parruthead

Hi Ron, I did disable it as you told me too after post #25, but uninstalling and reinstalling it is what cured the slow shutdown, apparently there was something corrupt with it. Does the real time protection in MSE then need to remain off from that point on? If so is MBAM's real time protection considered a replacement for that? Did you find anything in the ComboFix log I posted? Also any solution for the Icon issue? Thanks for all you help and efforts, I do appreciate it! Merry Christmas and safe travels, Steve

I found the cause of the slow shutdown after noticing it was normal with MSE and MBAM turned off. Through trial and error I narrowed it down to the MSE. So I removed and replaced it and the solved the slow shutdown issue, boot seems to be much better as well. Wait now to see if the MBAM dialog box will not pop up any more saying "Real Time Protection is off" after MBAM loads. So far after 2 restarts it hasn't, but it hasn't been a consistent issue. If that ends up being resolved then the only thing I have yet to fix is generic icons on the desktop for Firefox saved shortcuts for websites, which came about after the FSRT64 run on file you gave me.

Ok here is log from Combofix. ComboFix.txt

Yeah you might go back over the last few posts I had and you will see screen shots of the problems with MBAM. Really the only thing resolved so far is the startup auto run of Chkdsk and internet connection. Shutdown was faster with MSE off but slows down again when back on. Also have had maybe 2 restarts where MBAM didn't send up the warning, otherwise it is still happening. Addition.txt FRST.txt

That helped a lot on shutdown, boot still slow. MBAM very slow to load at lease it takes forever to appear in task bar, also still getting the dialog that real time protection layers are turned off even though they appear to be on in the settings. boot.txt shutdown.txt

Nice that the new program now incorporates all three programs into one. I finally found the cmd to shut off the boot scan, so that is no longer an issue. After installing the MBAM i got the first message (labeled First Issue attached) but after checking program before clicking "turn on" in the message if find that is is already running, so I am not sure why it gave this message. I rebooted again and then got the (Error Issue attached) again clicked ok and eventually the program was up and running in the task bar. The attached logs are from the last restart which is still slow, I did have one restart that was closer to normal times right after the program had been removed but the 2nd restart after that was slow again before reinstalling the program. Still have generic Icons on desktop for Firefox links. Thank you! boot.txt shutdown.txt

Shutdown is now reasonable with out all 3 Mbam products installed, and for some reason Chkdsk did not try to run on startup this time but did on first restart. Shutdown.txt Boot.txt

Ok ran that here is the log. Thanks! wininit.txt

Yeah it still is giving a countdown on startup to run. The make model and specs are all in the first post if you scroll up. I am ready to try anything even the more advance stuff, you also mentioned having QC look into it as well. One of the shutdown/boot was much faster when I was going through the removal process, couldn't tell what may have effected that. Icons for Firefox website links on desktop are still generic, tried several things to no avail to fix that too. The computer doesn't run slow on anything now but restarts and boots, the internet and connection issues seem to have resolved on their own.

The FRST64 didn't crash it was the Dell Management Agent service that was stopped during the run that forced an unstoppable restart mid run of the FRST64. Its a little over 2 years old and has been a very solid and reliable system. I do have the data backed up just hoping nothing in that backup is corrupted from this system. I would like to do a system repair but of course the OEM version won't do that and I haven't been able to find a full version of 7 anywhere for a reasonable price, Microsoft will let you download it but only if you have a full version not an OEM version. If at all possible I don't want to do a clean install as that is a weeks work to get everything back in place, settings and all stuff that won't restore in Outlook which is my major main program, loaded with business I did run all the diagnostics and its a solid state drive for the system, all tests have passed. No doubt though there is something wrong with the system, if you look at the last screen shot of the startup something is wrong with the resgistry, also the screen shot from a few posts before that with all the red flags and such in the event window. Did you see that the disk check is still trying to run at boot?

Also forgot to add that after the restore and before I tried to run FRST64 again I went in and stopped that Dell process first which then didn't interfere with run by causing restart. So Fixlog above is from that 2nd run which I am hoping went ok.

I think permissions also got messed up, trying to fix icons it wants me to have admin privileges even though I'm it!

Thanks for info on MSCONFIG I will look into using that. Well Dell thru a wrench in that last instruction. Shortly after I started FRST64 a dialog came up stating something about Dell Management Agent being stopped and windows would restart, no way out of that is was gonna restart like it or not. So after the restart (of course FRST64 hadn't finished its run before that happened) the desktop appeared, all icons generic, and endless spinning donut of lockup, tried everything to do a proper restart but wasn't possible so had to power it down. Booted into recovery and restored to earlier point saved by earlier run of FRST64 earlier today. That seemed to get things up and running again but still have generic icons for all Firefox saved shortcuts, startup items in taskbar showing up in different order, not that it matters to me. Not sure if it did any other damage yet. As far as the shutdown and boot up they are still painfully slow, disk check still trying to run at startup. Let me know what you think of all that! :-) Fixlog.txt

Sorry didn't realize I needed to remove all three programs. So I did clean removals (of first 2, but couldn't find app to do clean removal on last one) MalwareByes Anti-Malware, Anit-Exploit, and finally Anti-Ransomware Beta. Restarted twice, captured shutdown and boot logs, also ran FRST before reinstalling all programs. Also did a few screen captures during startup, need to shut off the scan disk at startup, also some issues in one of the screen captures with 2 registry items. See 8 attachments below. Addition.txt Boot no Malwarebytes programs.txt Shutdown no Malwarebytes programs.txt FRST.txt

shutdown uninstalled.txt boot uninstalled.txt

New shutdown log.txt New boot log.txt

Thanks for the reply, Ok got through all that, boot showed error and shutdown showed critical as level sign labels in event log window. Didn't seem to improve either event. Also I would like to shut off disk scan on boot, I have been canceling it manually, so this boot log is with canceled scan. New shutdown log.txt New boot log.txt

Attached also are Shutdown and Boot performance logs. Boot Performance.txt shutdown performance.txt

Thanks Ron, Here's the scoop and logs: A while back one of the Malwarebytes programs (I think it was the AntiRansomware) wanted to install an updated version, this failed and continued to try and install, the Malwarebytes site was aware of the problem and eventually corrected the issue with instructions how to uninstall/reinstall etc. It was after all this that it seemed the following conglomeration of issues slowly developed. 1. 5-10 min shutdowns or restarts. 2. Unable to connect to some sites but no problem with others. 3. Can't login to my office 365 email. 4. Can't update Microsoft Security Essentials. 5. Intermittent and slow connections to websites, but no problem with some sites such as Netflix. 6. Can't seem to download manually, updates from Microsoft with catalog server. 7. Startup seems to be much slower. 8. Windows Internet Explorer seems to be worse with connections than Firefox is. I have ran sfc scannow, disk check, Malwarebytes, rkill, adwcleaner, tdsskiller, jrt, Sophos and everything I can imagine to do. Startup items look ok I try and keep them in check. Also shutdown computer pulled power and held power button down for 1 min left this way overnight. Unhooked cable modem and routers and reconnected. Thanks for the help! Steve This is a 2 year old Dell Precision T1700 OS Name Microsoft Windows 7 Professional Version 6.1.7601 Service Pack 1 Build 7601 OS Manufacturer Microsoft Corporation System Manufacturer Dell Inc. System Model Precision T1700 System Type x64-based PC Processor Intel(R) Xeon(R) CPU E3-1220 v3 @ 3.10GHz, 3101 Mhz, 4 Core(s), 4 Logical Processor(s) BIOS Version/Date Dell Inc. A20, 9/22/2016 SMBIOS Version 2.7 Windows Directory C:\Windows System Directory C:\Windows\system32 Boot Device \Device\HarddiskVolume2 Locale United States Hardware Abstraction Layer Version = "6.1.7601.17514" User Name Steve-FLHOME\Steve Time Zone Eastern Standard Time Installed Physical Memory (RAM) 8.00 GB Total Physical Memory 7.94 GB Available Physical Memory 4.48 GB Total Virtual Memory 15.9 GB Available Virtual Memory 12.5 GB Page File Space 7.94 GB Page File C:\pagefile.sys Addition.txt AdwCleaner[S1].txt CheckResults.txt FRST.txt JRT.txt Rkill.txt

Thanks Kenny, Running defrag while I type this. I appreciate all your help. I have sent you a token of my appreciation for helping with my Mom's computer. Time goes by so fast that I hadn't noticed that this laptop was so old that it only had 512mb Ram, funny how time slips away! If you are ever in S.W. Florida and in the market for real estate or have a friend that is please keep me in mind, that's my business here on Marco Island! Thanks again. Best Regards, Steve

Ok Kenny got all this done, system still very slow, but maybe after we clean up all this and I run Diskeeper to defrag it will get better, anything else that can be dumped that may slow it down? Appreciate all your help and patients with this one!

Ok that HJT is done. Sure if there is a free virus program that you trust that would be great. I would need it to auto update and scan emails since mom wouldn't be doing that.

Ok here is Hijackthis log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 2:50:41 PM, on 5/1/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17096) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Executive Software\Diskeeper\DkService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Norton Utilities 14\nu.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Doris Lindburg\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://netscape.aol.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\18.5.0.125\IPS\IPSBHO.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [NortonUtilities] C:\Program Files\Norton Utilities 14\nu.exe /H O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-21-527984550-2856840686-2488814069-1008\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup (User 'LogMeInRemoteUser') O4 - HKUS\S-1-5-21-527984550-2856840686-2488814069-1008\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" (User 'LogMeInRemoteUser') O4 - HKUS\S-1-5-21-527984550-2856840686-2488814069-500\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup (User 'Administrator') O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1295534287937 O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos-beta/OnlineScanner.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: WLANKEEPER - Intel

Problems with ComboFix hanging, this happens when text in the window indicates it is doing a scan, don't know why its scanning when there was your script to follow, is this normal? flashing cursor is all that is happening. I will try again in the AM after a restart, seems as though doing this remotely is causing some problems, not much choice though as I can't have Mom do it.

OK got all that handled. Yes speeding up this computer would be nice, it is a sloth as it stands now.