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that, let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please Copy & Paste the contents into your reply.
Refer these SS if needed.
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...


Reply ↓  Report •

#43
May 5, 2018 at 15:14:07
"Min is usually Ok."

Do not understand.

Are you saying that there is an adjustment somewhere to set "System Restore" at a "minimum" level, instead of "disabled"?

Sorry, I posted this before noticing your follow-up. Let me pay attention to that now.

message edited by WinXP_straggler


Reply ↓  Report •

#44
May 5, 2018 at 15:20:38
"Are you saying that there is an adjustment somewhere to set "System Restore" at a "minimum" level, instead of "disabled"?"
Yes, when you get there, you will see.

Reply ↓  Report •

#45
May 5, 2018 at 15:23:17
One question:

Earlier, you mentioned that if we had to use FRST more than once, I should pay attention to that box, the one that says "Additional" or something similar.

I am not clear on whether that box needs to be checked, or unchecked at this point.

It seems to be checked by default.

message edited by WinXP_straggler


Reply ↓  Report •

#46
May 5, 2018 at 15:27:23
Naturally, you only need system restore enabled on the drive your operating system is on.

Windows XP System Restore Guide
https://www.bleepingcomputer.com/tu...


Reply ↓  Report •

#47
May 5, 2018 at 15:32:19
"Earlier, you mentioned that if we had to use FRST more than once, I should pay attention to that box, the one that says "Additional" or something similar."
We are not doing that this time, try the next step as per my post.

Make sure you have System Restore enabled first.


Reply ↓  Report •

#48
May 5, 2018 at 15:34:16
Again, per your directive in #33,

"If we have to run Farbar more than once, refer this SS.
http://i.imgur.com/yUxNw0j.gif "

Does the "Addition" box need to be checked or unchecked when running the "fix"?

Oops, sorry, we were both posting,,

message edited by WinXP_straggler


Reply ↓  Report •

#49
May 5, 2018 at 15:46:55
Okay, I set System Restore for XP, let it choose the default of "12%". Says it is "monitoring".


Reply ↓  Report •

#50
May 5, 2018 at 16:37:45
Just waiting for your clarification on that checkbox on "Addition.txt" before I run the fix.

Reply ↓  Report •

#51
May 5, 2018 at 16:45:34
"Just waiting for your clarification on that checkbox on "Addition.txt" before I run the fix"
We are not running FRST again ( which produces the 2 logs FRST & addition )

If you have got the text file fixlist on your Desktop, you now click > Fix.


Reply ↓  Report •

#52
May 5, 2018 at 16:50:27
Where, then, is this "fix" that you speak of, if we are "not running FRST again"?

Is not the exe file I double click to begin the process of "fixing" called "FRST.exe"?

If not, where then, is this "fix" that I "click"?

And if it IS, indeed, within the confines of FRST.exe, then what do I, again, do with the box entitled "Addition.txt". It's not clear to me by the graphic whether the box needs to be checked or unchecked.

Did you mean "We are not running SCAN again"?

Are you saying that if we choose to "fix", that whether or not the "Addition.txt" box is checked is moot?

message edited by WinXP_straggler


Reply ↓  Report •

#53
May 5, 2018 at 16:55:02
✔ Best Answer
There is only 1 Fix, click it.

Reply ↓  Report •

#54
May 5, 2018 at 17:04:18
"There is only 1 Fix, click it."

I'll do that, according to my present understanding, which is (since the "fixlist" file is on the desktop) to simply open up the FRST dialogue by double-clicking the FRST.exe icon, and then, simply ignoring whether or not the "Addition.txt" box is checked, click on the "Fix" button.

You do realize that this is contrary to the directive you gave in #33, when you said that each time we use FRST, after the initial time, we must "Check/Tick" the "Addition.txt" box. It's just not clear to me whether that meant to click it to check it, or click it to UNcheck it, as the picture shows it blank, unchecked. By default that box is checked, and I was assuming that it might need to be unchecked, though I was not clear.

But here goes. I'll ignore the "Addition.txt" box and click "Fix"


Reply ↓  Report •

#55
May 5, 2018 at 17:18:39
Fix result of Farbar Recovery Scan Tool (x86) Version: 23.04.2018
Ran by Bobby Boombatz (05-05-2018 17:05:10) Run:1
Running from E:\Documents and Settings\Bobby Boombatz\Desktop
Loaded Profiles: Bobby Boombatz (Available Profiles: Bobby Boombatz & Harmonicaman)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
emptytemp:
closeprocesses:
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => -> No File
ContextMenuHandlers1: [Baidu_Scan] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CB} => -> No File
ContextMenuHandlers2: [Baidu_Scan] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CB} => -> No File
ContextMenuHandlers4: [Fb2kShellExt] -> {511D48AF-9E45-4CB8-8F02-9C1BE4BC3CF8} => -> No File
ContextMenuHandlers6: [Baidu_Scan] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CB} => -> No File
GroupPolicy: Restriction ? <==== ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
FF Plugin: @videolan.org/vlc,version=2.0.8 -> E:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin: @videolan.org/vlc,version=2.1.2 -> E:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin: @videolan.org/vlc,version=2.1.3 -> E:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - E:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
S3 WmdmPmSN; C:\WINDOWS\system32\mspmsnsv.dll [X]
R1 ESProtectionDriver; E:\WINDOWS\system32\drivers\mbae.sys [58664 2018-01-18] ()
S3 69617853; system32\drivers\26924203.sys [X]
S3 catchme; \??\E:\DOCUME~1\BOBBYB~1\LOCALS~1\Temp\catchme.sys [X]
S4 IntelIde; no ImagePath
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\BaiduAntivirusIconLock" => removed successfully.
HKLM\Software\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => not found
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\Baidu_Scan" => removed successfully.
HKLM\Software\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CB} => not found
"HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\Baidu_Scan" => removed successfully.
HKLM\Software\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CB} => not found
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Fb2kShellExt" => removed successfully.
HKLM\Software\Classes\CLSID\{511D48AF-9E45-4CB8-8F02-9C1BE4BC3CF8} => not found
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Baidu_Scan" => removed successfully.
HKLM\Software\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CB} => not found
E:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
E:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8" => removed successfully.
"HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2" => removed successfully.
"HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3" => removed successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => removed successfully.
"HKLM\System\CurrentControlSet\Services\WmdmPmSN" => removed successfully.
WmdmPmSN => service removed successfully.
ESProtectionDriver => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\ESProtectionDriver => could not remove, key could be protected
"HKLM\System\CurrentControlSet\Services\69617853" => removed successfully.
69617853 => service removed successfully.
"HKLM\System\CurrentControlSet\Services\catchme" => removed successfully.
catchme => service removed successfully.
"HKLM\System\CurrentControlSet\Services\IntelIde" => removed successfully.
IntelIde => service removed successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache => 74857 B
Java, Flash, Steam htmlcache => 633266 B
Windows/system/dllcache/drivers => 322850 B
Edge => 0 B
Chrome => 152846 B
Firefox => 59117459 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Documents and Settings => 0 B
Default User => 66164 B
All Users => 0 B
systemprofile => 51253684 B
LocalService => 116872 B
NetworkService => 2045836 B
Bobby Boombatz => 7192803 B
Harmonicaman => 164740 B

RecycleBin => 0 B
EmptyTemp: => 115.5 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 05-05-2018 17:11:43)


Result of scheduled keys to remove after reboot:

HKLM\System\CurrentControlSet\Services\ESProtectionDriver => could not remove, key could be protected

==== End of Fixlog 17:11:45 ====


Reply ↓  Report •

#56
May 5, 2018 at 17:25:16
Ok, testing time, lets see if you still have slowness.

If still slow, disable Avast & test, I see in the error logs, it is having a problem.


Reply ↓  Report •

#57
May 5, 2018 at 17:25:36
Don't know if this is pertinent, but during reboot, Malwarebytes prompted me (which it has been for days) to download an updated version, which I at first okayed, and then, when it got to the language selection, I cancelled, figuring I could do this later if desired, and I didn't want anything to interfere with the "fix" process.


Reply ↓  Report •

#58
May 5, 2018 at 17:27:44
I used to like Avast. Now, not so much. Lots of prompts to add this or that gimmick, be "safer". Scareware.

I'll play around with it, disable it, etc. See what happens.

I know it takes forever to load, when booting. It's the last icon to show up on the right end of the taskbar.

message edited by WinXP_straggler


Reply ↓  Report •

#59
May 5, 2018 at 17:38:00
Whew, I decided to keep it short in the replies until you ran Fix.

"And if it IS, indeed, within the confines of FRST.exe, then what do I, again, do with the box entitled "Addition.txt". It's not clear to me by the graphic whether the box needs to be checked or unchecked."
I thought this SS covered it. Scan only.
http://i.imgur.com/yUxNw0j.gif

"as the picture shows it blank, unchecked. By default that box is checked"
At the time of my SS, the program default was unchecked.

"Are you saying that if we choose to "fix", that whether or not the "Addition.txt" box is checked is moot?"
Correct, because we are not doing a Scan.

"Did you mean "We are not running SCAN again"?"
Correct, that is when the 2 logs are required.

"You do realize that this is contrary to the directive you gave in #33, when you said that each time we use FRST, after the initial time, we must "Check/Tick" the "Addition.txt" box"
Only for a Scan, I have used that wording hundreds of times, but I will review it to see if I can make it clearer.
http://i.imgur.com/yUxNw0j.gif


Reply ↓  Report •

#60
May 5, 2018 at 17:48:46
I do see that the "Addition.txt" checkbox is located in an area entitled "scans", so that would seem to indicate that it only pertained to "scans". I just didn't know whether "Fix" was entirely independent of "Scan". Now I know, and it is fully understandable.

Thanks for your help.

Now, I'm wondering whether this Malwarebytes update prompt is a trick or not. I can't determine yet whether it's trying to get me to "upgrade" to the pay model, or simply a newer version of the free. I'm back at the "English" prompt again. This time I'll go for it and find out if it's the "Premium" or the "Slim".


Reply ↓  Report •

#61
May 5, 2018 at 17:49:37
"I didn't want anything to interfere with the "fix" process"
Good thinking.

"I used to like Avast"
If you decide to remove, make sure you use their uninstaller.

Avast Clear (formerly AVAST Software Uninstall Utility)
http://avast-removal-tool.com/
http://www.avast.com/uninstall-utility
http://www.bleepingcomputer.com/dow...
http://www.softpedia.com/get/Tweak/...


Reply ↓  Report •

#62
May 5, 2018 at 17:53:13
"trying to get me to "upgrade" to the pay model"
After the Free trial, I choose this.
http://fs5.directupload.net/images/...
You then get this screen.
http://fs5.directupload.net/images/...
Or,
Deactivate Malwarebytes for Windows Premium Trial
https://support.malwarebytes.com/do...

Reply ↓  Report •

#63
May 5, 2018 at 17:56:52
Things seem to be running smoothly, except for the aforementioned Malwarebytes update fiasco, which literally froze up the computer while I was trying to post here and install at the same time. I eventually gave up, just one step after the language prompt, when it said that it was removing "all legacy products" during the install. I thought that sounded ominous, like it's installing a completely different program, which didn't sound right, unless Malwarebytes has gone through some revolutionary changes of some kind.

Yes, I think I will change my dependency on Avast, and try something less consistently intrusive.Thanks for the heads-up on their uninstaller.


Reply ↓  Report •

#64
May 5, 2018 at 17:58:37
I'm gonna grab a burger

Reply ↓  Report •

#65
May 5, 2018 at 18:19:37
Not burger time for me, I'm here.
https://www.timeanddate.com/worldcl...

"try something less consistently intrusive"
That is why I use this in conjunction with Malwarebytes on all XP comps I fix & my own.

Baidu Antivirus
http://www.softpedia.com/get/Antivi...
http://antivirus.baidu.com/en/

Also, this may sort out your slow boot, once again I use it on all comps.

Baidu PC Faster
http://www.softpedia.com/get/Securi...
http://www.freewarefiles.com/Baidu-...
http://www.freewarefiles.com/screen...
http://www.pcfaster.com/en/

You will get much faster browser response, if you use an adblocker.

uBlock Origin for Firefox
http://www.softpedia.com/get/Intern...
https://addons.mozilla.org/en-US/fi...

Adblock Plus for IE (formerly Simple Adblock)
http://www.softpedia.com/get/Intern...
https://adblockplus.org/en/internet...
Installing
http://i.imgur.com/U9grvpT.gif
http://i.imgur.com/0Myhnkl.gif
http://i.imgur.com/I0gWFuM.gif


Reply ↓  Report •

#66
May 6, 2018 at 00:06:25
Say, that's really something, you and I being able to talk over the internet, when YOUR electrons are all rotating upside down...

Reply ↓  Report •

#67
May 6, 2018 at 06:22:40
They have a special reverser App in Oz,

Always pop back and let us know the outcome - thanks


Reply ↓  Report •

#68
May 6, 2018 at 12:23:12
Rumour has it too that they have specially adapted feet which prevent them all from falling off the earth and thus into the sky. Bit like the way flies and assorted wee buggy thingies have..

Reply ↓  Report •

#69
May 6, 2018 at 12:43:29
Don't believe #68, we all know the earth is flat.

Always pop back and let us know the outcome - thanks


Reply ↓  Report •

#70
May 6, 2018 at 13:00:10
Nah... it’s actually square. Michael Bentine (a fully qualified scientific mind) told us that in the 60s...

Reply ↓  Report •

#71
May 6, 2018 at 14:43:17
Well now I don't what to say, except, ain't the world a wonderful place & for those of us that live in a peaceful part of the world, even more so.

Reply ↓  Report •

#72
May 6, 2018 at 14:50:29
Some extra for you WinXP_straggler .

Make sure ALL your Regional and Language Options settings are Ok. They will be something similar to this, the main point being, you should have at least 3 places to make sure you have your country displayed.

How do I change the system locale so I can use my language of choice?
http://www.howtogeek.com/howto/1551...
How to fix problems with language settings in all versions of Windows
http://home.bt.com/tech-gadgets/com...
http://windows.microsoft.com/en-gb/...
http://moosenose.com/Enabling%20Int...
http://java.com/en/download/help/lo...
http://www.lipikaar.com/unicode-and...

Screen 4: 2 instances of Australia or whatever your area is.

Screen 5: 2 instances of Australia or whatever your area is.

Scroll down to > Changing Language for non-Unicode Programs
Advanced > 2 instances of Australia or whatever your area is ( may only have 1 available )

==========================================================

If you are not using File & Printer sharing, disable it.
How to Disable File and Printer Sharing in Windows XP
http://www.nnex.net/tech/winxp/file...

==========================================================

Extract from your log, if uTorrent is still being used, make sure uploading is turned off.
"µTorrent (HKU\S-1-5-21-1614895754-113007714-1060284298-1003\...\uTorrent) (Version: 3.4.2.32239 - BitTorrent Inc.)"

message edited by Johnw


Reply ↓  Report •

#73
May 6, 2018 at 19:23:44
Thanks for all your help, JohnW, Derek, etc.

I'll stay in touch.


Reply ↓  Report •

#74
May 17, 2018 at 23:14:48
Okay, I'm not sure whether to post this here or start a new one. I'm having trouble getting into safe mode in XP. It seems as if the keyboard isn't responding to "F8", or even "Del", during the boot process, so without being able to boot into safe mode, I can't follow Johnw's suggestion to install and use the Avast Uninstall Utility, per #61 in this thread

It's a logitech k120 kb.

I've tried shutting down, unplugging the kb from the USB2 card and using the adapter to plug it into the ps2 socket, with no luck. When I tried that, I couldn't even type letters in notepad, so I shut down again and moved it back to the USB card.

At least now I can type.

I just don't know why it won't recognize the F8 or Del keys while booting.

Plus, while trying to follow instructions, I dl'd the Baidu install file, and began to install it, when I realized that I hadn't yet uninstalled Avast, so I cancelled the process of installation (Baidu).

Then, I had the failure trying to boot into safe mode.

Finally, after trying a few different ways to plug in the keyboard, (usb, ps2), I gave up and just decided to run the problem by you guys.

And puzzlingly, Baidu is seemingly working, though I had cancelled the install, I thought. I wonder if I ought to re-install Baidu after I'm done.

One last thing,,

It froze once or twice during this whole process, while shutting down, and I had to do a "hard" shut down with the power button.

message edited by WinXP_straggler


Reply ↓  Report •

#75
May 18, 2018 at 00:18:49
Lets not try too much at once.

Step 1: Uninstall Baidu either in Normal or Safe mode.
Use this tool.
Geek Uninstaller
http://www.softpedia.com/get/Tweak/...
http://www.freewarefiles.com/GeekUn...
http://www.freewarefiles.com/screen...
http://www.geekuninstaller.com/
Just Double click on the program you want to uninstall. If it opens a web page, close it & then wait for it to present the 2nd step.

Step2: Uninstall Avast either in Normal or Safe mode.

How to reboot into Safe Mode at a command prompt, scroll down to > Step 5: Windows XP
https://community.spiceworks.com/ho...


Reply ↓  Report •

#76
May 18, 2018 at 12:34:34
I fully agree with "not trying too much at once", since I'm not, at present time, proficient in these things.

For instance, this XP computer, built partly by me, but at least mostly configured by one of my sons, depending on which one was available at the time.

It has two "accounts" (identities?) to boot into, one is named "bobbyboombatz", and the other, "harmonicaman". I'm always using "bobbyboombatz", and have been for years. I think "bobby.." is the administrative account, if I'm not mistaken, but how would I know? I forget whether I set up the other account ("harmonicaman") as an administrative account, for security purposes, or not. I think this one ("bobby..") is "administrative", since I always download and install new programs to it without difficulty. According to my present understanding, you can't install without admin privileges, right?

So, I need, firstly, to identify whether or not "bobby.." has admin privileges.

Then, I'm not sure what the following means, from the "How to reboot into Safe Mode at a command prompt" site you offered:

Open Notepad; as an administrative user, and then open c:\boot.ini in Notepad

NOTE: You might need to unhide protected operating system files in Explorer > Folder Options to see boot.ini

But since you mentioned uninstalling Baidu first, I'm going to focus on that, initially.

Since I can't get into safe mode without understanding the previous stuff, I'll try uninstalling Baidu without it.

message edited by WinXP_straggler


Reply ↓  Report •

#77
May 18, 2018 at 12:56:49
Okay, first speed bump:

The DL sites for getting the uninstall tool for Baidu offer it in 2 versions; one is for "zip", and the other is for "7Z".

Peering through my program files, I do not presently see either of these unzippers. Since I'm going to have to DL one or the other, which one would you suggest?

(fyi, I've unhidden the system files in Explorer)

message edited by WinXP_straggler


Reply ↓  Report •

#78
May 18, 2018 at 14:20:22
Just DL'd the install file for 7-zip. Installing

Reply ↓  Report •

#79
May 18, 2018 at 14:33:08
Baidu uninstalled.

Now I'll try uninstalling Avast, using the same program.(geek.exe)


Reply ↓  Report •

#80
May 18, 2018 at 14:49:01
Remembered Johnw suggesting to use AvastClr to uninstall Avast, so instead of "geek.exe", I double-clicked on the AvastClr icon (located on the desktop), and it went through some stages, and then sent me the following message:

"E:\WINDOWS\Temp\avastclear.exe

Windows cannot find 'E:\WINDOWS\Temp\avastclear.exe'. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search.

[OK] "

Shall I try using the "geek" uninstaller?

message edited by WinXP_straggler


Reply ↓  Report •

#81
May 18, 2018 at 14:56:57
I understand that it's only 5:55AM "in the upside-down" (Perth), so I'm not expecting Johnw until a bit later today, so I'll check back periodically.

And thanks, by the way, for all your help.


Reply ↓  Report •

#82
May 18, 2018 at 15:22:26
Okay, what's happening now is that I've tried uninstalling Avast by way of avastclear.exe, from the desktop. It warns me that I should try it in safe mode, and offers to do just that, so I click on "OK" for it to boot into safe mode.

However, it doesn't boot into safe mode, but just restarts, back to the desktop, and sends me the previously mentioned message (#80).

So now I'll try uninstalling with Avastclear without going into safe mode, since it doesn't seem to want to do that.

message edited by WinXP_straggler


Reply ↓  Report •

#83
May 18, 2018 at 15:44:14
So, I just ran Avastclear in normal mode, and it seems to have worked to uninstall Avast. While uninstalling, this message popped up from the taskbar on the right end:

"Your computer might be at risk. Baidu Antivirus is turned off

Click this balloon to fix this problem."

I know I just ran the "geek.exe" uninstaller in order to uninstall Baidu, so why am I still getting this message?

Then, Avast, in the last throes of uninstalling, sends me another message:

"Baidu, an incompatible antivirus program....."

and suggests I remove it. I thought I did that.

Anyway, it appears that both were uninstalled. But due to these msgs, I really don't know. I no longer see any icons relating to either of these programs.

I just checked "add/remove programs" in the control panel and no longer see any references to either Avast or Baidu.


Reply ↓  Report •

#84
May 18, 2018 at 16:04:06
I'm awake, just going through everything, back ASAP..

Reply ↓  Report •

#85
May 18, 2018 at 16:15:57
"Your computer might be at risk. Baidu Antivirus is turned off
Click this balloon to fix this problem."
Maybe you exited Geek too soon.
"If it opens a web page, close it & then wait for it to present the 2nd step"

Next steps.

Run both of these, in this order.
Run Wise Disk Cleaner ( Run the 1st three tabs, left to right. I use default settings, leave boxes that are unchecked, unchecked ) Reboot when finished.
http://www.softpedia.com/get/System...
http://www.freewarefiles.com/Wise-D...
http://www.freewarefiles.com/screen...
http://www.wisecleaner.com/download...
http://i.imgur.com/Jecnfvb.gif
http://i.imgur.com/0xHwdom.gif
http://fs5.directupload.net/images/...
https://i.imgur.com/q8GRvVw.gif
https://i.imgur.com/2teVsjI.gif
https://i.imgur.com/ad7SEKM.gif

Run Wise Registry Cleaner ( Only use Registry Cleaner & with default settings. Don't use System Tuneup, that is for Experts, you really have to know what you are doing ) Reboot when finished.
http://www.softpedia.com/get/Tweak/...
http://www.freewarefiles.com/Wise-R...
http://www.freewarefiles.com/screen...
http://www.wisecleaner.com/wiseregi...
http://i.imgur.com/Qy7HWcA.gif
http://fs1.directupload.net/images/...
http://fs1.directupload.net/images/...
http://fs1.directupload.net/images/...


Reply ↓  Report •

#86
May 18, 2018 at 16:28:02
Okay, dl'ing "Wise Disk Cleaner"

(By the way, when downloading, I typically download straight to the "Downloads" folder, which is inside "My Documents". Also typically, I run the installation files straight from the DL folder, unless directed to do so from the desktop. My question is, WHEN is it necessary to activate things from the desktop instead of the download folder? (for instance, "Farbar"))

message edited by WinXP_straggler


Reply ↓  Report •

#87
May 18, 2018 at 16:39:33
Finished with WDC, going on to WRC

Reply ↓  Report •

#88
May 18, 2018 at 16:43:19
WRC is asking, do I wish to create a system restore point, or do a full registry backup?

Reply ↓  Report •

#89
May 18, 2018 at 16:46:58
Lots of programs do that, safety first, do it.

Reply ↓  Report •

#90
May 18, 2018 at 16:48:13
"Do" what? (Not sure what you're referring to)

It's asking for a choice, either a system restore point, OR a full registry backup

message edited by WinXP_straggler


Reply ↓  Report •

#91
May 18, 2018 at 16:50:08
"My question is, WHEN is it necessary to activate things from the desktop instead of the download folder? (for instance, "Farbar"))"
Only when the author of the program requests that it be done that way.

Reply ↓  Report •

#92
May 18, 2018 at 16:51:03
Got it, now, about the "choice"?

Reply ↓  Report •

#93
May 18, 2018 at 16:52:35
"It's asking for a choice, either a system restore point, OR a full registry backup"
Now you have lost me, let me run the cleaner.

Reply ↓  Report •

#94
May 18, 2018 at 16:55:14
No message like that, screenshots please so I can see what you are doing.

Reply ↓  Report •

#95
May 18, 2018 at 17:00:04
Okay. I just ran the WRC, and it shot me a query,

I made a jpg screenshot of it, but forget how to get it here.


Reply ↓  Report •

#96
May 18, 2018 at 17:02:15
File Convoy
http://www.fileconvoy.com/index.php ( no time delays/Captcha-I'm not a Robot/account/registration needed )

Reply ↓  Report •

#97
Reply ↓  Report •

#98
May 18, 2018 at 17:08:47
Ok, I remember that screen now, you get for a first time user, just click on the first one, System Restore.

Reply ↓  Report •

#99
May 18, 2018 at 17:10:14
Okay, now "Deep" scan or "Fast" scan?

Sorry, I see that you answered this question in your links

message edited by WinXP_straggler


Reply ↓  Report •

#100
May 18, 2018 at 17:12:14
Refer my SS ( screenshots )

Reply ↓  Report •

#101
May 18, 2018 at 17:13:06
Yes, I just noticed that, sorry.

Here goes.


Reply ↓  Report •

#102
May 18, 2018 at 17:19:41
Okay, did the fast scan, then "clean", and back to the main page, then did the "deep scan.

Now, should I finish it with "clean", and "back to the main page", just like with the "fast" scan? (I realize that this sounds quite juvenile. I'm guessing "yes", but I just don't want to mess things up.)


Reply ↓  Report •

#103
May 18, 2018 at 17:23:08
"Now, should I finish it with "clean""
Once you have done clean in the deep scan, you are done, close the program.

"you can't install without admin privileges, right?"
That's normal, but sometimes you may have to right click on the file & select > Run as Administrator. Try it, so you get familiar.

Next step, reinstall Baidu.

After reinstalling.

Run SlimDrivers, don't install anything, just upload the screeenshots of everything it finds, via File Convoy.
http://www.softpedia.com/get/System...
http://i.imgur.com/iXZx7kX.gif
File Convoy ( no time delays/Captcha-I'm not a Robot/account/registration needed) Give us the links please.
http://www.fileconvoy.com/index.php

message edited by Johnw


Reply ↓  Report •

#104
May 18, 2018 at 17:26:09
Opp's I mean't Deep.

Reply ↓  Report •

#105
May 18, 2018 at 17:29:30
"Now, should I finish it with "clean""
Once you have done clean in the fast scan, you are done, close the program.

You do realize that's contrary to the last link you sent in #85?

Just making sure. Per your link, I already ran the "deep" scan, and got this result:

http://www.fileconvoy.com/dfl.php?i...

So, DON'T click on "clean", right?


Reply ↓  Report •

#106
May 18, 2018 at 17:33:33
Okay, I just saw #104, tks


On to re-installing Baidu

message edited by WinXP_straggler


Reply ↓  Report •

#107
May 18, 2018 at 17:53:37
Baidu installed.

Here are the links from the slimdrivers scan:

http://www.fileconvoy.com/dfl.php?i...

message edited by WinXP_straggler


Reply ↓  Report •

#108
May 18, 2018 at 18:05:39
Ok, install all those drivers, do one at a time, start at the top & reboot if requested after each install.

Reply ↓  Report •

#109
May 18, 2018 at 18:09:31
Okay, working on it.

Reply ↓  Report •

#110
May 18, 2018 at 18:11:53
If requested, should I "create a restore", for each instance?

Reply ↓  Report •

#111
May 18, 2018 at 18:13:53
Do it once, that will be enough.

Reply ↓  Report •

#112
May 18, 2018 at 19:11:02
Okay, so, on the 3rd download in SlimDrivers, and it seems the DL is "stuck", been like this for a good amount of time, maybe 20 minutes or more.

Here's the SS:

http://www.fileconvoy.com/dfl.php?i...

The greenies have stopped moving to the right, in the dl progress bar, though I still see movement on the SlimDrivers activity bar. Is it stuck? Should I cancel and restart this particular update, or just cancel and go to the next one? Or??

WWJD?

(What would Johnw do? lol)

message edited by WinXP_straggler


Reply ↓  Report •

#113
May 18, 2018 at 19:21:03
Give it another 5mins & then Cancel, do whatever the screen says to do next, if no message, reboot & continue with SlimDrivers

Reply ↓  Report •

#114
May 18, 2018 at 19:23:32
By "continue with SlimDrivers", do you mean try this update again, if it shows up after the cancel/reboot, or just go on to the next update after it?

Reply ↓  Report •

#115
May 18, 2018 at 19:24:25
With your screenshots, change your Save As default to gif, it is a fraction of the size.

Reply ↓  Report •

#116
May 18, 2018 at 19:27:57
"By "continue with SlimDrivers", do you mean try this update again, if it shows up after the cancel/reboot, or just go on to the next update after it?"
If you do a reboot, I have no idea what will be offered, it may decide not to offer it again.

Reply ↓  Report •

#117
May 18, 2018 at 19:31:27
Got it, gif.

Clicked "cancel" on the frozen dl, nothing changes. The "Please wait,,,Downloading" bar ("installing NEC PCI to USB Open Host Controller...) is still moving, but the "3Com..." download is stopped in the middle.

After clicking "cancel", I get an "hourglass" for a few minutes, and then nothing, just same same as the SS.

I guess I'll just reboot, let Windows figure it out.

message edited by WinXP_straggler


Reply ↓  Report •

#118
May 18, 2018 at 19:38:21
"I guess I'll just reboot, let Windows figure it out'
Or stop it in Task Manager.

Reply ↓  Report •

#119
May 18, 2018 at 19:46:55
So, here are the last 2 SS I made:

http://www.fileconvoy.com/dfl.php?i...

Can't seem to get it to "cancel", and "restart" isn't happening, though I still have mouse movement. I definitely will have to use TaskMgr.

It's probably "setup.exe", right?


Reply ↓  Report •

#120
May 18, 2018 at 19:54:16
Okay, stopped "setup.exe" in taskmgr and the dialogue box went away, so now I'm restarting

Reply ↓  Report •

#121
May 18, 2018 at 20:53:03
Reboot ended without SlimDrivers restarting, so I double-clicked the SlimDrivers shortcut on the desktop and scanned again, this time it came up with 4 more files to update.

First one froze again. Here's the two related SS:

http://www.fileconvoy.com/dfl.php?i...

restart again?

taskmgr SS:

http://www.fileconvoy.com/dfl.php?i...


Reply ↓  Report •

#122
May 18, 2018 at 21:00:05
Yep, restart & just work your way down from the top.
Restart for any failures.

message edited by Johnw


Reply ↓  Report •

#123
May 18, 2018 at 21:20:00
Okay, finally SlimDrivers says all "stable" updates are concluded

Reply ↓  Report •

#124
May 18, 2018 at 21:22:44
Beautiful.

Next step.

Download the latest version of Farbar & run. Don't forget to make sure Addition is checked.

Copy & Paste the contents of the 2 logs in your reply.


Reply ↓  Report •

#125
May 18, 2018 at 21:44:41
Here are the files from Farbar:

http://www.fileconvoy.com/dfl.php?i...


Reply ↓  Report •

#126
May 18, 2018 at 21:49:37
Got them, testing time or bedtime for you ( I don't know where you are ) I will be quite a while digesting them, let me know if you have any computer issues now.

Reply ↓  Report •

#127
May 18, 2018 at 21:56:54
I'm in SoCal. Surf City (Huntington Beach), to be specific. It's almost 10PM, but I'm up all night at times with RLS (restless leg syndrome), so time really means not much to me. I'm retired, so I have nothing much to be responsible for, except my mouth, the dog, the cat, the wife,,,,

But take your time. No hurry.

And thanks again for all your help, your time, etc.


Reply ↓  Report •

#128
May 18, 2018 at 22:04:34
Another nice day coming up for you. We are having a lot of nice days this month.
https://www.timeanddate.com/worldcl...

message edited by Johnw


Reply ↓  Report •

#129
May 18, 2018 at 22:06:11
By the way,,

I tried to post both the Frst and Addition texts fully expanded, in one post, and got "the error" (too big), so there's still a limit, though perhaps one file at a time works.


Reply ↓  Report •

#130
May 18, 2018 at 22:11:54
Someone left one of those "inverter" things on the street last holiday season, with a sign saying "Free!", so I snagged it and set it up on the back porch.

I hang upside down in it frequently,,,

So, I do know how you must feel, living where you do,,

The blood going to your head,,it really does make you smarter, after all.

: )


Reply ↓  Report •

#131
May 18, 2018 at 23:31:11
Just a litle cleaning up.

Copy & Paste the text in Blue below & save it into Notepad on your Desktop & name it fixlist.txt
NOTE: It is important that Notepad is used. The fix will not work if Word or some other program is used.
NOTE: It is important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

CreateRestorePoint:
emptytemp:
closeprocesses:
Toolbar: HKLM - No Name - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No File
S3 BdSandboxSrv; E:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.148966.0\BdSandboxSrv.exe [X]
S3 BdSandbox; \??\E:\WINDOWS\System32\drivers\BdSandbox.sys [X]
CHR Extension: (Avast Passwords) - E:\Documents and Settings\Bobby Boombatz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik [2017-11-13]
2018-05-18 15:31 - 2011-08-09 02:34 - 000000000 ____D E:\Documents and Settings\All Users\Application Data\AVAST Software

Open FRST and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that, let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please Copy & Paste the contents into your reply.


Reply ↓  Report •

#132
May 19, 2018 at 00:42:05
Okay, something's not right. I'm typing, and it's taking several seconds for the letters to show up. Okay, now not as long a time, maybe a second, or a portion of a second.

I just restarted, and fixit put the results on the desktop in a file:

I'm tired, so I didn't completely understand your instructions, as when I ran "Fix" it told me that Windows was going to restart. Then, when it didn't, I restarted it myself. I don't know if that's what you meant by "normally" or not. I'm never quite sure how to define "normal". At any rate, it seems that after having done that, and restarting FRST, it told me that it was done, and that it had left a txt file (fixlog) on the desktop, which textfile is following:

Fix result of Farbar Recovery Scan Tool (x86) Version: 16.05.2018 01
Ran by Bobby Boombatz (19-05-2018 00:23:44) Run:2
Running from E:\Documents and Settings\Bobby Boombatz\Desktop
Loaded Profiles: Bobby Boombatz (Available Profiles: Bobby Boombatz & Harmonicaman)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
emptytemp:
closeprocesses:
Toolbar: HKLM - No Name - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No File
S3 BdSandboxSrv; E:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.148966.0\BdSandboxSrv.exe [X]
S3 BdSandbox; \??\E:\WINDOWS\System32\drivers\BdSandbox.sys [X]
CHR Extension: (Avast Passwords) - E:\Documents and Settings\Bobby Boombatz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik [2017-11-13]
2018-05-18 15:31 - 2011-08-09 02:34 - 000000000 ____D E:\Documents and Settings\All Users\Application Data\AVAST Software
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}" => removed successfully.
HKLM\Software\Classes\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} => not found
HKLM\System\CurrentControlSet\Services\BdSandboxSrv => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\BdSandbox => could not remove, key could be protected
CHR Extension: (Avast Passwords) - E:\Documents and Settings\Bobby Boombatz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik [2017-11-13] => Error: No automatic fix found for this entry.
E:\Documents and Settings\All Users\Application Data\AVAST Software => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache => 42087 B
Java, Flash, Steam htmlcache => 1088 B
Windows/system/dllcache/drivers => 38048471 B
Edge => 0 B
Chrome => 0 B
Firefox => 13462026 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Documents and Settings => 0 B
Default User => 0 B
All Users => 0 B
systemprofile => 0 B
LocalService => 692 B
NetworkService => 692 B
Bobby Boombatz => 11220248 B
Harmonicaman => 0 B

RecycleBin => 4427382 B
EmptyTemp: => 64.1 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 19-05-2018 00:30:54)


Result of scheduled keys to remove after reboot:

HKLM\System\CurrentControlSet\Services\BdSandboxSrv => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\BdSandbox => could not remove, key could be protected

==== End of Fixlog 00:30:54 ====


Reply ↓  Report •

#133
May 19, 2018 at 01:05:27
"CHR Extension: (Avast Passwords) - E:\Documents and Settings\Bobby Boombatz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik [2017-11-13] => Error: No automatic fix found for this entry"

You need to go into Chrome settings & uninstall that extension.

Everything else is Ok.

I'm also retired, having a great time, in 2 singing & one Ukulele group. Secretary for the 3 groups, 35 in each group.

Wife looks after my mouth very well, fantastic cook.

"with a sign saying "Free!"
We do that here as well, passed a frig yesterday, still working, Free.

"And thanks again for all your help, your time, etc."
No problem, really enjoy the challenge.

So, unless something else rears it's ugly head, we are finished.
Back to the footy ( Australian Rules ) it's 1/2 time.



Reply ↓  Report •

#134
May 19, 2018 at 01:14:40
I don't understand the thing about Chrome. I thought I had deleted Chrome from add/remove programs long ago. I wouldn't even know where to find "extensions" for a browser that doesn't exist anymore. What am I missing?

Sorry,,

but take your time, no hurry. Things are working.


Reply ↓  Report •

#135
May 19, 2018 at 01:17:30
Ok, do it manually on E drive.

E:\Documents and Settings\Bobby Boombatz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik


Reply ↓  Report •

#136
May 19, 2018 at 02:11:53
Tried to delete that folder.

"...being used by another person or program..."

message edited by WinXP_straggler


Reply ↓  Report •

#137
May 19, 2018 at 02:14:47
"I thought I had deleted Chrome from add/remove programs long ago"

That is a very common problem & the very reason you use Geek on most uninstalls.
To be really sure when uninstalling something you think is unusual, google for instructions.

Extract from the FRST log, this gives you the full list of the remnants.
Chrome:
=======
CHR Profile: E:\Documents and Settings\Bobby Boombatz\Local Settings\Application Data\Google\Chrome\User Data\Default [2018-05-05]
CHR Extension: (Slides) - E:\Documents and Settings\Bobby Boombatz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-13]
CHR Extension: (Google Docs) - E:\Documents and Settings\Bobby Boombatz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-30]
CHR Extension: (Google Drive) - E:\Documents and Settings\Bobby Boombatz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-30]
CHR Extension: (YouTube) - E:\Documents and Settings\Bobby Boombatz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-30]
CHR Extension: (Avast Passwords) - E:\Documents and Settings\Bobby Boombatz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik [2017-11-13]
CHR Extension: (Sheets) - E:\Documents and Settings\Bobby Boombatz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-13]
CHR Extension: (Google Docs Offline) - E:\Documents and Settings\Bobby Boombatz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-30]
CHR Extension: (Chrome Web Store Payments) - E:\Documents and Settings\Bobby Boombatz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-08]
CHR Extension: (Gmail) - E:\Documents and Settings\Bobby Boombatz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-30]


Reply ↓  Report •

#138
May 19, 2018 at 02:21:14
So to get rid of all the remnants, it's either one by one, by hand, using command line, or re-install Google Chrome and use a good uninstaller to get rid of all of it?

Or am I just hung out to dry, having hackable remnants a'plenty just waiting for the lucky opportunist?

message edited by WinXP_straggler


Reply ↓  Report •

#139
May 19, 2018 at 02:44:29
Which also leads us to the next important question:

Do industrious hackers come to this site to "listen in" on the pleas of those having problems, virtual vulnerabilities, exposed through the process of conversation, while attempting to repair those very vulnerabilities?

Are we exposing ourselves to attack by reaching out for help?

Ay caramba

message edited by WinXP_straggler


Reply ↓  Report •

#140
May 19, 2018 at 02:44:55
By hand will be fine, no need to worry about being attacked.

Reply ↓  Report •

#141
May 19, 2018 at 02:52:45
Okay.

"By hand"...

I mentioned command line. I know it can be done. I just never learned how to use command line, beyond a ping or a tracert.


Reply ↓  Report •

#142
May 19, 2018 at 03:03:20
"I just never learned how to use command line, beyond a ping or a tracert"
I'm basically in the same boat.

"I know it can be done"
Google it.


Reply ↓  Report •

#143
May 19, 2018 at 07:25:42
If you set yourself up to show file extension and hidden files you should be able to delete much of that shown (if not all) from Windows without the need for the command line. Mine is always set that way as it promotes understanding. See settings in Control Panel > Folder Options > View.

If necessary also set to show "protected system files" as well but don't leave it that way because you will end up with desktop.ini files in user areas such as the desktop.

The main thing is to work your way down the paths but make sure you only delete offending items. They will go into the bin which means you can change your mind. No such option in Command Line and as that is part of Windows it gives you very little magic delete options that are not already available in Windows. Linux Live CD gives more but that's another story.

Always pop back and let us know the outcome - thanks


Reply ↓  Report •

#144
May 21, 2018 at 02:42:38
You will get faster Firefox page opening using a Ad blocker.
I use this one for XP.
Bluhell Firewall
https://addons.mozilla.org/en-Us/fi...
This is a lightweight extension (ie, 30KB compared to ~700KB of other popular adblockers), which was made with performance in mind. No configurable options, subscriptions, additional features, etc It just blocks what can go to hell ;-)

Reply ↓  Report •

Ask Question