Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Sluggish computer, suspecting malware

Started by chadbroadway , Nov 06 2010 04:49 PM

  • Please log in to reply

#1
chadbroadway
Posted 06 November 2010 - 04:49 PM

chadbroadway

    New Member

  • Member
  • Pip
  • 1 posts
Thanks in advance for everyone's help. This is my (elderly) mother's computer that I tend to from time to time. She often complains about pop-ups and other debilitating windows while she's using the computer. I haven't witnessed any of that, but I do experience frequent lock-ups and very suspicious (and sluggish) behavior.

I'll post the OTL log here. Could someone please check for an obvious reason for the behavior? I appreciate the assistance!

--Chad

---------------------------------------------------------------------------------------

OTL Extras logfile created on: 11/6/2010 5:36:14 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Owner\Desktop\virus nov 2010
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,013.00 Mb Total Physical Memory | 272.00 Mb Available Physical Memory | 27.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110.32 Gb Total Space | 78.45 Gb Free Space | 71.11% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- (TOSHIBA Corporation)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A5EF29D-946F-4EE3-B930-9F6E13F0C765}" = protocol=6 | dir=in | app=c:\windows\system32\lxdccoms.exe |
"{0DD0C718-3498-4975-A33C-30E31195938E}" = protocol=17 | dir=in | app=c:\program files\lexmark 1300 series\lxdcamon.exe |
"{17719B64-09BA-4DDC-A7DA-FC1E309F0CE7}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdctime.exe |
"{19AFF3F7-C40A-4ECD-ADF5-43E29791B3AE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2F219CB3-D3A7-47BC-8944-EBC25F315F03}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{477ED302-0A55-47A3-B2A1-6AD9D72446F1}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdcpswx.exe |
"{8737D614-349A-442F-8BD6-C462CDD49DFC}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdctime.exe |
"{9E98E85D-6B49-4B01-BFD3-1F3C741AFC17}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{9F2E5F24-A51B-4B01-AB96-869C3AC1D919}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B1D0E172-4056-4D57-B049-3E2BB2D2A877}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{B9BADBBC-66EA-4700-BC92-2627490EE2A7}" = protocol=17 | dir=in | app=c:\program files\lexmark 1300 series\app4r.exe |
"{C7078773-BFD3-4608-BC3B-D8309D38B094}" = protocol=6 | dir=in | app=c:\program files\lexmark 1300 series\lxdcamon.exe |
"{D2690CA6-0206-43CC-A6ED-6C8854E1A9B7}" = protocol=17 | dir=in | app=c:\windows\system32\lxdccoms.exe |
"{D7133BC3-7752-4C73-934B-F310BEEDABD3}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdcpswx.exe |
"{D927705F-DFDE-4287-9314-26339755ECB1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{FC24C930-7C1C-4976-8F31-70B8DED9204E}" = protocol=6 | dir=in | app=c:\program files\lexmark 1300 series\app4r.exe |
"TCP Query User{755489D6-3390-41B6-8B1E-9472329F4CE9}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{ABE7FB83-E69C-4EC7-92AA-51516748A0D7}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{C4B418F7-EA74-47E2-A58E-2C382B0DAAA6}C:\program files\lexmark 1300 series\lxdcamon.exe" = protocol=6 | dir=in | app=c:\program files\lexmark 1300 series\lxdcamon.exe |
"TCP Query User{D6807173-6E2A-4570-825B-20016AF2441E}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{255DB2EF-F444-4942-A63A-6187D832FB49}C:\program files\lexmark 1300 series\lxdcamon.exe" = protocol=17 | dir=in | app=c:\program files\lexmark 1300 series\lxdcamon.exe |
"UDP Query User{3201A257-ABD5-45F1-9153-80544B7B96B2}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{69DFF9A5-82BB-42D3-AC3B-29D74A1541ED}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{83810E26-1AF2-49F3-8B7E-A9A12010F1A9}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for TOSHIBA
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries
"{612AD33D-9824-4E87-8396-92374E91C4BB}_is1" = Inbox Toolbar
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = TIPCI
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Illustrator 9.0" = Adobe Illustrator 9.0
"Adobe Photoshop 5.5" = Adobe Photoshop 5.5
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe SVG Viewer" = Adobe SVG Viewer
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Agere Systems Soft Modem" = TOSHIBA Software Modem
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CSCLIB" = Canon Camera Support Core Library
"Desktop Dialer" = Desktop Dialer
"EOS Utility" = Canon Utilities EOS Utility
"Google Updater" = Google Updater
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for TOSHIBA
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Lexmark 1300 Series" = Lexmark 1300 Series
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Money2007b" = Microsoft Money Essentials
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"PhotoStitch" = Canon Utilities PhotoStitch
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/3/2009 8:48:29 PM | Computer Name = Owner-PC | Source = VSS | ID = 8194
Description =

Error - 10/3/2009 9:29:06 PM | Computer Name = Owner-PC | Source = WerSvc | ID = 5007
Description =

Error - 10/3/2009 9:40:01 PM | Computer Name = Owner-PC | Source = ESENT | ID = 215
Description = WinMail (3636) WindowsMail0: The backup has been stopped because it
was halted by the client or the connection with the client failed.

Error - 10/3/2009 9:40:17 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 10/3/2009 9:41:07 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 10/3/2009 9:45:09 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 10/3/2009 11:08:54 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 10/3/2009 11:33:59 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6001.18294, time stamp
0x4a6199f8, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x0064005f, process id 0xd24, application start time
0x01ca44944b95d036.

Error - 10/4/2009 12:42:56 AM | Computer Name = Owner-PC | Source = ESENT | ID = 215
Description = WinMail (2812) WindowsMail0: The backup has been stopped because it
was halted by the client or the connection with the client failed.

Error - 10/4/2009 11:31:48 AM | Computer Name = Owner-PC | Source = Windows Search Service | ID = 3024
Description =


========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP