Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Extremely slow computer


  • Please log in to reply

#1
willmon2000

willmon2000

    Member

  • Member
  • PipPipPip
  • 215 posts
My windows xp computer has begun to slow down about a month after i re-install windows. It takes about ten minutes to load after first turning on the computer and application (chrome) freeze up constantly. I have run malware-bytes with no infection discovered. I have run OTL


OTL logfile created on: 6/3/2012 6:36:37 AM - Run 1
OTL by OldTimer - Version 3.2.46.0 Folder = C:\Documents and Settings\You\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

253.98 Mb Total Physical Memory | 11.75 Mb Available Physical Memory | 4.62% Memory free
624.96 Mb Paging File | 228.67 Mb Available in Paging File | 36.59% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 28.24 Gb Free Space | 75.89% Space Free | Partition Type: NTFS
Drive D: | 37.27 Gb Total Space | 1.21 Gb Free Space | 3.25% Space Free | Partition Type: NTFS

Computer Name: WILBER-3L7V9G0R | User Name: You | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/03 05:50:51 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\You\My Documents\Downloads\OTL.exe
PRC - [2012/05/08 16:00:02 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/08 16:00:01 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/05/08 16:00:01 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/05/08 16:00:01 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012/04/12 00:37:36 | 001,224,176 | ---- | M] (Google Inc.) -- C:\Documents and Settings\You\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/03/11 17:24:40 | 000,086,016 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/08 16:00:02 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2012/04/12 00:37:34 | 000,444,400 | ---- | M] () -- C:\Documents and Settings\You\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.162\ppgooglenaclpluginchrome.dll
MOD - [2012/04/12 00:37:33 | 003,915,248 | ---- | M] () -- C:\Documents and Settings\You\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.162\pdf.dll
MOD - [2012/04/12 00:36:08 | 000,122,880 | ---- | M] () -- C:\Documents and Settings\You\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.162\avutil-51.dll
MOD - [2012/04/12 00:36:06 | 000,220,672 | ---- | M] () -- C:\Documents and Settings\You\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.162\avformat-53.dll
MOD - [2012/04/12 00:36:05 | 001,747,456 | ---- | M] () -- C:\Documents and Settings\You\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.162\avcodec-53.dll
MOD - [2012/04/11 23:51:55 | 008,743,584 | ---- | M] () -- C:\Documents and Settings\You\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.162\gcswf32.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/05/08 16:00:02 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/08 16:00:01 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/05/04 20:27:15 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2008/04/14 06:42:30 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)
SRV - [2008/04/14 06:42:30 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE)
SRV - [2008/04/14 06:42:16 | 000,033,280 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\clipsrv.exe -- (ClipSrv)
SRV - [2008/04/14 06:42:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger)
SRV - [2008/04/14 06:41:58 | 000,053,248 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\mprdim.dll -- (RemoteAccess)
SRV - [2008/04/14 06:41:50 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter)
SRV - [2003/03/03 14:33:40 | 000,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/05/08 16:00:02 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/05/08 16:00:02 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/12/15 16:00:35 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/04/14 01:44:30 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat)
DRV - [2008/04/14 01:14:50 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2008/04/14 01:06:44 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2008/04/14 01:02:38 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)
DRV - [2004/09/17 10:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2001/08/23 05:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2001/08/23 05:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {9d18b218-6967-44c7-961f-c8710bf24559}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{9d18b218-6967-44c7-961f-c8710bf24559}: "URL" = http://search.mywebs...r={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.42searche...=1&d=2012-04-02
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{9d18b218-6967-44c7-961f-c8710bf24559}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "My Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..keyword.URL: "http://search.mywebs...3Bg&searchfor="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\You\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\You\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/14 17:05:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/01/04 17:52:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\You\Application Data\Mozilla\Extensions
[2012/04/02 15:23:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\You\Application Data\Mozilla\Firefox\Profiles\ffp2vq8a.default\extensions
[2012/03/27 20:40:53 | 000,009,650 | ---- | M] () -- C:\Documents and Settings\You\Application Data\Mozilla\Firefox\Profiles\ffp2vq8a.default\searchplugins\my-web-search.xml
[2012/02/02 17:07:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/14 17:05:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/01/29 06:36:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/29 06:36:35 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2001/08/23 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe (Intel® Corporation)
O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Search - http://tbedits.refer...7C&n=2012033022 File not found
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B6F7FBB0-550B-4981-AA4B-38C35EA0E04A}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\You\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\You\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/01/04 14:10:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/03 06:11:45 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\You\Recent
[2012/06/03 05:54:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\You\Application Data\Malwarebytes
[2012/06/03 05:53:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/03 05:53:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/06/03 05:53:38 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/06/03 05:53:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/05/05 09:16:59 | 000,000,000 | -HSD | C] -- C:\found.002
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/03 06:25:25 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/06/03 06:25:15 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-115176313-725345543-1003UA.job
[2012/06/03 06:25:09 | 000,000,962 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-115176313-725345543-1005UA.job
[2012/06/03 06:11:23 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/03 06:10:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/03 05:53:46 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/03 05:06:47 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2012/06/02 20:25:00 | 000,000,910 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-115176313-725345543-1005Core.job
[2012/06/01 18:25:00 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-115176313-725345543-1003Core.job
[2012/05/09 20:52:26 | 000,091,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/08 16:00:02 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2012/05/08 16:00:02 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/03 05:53:46 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/20 16:43:25 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/04 17:43:06 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/04 14:42:30 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2012/01/04 14:12:49 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/01/04 14:07:38 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/01/04 06:02:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/01/04 06:01:29 | 000,091,888 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== LOP Check ==========

[2012/01/04 18:13:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canon IJ Network Tool
[2012/01/04 18:12:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2012/01/04 18:13:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJFAX

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hello, willmon2000! :wave:

:welcome: I'm Nedklaw and I'll be glad to help you with your malware issues. :)

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

These instructions are specifically designed for willmon2000 only. No one else should follow these instructions because it can cause serious damage to your computer.

Before we start to clean your computer of malware, please read through the following points to help me and you, and prevent damage to your computer:
  • Please completely read through all of the instructions given to you before attempting to follow them. Reading too lightly will cause you to miss important steps, which could have DESTRUCTIVE effects. If you can't perform a certain step or you are unsure about what to do, let me know!
  • Don't be afraid to ask questions! If you are unsure about anything, ask me! No question is considered stupid here!
  • Be patient with me, logs can take some time to research and my life can mean that I'm busy.
  • Please copy and paste all logs into your reply. Do not attach logs to a post unless I tell you to or if they don't fit in the post.
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • NEVER fix anything in OTL or other programs on your own! This can be very dangerous and cause harm to your system.
  • Refrain from running any other tools apart from the ones I tell you to.
Note: You should save or print out my instructions for easy reference, as part of the fix may be in Safe Mode and you won't be able to access GeeksToGo.


I am currently reviewing your log and I will post back soon.
  • 0

#3
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)


Step 1

If you have the paid version of Malwarebytes 1.6 or later installed, please disable it for the duration of this run.

To disable MBAM

Open the scanner and select the Protection tab.
Remove the tick from Start protection module with Windows.
Reboot and then run OTL.

Posted Image


Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    :OTL 
    IE - HKLM\..\SearchScopes,DefaultScope = {9d18b218-6967-44c7-961f-c8710bf24559}
    IE - HKLM\..\SearchScopes\{9d18b218-6967-44c7-961f-c8710bf24559}: "URL" = http://search.mywebs...r={searchTerms}
    IE - HKCU\..\SearchScopes\{9d18b218-6967-44c7-961f-c8710bf24559}: "URL" = http://search.mywebs...r={searchTerms}
    FF - prefs.js..browser.search.defaultenginename: "My Web Search"
    FF - prefs.js..keyword.URL: "http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=A7437FE2-91F8-4366-B994-F11639998F7C&n=77ed2ed0&ind=2012032720&id=YPxdm003YYus&ptnrS=YPxdm003YYus&si=CPPX-8mliK8CFcIFRQod7TR3Bg&searchfor="
    [2012/03/27 20:40:53 | 000,009,650 | ---- | M] () -- C:\Documents and Settings\You\Application Data\Mozilla\Firefox\Profiles\ffp2vq8a.default\searchplugins\my-web-search.xml
    O8 - Extra context menu item: &Search - http://tbedits.refer...7C&n=2012033022 File not found
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [emptytemp]
    [CREATERESTOREPOINT] 
    [Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Post the log that appears upon reboot in your next reply.
  • If no log appears upon reboot, the OTL Fix log should be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.
  • Open OTL again and select the "Scan All Users" box.
  • Click the Quick Scan button. Post the log it produces in your next reply.

Step 2

Download and run Puran Disc Defragmenter.
For the first run I would recommend selecting Boot Time Defrag and Disk Check.
If asked to install Babylon, say No.


Step 3

The main cause of your slowness is probably due to the very little amount of RAM you have. The minimum amount of RAM recommended for Windows XP is 512MB but I would recommend at least 1GB.

  • Please visit Crucial System Scanner.
  • Check the box to agree with the Terms and Conditions and click Download the Scanner.
  • Run the scanner and it will suggest RAM modules which you can consider buying to increase the amount of RAM you have.

I recommend you invest in a RAM module in the near future to help increase your computer speed.


Things I want to see in your next reply

  • OTL Fix Log
  • OTL.txt

  • 0

#4
willmon2000

willmon2000

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 215 posts
Hey Nedklaw, thanks for your help first of all. The pc was bought used and it was actually very responsive loading in less than a minute. Here is the post-repair log.



All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9d18b218-6967-44c7-961f-c8710bf24559}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d18b218-6967-44c7-961f-c8710bf24559}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9d18b218-6967-44c7-961f-c8710bf24559}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d18b218-6967-44c7-961f-c8710bf24559}\ not found.
Prefs.js: "My Web Search" removed from browser.search.defaultenginename
Prefs.js: "http://search.mywebs...3Bg&searchfor=" removed from keyword.URL
C:\Documents and Settings\You\Application Data\Mozilla\Firefox\Profiles\ffp2vq8a.default\searchplugins\my-web-search.xml moved successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Search\ deleted successfully.
C:\WINDOWS\002237_.tmp deleted successfully.
C:\WINDOWS\005308_.tmp deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET7.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\You\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\You\My Documents\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: x
->Temp folder emptied: 789393 bytes
->Temporary Internet Files folder emptied: 95367866 bytes
->FireFox cache emptied: 225224121 bytes
->Flash cache emptied: 1926 bytes

User: You
->Temp folder emptied: 1063 bytes
->Temporary Internet Files folder emptied: 1626621 bytes
->FireFox cache emptied: 44221506 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 16321739 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 366.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.46.0 log created on 06062012_030843

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Edited by willmon2000, 06 June 2012 - 10:54 PM.

  • 0

#5
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hello! :wave:
Congratulations your logs look clean! :thumbsup: :yeah: :woot:
Please follow the steps below to make your computer more secure.


First, re-enable any anti-virus/anti-malware programs we have disabled during the removal process!


Installing a Firewall

You have no firewall installed on your computer.

A firewall is necessary on your computer because it can stop attackers from compromising your system and taking over it. It acts as a barrier between the internet and your computer. Hackers discover new security holes in a software or operating system long before the software company does and therefore many people get hacked before a security patch is released. By using a firewall, the majority of these security holes will not be accessible as the firewall will block the attempt.

Here are some links to some free firewalls:

Note: A firewall does not completely protect you against viruses so it is recommended you also have an antivirus program running on your computer as well. Do not run more than 1 firewall on your computer at one time.


Cleanup

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    :Commands
    [emptytemp]
    [CLEARALLRESTOREPOINTS] 
    [Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.

  • Open OTL to run it. (Vista users, right click on OTL and "Run as administrator").
  • Close all other programs apart from OTL as this step will require a reboot.
  • On the OTL main screen, press the CLEANUP button.
  • Say Yes to the prompt and then allow the program to reboot your computer.
Note: If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.


Updates

Windows Update - This site is a Microsoft site that will scan your computer for any patches or updates that are missing from your computer. You should check this website regularly to keep windows up to date. This will ensure your computer has all of the latest security updates installed on your computer and is secure from any known security holes. Windows Updates are constantly being revised to combat the newest hacks and threats.
It is best if you have these set to download automatically.

How to turn on Automatic Updates:

  • Click on Start.
  • Right-click My Computer.
  • Select Properties.
  • Click on the Automatic Updates Tab.
  • Place a checkmark in the circle next to Automatic (recommended) near the green shield.
  • Click Apply > OK.

Posted Image
Adobe Reader - Your version of Adobe Reader is outdated. It's important to keep Adobe Reader updated because many security problems are fixed with updates.

How to check for Adobe Reader updates:

  • Open Adobe Reader.
  • On the menu bar click on Help then Check For Updates.
  • The program will then tell you if updates are available.

Make sure you have the latest Adobe Flash Player (11.2.202.235) and Adobe Shockwave Player (11.6.5.635) so you can view all of the latest content on websites.


Make Internet Explorer more secure

  • Click Start > Run.
  • Type Inetcpl.cpl & click OK.
  • Click on the Security tab.
  • Click Reset all zones to default level.
  • Make sure the Internet Zone is selected & Click Custom level.
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

Recommended Programs

Make sure you update your security programs regularly so they know about new infections so they can protect your computer against them.
Here are a list of programs/tools that I like to recommend to users to reduce the risk of infection in the future:



Anti-Spyware Programs

MBAM - MalwareBytes Anti Malware is an excellent tool program to detect and get rid of malware. This program should be updated and run often.

SpywareBlaster - Prevents spyware from installing on your system and stops you from getting infected. It protects against bad ActiveX and immunizes your PC against them.

SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place. It offers realtime protection from spyware installation attempts.
Note: Make sure you are only running one real-time anti-spyware protection program (eg: TeaTimer, Windows Defender) or there will be a conflict.


Alternate Browsers

Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up blocker (as an added benefit!) that I have ever seen. Hijackers like to attack Internet Explorer more than FireFox. If you are interested, Firefox may be downloaded from here.

Add-ons

NoScript - Blocks ads and other potential website attacks.

AdBlockPlus - Adblock Plus gets rid of ads and banners on the internet.

DrWeb Anti-Virus Link Checker - Allows you to check any file you are about to download, any page you are about to visit with online version of Dr.Web anti-virus.

Other browsers include:

Google Chrome
Safari
Opera


Other Programs

WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
Green to go.
Yellow for caution.
Red to stop.
WOT has an addon available for both Firefox and IE.


ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.


IE-SpyAd - Puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. It prevents Cookies etc from downloading, from these websites, onto your computer.


MVPS Hosts File replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.


FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.


Google Toolbar - Get the free google toolbar to help stop pop ups.


Finally...

Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

To learn more about how to protect yourself while on the internet read this article by Tony Klein: So how did I get infected in the first place?

Please respond one last time so we can consider the thread resolved and close it, thank-you.
Good luck and stay safe!!! :thumbsup:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP