Page 1 of 6 123 ... LastLast
Results 1 to 10 of 53
  1. #1
    Member
    Join Date
    Oct 2010
    Posts
    189
    Points
    3

    Default Computer extremely slow

    Hi, Suddenly my computer is running extremely slow. Yesterday fine, this morning it takes ages to pull up pages and ages for pages to open up. The circle(don't know what else to call it) at the top of the pages just spins slowly and sometimes stop then starts again and stops etc, but it never opens up the page. Ran a virus,etc, check. Everything is OK. Haven't installed any new programs. Running Windows 10. Help would be appreciated. Thanks

  2. #2
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,175
    Points
    1308

    Default

    Lets look for any adware..

    Please download adwCleaner to your desktop.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click the Scan button and wait for the process to complete.
    • Click the logfile button and the log will open in Notepad.
    • Click on the Clean button follow the prompts.
    • A log file will automatically open after the scan has finished and the PC has rebooted.
    • Please post the content of that log file with your next answer.
    • The report will be saved in the C:\AdwCleaner folder.

  3. The Following User Says Thank You to zep516 For This Useful Post:


  4. #3
    Member
    Join Date
    Oct 2010
    Posts
    189
    Points
    3

    Default

    Thank you for your reply. When I ran it, it said no threats found.

    # AdwCleaner v6.021 - Logfile created 15/10/2016 at 22:47:57
    # Updated on 06/10/2016 by ToolsLib
    # Database : 2016-10-15.3 [Server]
    # Operating System : Microsoft Windows XP Service Pack 3 (X86)
    # Username : Administrator - XP-PERFORMANCE-
    # Running from : C:\Documents and Settings\Administrator\My Documents\Downloads\adwcleaner_6.021(1).exe
    # Mode: Clean
    # Support : https://toolslib.net/forum



    ***** [ Services ] *****



    ***** [ Folders ] *****



    ***** [ Files ] *****



    ***** [ DLL ] *****



    ***** [ WMI ] *****



    ***** [ Shortcuts ] *****



    ***** [ Scheduled Tasks ] *****



    ***** [ Registry ] *****

  5. #4
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,175
    Points
    1308

    Default

    Lets have a closer look at things, download the 32Bit version and post both logs.

    Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce a log called FRST.txt in the same directory the tool is run from.
    • Please copy and paste log back here.
    • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  6. The Following User Says Thank You to zep516 For This Useful Post:


  7. #5
    Member
    Join Date
    Oct 2010
    Posts
    189
    Points
    3

    Default

    Just had this pop up:

    Some of your Windows drivers have been corrupted. this system error may damage your devices, system files and all your
    current applications will not work properly. Click on OK. I did.

    The next box that popped up said :

    Some of your windows drivers have been corrupted
    OS Version: Windows 10
    Location: Unknown
    IP Address: 24.72.64.213
    This system error may damage your device’s system files and all your current applications will not work properly.
    Click "Install Now" to download Driver Restore and run a full system scan immediately!


    I haven't done anything yet. It looks like an official Microsoft site( who knows). The address is secured.official-software.site/
    but that could also be deceiving. Does Microsoft do something like this(have a driver restore, notify the user, etc)?

  8. #6
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,175
    Points
    1308

    Default

    Why does that say windows 10 Above.
    and the AdwCleaner log says XP

    The next box that popped up said :

    Some of your windows drivers have been corrupted
    OS Version: Windows 10
    Location: Unknown
    IP Address: 24.72.64.213
    This system error may damage your device’s system files and all your current applications will not work properly.
    Click "Install Now" to download Driver Restore and run a full system scan immediately!
    Driver restore is an adware program so don't do anything

  9. The Following User Says Thank You to zep516 For This Useful Post:


  10. #7
    Member
    Join Date
    Oct 2010
    Posts
    189
    Points
    3

    Default

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-10-2016
    Ran by Administrator (administrator) on XP-PERFORMANCE- (16-10-2016 11:50:02)
    Running from C:\Documents and Settings\Administrator\My Documents\Downloads
    Loaded Profiles: Administrator (Available Profiles: Administrator)
    Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
    Internet Explorer Version 8 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\Av\avgrsx.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgcsrvx.exe
    (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
    (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgidsagent.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgui.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgwdsvcx.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
    (Google Inc.) C:\Program Files\Google\Update\1.3.31.5\GoogleCrashHandler.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
    (Farbar) C:\Documents and Settings\Administrator\My Documents\Downloads\FRST(1).exe


    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2005-09-20] (Intel Corporation)
    HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [114688 2005-09-20] (Intel Corporation)
    HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [187152 2016-09-13] (AVG Technologies CZ, s.r.o.)
    HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\Av\avgui.exe [5308688 2016-08-26] (AVG Technologies CZ, s.r.o.)
    HKLM\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
    HKU\S-1-5-19\...\RunOnce: [_nltide_3] => C:\WINDOWS\system32\advpack.dll [128512 2009-03-08] (Microsoft Corporation)
    HKU\S-1-5-18\...\RunOnce: [_nltide_3] => C:\WINDOWS\system32\advpack.dll [128512 2009-03-08] (Microsoft Corporation)
    HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_21_0_0_197_pepper.exe -update pepperplugin
    HKU\S-1-5-18\...\RunOnce: [RunNarrator] => C:\WINDOWS\system32\Narrator.exe [53760 2008-04-13] (Microsoft Corporation)
    HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> logon.scr
    ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
    BootExecute: autocheck autochk * C:\PROGRA~1\AVG\Av\avgrsx.exe /sync /restart

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 65.87.230.4 65.87.230.5
    Tcpip\..\Interfaces\{2A0D59A8-3E38-4C90-9266-C8806C2B32C2}: [DhcpNameServer] 65.87.230.4 65.87.230.5

    Internet Explorer:
    ==================

    FireFox:
    ========
    FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b86ag752.default-1476559061859 [2016-10-16]
    FF Homepage: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b86ag752.default-1476559061859 -> Google
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: (Microsoft .NET Framework Assistant) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2016-04-06] [not signed]
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_23_0_0_185.dll [2016-10-11] ()
    FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-14] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-14] (Google Inc.)

    Chrome:
    =======
    CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default [2016-10-15]
    CHR Extension: (Google Slides) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-14]
    CHR Extension: (Google Docs) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-14]
    CHR Extension: (Google Drive) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-14]
    CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-14]
    CHR Extension: (Google Sheets) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-14]
    CHR Extension: (Google Docs Offline) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-15]
    CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-14]
    CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-14]

    Opera:
    =======
    OPR StartupUrls: "hxxps://www.google.ca/webhp?complete=0&gws_rd=cr&ei=FcwFV6JJofSOBJKzu6gF"

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
    R2 AVGIDSAgent; C:\Program Files\AVG\Av\avgidsagent.exe [4109856 2016-08-26] (AVG Technologies CZ, s.r.o.)
    R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [945936 2016-09-13] (AVG Technologies CZ, s.r.o.)
    R2 avgwd; C:\Program Files\AVG\Av\avgwdsvcx.exe [632632 2016-08-26] (AVG Technologies CZ, s.r.o.)
    R2 TuneUp.UtilitiesSvc; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [3944720 2016-09-19] (AVG Technologies CZ, s.r.o.)
    R2 UxTuneUp; C:\WINDOWS\System32\uxtuneup.dll [49424 2016-09-19] (AVG Technologies CZ, s.r.o.)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [134912 2016-05-13] (AVG Technologies CZ, s.r.o.)
    R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [243968 2016-08-23] (AVG Technologies CZ, s.r.o.)
    R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [210176 2016-07-27] (AVG Technologies CZ, s.r.o.)
    R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [31664 2015-11-20] (AVG Technologies CZ, s.r.o.)
    R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [212736 2016-06-01] (AVG Technologies CZ, s.r.o.)
    R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [287008 2016-02-16] (AVG Technologies CZ, s.r.o.)
    R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [201984 2016-08-02] (AVG Technologies CZ, s.r.o.)
    R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [47360 2016-06-01] (AVG Technologies CZ, s.r.o.)
    R0 avgunivx; C:\WINDOWS\System32\DRIVERS\avgunivx.sys [65280 2016-06-20] (AVG Technologies CZ, s.r.o.)
    S3 FETNDIS; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc. )
    R3 FETNDISB; C:\WINDOWS\System32\DRIVERS\dlkfet5b.sys [43008 2007-05-16] (D-Link )
    R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO32.SYS [23840 2016-04-10] (REALiX(tm))
    R3 P17; C:\WINDOWS\System32\drivers\P17.sys [1127936 2016-04-10] (Creative Technology Ltd.)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R3 TuneUpUtilitiesDrv; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [31792 2016-06-01] (AVG Netherlands B.V.)
    R3 VIAudio; C:\WINDOWS\System32\drivers\vinyl97.sys [207488 2016-04-10] (VIA Technologies, Inc.)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-10-11 15:10 - 2016-10-11 15:10 - 20478656 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
    2016-09-23 22:24 - 2016-09-24 09:04 - 00000000 ____D C:\Program Files\Mozilla Firefox
    2016-09-20 10:04 - 2016-09-19 11:29 - 00049424 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\uxtuneup.dll
    2016-09-20 09:52 - 2016-10-16 07:57 - 00000314 ____H C:\WINDOWS\Tasks\AVG EUpdate Task.job
    2016-09-18 19:10 - 2016-10-15 13:17 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\Old Firefox Data
    2016-09-18 16:56 - 2016-09-18 16:56 - 00000000 ____D C:\5d3edd7bc5406a03b7d19543f5ed
    2016-09-18 15:27 - 2016-09-18 16:28 - 00004043 _____ C:\Fixlist.txt
    2016-09-18 08:38 - 2016-09-18 08:38 - 00001263 _____ C:\Documents and Settings\Administrator\Desktop\JRT.txt
    2016-09-18 08:05 - 2016-10-15 22:47 - 00000000 ____D C:\AdwCleaner
    2016-09-17 12:48 - 2016-10-16 11:50 - 00000000 ____D C:\FRST

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-10-16 11:52 - 2016-04-06 20:39 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
    2016-10-16 11:51 - 2016-04-06 13:18 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
    2016-10-16 11:08 - 2016-05-14 08:02 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2016-10-16 07:58 - 2016-04-06 20:59 - 00000424 _____ C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1459997937.job
    2016-10-16 07:58 - 2001-08-23 06:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
    2016-10-16 07:57 - 2016-04-06 15:52 - 00000238 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
    2016-10-16 07:57 - 2016-04-06 13:18 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2016-10-16 01:23 - 2016-04-06 13:18 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
    2016-10-16 01:23 - 2016-04-06 13:18 - 00000000 ____D C:\Documents and Settings\Administrator
    2016-10-16 01:23 - 2016-04-06 13:17 - 00032506 _____ C:\WINDOWS\SchedLgU.Txt
    2016-10-15 23:22 - 2016-04-06 23:13 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
    2016-10-15 23:22 - 2016-04-06 13:14 - 00000000 ____D C:\WINDOWS\system32\Macromed
    2016-10-15 22:01 - 2016-04-06 22:01 - 00000526 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task afc618c2-4128-41cc-85e8-e28548256c19.job
    2016-10-14 20:59 - 2016-04-06 21:27 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2016-10-14 02:00 - 2016-04-11 21:24 - 00000526 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 71f9c40c-5acd-4bb4-9839-35f49ecd2f85.job
    2016-10-11 15:10 - 2016-04-06 22:42 - 00796352 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
    2016-10-11 15:10 - 2016-04-06 22:42 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
    2016-10-08 15:00 - 2016-04-06 15:52 - 00000232 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
    2016-10-05 07:50 - 2016-04-06 07:07 - 00000000 ____D C:\WINDOWS\inf
    2016-09-30 07:55 - 2016-04-06 20:58 - 00000000 ____D C:\Program Files\Opera
    2016-09-24 15:53 - 2016-04-06 13:43 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
    2016-09-19 11:35 - 2016-06-04 01:55 - 00049936 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\TURegOpt.exe
    2016-09-18 18:41 - 2016-04-06 13:17 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Temp
    2016-09-18 08:54 - 2016-04-06 21:27 - 00000777 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    2016-09-18 08:54 - 2016-04-06 21:26 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
    2016-09-18 08:54 - 2016-04-06 21:26 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
    2016-09-18 08:36 - 2016-04-10 11:42 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\IObit
    2016-09-16 11:28 - 2016-04-06 13:43 - 00000730 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
    2016-09-16 11:28 - 2016-04-06 13:43 - 00000724 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

    Some files in TEMP:
    ====================
    C:\Documents and Settings\Administrator\Local Settings\Temp\libeay32.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\msvcr120.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\sqlite3.dll


    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    ==================== End of FRST.txt ==================

  11. #8
    Member
    Join Date
    Oct 2010
    Posts
    189
    Points
    3

    Default

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-10-2016
    Ran by Administrator (16-10-2016 11:52:31)
    Running from C:\Documents and Settings\Administrator\My Documents\Downloads
    Microsoft Windows XP Professional Service Pack 3 (X86) (2016-04-06 19:16:32)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-299502267-1292428093-1606980848-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
    ASPNET (S-1-5-21-299502267-1292428093-1606980848-1001 - Limited - Enabled)
    Guest (S-1-5-21-299502267-1292428093-1606980848-501 - Limited - Disabled)
    HelpAssistant (S-1-5-21-299502267-1292428093-1606980848-1000 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)


    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-Zip 15.14 (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
    Adobe Flash Player 23 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 23.0.0.185 - Adobe Systems Incorporated)
    Adobe Flash Player 23 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 23.0.0.185 - Adobe Systems Incorporated)
    Adobe Flash Player 23 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 23.0.0.185 - Adobe Systems Incorporated)
    AVG (Version: 16.111.7797 - AVG Technologies) Hidden
    AVG 2016 (Version: 16.0.4664 - AVG Technologies) Hidden
    AVG PC TuneUp (HKLM\...\AVG PC TuneUp) (Version: 16.53.2.39637 - AVG Technologies)
    AVG PC TuneUp (Version: 16.53.1 - AVG Technologies) Hidden
    AVG Protection (HKLM\...\AVG) (Version: 2016.111.7797 - AVG Technologies)
    AVG Web TuneUp (HKLM\...\AVG Web TuneUp) (Version: 4.3.5.160 - AVG Technologies)
    D-Link PCI Fast Ethernet Adapter (HKLM\...\VN_VUIns_Rhine_D-Link) (Version: - )
    Driver Booster 3.2 (HKLM\...\Driver Booster_is1) (Version: 3.2 - IObit)
    FMW 1 (Version: 1.132.1 - AVG Technologies) Hidden
    Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
    Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
    HashCheck Shell Extension (x86-32) (HKLM\...\HashCheck Shell Extension) (Version: 2.1.11.0 - Kai Liu)
    Intel(R) Extreme Graphics 2 Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4396 - )
    Intel(R) PRO Network Adapters and Drivers (HKLM\...\PROSet) (Version: - )
    IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.42 - Irfan Skiljan)
    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
    Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Mozilla Firefox 49.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 49.0.1 (x86 en-US)) (Version: 49.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 49.0.1.6109 - Mozilla)
    Opera Stable 36.0.2130.80 (HKLM\...\Opera 36.0.2130.80) (Version: 36.0.2130.80 - Opera Software)
    Paint Shop Pro 7 Anniversary Edition (HKLM\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.0.4.0000 - Jasc Software Inc)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1204 - SUPERAntiSpyware.com)
    TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
    Viper Racing 2012 (HKLM\...\Viper Racing 2012) (Version: - )
    Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
    Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
    Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation)
    WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
    ZModeler (remove only) (HKLM\...\ZModeler) (Version: - )

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_23_0_0_185_pepper.exe
    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\AVG EUpdate Task.job => C:\Program Files\AVG\SetupAVG Technologies  0ߪ   0ߪ  
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1459997937.job => C:\Program Files\Opera\launcher.exe
    Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 71f9c40c-5acd-4bb4-9839-35f49ecd2f85.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task afc618c2-4128-41cc-85e8-e28548256c19.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2016-04-06 20:37 - 2016-04-10 10:34 - 40500224 _____ () C:\Program Files\AVG\UiDll\2171\libcef.dll
    2009-09-13 23:56 - 2013-01-02 00:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
    2016-10-11 14:09 - 2016-10-11 14:09 - 19635392 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_23_0_0_185.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2001-08-23 06:00 - 2016-09-18 18:40 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts

    127.0.0.1 localhost

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-299502267-1292428093-1606980848-500\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Desktop Background.bmp
    DNS Servers: 65.87.230.4 - 65.87.230.5
    Windows Firewall is disabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\Av\avgmfapx.exe] => Enabled:AVG Installer
    StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\Av\avgdiagex.exe] => Enabled:AVG Diagnostics
    StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
    StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
    StandardProfile\GloballyOpenPorts: [5985:TCP] => Disabled:Windows Remote Management
    StandardProfile\GloballyOpenPorts: [80:TCP] => Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

    ==================== Restore Points =========================

    18-07-2016 22:26:54 System Checkpoint
    19-07-2016 22:52:02 System Checkpoint
    21-07-2016 09:15:29 System Checkpoint
    22-07-2016 11:29:36 System Checkpoint
    23-07-2016 19:29:58 System Checkpoint
    25-07-2016 09:42:03 System Checkpoint
    26-07-2016 18:19:08 System Checkpoint
    27-07-2016 21:51:25 System Checkpoint
    28-07-2016 23:42:27 System Checkpoint
    30-07-2016 10:34:47 System Checkpoint
    31-07-2016 18:54:36 System Checkpoint
    02-08-2016 21:49:12 System Checkpoint
    03-08-2016 23:45:54 System Checkpoint
    05-08-2016 10:20:21 System Checkpoint
    06-08-2016 11:06:06 System Checkpoint
    07-08-2016 15:18:53 System Checkpoint
    08-08-2016 18:25:16 System Checkpoint
    09-08-2016 20:50:10 System Checkpoint
    10-08-2016 01:18:22 Software Distribution Service 3.0
    11-08-2016 10:43:13 System Checkpoint
    12-08-2016 12:34:15 System Checkpoint
    13-08-2016 13:07:31 System Checkpoint
    14-08-2016 19:18:00 System Checkpoint
    15-08-2016 20:24:03 System Checkpoint
    17-08-2016 18:26:54 System Checkpoint
    18-08-2016 19:08:33 System Checkpoint
    20-08-2016 16:35:43 System Checkpoint
    22-08-2016 02:40:57 System Checkpoint
    23-08-2016 15:59:56 System Checkpoint
    24-08-2016 17:17:24 System Checkpoint
    26-08-2016 15:47:49 System Checkpoint
    28-08-2016 01:58:40 System Checkpoint
    29-08-2016 12:17:23 System Checkpoint
    30-08-2016 17:29:26 System Checkpoint
    31-08-2016 18:13:37 System Checkpoint
    01-09-2016 20:31:02 System Checkpoint
    03-09-2016 09:37:51 System Checkpoint
    04-09-2016 14:49:34 System Checkpoint
    06-09-2016 01:03:57 System Checkpoint
    07-09-2016 02:58:42 System Checkpoint
    09-09-2016 20:30:05 System Checkpoint
    13-09-2016 15:44:42 System Checkpoint
    14-09-2016 17:19:41 System Checkpoint
    17-09-2016 13:06:26 System Checkpoint
    18-09-2016 08:35:44 JRT Pre-Junkware Removal
    18-09-2016 18:27:25 Restore Point Created by FRST
    18-09-2016 18:37:10 Restore Point Created by FRST
    18-09-2016 18:40:32 Restore Point Created by FRST
    20-09-2016 12:25:39 System Checkpoint
    21-09-2016 13:25:29 System Checkpoint
    22-09-2016 20:11:50 System Checkpoint
    23-09-2016 20:20:02 System Checkpoint
    26-09-2016 11:08:38 System Checkpoint
    28-09-2016 10:36:16 System Checkpoint
    29-09-2016 20:43:29 System Checkpoint
    30-09-2016 21:39:29 System Checkpoint
    01-10-2016 23:34:35 System Checkpoint
    03-10-2016 00:08:00 System Checkpoint
    04-10-2016 09:53:28 System Checkpoint
    05-10-2016 19:18:27 System Checkpoint
    07-10-2016 08:25:21 System Checkpoint
    08-10-2016 13:23:20 System Checkpoint
    09-10-2016 15:14:31 System Checkpoint
    11-10-2016 11:11:47 System Checkpoint
    12-10-2016 11:39:33 System Checkpoint
    13-10-2016 20:49:08 System Checkpoint
    15-10-2016 08:59:53 System Checkpoint
    16-10-2016 09:34:14 System Checkpoint

    ==================== Faulty Device Manager Devices =============

    Name: Intel(R) PRO/100 VE Network Connection
    Description: Intel(R) PRO/100 VE Network Connection
    Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Manufacturer: Intel
    Service: E100B
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (09/14/2016 04:02:03 PM) (Source: crypt32) (EventID: 11) (User: )
    Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

    Error: (09/14/2016 04:02:03 PM) (Source: crypt32) (EventID: 11) (User: )
    Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

    Error: (08/27/2016 11:00:32 AM) (Source: crypt32) (EventID: 8) (User: )
    Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.


    System errors:
    =============
    Error: (10/14/2016 05:03:14 PM) (Source: 0) (EventID: 1) (User: )
    Description: Event-ID 1

    Error: (10/14/2016 07:48:05 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
    Description: The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register with DCOM within the required timeout.

    Error: (10/13/2016 08:06:00 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
    Description: The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register with DCOM within the required timeout.

    Error: (10/03/2016 08:38:30 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
    Description: The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register with DCOM within the required timeout.

    Error: (09/26/2016 08:45:25 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
    Description: The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register with DCOM within the required timeout.

    Error: (09/13/2016 12:39:24 PM) (Source: Dhcp) (EventID: 1000) (User: )
    Description: Your computer has lost the lease to its IP address 192.168.100.11 on the
    Network Card with network address 0050BA239280.

    Error: (09/13/2016 12:39:02 PM) (Source: Dhcp) (EventID: 1002) (User: )
    Description: The IP address lease 24.72.64.213 for the Network Card with network address 0050BA239280 has been
    denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

    Error: (09/08/2016 02:15:12 AM) (Source: 0) (EventID: 55) (User: )
    Description: Event-ID 55

    Error: (08/10/2016 07:18:27 AM) (Source: 0) (EventID: 1) (User: )
    Description: Event-ID 1

    Error: (07/31/2016 03:01:39 PM) (Source: Dhcp) (EventID: 1000) (User: )
    Description: Your computer has lost the lease to its IP address 192.168.100.11 on the
    Network Card with network address 0050BA239280.


    ==================== Memory info ===========================

    Processor: Intel(R) Celeron(R) CPU 2.53GHz
    Percentage of memory in use: 80%
    Total physical RAM: 1021.98 MB
    Available physical RAM: 197.18 MB
    Total Virtual: 2464.09 MB
    Available Virtual: 1536.17 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:74.54 GB) (Free:62.2 GB) NTFS ==>[drive with boot components (Windows XP)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows XP) (Size: 74.6 GB) (Disk ID: 41172BA5)
    Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================

  12. #9
    Member
    Join Date
    Oct 2010
    Posts
    189
    Points
    3

    Default

    Quote Originally Posted by zep516 View Post
    Why does that say windows 10 Above.
    and the AdwCleaner log says XP
    I don't know. I did install Windows 10 some time ago. The adware says I have Windows 10.

  13. #10
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,175
    Points
    1308

    Default

    Something is using 80% of what little Ram you have.

    Percentage of memory in use: 80%
    Total physical RAM: 1021.98 MB
    Available physical RAM: 197.18 MB
    Total Virtual: 2464.09 MB
    Available Virtual: 1536.17 MB

    Get Process Explorer

    http://technet.microsoft.com/en-us/s.../bb896653.aspx
    Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

    View, Select Column, check Verified Signer, OK
    Options, Verify Image Signatures


    Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

    Wait a minute then:

    File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.

  14. The Following User Says Thank You to zep516 For This Useful Post:


Page 1 of 6 123 ... LastLast