Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Very slow browser launch (or failure to launch at all) [Solved]


  • This topic is locked This topic is locked

#1
pageone

pageone

    Member

  • Member
  • PipPip
  • 29 posts
Greetings Geeks,

It's been quite some time since I've needed to call on your fine services, but I've hit a wall with my son's old HP/Compaq DX 2000 MT machine, which has a 2.5 ghz Celeron D chip and 2 gigs of ram.

It's main symptom is that while it promptly connects to the web, browsers are slow to launch (IE 8) or sometimes don't launch at all (Chrome). In most other respects, while it runs more slowly than it seems like it should, it does get the job done. I defragged the hard drive, which was a mess, scanned with both Avast! and Microsoft's security software, and ran Cleanup. The net result was that the machine runs better than it did, but still has difficulty getting browsers launched, so I suspect malware of some sort. In addition, sometimes (not always), the machine takes forever (well, 15 minutes or so), to compete bootup and be willing to perform any user tasks such as launching programs. Again, I suspect malware.

Below is a logfile from OTL. I would very much appreciate any assistance you can offer.

Than ks!


OTL logfile created on: 7/7/2012 4:53:19 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Documents and Settings\Home PC\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 76.25% Memory free
3.84 Gb Paging File | 3.44 Gb Available in Paging File | 89.63% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 21.21 Gb Free Space | 56.92% Space Free | Partition Type: NTFS
Drive E: | 1.13 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: HOMEPC | User Name: Home PC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/01 07:45:53 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Home PC\Desktop\OTL.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/23 07:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/02/23 07:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/01/27 18:57:48 | 000,585,728 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2011/01/06 07:06:22 | 001,114,552 | ---- | M] (MusicLab, LLC) -- C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe
PRC - [2010/09/16 14:06:22 | 000,080,896 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2010/09/15 02:34:02 | 001,094,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/03/25 19:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2008/04/14 02:42:26 | 001,414,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mmc.exe
PRC - [2008/04/14 02:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 02:42:18 | 000,105,472 | ---- | M] (Microsoft Corp. and Executive Software International, Inc.) -- C:\WINDOWS\system32\dfrgntfs.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/18 23:39:51 | 001,775,104 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\12061900\algo.dll
MOD - [2011/02/23 07:04:14 | 000,144,672 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\aswDld.dll
MOD - [2011/01/27 18:57:50 | 000,516,599 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\sqlite3.dll
MOD - [2011/01/27 18:57:48 | 000,585,728 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MOD - [2011/01/27 18:57:48 | 000,352,256 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDetect.dll
MOD - [2011/01/27 18:57:48 | 000,139,264 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDisk.dll
MOD - [2011/01/27 18:57:48 | 000,139,264 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDetectLegend.dll
MOD - [2011/01/27 18:57:46 | 000,094,208 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\fdHttpd.dll
MOD - [2010/11/03 14:52:20 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/09/16 14:06:22 | 000,080,896 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe


========== Win32 Services (SafeList) ==========

SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/23 07:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/09/16 14:06:22 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010/03/25 19:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/07/07 16:47:44 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{65942B1C-672D-4399-AEED-100AF95C9310}\MpKsla128882a.sys -- (MpKsla128882a)
DRV - [2011/02/23 06:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/02/23 06:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 06:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 06:55:47 | 000,102,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/02/23 06:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 06:54:57 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/02/23 06:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/22 18:01:50 | 000,021,248 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2009/01/24 01:36:20 | 000,103,424 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qcserxp.sys -- (qcserxp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearsh...q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearsh...q={searchTerms}
IE - HKCU\..\SearchScopes\{B4F48B26-B3FE-4563-AD3C-4CEF1FAB44E0}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://search.bearshare.com/"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/09 22:54:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/04/12 13:57:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Home PC\Application Data\Mozilla\Extensions
[2011/04/12 13:56:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/10 13:01:50 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/12/10 14:43:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012/01/09 22:54:15 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/09 14:25:52 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/08 22:10:47 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Documents and Settings\Home PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Poppit = C:\Documents and Settings\Home PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll ()
O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe (MusicLab, LLC)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {2B1AA38D-2D12-11D5-AAD0-00C04FA03D78} https://portal.cwu.e...t/LocalExec.CAB (LocalExec Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1292015366953 (MUWebControl Class)
O16 - DPF: {895D1291-D5BD-4982-BA84-AD11D29C1D6A} http://community.wei...geUploader6.cab (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\datamngr.dll) - C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngr.dll (MusicLab, LLC)
O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll) - C:\Program Files\BearShare Applications\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Home PC\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Home PC\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/12/10 12:57:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/07 16:41:37 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Home PC\Desktop\OTL.exe
[2012/06/13 09:52:01 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Home PC\*.tmp files -> C:\Documents and Settings\Home PC\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/07 17:01:13 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/07 16:52:07 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FAEEF04F-5F09-4624-AE1A-7544484CA918}.job
[2012/07/07 16:20:34 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/07/07 16:17:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/07 16:14:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/01 07:45:53 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Home PC\Desktop\OTL.exe
[2012/06/19 10:10:00 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2012/06/19 09:01:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/18 21:32:00 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2012/06/18 20:40:00 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2012/06/18 14:00:00 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2012/06/17 10:35:43 | 000,235,168 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/17 10:18:07 | 000,432,784 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/17 10:18:07 | 000,067,740 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/17 10:09:58 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/06/16 15:11:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/06/15 20:27:20 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/06/11 20:05:56 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Home PC\*.tmp files -> C:\Documents and Settings\Home PC\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/15 18:30:49 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/02/15 13:10:24 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Home PC\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/11 18:13:56 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/12/29 19:09:51 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/12/10 14:10:23 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/10 13:10:42 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/12/10 12:59:51 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/12/10 12:53:05 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/12/10 07:46:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/12/10 07:45:13 | 000,235,168 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

< End of report >
  • 0

Advertisements


#2
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Hi, pageone! My name is BlackOxide and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :)

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just incase you are unable to access this site.

Please note the following:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply, unless I specifically need you to attach them.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for me to analyse and fix your PC in the long run.
  • I will always try and respond to replies as soon as possible, but please be patient as some logs require more time than others to fully analyse.
  • If you are not sure of anything along the way, just ask.




Lets start with removing a few items with OTL. Nothing major found in the logs. We'll just be removing the Bearshare toolbar and browser settings along with a couple of other entries. After this, if you could run aswMBR for me please, then get back to me with the logs.


Just follow the steps below :)



1)
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearsh...q={searchTerms}
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/
    IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}
    IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearsh...q={searchTerms}
    FF - prefs.js..browser.startup.homepage: "http://search.bearshare.com/"
    O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll ()
    O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC)
    O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll ()
    O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\datamngr.dll) - C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngr.dll (MusicLab, LLC)
    O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll) - C:\Program Files\BearShare Applications\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC)
    
    :Services
    
    :Reg
    
    :Files
    C:\WINDOWS\tasks\At*.job
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done.
  • A log may appear when the PC restarts. Just close this text file.
  • Open OTL again, Tick the Scan All Users box at the top and then click the Quick Scan button. Post the log it produces in your next reply.



2)
Download aswMBR.exe (1.8mb) to your desktop.

Double click aswMBR.exe to run it.

If it asks to download the Avast defintions, just click Yes.

Click the "Scan" button to start the scan.

Posted Image


On completion of the scan click save log, save it to your desktop and post it in your next reply.

Posted Image



In your next reply
Please post the contents of...
OTL log
aswMBR log

  • 0

#3
pageone

pageone

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Hi BlackOxide,

Thanks for your assistance.

Logs below. Also, after running OTL, on boot the machine returns the error "datam~1.exe has encountered a problem and needs to close," etc., which I'm ignoring.


OTL logfile created on: 7/11/2012 2:49:36 PM - Run 3
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Documents and Settings\Home PC\My Documents\Anti-malware
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 74.64% Memory free
3.84 Gb Paging File | 3.27 Gb Available in Paging File | 85.16% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 22.08 Gb Free Space | 59.25% Space Free | Partition Type: NTFS
Drive D: | 495.72 Mb Total Space | 311.43 Mb Free Space | 62.82% Space Free | Partition Type: FAT

