pvs

Hey Ron. I just wanted to check in here, and let you know I am still alive. More important than that, my old crusty desktop system is also still alive! I received the parts a couple of days ago, and wound up replacing the cooling towers as well as the fans. I've only taken the CPUs out of this system twice, and I am always anxious when I need to do so. But I really needed to remove them in order to clean the old Arctic Silver off, and I wanted to take some photos of both sides, in case I needed to replace one or both (considering one was running without its fan for a few minutes while I shut down after destroying that fan). Anyway, after several boot attempts with the new cooling fans and towers in place (and not being successful), I started removing and reinserting various cards in order to try to ascertain the issue. It wound up being a need to re-seat my memory chips. Once I did that, the machine came to life, and has been booting fine, since. And it is MUCH more quiet than it had been, so I am very happy with that. Going back to the issue we'd been working with, I cleaned out a lot of stuff I don't use, PS CS, PS CS2, PS CS3, PS CS4, and a few things I used to use when I was hacking an old Windows Mobile Cell Phone a few years back. I then defragged the disk and ran SDELETE -c to reduce the size of my resulting backup files. After doing that, and running a backup of the machine with no AV installed, I found the machine worked well, very responsive, and MBAM worked flawlessly. So I decided to try going back to Bitdefender Internet Security 2015, which they licensed to me instead of Bitdefender AV 2016 (which is not compatible with XP). I had been using BD Internet Security 2015 before I had the Malwarebytes issue that brought me to start this thread. I had found the product to make my machine run as it if were infected, and then opted for Avast!. But I had never set the mutual exclusions between BDIS and MBAM in my first go-round. So I've decided to give BDIS another go, but this time, with those exclusions in place. I am happy to say the the two products seem to be working well together, though I am still trying to iron out a few things that BDIS does to my system. I've managed to make quite a bit of progress toward that, though I am still not very happy, and MIGHT still look for a different AV alternative. Once I am happy with whatever AV I choose, I also might try to make use of some of the tools you introduced me to, in an effort to help clean up this system a bit. I'd also like to try making a new WinXP SP3 Installation disk, if I can still get all of those updates and SP3 online ... but I need to push that off to the wintertime, as I need to get outside and attend to some work on this old house. Ahhh - balance! It's so hard to find, especially when you're as addicted to these machines as i am. Anyway, again, I just wanted to write back, and let you know what's up with this thread. Thank you so much for your kind help and patience with me. -pvs

Interesting articles, Ron, thank you for linking them. Upset the apple cart? Well, it would have to do with the licenses, which would need to be input upon re-installation of each program. So I'd need to release the license for each one prior to re-activating on the new OS installation. As you've noted, some of my software is (MUCH) older, and some of those manufacturers might just try to force me to purchase/rent their newer applications rather, than allow me to activate anew. And many of those newer applications would potentially not be so well suited to Windows XP. So this part of the project could get very complicated and prone to issues. FWIW, I have looked at some information on the Internet regarding building a slip-streamed XP installation environment, and I might do that for future use. Again, I am not completely rejecting the idea of rebuilding everything top-to-bottom. I am just holding back right now to see if I can patch what I have, at least for the time being. Please remember, the only REAL issue I am having with usability right now is with MBAM's Real-Time Protection, and it seems that it might simply be an incompatibility with AVAST. So I am happier simply trying to fix what I've got, than to try to restart completely, and re-configure the many systems that are installed on my rig. As for Registry Cleaners, aye, I used to toy with one many years ago, NGB Cleaner, if I remember correctly. But I typically don't use them, as I found them to often cause more issues than they fix. I sometimes do some manual cleaning to get rid of stuff, and rely of backups in case I royally screw something up. Anyway, it looks like I am going to need to take a break for a few days, as I wound up destroying one of my CPU Cooling Fans the other night (trying to quiet it down a bit). Happily though, I was astonished to find that I can still purchase OEM fans that are identical, right down to the Rev Letter, to the ones that originally came with the machine! Wow, this server is more than 12 years old, and I can still buy some OEM parts. I am amazed, and relieved that I don't need to look for something that I need to force into place. I have ordered two of them (since the other one is noisy as hell, too), and they should be here in a few days. On a side note, my wife is happy, as she was starting to get PO'd at me for the time I was spending on this project. LOL One more thing - going back to your 2nd article, and it's explanation of Trojans. I thought it very strange that a Trojan would be in this file. I wound up throwing an older HDD back into place, and I rescanned that file using a few different AV scanners, as well as MBAM. Nothing turned up at all. So I am pretty confident that what Kaspersky found was a false positive (32-bit scanner on 64-bit software?). FWIW, that installer was downloaded straight from Nikon. I scanned the installer, too, and it, too, was reported as clean. So I reinstalled that program, and it now has it's uninstaller back. So I'm going to be away from here for a few days, Ron. I will let you know how things are going once I get that machine back up and running. -pvs

Hmmm, yes, I've thought of that. It would also be a good way to check if Microsoft is still offering Windows Updates for XP. They USED TO bug me once in a while when I cloned a system HDD, but they haven'y peeped in many many months. Maybe they've figured out that I'm not running more than this one machine, just with a multitude of different HDDs. But I wonder what would happen if I tried a complete reinstall of the same Serial number. I would also need to work with many of the software producers, ensuring that I de-activate each product before trying to reinstall. So, outside of the ENORMOUS amount of work such a re-install would entail, I am concerned that doing so might upset the apple cart, so to speak, and leave me with products I can no longer use. Still, I am holding the idea out as a last-ditch approach, and will see what I can do to patch this old installation together before taking on that approach. FWIW, prior to making my next backup, I have PXE-booted a Kaspersky Rescue Disk, and have run a scan on both the WinXP and the Win7 partitions, as well as the Boot Sector and Hidden Startup objects. Low and behold, the scan DID turn up ONE nasty bugger. But it was found in an uninstaller for Nikon Capture NX2 ON THE Win7 side. Obviously, I have never used that uninstaller (or else, the program would be gone), but please advise - could the presence of that virus in that file affect either of the partitions, even though I never use it? I am not very educated in the way these things can work. The virus was: Trojan.MSIL.Agent.abxqs. Please advise. At any rate, I allowed Kaspersky to delete the entire file, and disinfection was not possible. Trying to be as careful as possible here, I am now also allowing Kaspersky to scan my entire E drive. It's 44% done as I write this, and so far, it appears clean. But there's still a long way to go, obviously. And yes, I DO enjoy this stuff. It used to be part of my job, and I always thought it was so great being able to do my hobby for a living. Kinda wish I could find some way to earn some dollars doing it again. But if not, well at least I have a fantastic system here at home to fiddle around with. Anyway, let me get back to this thing. I'd like to be able to start up the Backup process before I turn in. "See" you in a day or two, -pvs

Hi again, Ron, and once more, I apologize for the delay - but I ran into some issues with the last go 'round. I understand your inability to keep up with me as I go back and forth with my different HDD revisions. I know I am not making it easy for you. But I am trying to be as careful as possible in cleaning my issue, and trying hard not to lose functionality in this PC, which was working fine outside of my issue with the Real-Time Protection always getting shut off. Toward this end, I BELIEVE we have isolated the issue as being some sort of incompatibility between MBAM and my AVAST antivirus. Anyway, briefly, what I had found when we last left off, was that I was having issues with Remote Desktop, which I got around by going back to my 8/12/2016 HDD backup. But in further testing, while I could now connect via Remote Desktop, I also found the following issues: 1) I could no longer open my downloads folder from within Firefox 2) My right-click context menu and My Computer "Search" functionality no longer worked 3) I no longer had File-Edit-View... menus in Internet Explorer 4) I could no longer open a Windows Explorer panel to view my local computers (no permission?) 5) I was having an "Unspecified Security Risk" warning when right-clicking on an item from my networked devices I tried fixing some of these issues using things I found on the Internet, but I was coming up short with a few of them, and things were just getting complicated. Further, I wasn't sure if other things were also going wrong. So I decided to restore my system to just before we started working on this problem. Luckily, I had a backup from 8/6/2016, which was just before we started. Using that backup, I went in and cleaned ALL of my Antivirus products and MBAM using the uninstallers we previously used, as follows: 1) Uninstalled AVAST using AvastClear (previously downloaded) 2) Did a clean uninstall of MBAM (MBAM-clean v2.3.0.1001) 3) Manually uninstalled MS Security Essentials as I had done before 4) Again used MCPR (previously downloaded) to remove McAfee remnants 5) Used the Bitdefender Cleanup utility you linked (previously downloaded) 6) Then I did a standard "Windows Cleanup" of Drive C (Right-Click->Properties->Disk Cleanup) 7) I removed several unused Windows Features using Add & Remove Programs & Features) 8) I also updated VLC Player with a DL from their site. I proceeded to make a backup of this HDD state. Then I used a clone of the HDD and did the following: 1) I updated iReboot to the current version (1.1.1.15) 2) I reinstalled MBAM 2.2.1.1043, which gave me the following issues a) Crash on initial startup/update (1709_appcompat.txt, attached) b) Restarted MBAM - no AntiRootKit Driver loaded, rebooted c) Still no AntiRootKit driver on startup scan d) Retried the Scan, and now it was OK. It found the same 69 VideoAd PUPs we had found before, which I killed e) Rebooted - MBAM OK and Protection was enabled, but my extra Windows Taskbars were killed. I reset them as I had them. f) Rebooted again - MBAM and all else appear OK g) Ran Chameleon #1 (v3.1.29.0) - 0 threats found h) Rebooted again, and all looked great. I tested all of the issues I had previously found, and everything is still working. From here, I am now creating another HDD backup and clone, before I try using some of the cleaners you introduced me to, and before I install another (or the same - I don't know yet) Antivirus package. FWIW, I hesitate to uninstall iTunes/Bonjour, due to the fact that I do not update my old iPhone nor iTunes to the latest versions, simply because Apple keeps on making my old phone slower, reduces battery life, and they obviously want me to spend money to upgrade my two phones that still work fine. I fear that reinstalling iTunes is more than likely going to present me with upgrade issues. I will revisit this topic in the future if need be, but for now, I am opting to leave that alone. I am attaching the crash log (1709_appcompat.txt) from the first run of MBAM, noted above. in case you see anything in there. I am also attaching the Daily Protection Log, and the two Threat Scan Logs, for your review. Again, I understand that I am not making things easy for you, and my case of being able to revert back to earlier HDD versions is probably not "the norm", but I am happy that whatever I do on this old rig can be easily undone, as it affords me a great amount of flexibility. Please understand that I am not fully expecting you to review my logs at this point. I offer them to you in case you might wish to take a look and offer pointers and suggestions. Unless you request otherwise, I will continue to post my progress, logs, and observations as I proceed. I hope you understand. Anyway, on to a few hours of making another Backup/Clone of this HDD. I'll be back within a day or so with a new update. Thanks again for everything, and for the wonderful MBAM product and your support and help. -pvs 1709_appcompat.txt Threat Scan Results 2016-08-26.txt Chameleon Threat Scan Results 2016-08-26.txt DailyProtectionLog_2016-08-26.txt

Hey Ron, Just another note from today... Following along with the steps you gave me after Aug 12th, I used another freshly-restored HDD from that date, and ran ComboFix. ComboFix upgraded me to Version 16.8.21.2. At the end of the AutoScan, ComboFix threw a few RegReplaceKey: 5 - Access Denied errors: C:\WINDOWS\system32\config\SECURITY C:\WINDOWS\system32\config\software C:\WINDOWS\system32\config\system C:\WINDOWS\system32\config\default C:\WINDOWS\system32\config\SAM C:\Boot\BCD I answered "Yes" to every prompt that came up. I have attached the resulting Log if you'd like to review it. When it completed I ran a MBAM Threat Scan, and have included those logs as well. Finally, I ran another FRST/Addition scan. I do not see the issue we had earlier regarding the failure to release Registry memory, but a lot of errors still remain in the log, including the Bonjour stuff (and again, I think I need to keep Bonjour, unfortunately). FWIW, the PC is still permitting me to use Remote Desktop. As a matter of fact, I ran ALL of these scans via remote control from my Surface Pro. So, with that, I am about to run another full backup, and will proceed to do only one step at a time between backups from here on out. As I have not yet killed AVAST, I am not sure if you want to keep following me on this, Ron. But if you do, and check these log files, I want to let you know that I would appreciate any and all tips you might have for me on getting rid of the continuing System and Application Errors that ware showing up. Finally, once I have this current backup completed and cloned to an HDD, I plan to run MiniToolBox again, as that was the step we had done previously once ComboFix was run. I will post those results when I have done that. Thanks again, -pvs ComboFix_2016-08-24.txt Threat Scan Results 2016-08-24.txt FRST_2016-08-24_AfterComboFIX.txt Addition_2016-08-24_AfterComboFIX.txt

Hi again, Ron, I just wanted to write back and acknowledge your last post here. I have gone through my assorted restored HDDs, and found that Remote Desktop worked right through Aug 14th's version. However, that was also where FRST started to show the issue with Registry hive memory not being able to be freed-up. I found that my Aug 12th backup did not have that error. FWIW, I went back and manually downloaded the newest FRST from the website you linked earlier, and have been using that version since. I also shrunk the two partitions so that I can again use two other Velociraptor 300GB HDDs I've had in storage, and I restored the August 12th version onto both of them them, so that I can "play". I used one of those disks today, and tried ResetDefaultPerms one more time. Unfortunately, it DID replicate my issue of no longer being able to connect via Remote Desktop. So it looks like I cannot use that utility - too bad. Anyway, I am going to continue poking around on this PC to see if I can clear up some of the errors noted using FRST. I have briefly looked at some stuff on the web regarding removal of Bonjour, but it seems I really might need that utility, as I DO sync my phone with Outlook using iTunes, and from what I'm seeing, I need to have that thing installed. I am probably going to try a different AV product at some point, but for now, I want to try to get rid of some stuff I don't use, creating backups every step of the way, and rolling back whenever necessary. If you want, I will update this thread with anything new I find, in hopes that doing so might help some other folks out there who are still using XP. Could you please keep the thread open so that I might do so? Thanks so much for your time and patience, AND for the excellent utilities you've introduced me to. I think that with the help of those tools, I might get a better handle on what's going on with this old XP installation. And again, the steps we've taken thus far have already improved the responsiveness of this PC a LOT! And it's great to know that my issues do not seem to be related to viruses or malware. (I think?) Hope to hear from you again, -pvs

Hi again, Ron, Okay, yesterday, I went full-tilt with my backups, and created separate drives for each of my most recent backups, since we began working on my issue with MBAM Real-Time Protection always turning off. I now have individual drives for each backup - August 6, August 12, Aug 14 and Aug 18, as well as the one with a few changes since Aug 18 (ResetDefaultPerms being run, in particular, as well as AVAST being uninstalled). Despite what I had stated earlier, it seems that Remote Desktop was indeed working okay right through Aug 18th, before we ran ResetDefaultPerms. (It seems I didn't wait long enough before trying to log in remotely in my previous tests. Oy!) Anyway, now that I have all 5 of these HDDs, maybe we can go back and see at which point FRST first gave us the issues with the Registry Hive memory not being able to be released. I am thinking it MIGHT've been with the scan I inappropriately did using AVAST's newest version, but I am not sure. I am not going to run anything on any of the drives before I have your say-so. So I will bump this thread again tonight, and let you think about my options. Hopefully, having this "library" of HDDs to select from, we will be able to get a better picture of what might be going on. As a side note, I am SO HAPPY I set up this backup/restore procedure a few years back. (It also helps a lot to have all these extra HDDs laying around!) It has been a great feature, and has gotten me out of jams a few times in the past. I hope we can similarly find a resolution in this go-round! Anyway, I just wanted to set the record straight regarding Remote Desktop's functionality throughout this process. Looking forward to hearing what you think. -pvs

Hey Ron, Sorry for the delay. Two nights ago, I realized that I could no longer Remote Desktop into this machine while it was running WinXP. It still works from the Win7 side, so I know this issue is not a network problem. Anyway, I proceeded to do the full uninstall of AVAST, and I double-checked using the wbemtest tool you showed me. As hoped for, I had NO antivirus Products installed. I rebooted twice after that, and MBAM did not start on any of them. At that point, I rechecked to see if Remote Desktop worked. Nada. So I then did a clean uninstall of MBAM. Leaving that uninstalled, I again rechecked Remote Desktop. Still nothing. So I decided to get a couple more extra HDDs out of my desk drawer, and do a few restorations of much older versions of this machine. My May 28, 2016 version's restore, which was just before I dropped Bitdefender for AVAST, had a few issues due to a (at that time) recent change of my video card, which had died. Before trying to fix those issues, I then restored from a June 18th backup, which was immediately after I installed AVAST. Here, Remote Desktop WAS working, though this issue with MBAM was already evident. So, SOMETHING has killed Remote Desktop. I am not sure if it is due to some of the cleaning processes we did, or something else. I have tried disabling the firewall, and turning Remote Desktop off and back on on this PC, but it is refusing to connect. So, FWIW, I have gone back to the disk we were last working with, and I reinstalled MBAM. Surprisingly, even though I had done the full clean uninstall, when I reinstalled, I did not need to re-activate the product. The license info somehow carried across auto-magically. I am attaching the log from the "first" Threat Scan, below. I did the three boots as soon as this scan completed. I am happy to report that MBAM started up each time, fully enabled! So it is LOOKING like there is an incompatibility between MBAM and AVAST, eh? I am open to suggestions on another AV Product. As I have already paid for BD (and it was brutal on this PC), I would PREFER a "free" option, if possible, but I know we often get what we pay for, and vice-versa. I also went ahead and re-ran FRST, and attached the two logs. I see that that REGISTRY Error is still there!!! Please let me know if you see anything else of interest. Please note that I am still getting the Update Error (5) when FRST starts up. Should I try to manually download a newer version? In the meantime (and as a side note, right now), I have a few complete backups of this system that I made while we were going through this process (2016-08-06, 2016-08-12, 2016-08-14, and the one from 2016-08-18, which we are currently working from). I plan to restore each one in succession to try to determine at which point Remote Desktop stopped working. But I will keep this HDD and the prior one intact in case we need to go back to them at some point. I will proceed with these restores and let you know what I find. Hoping you might have some ideas about what I am experiencing, thanks again for all of your time and effort in assisting me. -pvs Threat Scan Results 2016-08-21.txt FRST.txt Addition.txt

Okay Ron, I did the full backup, and it went SURPRISINGLY fast - Under 3 hours, where it has always taken at least 6 hours before. Weird. Anyway, due to this speed, I wasn't feeling secure that the backup was valid (though Acronis said it was). So I decided to swap out my hard drive for another one I had handy, and create a clone, just to be sure I had a working copy. I am happy to report that it worked like a charm, so I now have two identical drives, outside of the fact that this one has had restoredefaultperms.exe run on it. The first reboot after RestoreDefaultPerms threw an error message about the MFP device (see attached .JPG), but I restarted that device before the next boot (not sure I actually HAD to), and that error did not reoccur on subsequent reboots. MBAM did not load on this boot - or maybe I didn't wait long enough (about 5 minutes). The second boot threw no errors, but again, MBAM did not load within about 5 minutes. On the third boot, MBAM DID finally start (maybe because I had the machine running for a longer time?), but the Real-Time Protection was disabled. Anyway, attached are the new log files from FRST. Please note that I did not disable AVAST's shields, but I DID manually re-enable MBAM's Real-Time Protection. I hope that's okay (I really need to get some sleep, and I messed up). Just thinking, maybe with the permissions fixed, I should do another clean install? I'm just guessing here, I will await instructions from you. Thanks, yet again, -pvs FRST.txt Addition.txt

Okay Ron. Thanks again. I have downloaded the restoredefaultperms.exe file and saved it in two secure locations (and marked them RO). I then went into MBAM and excluded the "C:\Program Files\AVAST Software" folder, as described in the first "This Post" link you provided. Note, I did NOT follow the other instructions in that post, regarding cleanup of temporary files, downloading of OTC, deleting MBAM history, nor the one to DL version 2.2 of MBAM. I ONLY used that post for instructions on excluding the AVAST Software folder in MBAM. I hope that is what you wanted me to do. I also went into Avast! and set up the six exclusions shown on the second "This Post" link, as well as the web exclusion. Note that my newer version of AVAST is quite a bit different from that write-up. If you want, when we're done here, I can give you a better description of the process for this newer AVAST Antivirus. I am now going to run a full sector-by-sector backup of the entire boot drive (both partitions). This will save the above settings, as well as the disabling of the two AVAST Tasks we did a few posts above. I will make note of that in the Backup Comment, so that I don't forget about it if I ever need to restore from that backup copy again. This backup will take about 7 hours to complete. Once it's done, I will check back here for any further instructions, and then run RestoreDefaultParms and FRST. Two questions on the repeated reboots (before FRST): If they don't start automatically, should I restart MBAM and/or enable Real-Time Protection between those reboots? Should I deactivate AVAST and MBAM Protection prior to running FRST? Okay, that should do it for now. I'll be back sometime tonight or tomorrow. -pvs

Hey Ron, I've been thinking, and I recall a few months ago, I was toying around in the system32 folder. I had an issue with User Permissions, and I think I might've screwed some of them up. I was searching the Internet a few moments ago from one of my other machines, and I ran across this post , which refers to the SubInACL utility. This utility sounds like it might be promising, and could be able to clean up any mess I might've made (or maybe it'll make some other ones). I downloaded the .MSI Installer (on this PC,not the one we're working on) from https://www.microsoft.com/en-us/download/confirmation.aspx?id=23510. I couldn't believe they still have it up there - and it SAYS it's for WinXP!!! What do you think? Could THIS be the cause of my current MBAM issues and other system errors? Is it worth a shot? Please advise. -pvs

1) Okay, I have uninstalled Bonjour using the normal uninstaller, and it worked without issue (or error messages, anyway). FWIW, I never liked having that in my system. I am not SURE that I need it at all. Maybe it helps with syncing my old iPhone 4s. Maybe, if you agree, I can see if having removed it causes me any issues. If not, I think it might be a good idea to get rid of it altogether, and not look back. FWIW, after uninstalling Bonjour, AVAST threw up a panel saying that Bonjour has not been completely removed, and offered to delete 3 additional files associated with it. I did NOT click on the button to let it do so. 2) I disabled the two AVAST tasks in Task Scheduler by unchecking the enabled box in each of their Properties panels. 3) I've DL'd both the UPHClean utilities and the Process Explorer, as you recommended. On this issue, I just want to let you know that I very seldom have shutdown issues. Once in a while, I need to take some kind of action, but shutdowns usually go fine. I am not disagreeing with you here, just giving you some additional info on my symptoms. 4) Weird about the Explorer issue. I have no ideas, either. I guess maybe we'll see as we progress. 5) The MFP error MIGHT be because the printer that's attached to that device was shut off. I will make sure it is turned on for all future reboots while we investigate. I THINK that might make that issue go away. We'll see. FWIW, I turned that printer ON today before I logged in, and MBAM successfully loaded and was enabled - for that one boot, anyway. I wonder if that one simple thing might fix this issue. (Nevermind - see item 8, below) 6) As for Acronis, yes, it's old, but working very well for me, on all three installations (I have it on this PC's XP and W7 partitions, as well as one of my laptops). I Back-Up pretty regularly (and restore when needed). I do not upgrade because "it ain't broke" and many times, newer software breaks things. (LOL) 7) I installed the UPHClean utility, per your instructions. 8) I did a full reboot (SHUTDOWN, wait, RESTART). MBAM did restart, but very late, and Real-Time Protection was disabled, so the MFP Printer being ON did NOT help. Oh well. FWIW, I restarted MBAM's Real-Time Protection before proceeding. 9) All of the Services in my Services Panel show that they either Log On As "Local System" or "Network Service". 10) I would consider updating my iReboot app. FWIW, I DO still have a copy of the Version 1.1.1 Installer if need to roll back without doing a full Restore-From-Backup. Please let me know if you want to try that. 11) Checking my Services list for AVAST-related items, I DO see that Bonjour Service is still listed (and STARTED). Should I disable it? Try to allow AVAST to delete those three other files? Please advise. 12) The only entry I find for AVAST in my Services List is Avast Antivirus, set to Automatic. If I try to Disable it, I get an "Access Is Denied" error. Any ideas? FWIW, it is set to Log On As "Local System". 13 Looking in MS Config on the Services Tab, I see that Avast Antivirus is listed there, but similarly, due to Access Levels, I cannot disable it. FWIW, I AM an Administrator, and am logged in as such. NOTE: I ALSO see the Bonjour Service in this MS Config list, and it IS running. Should I disable it? Do more to fully uninstall it? Please advise. =============================================================================== So that's where I am standing right now. As I could not complete all of the instructions, I have not yet done another MBAM Clean Install, nor rerun FRST. Please reply back with further instructions regarding: 1) Bonjour Service complete removal 2) Any way to disable AVAST (getting around the access rights) 3) Should I try upgrading iReboot? Thanks so much, Ron. Boy, this stuff gets complicated, eh? I am SO HAPPY to have you assisting me with it (and I THINK I'm actually learning from the experience! Not bad for a 60 year old, eh)? Hope to hear from you soon, -pvs

Okay, I understand. Here is a list of the steps I just took: Set iReboot to go directly into XP Did a FULL shutdown Waited about 10 minutes Started up (directly in XP) - MBAM Started upon Login and was fully enabled Set iReboot to go directly into XP Did a FULL shutdown Waited about 1 minute Started up (directly in XP) - MBAM did NOT start upon Login Disabled AVAST shields Ran FRST There was an error updating FRST (see attached .JPG) Ran FRST again Still the same error updating (FRST shows "Ready") Enabled Addition.txt Performed the Scan Logs are attached I then re-enabled MBAM's real-time protection and came here. Again, if NECESSARY, I can restore this PC back to a couple of days before I updated AVAST, and we can try going from there. Please let me know what you think. -pvs FRST.txt Addition.txt

Okay Ron. I DL'd and ran the MiniToolBox as you requested, and have attached the resulting MTB.txt file. Though this PC (as I stated in my previous message) seems to be running better than it did, I AM still having the same issue, with Malwarebytes' Real-Time Protection being shut off (and sometimes with Malwarebytes not starting upon login), so, we're not out of the woods, yet. Also, the issue that started since we've been working on this PC, where I can not use the "Open Containing Folder" feature in Firefox, to open the Downloads folder, is still here. One more thing, and I'm really sorry that I broke the rule - AVAST was nagging me to update yesterday, so I did, and I also ran it's Smart Scan. It found no viruses, FWIW. I hope my updating and running of that scan did not jeopardize the things we've been working on, and will not do anything like that again in the future without first checking with you. Anyway, please let me know what to do next. As always, thanks a lot, -pvs MTB.txt

Hey Ron! I have to admit, this machine starts up and shuts down like it was new! That is great! I hope these procedures might've also fixed the real-time protection being turned off. We'll see. Anyway, I want to also advise you that I can also PXE-Boot this PC from my NAS (into a BartPE OS), so I also have THAT flexibility in working with the PC's drives if need be. Anyway, I ran a Threat Scan this morning, but it, again, did not create a log file. So I repeated the clean removal and reinstall process, and tried again. S U C C E S S ! ! ! Attached is the Threat Scan Log, and I also attached the Daily Protection log, as I still see some MD5 Errors in there. I don't know if you are expecting those, but I wanted to ensure you knew about them before we go on. Anyway, please have a look at these logs and let me know what you think. Threat Scan Results 2016-08-14.txt DailyProtectionLog_2016-08-14.txt