Solved Win Xp Strange Issues possible Malware

[JackH]

Fix result of Farbar Recovery Scan Tool (x86) Version: 24-09-2017
Ran by Administrator (30-09-2017 03:31:43) Run:1
Running from C:\Documents and Settings\Administrator.JWH\Desktop
Loaded Profiles: Administrator (Available Profiles: Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CHR HKU\S-1-5-21-583907252-115176313-1801674531-500\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - No File
FF ProfilePath: C:\Documents and Settings\Administrator.JWH\Application Data\Thunderbird.old\Profiles\9pglceps.default [not found] <==== ATTENTION
FF ProfilePath: C:\Documents and Settings\Administrator.JWH\Application Data\Thunderbird.old\Profiles\zhe5o7im.2014 [not found] <==== ATTENTION
S3 ALCXWDM; system32\drivers\ALCXWDM.SYS [X]
S3 catchme; \??\C:\DOCUME~1\ADMINI~1.JWH\LOCALS~1\Temp\catchme.sys [X]
S3 cpuz138; no ImagePath
S3 MSICDSetup; \??\E:\CDriver.sys [X]
S3 rtl8139; system32\DRIVERS\RTL8139.SYS [X]
U2 WinDefend; no ImagePath
S3 WinRing0_1_2_0; no ImagePath
2008-02-06 03:25 - 2003-12-04 19:23 - 000000157 ____C () C:\Program Files\--[100.0% OK]--[0.0% MISSING]--[0.0% BAD]--
2006-08-31 18:42 - 2006-08-31 18:42 - 000000000 ____C () C:\Program Files\ac
2004-12-13 18:01 - 2004-08-27 11:10 - 000339835 ____C () C:\Program Files\american.clx
2004-12-13 18:01 - 2004-08-27 11:10 - 000007698 ____C () C:\Program Files\american.tlx
2008-02-06 03:25 - 2003-09-04 14:15 - 001724416 _____ () C:\Program Files\Antanta.exe
2010-11-08 05:15 - 2010-09-05 21:52 - 000069632 _____ ( ) C:\Program Files\auxsetup.exe
2004-12-13 18:01 - 2004-08-27 11:10 - 000347633 ____C () C:\Program Files\british.clx
2004-12-13 18:01 - 2004-08-27 11:10 - 000007698 ____C () C:\Program Files\british.tlx
2010-11-08 05:15 - 2009-09-14 00:13 - 000018321 _____ () C:\Program Files\copying
2004-12-13 17:39 - 2004-12-13 18:01 - 000003260 ____C () C:\Program Files\deudora.ini
2004-12-13 18:01 - 2004-08-27 11:10 - 000049219 ____C (QUALCOMM Incorporated) C:\Program Files\DirServ.dll
2004-12-13 18:01 - 2004-11-01 16:03 - 000014310 ____C () C:\Program Files\Eudora.cnt
2004-12-13 18:01 - 2004-11-08 17:12 - 002728003 ____C (QUALCOMM Incorporated) C:\Program Files\Eudora.exe
2004-12-13 18:01 - 2004-11-01 16:03 - 001106972 ____C () C:\Program Files\EUDORA.hlp
2004-12-13 18:01 - 2004-08-27 11:10 - 000000304 ____C () C:\Program Files\eudora.htm
2004-12-13 18:01 - 2004-08-27 11:10 - 000016938 ____C () C:\Program Files\eudora.tip
2004-12-13 18:01 - 2004-11-08 17:12 - 002035781 ____C (QUALCOMM Incorporated) C:\Program Files\Eudora32.dll
2004-12-13 18:01 - 2004-08-27 11:10 - 000036933 ____C (Qualcomm, Inc.) C:\Program Files\EudoraBk.dll
2004-12-13 18:01 - 2004-08-27 11:10 - 000002338 ____C () C:\Program Files\EudoraCCProfiles.xml
2004-12-13 18:01 - 2004-08-27 11:10 - 000049213 ____C (QUALCOMM Incorporated) C:\Program Files\EuGraph.ocx
2004-12-13 18:01 - 2004-08-27 11:10 - 000082944 ____C (QUALCOMM Incorporated) C:\Program Files\EUMAPI.DLL
2004-12-13 18:01 - 2004-08-27 11:10 - 000147537 ____C (QUALCOMM Incorporated) C:\Program Files\EuMAPI32.dll
2004-12-13 18:01 - 2004-11-08 17:12 - 000024647 ____C (QUALCOMM Incorporated) C:\Program Files\EuMemMgr.dll
2004-12-13 17:39 - 2004-08-27 11:10 - 000001640 ____C () C:\Program Files\finger.ini
2004-12-13 18:01 - 2004-08-27 11:10 - 000233901 ____C () C:\Program Files\FlameLex.dat
2008-02-06 03:25 - 2003-12-04 16:41 - 000001653 _____ () C:\Program Files\grutewwbcd.nfo
2008-02-06 03:25 - 2003-12-04 16:44 - 000557141 _____ () C:\Program Files\grutewwbcd.rar
2008-02-06 03:25 - 2003-12-04 16:41 - 000000079 _____ () C:\Program Files\grutewwbcd.sfv
2004-12-13 18:01 - 2004-11-08 17:12 - 000110658 ____C (QUALCOMM Incorporated) C:\Program Files\Imap.dll
2004-12-13 18:01 - 2004-08-27 11:10 - 000032831 ____C (Qualcomm, Inc.) C:\Program Files\ISock.dll
2004-12-13 18:01 - 2004-08-27 11:10 - 000065597 ____C (QUALCOMM Incorporated) C:\Program Files\Ldap.dll
2004-12-13 18:01 - 2004-08-27 11:10 - 000138752 ____C (University of Michigan) C:\Program Files\LDAP32.DLL
2004-12-13 17:39 - 2004-08-27 11:10 - 000004567 ____C () C:\Program Files\LDAPinit.ini
2004-12-13 18:01 - 2004-10-06 15:36 - 000015269 ____C () C:\Program Files\License.txt
2004-12-13 18:01 - 2004-09-20 11:10 - 000168011 ____C (QUALCOMM Incorporated) C:\Program Files\NSImport.eif
2004-12-13 18:01 - 2004-09-20 11:10 - 000155723 ____C (QUALCOMM Incorporated) C:\Program Files\OEImport.eif
2004-12-13 18:01 - 2004-09-20 11:10 - 000180299 ____C (QUALCOMM Incorporated) C:\Program Files\OLImport.eif
2004-12-13 18:01 - 2004-10-25 17:08 - 000307276 ____C (QUALCOMM Incorporated) C:\Program Files\Paige32.dll
2004-12-13 18:01 - 2004-08-27 11:10 - 000061497 ____C (QUALCOMM Incorporated) C:\Program Files\Ph.dll
2004-12-13 17:39 - 2004-08-27 11:10 - 000002546 ____C () C:\Program Files\ph.ini
2004-12-13 18:01 - 2004-08-27 11:10 - 000409368 ____C () C:\Program Files\Qckstart.pdf
2004-12-13 18:01 - 2004-11-08 17:12 - 000065607 ____C (QUALCOMM Incorporated) C:\Program Files\QCSocket.dll
2004-12-13 18:01 - 2004-11-08 17:12 - 000499777 ____C (QUALCOMM Incorporated) C:\Program Files\QCSSL.dll
2004-12-13 18:01 - 2004-11-08 17:12 - 000077893 ____C (QUALCOMM Incorporated) C:\Program Files\QCUtils.dll
2004-12-13 18:01 - 2004-11-09 16:57 - 000024747 ____C () C:\Program Files\RelNotes.txt
2004-12-13 18:01 - 2004-09-27 18:13 - 000023043 ____C () C:\Program Files\rootcerts.p7b
2004-12-13 18:01 - 2004-08-27 11:10 - 000112128 ____C (Wintertree Software Inc.) C:\Program Files\SPELL32.DLL
2004-12-13 18:01 - 2004-08-27 11:10 - 000180298 ____C (Qualcomm, Inc.) C:\Program Files\swEudora.exe
2015-10-29 15:56 - 2015-10-29 15:56 - 000448512 _____ (OldTimer Tools) C:\Program Files\TFC.exe
2006-02-06 06:15 - 1999-06-25 10:55 - 000149504 _____ () C:\Program Files\UNWISE.EXE
2006-02-06 06:16 - 2007-08-28 04:28 - 000000072 ____C () C:\Program Files\UNWISE.INI
2010-11-08 05:15 - 2010-09-05 21:52 - 000069632 _____ ( ) C:\Program Files\vdicmdrv.dll
2010-11-08 05:15 - 2010-09-05 21:52 - 000073728 _____ ( ) C:\Program Files\vdremote.dll
2010-11-08 05:15 - 2010-09-05 21:51 - 000065536 _____ ( ) C:\Program Files\vdsvrlnk.dll
2010-11-08 05:15 - 2010-09-05 21:52 - 000008704 _____ ( ) C:\Program Files\vdub.exe
2010-11-08 05:15 - 2010-09-05 21:54 - 000246773 _____ () C:\Program Files\VirtualDub.chm
2010-11-08 05:15 - 2010-09-05 21:52 - 002669056 _____ () C:\Program Files\VirtualDub.exe
2010-11-08 05:15 - 2010-09-05 21:52 - 000220635 _____ () C:\Program Files\VirtualDub.vdi
2010-11-08 05:42 - 2005-07-15 11:22 - 002728537 _____ () C:\Program Files\wax20e.exe
2006-10-09 04:36 - 2006-10-09 04:38 - 011289224 _____ (Yahoo! Inc.) C:\Program Files\widgetsus.exe
2014-05-26 16:44 - 2014-05-26 16:44 - 000000000 ____H () C:\Documents and Settings\Administrator.JWH\Application Data\ActUpdate.log
2014-04-17 17:10 - 2017-08-31 01:30 - 000023040 _____ () C:\Documents and Settings\Administrator.JWH\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-09-21 23:42 - 2017-09-21 23:42 - 000000036 _____ () C:\Documents and Settings\Administrator.JWH\Local Settings\Application Data\housecall.guid.cache
2015-07-10 16:37 - 2015-07-10 16:37 - 000004096 ____H () C:\Documents and Settings\Administrator.JWH\Local Settings\Application Data\keyfile3.drm
2017-03-20 03:20 - 2017-03-20 03:20 - 000000218 _____ () C:\Documents and Settings\Administrator.JWH\Local Settings\Application Data\recently-used.xbel
2015-08-02 03:52 - 2015-08-02 03:53 - 000000025 ____H () C:\Documents and Settings\All Users.WINDOWS.1\Application Data\.119889580931711767808769176
2015-08-02 03:49 - 2015-08-02 03:49 - 000000021 ____H () C:\Documents and Settings\All Users.WINDOWS.1\Application Data\.24554863501262644635642126105
2015-08-16 06:20 - 2015-08-16 06:20 - 000000025 ____H () C:\Documents and Settings\All Users.WINDOWS.1\Application Data\.811261211181235583101118113995
2014-05-26 16:45 - 2017-08-03 18:44 - 000001004 ___SH () C:\Documents and Settings\All Users.WINDOWS.1\Application Data\KGyGaAvL.sys
2017-05-14 00:18 - 2017-05-14 00:21 - 000003561 _____ () C:\Documents and Settings\All Users.WINDOWS.1\Application Data\lpm.dat
2014-08-27 18:16 - 2017-05-13 18:41 - 000000898 _____ () C:\Documents and Settings\All Users.WINDOWS.1\Application Data\Microsoft.SqlServer.Compact.400.32.bc
C:\Documents and Settings\Jack Holland.JACK\AWEMAN.DLL
C:\Documents and Settings\Jack Holland.JACK\AWEMAN32.DLL
C:\Documents and Settings\Jack Holland.JACK\CIFMAN.DLL
C:\Documents and Settings\Jack Holland.JACK\CSPMAN.DLL
C:\Documents and Settings\Jack Holland.JACK\UIDLL16.DLL
C:\Documents and Settings\Jack Holland.JACK\UPDDRV95.EXE
AlternateDataStreams: C:\Program Files\TFC.exe:BDU [0]
AlternateDataStreams: C:\Documents and Settings\Administrator.JACK-9B5A923336\My Documents\IMDb Video Player: Dan Starbuck Demo.net%2Fa2643 [0]
AlternateDataStreams: C:\Documents and Settings\Administrator.JWH\Desktop\12 Things Wealthy People Do.txtocumentSummaryInformation [79]
AlternateDataStreams: C:\Documents and Settings\Administrator.JWH\Desktop\12 Things Wealthy People Do.txt:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Documents and Settings\Administrator.JWH\Desktop\ComboFix.exe:BDU [0]
AlternateDataStreams: C:\Documents and Settings\Administrator.JWH\Desktop\JRT.exe:BDU [0]
AlternateDataStreams: C:\Documents and Settings\Administrator.JWH\My Documents\Fisher_m11.mq4:CursorPos [890]
AlternateDataStreams: C:\Documents and Settings\Administrator.JWH\My Documents\Fisher_m11.mq4:LineFlags [866]
AlternateDataStreams: C:\Documents and Settings\Administrator.JWH\My Documents\fxgtstsuk.exe:BDU [0]
AlternateDataStreams: C:\Documents and Settings\Administrator.JWH\My Documents\fxsolutionsuk4setup.exe:BDU [0]
AlternateDataStreams: C:\Documents and Settings\Administrator.JWH\My Documents\Hide.me-Setup-1.2.6.exe:BDU [0]
AlternateDataStreams: C:\Documents and Settings\Administrator.JWH\My Documents\jre-8u31-windows-i586-iftw.exe:BDU [0]
AlternateDataStreams: C:\Documents and Settings\Administrator.JWH\My Documents\Setup-Trelby-2.2.exe:BDU [0]
AlternateDataStreams: C:\Documents and Settings\Administrator.JWH\My Documents\sp60088.exe:BDU [0]
AlternateDataStreams: C:\Documents and Settings\Administrator.JWH\My Documents\TFC.exe:BDU [0]
AlternateDataStreams: C:\Documents and Settings\Administrator.JWH\My Documents\WoT_internet_install_na.exe:BDU [0]
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS.0\Application Data\TEMP:56E2E879 [238]
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS2\Application Data\TEMPFC5A2B2 [118]
AlternateDataStreams: C:\Documents and Settings\Jack Holland.JACK\My Documents\IMDb Video Player: Dan Starbuck Demo.net%2Fa2643 [0]

*****************

HKU\S-1-5-21-583907252-115176313-1801674531-500\SOFTWARE\Policies\Google => key removed successfully.
HKLM\Software\Classes\PROTOCOLS\Handler\ic32pp => key removed successfully.
HKLM\Software\Classes\CLSID\{BBCA9F81-8F4F-11D2-90FF-0080C83D3571} => key not found.
C:\Documents and Settings\Administrator.JWH\Application Data\Thunderbird.old\Profiles\9pglceps.default => path removed successfully.
C:\Documents and Settings\Administrator.JWH\Application Data\Thunderbird.old\Profiles\zhe5o7im.2014 => path removed successfully.
HKLM\System\CurrentControlSet\Services\ALCXWDM => key removed successfully.
ALCXWDM => service removed successfully.
HKLM\System\CurrentControlSet\Services\catchme => key removed successfully.
catchme => service removed successfully.
HKLM\System\CurrentControlSet\Services\cpuz138 => key removed successfully.
cpuz138 => service removed successfully.
HKLM\System\CurrentControlSet\Services\MSICDSetup => key removed successfully.
MSICDSetup => service removed successfully.
HKLM\System\CurrentControlSet\Services\rtl8139 => key removed successfully.
rtl8139 => service removed successfully.
HKLM\System\CurrentControlSet\Services\WinDefend => key removed successfully.
WinDefend => service removed successfully.
HKLM\System\CurrentControlSet\Services\WinRing0_1_2_0 => key removed successfully.
WinRing0_1_2_0 => service removed successfully.
C:\Program Files\--[100.0% OK]--[0.0% MISSING]--[0.0% BAD]-- => moved successfully
C:\Program Files\ac => moved successfully
C:\Program Files\american.clx => moved successfully
C:\Program Files\american.tlx => moved successfully
C:\Program Files\Antanta.exe => moved successfully
C:\Program Files\auxsetup.exe => moved successfully
C:\Program Files\british.clx => moved successfully
C:\Program Files\british.tlx => moved successfully
C:\Program Files\copying => moved successfully
C:\Program Files\deudora.ini => moved successfully
C:\Program Files\DirServ.dll => moved successfully
C:\Program Files\Eudora.cnt => moved successfully
C:\Program Files\Eudora.exe => moved successfully
C:\Program Files\EUDORA.hlp => moved successfully
C:\Program Files\eudora.htm => moved successfully
C:\Program Files\eudora.tip => moved successfully
C:\Program Files\Eudora32.dll => moved successfully
C:\Program Files\EudoraBk.dll => moved successfully
C:\Program Files\EudoraCCProfiles.xml => moved successfully
C:\Program Files\EuGraph.ocx => moved successfully
C:\Program Files\EUMAPI.DLL => moved successfully
C:\Program Files\EuMAPI32.dll => moved successfully
C:\Program Files\EuMemMgr.dll => moved successfully
C:\Program Files\finger.ini => moved successfully
C:\Program Files\FlameLex.dat => moved successfully
C:\Program Files\grutewwbcd.nfo => moved successfully
C:\Program Files\grutewwbcd.rar => moved successfully
C:\Program Files\grutewwbcd.sfv => moved successfully
C:\Program Files\Imap.dll => moved successfully
C:\Program Files\ISock.dll => moved successfully
C:\Program Files\Ldap.dll => moved successfully
C:\Program Files\LDAP32.DLL => moved successfully
C:\Program Files\LDAPinit.ini => moved successfully
C:\Program Files\License.txt => moved successfully
C:\Program Files\NSImport.eif => moved successfully
C:\Program Files\OEImport.eif => moved successfully
C:\Program Files\OLImport.eif => moved successfully
C:\Program Files\Paige32.dll => moved successfully
C:\Program Files\Ph.dll => moved successfully
C:\Program Files\ph.ini => moved successfully
C:\Program Files\Qckstart.pdf => moved successfully
C:\Program Files\QCSocket.dll => moved successfully
C:\Program Files\QCSSL.dll => moved successfully
C:\Program Files\QCUtils.dll => moved successfully
C:\Program Files\RelNotes.txt => moved successfully
C:\Program Files\rootcerts.p7b => moved successfully
C:\Program Files\SPELL32.DLL => moved successfully
C:\Program Files\swEudora.exe => moved successfully
C:\Program Files\TFC.exe => moved successfully
C:\Program Files\UNWISE.EXE => moved successfully
C:\Program Files\UNWISE.INI => moved successfully
C:\Program Files\vdicmdrv.dll => moved successfully
C:\Program Files\vdremote.dll => moved successfully
C:\Program Files\vdsvrlnk.dll => moved successfully
C:\Program Files\vdub.exe => moved successfully
C:\Program Files\VirtualDub.chm => moved successfully
C:\Program Files\VirtualDub.exe => moved successfully
C:\Program Files\VirtualDub.vdi => moved successfully
C:\Program Files\wax20e.exe => moved successfully
C:\Program Files\widgetsus.exe => moved successfully
C:\Documents and Settings\Administrator.JWH\Application Data\ActUpdate.log => moved successfully
C:\Documents and Settings\Administrator.JWH\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
C:\Documents and Settings\Administrator.JWH\Local Settings\Application Data\housecall.guid.cache => moved successfully
C:\Documents and Settings\Administrator.JWH\Local Settings\Application Data\keyfile3.drm => moved successfully
C:\Documents and Settings\Administrator.JWH\Local Settings\Application Data\recently-used.xbel => moved successfully
C:\Documents and Settings\All Users.WINDOWS.1\Application Data\.119889580931711767808769176 => moved successfully
C:\Documents and Settings\All Users.WINDOWS.1\Application Data\.24554863501262644635642126105 => moved successfully
C:\Documents and Settings\All Users.WINDOWS.1\Application Data\.811261211181235583101118113995 => moved successfully
C:\Documents and Settings\All Users.WINDOWS.1\Application Data\KGyGaAvL.sys => moved successfully
C:\Documents and Settings\All Users.WINDOWS.1\Application Data\lpm.dat => moved successfully
C:\Documents and Settings\All Users.WINDOWS.1\Application Data\Microsoft.SqlServer.Compact.400.32.bc => moved successfully
C:\Documents and Settings\Jack Holland.JACK\AWEMAN.DLL => moved successfully
C:\Documents and Settings\Jack Holland.JACK\AWEMAN32.DLL => moved successfully
C:\Documents and Settings\Jack Holland.JACK\CIFMAN.DLL => moved successfully
C:\Documents and Settings\Jack Holland.JACK\CSPMAN.DLL => moved successfully
C:\Documents and Settings\Jack Holland.JACK\UIDLL16.DLL => moved successfully
C:\Documents and Settings\Jack Holland.JACK\UPDDRV95.EXE => moved successfully
"C:\Program Files\TFC.exe" => ":BDU" ADS not found.
C:\Documents and Settings\Administrator.JACK-9B5A923336\My Documents\IMDb Video Player => ": Dan Starbuck Demo.net%2Fa2643" ADS removed successfully..
C:\Documents and Settings\Administrator.JWH\Desktop\12 Things Wealthy People Do.txt => "ocumentSummaryInformation" ADS could not remove.
C:\Documents and Settings\Administrator.JWH\Desktop\12 Things Wealthy People Do.txt => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully..
C:\Documents and Settings\Administrator.JWH\Desktop\ComboFix.exe => ":BDU" ADS could not remove.
C:\Documents and Settings\Administrator.JWH\Desktop\JRT.exe => ":BDU" ADS removed successfully..
C:\Documents and Settings\Administrator.JWH\My Documents\Fisher_m11.mq4 => ":CursorPos" ADS removed successfully..
C:\Documents and Settings\Administrator.JWH\My Documents\Fisher_m11.mq4 => ":LineFlags" ADS removed successfully..
C:\Documents and Settings\Administrator.JWH\My Documents\fxgtstsuk.exe => ":BDU" ADS removed successfully..
C:\Documents and Settings\Administrator.JWH\My Documents\fxsolutionsuk4setup.exe => ":BDU" ADS removed successfully..
C:\Documents and Settings\Administrator.JWH\My Documents\Hide.me-Setup-1.2.6.exe => ":BDU" ADS removed successfully..
C:\Documents and Settings\Administrator.JWH\My Documents\jre-8u31-windows-i586-iftw.exe => ":BDU" ADS removed successfully..
C:\Documents and Settings\Administrator.JWH\My Documents\Setup-Trelby-2.2.exe => ":BDU" ADS removed successfully..
C:\Documents and Settings\Administrator.JWH\My Documents\sp60088.exe => ":BDU" ADS removed successfully..
C:\Documents and Settings\Administrator.JWH\My Documents\TFC.exe => ":BDU" ADS removed successfully..
C:\Documents and Settings\Administrator.JWH\My Documents\WoT_internet_install_na.exe => ":BDU" ADS removed successfully..
C:\Documents and Settings\All Users.WINDOWS.0\Application Data\TEMP => ":56E2E879" ADS removed successfully..
C:\Documents and Settings\All Users.WINDOWS2\Application Data\TEMP => "FC5A2B2" ADS removed successfully..
C:\Documents and Settings\Jack Holland.JACK\My Documents\IMDb Video Player => ": Dan Starbuck Demo.net%2Fa2643" ADS removed successfully..

==== End of Fixlog 03:34:00 ====

 

[Broni]

Last scans...

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

• Internet Services
• Windows Firewall
• System Restore
• Security Center
• Windows Update
• Windows Defender
• Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

• Double click the icon and select Run
• Click Next
• Select I accept the terms in this license agreement, then click Next twice
• Click Install
• Click Finish to launch the program
• Once the virus database has been updated click Start Scanning
• If any threats are found click Details, then View log file... (bottom left hand corner)
• Copy and paste the results in your reply
• Close the Notepad document, close the Threat Details screen, then click Start cleanup
• Click Exit to close the program

 

[JackH]

Results of screen317's Security Check version 0.99.93
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Bitdefender Antivirus Free Edition
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 60
Java version 32-bit out of Date!
Adobe Flash Player 27.0.0.130
Mozilla Thunderbird (31.4.0)
Google Chrome (49.0.2623.112)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Bitdefender Antivirus Free Edition gzserv.exe
Bitdefender Antivirus Free Edition gziface.exe
IObit IObit Malware Fighter IMFsrv.exe
Malwarebytes Anti-Malware mbamtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 10%
````````````````````End of Log``````````````````````

 

[JackH]

Farbar Service Scanner Version: 27-01-2016
Ran by Administrator (administrator) on 30-09-2017 at 16:20:45
Running from "C:\Documents and Settings\Administrator.JWH\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\WINDOWS.1\system32\dhcpcsvc.dll => File is digitally signed
C:\WINDOWS.1\system32\Drivers\afd.sys => File is digitally signed
C:\WINDOWS.1\system32\Drivers\netbt.sys => File is digitally signed
C:\WINDOWS.1\system32\Drivers\tcpip.sys => File is digitally signed
C:\WINDOWS.1\system32\Drivers\ipsec.sys => File is digitally signed
C:\WINDOWS.1\system32\dnsrslvr.dll => File is digitally signed
C:\WINDOWS.1\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS.1\system32\ipnathlp.dll => File is digitally signed
C:\WINDOWS.1\system32\netman.dll => File is digitally signed
C:\WINDOWS.1\system32\wbem\WMIsvc.dll => File is digitally signed
C:\WINDOWS.1\system32\srsvc.dll => File is digitally signed
C:\WINDOWS.1\system32\Drivers\sr.sys => File is digitally signed
C:\WINDOWS.1\system32\wscsvc.dll => File is digitally signed
C:\WINDOWS.1\system32\wbem\WMIsvc.dll => File is digitally signed
C:\WINDOWS.1\system32\wuauserv.dll => File is digitally signed
C:\WINDOWS.1\system32\qmgr.dll => File is digitally signed
C:\WINDOWS.1\system32\es.dll => File is digitally signed
C:\WINDOWS.1\system32\cryptsvc.dll => File is digitally signed
C:\WINDOWS.1\system32\svchost.exe => File is digitally signed
C:\WINDOWS.1\system32\rpcss.dll => File is digitally signed
C:\WINDOWS.1\system32\services.exe => File is digitally signed

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0700000004000000010000000200000003000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****

 

[Broni]

Sophos?

 

[JackH]

8 hours in and it's still on the first bar. It's also barely using any cpu, bouncing between 0 and 15%, probably averaging 3%.

 

[Broni]

Keep going.

 

[JackH]

Sophos says the computer is clean.

 

[Broni]

Update your Java version here: https://www.techspot.com/downloads/6463-java-se.html
Alternate download: http://www.java.com/en/download/manual.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

================================

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download

DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

• Activate UAC (optional; some users prefer to keep it off)
• Remove disinfection tools
• Create registry backup
• Purge System Restore
• Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

6. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

7. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

8. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

9. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

10. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

11. Please, let me know, how your computer is doing.

 

[JackH]

Thanks for all the help. I think the computer guy I go to would have said just do a re-install. I donated some money for your efforts so you can buy a few espressos on me.

 

[JackH]

Oh, the computer is doing great. Not only did the main issues go away a few days ago, it got zippier.

 

[Broni]

Way to go!!
Good luck and stay safe

...and thank you