Computer Name: HOMEPC | User Name: Home PC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/08 13:19:06 | 006,510,112 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\Setup\avast.setup
PRC - [2012/07/03 09:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2012/07/03 09:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2012/07/01 07:45:53 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Home PC\My Documents\Anti-malware\OTL.exe
PRC - [2012/04/17 15:05:00 | 000,651,264 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/03/23 14:25:24 | 000,087,040 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011/12/08 16:53:32 | 008,364,288 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WNA3100.exe
PRC - [2011/12/07 18:31:00 | 000,303,360 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
PRC - [2008/04/14 02:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/11 11:53:34 | 001,782,272 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\12071102\algo.dll
MOD - [2012/07/08 13:17:22 | 000,247,224 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\Setup\setiface.dll
MOD - [2012/06/17 10:17:39 | 003,186,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012/06/17 10:17:36 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/06/17 10:17:35 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2012/06/17 10:17:19 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2012/05/13 10:20:46 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012/04/17 15:05:00 | 001,515,520 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\Maps\R66Api.dll
MOD - [2012/04/17 15:05:00 | 000,651,264 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MOD - [2012/04/17 15:05:00 | 000,559,244 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\sqlite3.7.dll
MOD - [2012/04/17 15:05:00 | 000,516,599 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\sqlite3.dll
MOD - [2012/04/17 15:05:00 | 000,389,120 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDetect.dll
MOD - [2012/04/17 15:05:00 | 000,172,032 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDetectLegend.dll
MOD - [2012/04/17 15:05:00 | 000,151,552 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDisk.dll
MOD - [2012/04/17 15:05:00 | 000,103,936 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\OutputLog.dll
MOD - [2012/04/17 15:05:00 | 000,094,208 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\fdHttpd.dll
MOD - [2012/03/23 14:25:24 | 000,087,040 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
MOD - [2011/12/08 16:53:32 | 008,364,288 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WNA3100.exe
MOD - [2011/12/07 18:31:00 | 000,303,360 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
MOD - [2011/09/13 16:57:20 | 000,282,624 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WifiSvcLib.dll
MOD - [2011/08/18 11:22:38 | 000,323,584 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WifiLib.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/07/03 09:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/03/23 14:25:24 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011/12/07 18:31:00 | 000,303,360 | ---- | M] () [Auto | Running] -- C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe -- (WSWNA3100)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/07/03 09:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/07/03 09:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/07/03 09:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/07/03 09:21:53 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/07/03 09:21:53 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/07/03 09:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/07/03 09:21:52 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/12/12 17:43:00 | 001,034,240 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcmwlhigh5.sys -- (BCMH43XX)
DRV - [2010/06/22 18:01:50 | 000,021,248 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2010/02/03 11:21:56 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009/01/24 01:36:20 | 000,103,424 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qcserxp.sys -- (qcserxp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1547161642-1292428093-1177238915-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-1547161642-1292428093-1177238915-500\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1547161642-1292428093-1177238915-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1547161642-1292428093-1177238915-500\..\SearchScopes\{B4F48B26-B3FE-4563-AD3C-4CEF1FAB44E0}: "URL" = http://www.google.co...utputEncoding?}
IE - HKU\S-1-5-21-1547161642-1292428093-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1547161642-1292428093-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: ""
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012/07/08 13:24:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/09 22:54:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/04/12 13:57:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Home PC\Application Data\Mozilla\Extensions
[2011/04/12 13:56:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/10 13:01:50 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/12/10 14:43:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012/01/09 22:54:15 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/09 14:25:52 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/08 22:10:47 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Documents and Settings\Home PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\Home PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: Poppit = C:\Documents and Settings\Home PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2012/07/11 14:38:06 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe (MusicLab, LLC)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNA3100 Genie.lnk = C:\Program Files\NETGEAR\WNA3100\WNA3100.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1547161642-1292428093-1177238915-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {2B1AA38D-2D12-11D5-AAD0-00C04FA03D78} https://portal.cwu.e...t/LocalExec.CAB (LocalExec Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1341778245476 (MUWebControl Class)
O16 - DPF: {895D1291-D5BD-4982-BA84-AD11D29C1D6A} http://community.wei...geUploader6.cab (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{429A5F61-BE40-49AB-A241-3F9E86D0F738}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Home PC\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Home PC\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/12/10 12:57:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/11 14:37:56 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/10 17:20:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home PC\Local Settings\Application Data\Htc
[2012/07/10 17:16:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HTC Sync
[2012/07/10 17:12:24 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/07/08 21:30:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\UAB
[2012/07/08 21:30:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home PC\Local Settings\Application Data\PC_Drivers_Headquarters
[2012/07/08 21:22:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Drivers.com
[2012/07/08 16:24:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home PC\Start Menu\Programs\CleanUp!
[2012/07/08 16:24:38 | 000,000,000 | ---D | C] -- C:\Program Files\CleanUp!
[2012/07/08 14:43:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home PC\My Documents\Anti-malware
[2012/07/08 14:07:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/07/08 12:54:42 | 000,281,104 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\wpcap.dll
[2012/07/08 12:54:42 | 000,100,880 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\Packet.dll
[2012/07/08 12:54:42 | 000,050,704 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys
[2012/07/08 12:54:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NETGEAR WNA3100 Genie
[2012/07/08 12:54:33 | 000,000,000 | ---D | C] -- C:\Program Files\NETGEAR
[1 C:\Documents and Settings\Home PC\*.tmp files -> C:\Documents and Settings\Home PC\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/11 15:02:54 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FAEEF04F-5F09-4624-AE1A-7544484CA918}.job
[2012/07/11 15:01:03 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/11 14:56:35 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/07/11 14:56:30 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2012/07/11 14:51:01 | 000,432,784 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/07/11 14:51:01 | 000,067,740 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/07/11 14:48:04 | 000,000,318 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/07/11 14:47:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/11 14:46:44 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/11 14:46:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/11 14:38:06 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/07/10 17:39:09 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/07/10 17:17:01 | 000,000,825 | ---- | M] () -- C:\Documents and Settings\Home PC\Application Data\Microsoft\Internet Explorer\Quick Launch\HTC Sync.lnk
[2012/07/10 17:17:01 | 000,000,807 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HTC Sync.lnk
[2012/07/10 16:45:09 | 000,235,168 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/10 14:50:24 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/07/08 18:59:11 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/07/08 13:24:38 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/07/08 13:10:26 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/07/08 12:54:35 | 000,000,595 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNA3100 Genie.lnk
[2012/07/08 12:54:35 | 000,000,583 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NETGEAR WNA3100 Genie.lnk
[2012/07/03 09:21:54 | 000,054,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/07/03 09:21:53 | 000,721,000 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/07/03 09:21:53 | 000,353,688 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/07/03 09:21:53 | 000,097,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/07/03 09:21:53 | 000,089,624 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/07/03 09:21:53 | 000,035,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/07/03 09:21:53 | 000,021,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/07/03 09:21:52 | 000,025,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/07/03 09:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/07/03 09:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/06/16 15:11:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[1 C:\Documents and Settings\Home PC\*.tmp files -> C:\Documents and Settings\Home PC\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/10 17:17:01 | 000,000,825 | ---- | C] () -- C:\Documents and Settings\Home PC\Application Data\Microsoft\Internet Explorer\Quick Launch\HTC Sync.lnk
[2012/07/10 17:17:01 | 000,000,807 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HTC Sync.lnk
[2012/07/08 20:40:48 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/07/08 20:40:29 | 000,000,366 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2012/07/08 18:58:54 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/07/08 14:18:52 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012/07/08 13:24:37 | 000,000,318 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/07/08 12:54:42 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2012/07/08 12:54:35 | 000,000,595 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNA3100 Genie.lnk
[2012/07/08 12:54:35 | 000,000,583 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NETGEAR WNA3100 Genie.lnk
[2012/02/15 18:30:49 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/02/15 13:10:24 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Home PC\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/11 18:13:56 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/12/29 19:09:51 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/12/10 14:10:23 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/10 13:10:42 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/12/10 12:59:51 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/12/10 12:53:05 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/12/10 07:46:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/12/10 07:45:13 | 000,235,168 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== LOP Check ==========

[2011/02/13 15:30:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\17213
[2010/12/29 18:15:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/12/10 13:29:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2012/07/08 21:22:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Drivers.com
[2011/01/17 20:34:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2012/07/08 21:30:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
[2010/12/10 13:56:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/12/10 13:06:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\AVG7
[2011/01/18 21:47:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home PC\Application Data\bearsharemediabartb
[2012/07/10 17:21:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home PC\Application Data\HTC
[2011/08/10 17:54:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home PC\Application Data\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2010/12/10 13:30:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home PC\Application Data\OpenOffice.org
[2012/07/11 14:48:04 | 000,000,318 | -H-- | M] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job
[2012/07/11 14:56:30 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\Tasks\MpIdleTask.job
[2012/07/11 15:02:54 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{FAEEF04F-5F09-4624-AE1A-7544484CA918}.job

========== Purity Check ==========



< End of report >



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-11 15:35:44
-----------------------------
15:35:44.625 OS Version: Windows 5.1.2600 Service Pack 3
15:35:44.625 Number of processors: 1 586 0x401
15:35:44.625 ComputerName: HOMEPC UserName:
15:35:45.531 Initialize success
15:35:49.562 AVAST engine defs: 12071102
15:35:56.156 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:35:56.187 Disk 0 Vendor: ST340015A 3.15 Size: 38166MB BusType: 3
15:35:56.218 Disk 0 MBR read successfully
15:35:56.250 Disk 0 MBR scan
15:35:58.390 Disk 0 Windows XP default MBR code
15:35:58.437 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38164 MB offset 2048
15:36:00.125 Disk 0 scanning sectors +78163312
15:36:01.296 Disk 0 scanning C:\WINDOWS\system32\drivers
15:36:18.125 Service scanning
15:36:35.843 Service MpKsla5d02623 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9A78907A-EB48-464B-A962-2B4B715B8745}\MpKsla5d02623.sys **LOCKED** 32
15:36:58.843 Modules scanning
15:37:20.281 Disk 0 trace - called modules:
15:37:20.359 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
15:37:20.468 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89bfbab8]
15:37:20.578 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\0000005c[0x89b982d8]
15:37:20.671 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89ba7940]
15:37:21.203 AVAST engine scan C:\WINDOWS
15:37:57.031 AVAST engine scan C:\WINDOWS\system32
15:40:44.687 AVAST engine scan C:\WINDOWS\system32\drivers
15:41:00.062 AVAST engine scan C:\Documents and Settings\Home PC
15:44:31.453 AVAST engine scan C:\Documents and Settings\All Users
15:46:41.953 Scan finished successfully
16:35:08.375 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Home PC\My Documents\Anti-malware\MBR.dat"
16:35:08.421 The log file has been saved successfully to "C:\Documents and Settings\Home PC\My Documents\Anti-malware\aswMBR.txt"
  • 0

#4
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Thanks for the logs.

Also, after running OTL, on boot the machine returns the error "datam~1.exe has encountered a problem and needs to close," etc., which I'm ignoring.

Yep, I see the entry we need to remove. This is just related to the Bearshare Mediabar. We'll sort this below :)

Just follow the steps below.


1)
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe (MusicLab, LLC)
    
    :Services
    
    :Reg
    
    :Files
    
    :Commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done.




2)
You do appear to be running two Anti Virus programs, Avast and Microsoft Security Essentials.

With Anti-Virus programs I would highly recommend only having one installed at any given time :)

Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

To uninstall one of the two, just go into Control Panel, then Add or Remove programs, select the one you wish to uninstall and click Remove.



3)
Lets now perform a scan with MBAM, to see if this finds any infections that may be lurking on the PC.

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.



In your next reply
Please post the contents of...
MBAM log
Could you give me a quick update on how the PC is running in general and whether the browsers are still taking their time launching

  • 0

#5
pageone

pageone

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Hello BlackOxide,

MBAM log below appears to be good news. However, browsers remain slow to launch, although they eventually do. On the anti-virus front, I've had Avast disabled while working on these issues, so I'm assuming that the sluggishness I'm seeing is not from competition for resources between these programs (one of which -- most likely MS -- I plan to delete when we've dealt with the other issues). Any further suggestions regarding the browsers would be appreciated. I suppose I could reinstall XP, but I REALLY don't want to go down that road if I can avoid it.

Thanks again for your assistance!


Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.12.11

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Home PC :: HOMEPC [administrator]

Protection: Enabled

7/12/2012 2:22:09 PM
mbam-log-2012-07-12 (14-22-09).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 192752
Time elapsed: 8 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#6
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
No problem, thanks for the info :)

Yep, we will try and get this resolved without doing a Full Reinstall. That's the last resort really.

Can you run the following program for me please. Once ComboFix has finished, please restart your PC, then check to see if the browsers load any better.



Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply

Restart your PC after running ComboFix. Once it has restarted, check the browsers to see if they start any better, then let me know how you got on :)
  • 0

#7
pageone

pageone

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Greetings,

Here's the combofix log. Machine performance seems about the same. Sluggish opening browsers. However, once they are open they perform reasonably well.

ComboFix 12-07-13.03 - Home PC 07/13/2012 10:57:51.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1498 [GMT -7:00]
Running from: c:\documents and settings\Home PC\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Disabled/Outdated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-06-13 to 2012-07-13 )))))))))))))))))))))))))))))))
.
.
2012-07-13 18:06 . 2012-07-13 18:06 20719 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2012-07-13 18:06 . 2012-07-13 18:06 23327 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2012-07-13 18:06 . 2012-07-13 18:06 8782 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2012-07-12 22:12 . 2012-05-31 03:41 6762896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E2B9DA55-CA92-4D4F-9BE6-81E6775B0605}\mpengine.dll
2012-07-12 21:18 . 2012-07-12 21:18 -------- d-----w- c:\documents and settings\Home PC\Application Data\Malwarebytes
2012-07-12 21:17 . 2012-07-12 21:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-07-12 21:17 . 2012-07-03 20:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-12 21:17 . 2012-07-12 21:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-11 21:59 . 2012-05-31 03:41 6762896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-11 21:37 . 2012-07-11 21:37 -------- d-----w- C:\_OTL
2012-07-11 00:20 . 2012-07-13 18:10 -------- d-----w- c:\documents and settings\Home PC\Local Settings\Application Data\Htc
2012-07-09 04:30 . 2012-07-09 04:30 -------- d-----w- c:\documents and settings\All Users\Application Data\UAB
2012-07-09 04:30 . 2012-07-09 04:30 -------- d-----w- c:\documents and settings\Home PC\Local Settings\Application Data\PC_Drivers_Headquarters
2012-07-09 04:22 . 2012-07-09 04:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Drivers.com
2012-07-08 23:24 . 2012-07-08 23:24 -------- d-----w- c:\program files\CleanUp!
2012-07-08 21:07 . 2012-07-09 01:59 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-08 19:54 . 2011-12-13 00:43 1034240 ----a-w- c:\windows\system32\drivers\bcmwlhigh5.sys
2012-07-08 19:54 . 2010-02-03 18:21 89088 ----a-w- c:\windows\system32\ATL71.DLL
2012-07-08 19:54 . 2010-02-03 18:21 413696 ----a-w- c:\windows\system32\msvcf7a4.rra
2012-07-08 19:54 . 2010-02-03 18:21 1060864 ----a-w- c:\windows\system32\MFC71.DLL
2012-07-08 19:54 . 2012-07-08 19:54 -------- d-----w- c:\program files\NETGEAR
2012-06-25 23:04 . 2012-06-25 23:04 1394248 ----a-w- c:\windows\system32\msxml4.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 16:21 . 2010-12-30 01:16 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-03 16:21 . 2011-04-11 22:13 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21 . 2010-12-30 01:16 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-03 16:21 . 2010-12-30 01:16 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-03 16:21 . 2010-12-30 01:16 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-07-03 16:21 . 2010-12-30 01:16 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-07-03 16:21 . 2010-12-30 01:16 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-07-03 16:21 . 2010-12-30 01:16 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-07-03 16:21 . 2010-12-30 01:15 41224 ----a-w- c:\windows\avastSS.scr
2012-07-03 16:21 . 2010-12-30 01:15 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-13 13:19 . 2008-04-14 05:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-04-14 09:42 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2008-04-14 09:42 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-05 00:35 . 2009-08-07 00:23 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32 . 2008-04-14 09:42 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 22:19 . 2009-08-07 00:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 22:19 . 2010-12-10 19:54 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 22:19 . 2010-12-10 19:54 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 22:19 . 2010-12-10 19:54 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 22:19 . 2009-08-07 00:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 22:19 . 2010-12-10 19:54 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2010-12-10 19:54 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2009-08-07 00:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2009-08-07 00:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 22:19 . 2008-04-14 09:41 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 22:19 . 2009-08-07 00:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 22:19 . 2010-12-10 19:54 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2010-12-10 19:54 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:18 . 2010-12-11 14:01 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 22:18 . 2010-12-11 14:01 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-05-31 13:22 . 2008-04-14 09:41 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2008-04-14 09:42 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42 . 2008-04-14 09:42 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 14:42 . 2008-04-14 09:41 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 11:38 . 2008-04-14 04:07 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:12 . 2008-04-14 04:57 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2008-04-14 00:01 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2010-12-10 19:51 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-01-10 05:54 . 2011-04-12 20:56 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-10-29 . 49BF8967872F5338AC767AFAEE5D734A . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 931200]
"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2012-04-17 651264]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-03-08 128512]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WNA3100 Genie.lnk - c:\program files\NETGEAR\WNA3100\WNA3100.exe [2012-7-8 8364288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [4/11/2011 3:13 PM 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12/29/2010 6:16 PM 353688]
R1 MpKsl6611332d;MpKsl6611332d;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E2B9DA55-CA92-4D4F-9BE6-81E6775B0605}\MpKsl6611332d.sys [7/13/2012 11:07 AM 29904]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/29/2010 6:16 PM 21256]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/12/2012 2:17 PM 655944]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [3/23/2012 2:25 PM 87040]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [7/8/2012 12:54 PM 1034240]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/12/2012 2:17 PM 22344]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/29/2010 6:16 PM 136176]
S2 WSWNA3100;WSWNA3100;c:\program files\NETGEAR\WNA3100\WifiSvc.exe [7/8/2012 12:54 PM 303360]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/29/2010 6:16 PM 136176]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [6/22/2010 6:01 PM 21248]
S3 qcserxp;HTC Diagnostic Port;c:\windows\system32\drivers\qcserxp.sys [8/10/2011 5:42 PM 103424]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL6611332D
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2012-07-13 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2012-07-08 16:21]
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-30 01:16]
.
2012-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-30 01:16]
.
2012-07-13 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-27 00:03]
.
2012-07-13 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-27 00:03]
.
2012-07-13 c:\windows\Tasks\User_Feed_Synchronization-{FAEEF04F-5F09-4624-AE1A-7544484CA918}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page =
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
DPF: {2B1AA38D-2D12-11D5-AAD0-00C04FA03D78} - hxxps://portal.cwu.edu/nps/portal/gadgets/com.novell.nps.gadgets.shortcut.ShortcutGadget/LocalExec.CAB
DPF: {895D1291-D5BD-4982-BA84-AD11D29C1D6A} - hxxp://community.weightwatchers.com/Scripts/ImageUploader6.cab
FF - ProfilePath - c:\documents and settings\Home PC\Application Data\Mozilla\Firefox\Profiles\0xph1e3t.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-13 11:08
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1547161642-1292428093-1177238915-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,28,b0,5d,0e,e0,b0,70,47,94,74,f3,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7f,24,7e,ca,da,75,ba,4f,a8,7c,e8,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3640)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
.
**************************************************************************
.
Completion time: 2012-07-13 11:16:19 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-13 18:16
.
Pre-Run: 23,153,397,760 bytes free
Post-Run: 23,117,475,840 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - C7728FFCD58E52319101CC9711A4CF27
  • 0

#8
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Okey dokey, thanks for the info. Could you try rebooting your PC, then run Internet Explorer with No-Addons, to see if this makes Internet Explorer load any faster.

To do this...

Open Internet Explorer in it's No Add-ons mode
  • Click Start > Accessories > System Tools > Internet Explorer (No Add-ons)
  • Internet Explorer will then load with no third party extensions/Add ons




Could you also run Autoruns and attach the resulting text file for me please...

Autoruns - Startup Items
  • Click here to download Autoruns and Save it to your Desktop
  • Extract the contents of Autoruns.zip by Right clicking it and choose Extract All (or Extract here if using WinRar)
  • Once the contents have been extracted you will see a folder called Autoruns
  • Open the folder and Double click on autoruns to launch the program
  • Let the program finish scanning your PC. You will know it has finished scanning when it says Ready in the bottom left
  • Click File then Save, then in the Save as type box select Text (.txt) then in the File Name box above, call it StartupItems.txt and save it to your Desktop
  • Please attach the StartupItems.txt to your next reply

To attach a file...
  • Click Add Reply as you would do normally
  • Then within the 'Attachments' area, click Browse and select the file that you want to attach
  • Click the Attach This File button
  • Now click Add to Post on the right hand side, to insert the attachment into your post.




In your next reply
Let me know if the No-Addons mode made IE load any faster and please attach the Autoruns text file. :)
  • 0

#9
pageone

pageone

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Hi again. Sadly, IE is as slow as it has ever been without addons.

Also, the autoruns file is 1.5 megs, which your advanced loader tells me is too large to upload. Is there an alternative way of getting it to you?

Thanks for the help!


  • 0

#10
pageone

pageone

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Ooops! Meant to mention that your link to autoruns is broken, so I downloaded the latest version from MS and ran that.
  • 0

Advertisements


#11
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Thanks for notifying me :)

Can you go to a file upload site such as depositfiles.com and upload the text file there please. I'll then get back to you with what we can disable from startup to try and get the PC running faster. I don't currently think it's malware causing these problems, I think it's more of a general Windows/Performance problem. Hopefully we'll get it sorted soon for you though :thumbsup:
  • 0

#12
pageone

pageone

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Hi again,

I zipped that autoruns file and uploaded it to http://depositfiles....files/4w7fha8tg

The computer certainly is running a LOT of stuff at start up, some of which autoruns flagged with yellow or red. Over to you.

Thanks again!


  • 0

#13
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Thanks for getting the log uploaded. It's normal to have a lot of entries in total, but the one's we are focusing on are the one's on the 'Logon' tab in Autoruns.

Can you disable the items below in Autoruns. Then reboot the PC and try loading Internet Explorer again. If it's still the same (which I think it will be), can you let me know if Internet Explorer loads any quicker when the PC is in Safe Mode with Networking. I'll pop the instructions for both of these below :)



1)
Autoruns Startup Modify
Open Autoruns
Once it has finished scanning and you see Ready in the bottom left corner, click the Logon tab at the top
Untick the following items:
  • HP Software Update
  • Microsoft Default Manager
  • QuickTime Task
Once you have unticked those items, just close Autoruns using the top right X
Now reboot your PC




2)
Safe Mode with Networking
  • Switch on your PC and immediately start tapping the F8 key on the keyboard
  • Keep tapping it until a menu comes on the screen whereby you have several options to choose from, one of which is Safe Mode with Networking
  • Make sure Safe Mode with Networking is highlighted and then press Enter
  • Your PC will now boot into Safe Mode with Networking
  • Try loading your browsers and see if they load any quicker

  • 0

#14
pageone

pageone

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Latest results:

-- Unchecking the three items in autoruns made no difference in browser-opening speed.

-- Booting in safe mode with networking speeded things up to the level I was hoping to see. Not really fast, to be sure, but quite useable.

Thanks!
  • 0

#15
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Okey dokey, so it seems as though the problem with performance is just within Normal Mode then. Can you go through the following steps below please and we'll see if we can get any performance increases this time around. Let me know at the end if anything has improved. :)



1)
Lets start with a Full Chkdsk on the Hard Drive:

Run a Chkdsk on the Hard Drive
  • Click Start, and then Run.
  • Type cmd into the run diaogue box and then press ENTER.
  • In the black box that appears, type chkdsk c: /r then press ENTER
  • You will probably receive the following message:
    Chkdsk cannot run because the volume is in use by another process. Would you like to schedule this volume to be checked the next time the system restarts? (Y/N)
  • Type Y, and then press ENTER to schedule the disk check, and then restart your computer to start the disk check.
  • After the Chkdsk has completed Windows will just boot onto your Desktop as usual

Note - Chkdsk's can vary in time depending on the size of the Hard Drive, but typically run for approx 30-90mins. Always let it complete fully, do not cancel it whilst it is running.




2)
I know you've mentioned that you will probably be removing Microsoft Security Essentials, once things have cleared up, but could you uninstall it now for me please. At least this way we can definitely rule this out. Even though one is currently disabled, Windows will still load drivers and start services relating to both Anti Virus'. As mentioned before, as long as one out of the two AV's get's uninstalled, that's fine. Just decide on which one you would prefer to be uninstalled, then uninstall it through Control Panel > Add or Remove programs :)





3)
You mentioned at the start that you have defragged the drive, but if you used the built in Windows Defragmenter, could you try the following software for me please, as this one is more thorough and does a better job overall.

Auslogics Disk Defrag
  • Click here to download Auslogics Disk Defrag
  • Once downloaded double click the file and follow the prompts to install (I would advise to UNtick the options to Install the Auslogics Toolbar and the Ask.com homepage as you go through the setup, if it asks)
  • Once installed, run the program and at the top make sure the C: Drive is ticked
  • Then click the little downwards arrow next to Defrag and choose Defrag and Optimize
  • Once complete, please reboot the PC




Once you have completed the above steps, reboot the PC and see if the overall performance of the PC and the loading of the browsers has improved at all.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP