Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

No virus detected, but computer is very slow [Solved]


  • This topic is locked This topic is locked

#1
Beatrix

Beatrix

    Member

  • Member
  • PipPip
  • 12 posts
Windows XP

Computer has been running slow for a month and getting worse quickly. Norton and Malware Bytes are not detecting anything. Scripts won't stop loading on internet. Long wait between pages.

OTL logfile created on: 10/1/2012 9:29:07 PM - Run 8
OTL by OldTimer - Version 3.2.70.1 Folder = C:\Documents and Settings\HP_Administrator\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.23 Mb Total Physical Memory | 170.22 Mb Available Physical Memory | 16.77% Memory free
2.38 Gb Paging File | 1.29 Gb Available in Paging File | 54.06% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.25 Gb Total Space | 108.36 Gb Free Space | 77.81% Space Free | Partition Type: NTFS
Drive D: | 9.78 Gb Total Space | 6.31 Gb Free Space | 64.52% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: YOUR-235B2CE4A2 | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/01 21:27:02 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTL (1).exe
PRC - [2012/09/25 05:43:01 | 001,239,064 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2012/09/07 17:04:44 | 000,981,656 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012/08/29 07:50:37 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/18 10:41:44 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- c:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/08/04 00:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccsvchst.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe


========== Modules (No Company Name) ==========

MOD - [2012/09/25 05:42:58 | 000,460,312 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\22.0.1229.79\ppgooglenaclpluginchrome.dll
MOD - [2012/09/25 05:42:57 | 012,278,808 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
MOD - [2012/09/25 05:42:55 | 004,005,912 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\22.0.1229.79\pdf.dll
MOD - [2012/09/25 05:41:27 | 000,156,712 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\22.0.1229.79\avutil-51.dll
MOD - [2012/09/25 05:41:26 | 000,275,496 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\22.0.1229.79\avformat-54.dll
MOD - [2012/09/25 05:41:24 | 002,168,360 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\22.0.1229.79\avcodec-54.dll
MOD - [2012/08/29 07:50:32 | 002,242,528 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2008/04/14 08:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 08:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Services (SafeList) ==========

SRV - [2012/09/10 15:48:37 | 004,537,664 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_5891ae0.dll -- (Akamai)
SRV - [2012/08/29 07:50:33 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/08/04 00:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe -- (N360)
SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pcdrndisuio.sys -- (PcdrNdisuio)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/10/01 20:55:04 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/09/13 07:02:56 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20121001.020\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/09/13 07:02:55 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20121001.020\NAVENG.SYS -- (NAVENG)
DRV - [2012/09/06 04:54:30 | 000,373,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20120928.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2012/08/31 18:09:14 | 000,995,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20120928.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/08/08 23:16:17 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/08/08 23:16:17 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/08/21 22:53:36 | 000,362,360 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0404000.00C\symtdi.sys -- (SYMTDI)
DRV - [2011/08/21 22:53:35 | 000,173,176 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0404000.00C\symefa.sys -- (SymEFA)
DRV - [2011/08/04 00:19:30 | 000,485,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0404000.00C\cchpx86.sys -- (ccHP)
DRV - [2011/02/19 17:11:40 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/04/29 01:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0404000.00C\ironx86.sys -- (SymIRON)
DRV - [2010/04/21 22:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\N360\0404000.00C\srtsp.sys -- (SRTSP)
DRV - [2010/04/21 22:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0404000.00C\srtspx.sys -- (SRTSPX)
DRV - [2009/10/14 23:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0404000.00C\symds.sys -- (SymDS)
DRV - [2008/10/26 17:48:00 | 004,881,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008/09/10 00:10:00 | 000,207,872 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS3.sys -- (HSFHWBS3)
DRV - [2008/09/10 00:09:54 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2008/09/10 00:09:52 | 000,985,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2008/08/07 07:14:56 | 000,111,360 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {CCC7A320-B3CA-4199-B1A6-9F516DD69829}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {DD799AD7-2C1C-44DF-95B1-8A81C6E8452E}
IE - HKCU\..\SearchScopes\{DD799AD7-2C1C-44DF-95B1-8A81C6E8452E}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.666: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.666: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.666: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.666: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.666: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2011/07/20 05:57:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn_2010_9_0_6 [2012/09/22 08:44:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/08/18 10:42:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/29 07:50:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/15 08:51:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Easy-Hide-IP\ff-extension [2011/02/08 10:59:00 | 000,000,000 | ---D | M]

[2009/07/02 19:38:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2012/05/23 17:52:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1ehlfnc0.default\extensions
[2012/05/18 19:53:32 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1ehlfnc0.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/05/23 17:52:36 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1ehlfnc0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2011/12/18 10:29:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/25 21:51:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2011/04/25 21:51:24 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/09/23 15:10:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\extensions
[2012/09/23 15:12:09 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/09/23 15:10:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\distribution\extensions
[2012/09/23 15:10:39 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\updated\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/08/29 07:50:41 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/08/29 07:50:17 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/08/29 07:50:16 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

O1 HOSTS File: ([2012/01/23 18:39:16 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\4.4.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.4.0.12\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.4.0.12\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil11e_Plugin.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Unable to open value key)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A20AA8A-5E6B-4D6C-9022-9199C705DCB0}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/26 18:25:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (dfboottime \??\C:\WINDOWS\System32\dfboottime.cfg)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/01 21:22:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator\Recent
[2012/10/01 20:48:30 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/12 13:44:05 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\HP_Administrator\Application Data\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2012/10/01 21:09:04 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/01 20:55:04 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/10/01 12:51:38 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2464341608-3933873169-3681834009-1006.job
[2012/10/01 12:51:37 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2464341608-3933873169-3681834009-1006.job
[2012/10/01 11:15:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2012/10/01 06:09:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/30 23:38:01 | 000,000,446 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateXML_HP_Administrator.job
[2012/09/30 21:39:05 | 000,000,450 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateFiles_HP_Administrator.job
[2012/09/29 16:16:30 | 000,103,324 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\lodge.jpg
[2012/09/29 16:13:04 | 000,088,193 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\tops.jpg
[2012/09/29 16:11:25 | 000,051,125 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\ZbThumbnail.info
[2012/09/29 16:07:13 | 000,065,531 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\deer.jpg
[2012/09/28 11:16:07 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/09/27 19:48:21 | 000,067,524 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\sancerre.jpg
[2012/09/27 13:12:21 | 000,056,061 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\fish.jpg
[2012/09/27 13:02:37 | 000,156,880 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\ephraim.jpg
[2012/09/26 23:34:04 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_HP_Administrator.job
[2012/09/24 18:49:54 | 000,012,286 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\upright_wood_pot_belly_stove.jpg
[2012/09/24 15:39:18 | 000,089,714 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\sophkleck.jpg
[2012/09/24 15:37:22 | 000,089,042 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\sophia.jpg
[2012/09/23 15:56:34 | 000,144,537 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\8016762979_e35c773cf1_z.jpg
[2012/09/23 15:41:46 | 000,125,769 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\beapumpkins.jpg
[2012/09/23 12:46:54 | 000,200,911 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\bradyout.gif
[2012/09/23 12:43:00 | 000,045,721 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\hand.jpg
[2012/09/23 12:41:36 | 000,056,621 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\tombrady.jpg
[2012/09/23 08:39:36 | 000,071,416 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\beaporch.jpg
[2012/09/22 08:43:52 | 000,000,334 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2012/09/22 08:43:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/09/20 19:18:23 | 000,723,937 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\springsteen shirt.JPG
[2012/09/20 08:04:22 | 000,054,795 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\beatrix.jpg
[2012/09/13 10:03:52 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/09/29 16:16:30 | 000,103,324 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\lodge.jpg
[2012/09/29 16:13:04 | 000,088,193 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\tops.jpg
[2012/09/29 16:07:13 | 000,065,531 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\deer.jpg
[2012/09/27 19:48:21 | 000,067,524 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\sancerre.jpg
[2012/09/27 13:12:19 | 000,056,061 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\fish.jpg
[2012/09/27 13:02:37 | 000,156,880 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\ephraim.jpg
[2012/09/26 23:34:04 | 000,000,456 | ---- | C] () -- C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_HP_Administrator.job
[2012/09/26 23:34:03 | 000,000,450 | ---- | C] () -- C:\WINDOWS\tasks\ReclaimerUpdateFiles_HP_Administrator.job
[2012/09/26 23:34:02 | 000,000,446 | ---- | C] () -- C:\WINDOWS\tasks\ReclaimerUpdateXML_HP_Administrator.job
[2012/09/24 18:49:53 | 000,012,286 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\upright_wood_pot_belly_stove.jpg
[2012/09/24 15:39:16 | 000,089,714 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\sophkleck.jpg
[2012/09/24 15:37:21 | 000,089,042 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\sophia.jpg
[2012/09/23 15:56:30 | 000,144,537 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\8016762979_e35c773cf1_z.jpg
[2012/09/23 15:41:46 | 000,125,769 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\beapumpkins.jpg
[2012/09/23 12:46:53 | 000,200,911 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\bradyout.gif
[2012/09/23 12:42:59 | 000,045,721 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\hand.jpg
[2012/09/23 12:41:24 | 000,056,621 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\tombrady.jpg
[2012/09/23 08:48:56 | 000,117,387 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\beayard.JPG
[2012/09/23 08:39:36 | 000,071,416 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\beaporch.jpg
[2012/09/20 19:18:19 | 000,723,937 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\springsteen shirt.JPG
[2012/09/20 08:04:22 | 000,054,795 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\beatrix.jpg
[2012/03/25 18:58:51 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\dfboottime.exe
[2012/02/14 17:36:44 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/23 18:11:42 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/01/23 18:11:42 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/01/23 18:11:42 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/01/23 18:11:42 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/01/23 18:11:42 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/01/17 19:06:13 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/26 18:15:06 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/18 17:41:21 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/10/14 12:14:26 | 000,001,618 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\.recently-used.xbel
[2010/06/11 11:01:45 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\prvlcl.dat
[2009/11/30 19:18:02 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\housecall.guid.cache
[2009/10/12 13:44:05 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\pcouffin.cat
[2009/10/12 13:44:05 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\pcouffin.inf
[2009/09/15 10:16:12 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/02 17:42:17 | 003,145,728 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator\NTUSER.bak

========== ZeroAccess Check ==========

[2008/11/26 18:44:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/04/29 00:46:52 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 08:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2009/10/21 17:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1Click DVD Copy Pro
[2011/02/19 16:57:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/16 18:51:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/07/02 18:35:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/10/16 19:15:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/05/27 10:21:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2012/02/26 14:35:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/01/27 13:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2008/11/26 18:49:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
[2011/11/19 18:35:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2009/10/18 21:28:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010/08/14 21:43:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.

Hi and welcome to Geeks to Go. :)

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Scan with DDS:

Please download DDS and save it to your Desktop from here.

Alternate downloads are here or here.

  • Disable any script blocker, and then double click on DDS to run the tool.
  • When done, DDS will open two logs:
  • DDS.txt <-- Will be opened
  • Attach.txt <-- Will be minimized
  • Save both reports to your desktop.
  • Please post the contents of these two Notepad files in your next reply.
When completed the above, please post back the following in the order asked for:

  • How is you computer performing now, any further symptoms and or problems encountered?
  • Both DDS logs. <-- Post them individually please, IE: one Log per post/reply.

  • 0

#3
Beatrix

Beatrix

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
My computer is running better than normal, but I'm not sure if it is because I had just defragged my computer or the program you instructed me to run actually did something. I've encountered no new problems. My start-up and search engine loads are still slower than they have been.









.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_26
Run by HP_Administrator at 7:42:24 on 2012-10-05
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.188 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe
C:\WINDOWS\explorer.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\4.4.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\4.4.0.12\IPSBHO.DLL
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\4.4.0.12\coIEPlg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{5A20AA8A-5E6B-4D6C-9022-9199C705DCB0} : DhcpNameServer = 75.75.75.75 75.75.76.76
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\1ehlfnc0.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0404000.00c\symds.sys [2011-10-31 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0404000.00c\symefa.sys [2011-10-31 173176]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20120928.001\BHDrvx86.sys [2012-10-1 995488]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0404000.00c\cchpx86.sys [2011-10-31 485512]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0404000.00c\ironx86.sys [2011-10-31 116784]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-11-26 14336]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\4.4.0.12\ccsvchst.exe [2011-10-31 126400]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-13 106656]
R3 HSFHWBS3;HSFHWBS3;c:\windows\system32\drivers\HSFHWBS3.sys [2008-11-26 207872]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20121004.001\IDSXpx86.sys [2012-10-4 373728]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20121004.032\NAVENG.SYS [2012-10-5 92704]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20121004.032\NAVEX15.SYS [2012-10-5 1601184]
S2 gupdate1ca021b3d388aee;Google Update Service (gupdate1ca021b3d388aee);c:\program files\google\update\GoogleUpdate.exe [2009-7-11 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-7-11 133104]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-23 114144]
.
=============== Created Last 30 ================
.
2012-09-23 19:10:51 96224 ----a-w- c:\program files\mozilla firefox\nssdbm3.dll
.
==================== Find3M ====================
.
2012-09-07 21:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-27 19:12:39 832512 ----a-w- c:\windows\system32\wininet.dll
2012-08-27 19:12:36 1830912 ------w- c:\windows\system32\inetcpl.cpl
2012-08-27 19:12:35 78336 ------w- c:\windows\system32\ieencode.dll
2012-08-27 19:12:34 17408 ------w- c:\windows\system32\corpol.dll
.
============= FINISH: 7:44:22.84 ===============
  • 0

#4
Beatrix

Beatrix

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 7/2/2009 5:41:26 PM
System Uptime: 10/2/2012 3:34:33 PM (64 hours ago)
.
Motherboard: FOXCONN | | CALI
Processor: Intel® Atom™ CPU 230 @ 1.60GHz | CPU 1 | 1596/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 139 GiB total, 108.4 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 6.312 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP483: 7/7/2012 9:23:10 PM - System Checkpoint
RP484: 7/9/2012 6:47:25 PM - System Checkpoint
RP485: 7/10/2012 6:54:26 PM - System Checkpoint
RP486: 7/11/2012 3:01:00 AM - Software Distribution Service 3.0
RP487: 7/12/2012 3:34:13 AM - System Checkpoint
RP488: 7/13/2012 4:32:03 AM - System Checkpoint
RP489: 7/14/2012 5:12:13 AM - System Checkpoint
RP490: 7/15/2012 6:12:31 AM - System Checkpoint
RP491: 7/16/2012 6:13:41 AM - System Checkpoint
RP492: 7/17/2012 7:12:14 AM - System Checkpoint
RP493: 7/18/2012 7:13:20 AM - System Checkpoint
RP494: 7/19/2012 8:12:10 AM - System Checkpoint
RP495: 7/20/2012 9:12:45 AM - System Checkpoint
RP496: 7/21/2012 10:38:54 AM - System Checkpoint
RP497: 7/22/2012 11:39:50 AM - System Checkpoint
RP498: 7/23/2012 12:13:03 PM - System Checkpoint
RP499: 7/24/2012 12:45:25 PM - System Checkpoint
RP500: 7/25/2012 2:43:43 PM - System Checkpoint
RP501: 7/26/2012 2:45:24 PM - System Checkpoint
RP502: 7/27/2012 5:40:13 PM - System Checkpoint
RP503: 7/28/2012 5:45:24 PM - System Checkpoint
RP504: 7/29/2012 6:52:01 PM - System Checkpoint
RP505: 7/30/2012 8:24:14 PM - System Checkpoint
RP506: 7/31/2012 8:38:08 PM - System Checkpoint
RP507: 8/1/2012 8:24:12 PM - Installed Java 2 Runtime Environment, SE v1.4.2
RP508: 8/2/2012 8:46:20 PM - System Checkpoint
RP509: 8/3/2012 8:52:07 PM - System Checkpoint
RP510: 8/4/2012 9:04:25 PM - System Checkpoint
RP511: 8/5/2012 9:15:08 PM - System Checkpoint
RP512: 8/6/2012 10:25:39 PM - System Checkpoint
RP513: 8/7/2012 11:14:42 PM - System Checkpoint
RP514: 8/9/2012 12:02:42 AM - System Checkpoint
RP515: 8/10/2012 12:07:14 AM - System Checkpoint
RP516: 8/11/2012 1:07:11 AM - System Checkpoint
RP517: 8/12/2012 2:07:13 AM - System Checkpoint
RP518: 8/13/2012 3:08:01 AM - System Checkpoint
RP519: 8/14/2012 3:18:12 AM - System Checkpoint
RP520: 8/14/2012 7:33:49 PM - Software Distribution Service 3.0
RP521: 8/15/2012 8:05:31 PM - System Checkpoint
RP522: 8/16/2012 8:34:19 PM - System Checkpoint
RP523: 8/17/2012 8:35:25 PM - System Checkpoint
RP524: 8/18/2012 8:49:15 PM - System Checkpoint
RP525: 8/19/2012 10:19:18 PM - System Checkpoint
RP526: 8/20/2012 10:35:00 PM - System Checkpoint
RP527: 8/21/2012 11:33:47 PM - System Checkpoint
RP528: 8/22/2012 11:43:51 PM - System Checkpoint
RP529: 8/24/2012 12:42:51 AM - System Checkpoint
RP530: 8/25/2012 1:41:32 AM - System Checkpoint
RP531: 8/26/2012 2:41:31 AM - System Checkpoint
RP532: 8/27/2012 4:02:45 AM - System Checkpoint
RP533: 8/28/2012 7:23:29 AM - System Checkpoint
RP534: 8/29/2012 7:46:32 AM - System Checkpoint
RP535: 8/30/2012 7:57:17 AM - System Checkpoint
RP536: 8/31/2012 8:42:03 AM - System Checkpoint
RP537: 9/1/2012 8:43:07 AM - System Checkpoint
RP538: 9/2/2012 9:03:55 AM - System Checkpoint
RP539: 9/3/2012 9:12:15 AM - System Checkpoint
RP540: 9/4/2012 10:15:47 AM - System Checkpoint
RP541: 9/5/2012 12:09:20 PM - System Checkpoint
RP542: 9/6/2012 12:13:29 PM - System Checkpoint
RP543: 9/7/2012 1:20:00 PM - System Checkpoint
RP544: 9/8/2012 1:29:26 PM - System Checkpoint
RP545: 9/9/2012 2:26:41 PM - System Checkpoint
RP546: 9/10/2012 3:00:22 PM - System Checkpoint
RP547: 9/11/2012 5:54:54 PM - System Checkpoint
RP548: 9/12/2012 8:21:28 AM - Software Distribution Service 3.0
RP549: 9/13/2012 8:23:05 AM - System Checkpoint
RP550: 9/14/2012 10:40:21 AM - System Checkpoint
RP551: 9/15/2012 11:31:52 AM - System Checkpoint
RP552: 9/16/2012 12:05:47 PM - System Checkpoint
RP553: 9/17/2012 1:06:06 PM - System Checkpoint
RP554: 9/18/2012 1:29:55 PM - System Checkpoint
RP555: 9/19/2012 1:37:25 PM - System Checkpoint
RP556: 9/20/2012 5:25:35 PM - System Checkpoint
RP557: 9/21/2012 6:10:58 PM - System Checkpoint
RP558: 9/21/2012 10:59:18 PM - Software Distribution Service 3.0
RP559: 9/22/2012 8:17:38 AM - Software Distribution Service 3.0
RP560: 9/23/2012 9:40:33 AM - System Checkpoint
RP561: 9/24/2012 10:22:54 AM - System Checkpoint
RP562: 9/25/2012 12:06:27 PM - System Checkpoint
RP563: 9/26/2012 12:47:47 PM - System Checkpoint
RP564: 9/27/2012 2:13:02 PM - System Checkpoint
RP565: 9/28/2012 4:30:50 PM - System Checkpoint
RP566: 9/29/2012 5:09:17 PM - System Checkpoint
RP567: 9/30/2012 6:04:05 PM - System Checkpoint
RP568: 10/1/2012 7:26:10 PM - System Checkpoint
RP569: 10/2/2012 7:54:40 PM - System Checkpoint
RP570: 10/3/2012 8:29:20 PM - System Checkpoint
RP571: 10/4/2012 9:24:45 PM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Akamai NetSession Interface
Akamai NetSession Interface Service
Apple Application Support
Apple Software Update
AVG PC Tuneup 2011
BlackBerry Desktop Software 6.0
Canon Camera Access Library
Canon Camera Support Core Library
Canon G.726 WMP-Decoder
Canon iP1600
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities Easy-PhotoPrint
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner
CyberLink Recovery Manager
Defraggler
Easy-Hide-IP 3.7.4
Easy-WebPrint
Glary Utilities 2.47.0.1539
Google Chrome
Google Earth
Google Update Helper
Google Updater
Hardware Diagnostic Tools
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
HP Update
Intel® Graphics Media Accelerator Driver
Java 2 Runtime Environment, SE v1.4.2
Java Auto Updater
Java™ 6 Update 26
Malwarebytes Anti-Malware version 1.65.0.1400
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007 Trial
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works 6-9 Converter
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
Norton Security Suite
Opera 12.00
PCIe Soft Data Fax Modem with SmartCP
Power2Go
PowerDVD SE
QuickTime
Realtek High Definition Audio Driver
Recuva
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB2618444)
Security Update for Windows Internet Explorer 7 (KB2647516)
Security Update for Windows Internet Explorer 7 (KB2675157)
Security Update for Windows Internet Explorer 7 (KB2699988)
Security Update for Windows Internet Explorer 7 (KB2722913)
Security Update for Windows Internet Explorer 7 (KB2744842)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB923789)
Speccy
Spybot - Search & Destroy
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB971029)
WebFldrs XP
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
WinPatrol
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
10/1/2012 9:56:31 AM, error: Print [6161] - The document Read the Bible in One Year owned by HP_Administrator failed to print on printer Canon iP1600. Data type: NT EMF 1.008. Size of the spool file in bytes: 1418476. Number of bytes printed: 1207212. Total number of pages in the document: 3. Number of pages printed: 0. Client machine: \\YOUR-235B2CE4A2. Win32 error code returned by the print processor: 87 (0x57).
.
==== End Of File ===========================

Edited by Beatrix, 05 October 2012 - 06:17 AM.

  • 0

#5
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

My computer is running better than normal, but I'm not sure if it is because I had just defragged my computer or the program you instructed me to run actually did something. I've encountered no new problems. My start-up and search engine loads are still slower than they have been.

Acknowledged, though DDS would not have done anything apart from a benign scan.

There is evidence ComboFix has been used recently...Is the executable for the aforementioned still present and could you check if the log created is still present also. It will be at the root of the hard-drive IE:-

C:\ComboFix.txt

If still present please post that in your next reply.

Check Hard Disk For Errors:

Press Start->Run, then copy/paste the following command into the box and press OK:

cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"

A blank command window will open on your desktop, then close in a few minutes. This is normal.

A file icon named checkhd.txt should appear on your Desktop. Please post the contents of this file.

Scan with AdwCleaner:

Please download adwcleaner from here and save to your desktop.

Alternate download is here.

  • Double click on adwcleaner.exe to launch the application.
  • Now click on the Search tab.
  • Please post the contents of the log-file created in your next post.
Note: The log can also be located at C: >> AdwCleaner[XX].txt >> XX <-- denotes the number of times the application has been ran, so in this case may be something like R1.
  • 0

#6
Beatrix

Beatrix

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
This combo fix txt is from February




ComboFix 12-02-24.02 - HP_Administrator 02/26/2012 13:40:46.6.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.372 [GMT -5:00]
Running from: c:\documents and settings\HP_Administrator\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-01-26 to 2012-02-26 )))))))))))))))))))))))))))))))
.
.
2012-02-14 21:36 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-14 21:36 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-01 22:24 . 2011-07-02 10:02 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-12 16:53 . 2008-11-26 21:10 1859968 ------w- c:\windows\system32\win32k.sys
2011-12-19 08:13 . 2008-11-26 21:10 832512 ----a-w- c:\windows\system32\wininet.dll
2011-12-19 08:13 . 2008-11-26 21:10 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-12-19 08:13 . 2008-11-26 21:10 78336 ------w- c:\windows\system32\ieencode.dll
2011-12-19 08:13 . 2008-11-26 21:10 17408 ------w- c:\windows\system32\corpol.dll
2011-12-10 20:24 . 2012-01-23 21:07 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-18 14:29 . 2011-03-24 12:40 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-09-24 210216]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-08-18 273528]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-02-15 417792]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-10-26 21:47 57344 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 ------w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]
2009-10-06 22:01 827904 ----a-w- c:\program files\dvd43\DVD43_Tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-Hide-IP]
2010-10-20 20:50 4539392 ----a-w- c:\program files\Easy-Hide-IP\easy-hide-ip.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-10-26 21:48 17021440 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-07-11 11:31 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPatrol]
2010-05-31 11:18 323976 ------w- c:\program files\BillP Studios\WinPatrol\WinPatrol.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Easy-Hide-IP\\easy-hide-ip.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Documents and Settings\\HP_Administrator\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"3246:TCP"= 3246:TCP:Services
"2479:TCP"= 2479:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
"1050:TCP"= 1050:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0404000.00C\symds.sys [10/31/2011 3:33 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0404000.00C\symefa.sys [10/31/2011 3:33 PM 173176]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20120215.001\BHDrvx86.sys [2/15/2012 8:09 PM 820344]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0404000.00C\cchpx86.sys [10/31/2011 3:33 PM 485512]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0404000.00C\ironx86.sys [10/31/2011 3:33 PM 116784]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [11/26/2008 4:10 PM 14336]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\4.4.0.12\ccsvchst.exe [10/31/2011 3:33 PM 126400]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/3/2012 10:30 PM 106104]
R3 HSFHWBS3;HSFHWBS3;c:\windows\system32\drivers\HSFHWBS3.sys [11/26/2008 5:34 PM 207872]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20120224.002\IDSXpx86.sys [2/24/2012 4:58 PM 356280]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [10/12/2009 12:44 PM 47360]
S2 gupdate1ca021b3d388aee;Google Update Service (gupdate1ca021b3d388aee);c:\program files\Google\Update\GoogleUpdate.exe [7/11/2009 6:32 AM 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/11/2009 6:32 AM 133104]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2012-02-25 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2011-02-15 14:50]
.
2012-02-25 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-11 00:54]
.
2012-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-11 11:32]
.
2012-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-11 11:32]
.
2012-02-25 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2464341608-3933873169-3681834009-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-08-11 19:22]
.
2012-02-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2464341608-3933873169-3681834009-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-08-11 19:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = local
TCP: DhcpNameServer = 68.87.71.230 68.87.73.246
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1ehlfnc0.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-26 13:50
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.4.0.12\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_7de0ed9.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(692)
c:\windows\system32\igfxdev.dll
.
Completion time: 2012-02-26 13:53:53
ComboFix-quarantined-files.txt 2012-02-26 18:53
ComboFix2.txt 2012-01-23 22:47
.
Pre-Run: 118,466,498,560 bytes free
Post-Run: 118,452,654,080 bytes free
.
- - End Of File - - F6F7110DDAED8E303B6B5D4C4CB513A3









------------------------------------------------------------------------------------------------------------------------------------------------
checkhd.txt



The type of the file system is NTFS.
Volume label is COMPAQ.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
CHKDSK is verifying indexes (stage 2 of 3)...
Deleting index entry NORTON~1.ZIP in index $I30 of file 27827.

Errors found. CHKDSK cannot continue in read-only mode.






------------------------------------------------------------------------------------------------------------------------------------------------
AdWCleaner(r1).txt




# AdwCleaner v2.003 - Logfile created 10/06/2012 at 09:43:59
# Updated 23/09/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : HP_Administrator - YOUR-235B2CE4A2
# Boot Mode : Normal
# Running from : C:\Documents and Settings\HP_Administrator\My Documents\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1ehlfnc0.default\Conduit

***** [Registry] *****

Key Found : HKCU\Software\Headlight
Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Found : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar
Key Found : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar.1
Key Found : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem
Key Found : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem.1
Key Found : HKLM\SOFTWARE\Classes\toolband.pm_launcher
Key Found : HKLM\SOFTWARE\Classes\toolband.pm_launcher.1
Key Found : HKLM\SOFTWARE\Classes\toolband.pm_printmanager
Key Found : HKLM\SOFTWARE\Classes\toolband.pm_printmanager.1
Key Found : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback
Key Found : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback.1
Key Found : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler
Key Found : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler.1
Key Found : HKLM\SOFTWARE\Classes\toolband.tbtoolband
Key Found : HKLM\SOFTWARE\Classes\toolband.tbtoolband.1
Key Found : HKLM\SOFTWARE\Classes\toolband.useroptions
Key Found : HKLM\SOFTWARE\Classes\toolband.useroptions.1

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.5730.13

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1ehlfnc0.default\prefs.js

Found : user_pref("CT2856425..clientLogIsEnabled", false);
Found : user_pref("CT2856425..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2856425..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2856425.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2856425.CTID", "CT2856425");
Found : user_pref("CT2856425.Chat.ServerLastCheckTime", "Mon Dec 13 2010 06:35:22 GMT-0500 (Eastern Standard[...]
Found : user_pref("CT2856425.CurrentServerDate", "13-12-2010");
Found : user_pref("CT2856425.DialogsAlignMode", "LTR");
Found : user_pref("CT2856425.DownloadReferralCookieData", "{\"BannerName\":\"\",\"BannerTypeId\":\"\",\"Bann[...]
Found : user_pref("CT2856425.EMailNotifierPollDate", "Mon Dec 13 2010 06:35:22 GMT-0500 (Eastern Standard Ti[...]
Found : user_pref("CT2856425.ExternalComponentPollDate129355808684912503", "Sun Dec 12 2010 17:25:51 GMT-050[...]
Found : user_pref("CT2856425.ExternalComponentPollDate129355808684912504", "Sun Dec 12 2010 17:25:51 GMT-050[...]
Found : user_pref("CT2856425.ExternalComponentPollDate129355808685381259", "Sun Dec 12 2010 17:25:51 GMT-050[...]
Found : user_pref("CT2856425.FirstServerDate", "13-12-2010");
Found : user_pref("CT2856425.FirstTime", true);
Found : user_pref("CT2856425.FirstTimeFF3", true);
Found : user_pref("CT2856425.FixPageNotFoundErrors", true);
Found : user_pref("CT2856425.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2856425.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2856425.HasUserGlobalKeys", true);
Found : user_pref("CT2856425.Initialize", true);
Found : user_pref("CT2856425.InitializeCommonPrefs", true);
Found : user_pref("CT2856425.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2856425.InstalledDate", "Sun Dec 12 2010 17:25:51 GMT-0500 (Eastern Standard Time)");
Found : user_pref("CT2856425.InvalidateCache", false);
Found : user_pref("CT2856425.IsGrouping", false);
Found : user_pref("CT2856425.IsMulticommunity", false);
Found : user_pref("CT2856425.IsOpenThankYouPage", true);
Found : user_pref("CT2856425.IsOpenUninstallPage", true);
Found : user_pref("CT2856425.LanguagePackLastCheckTime", "Sun Dec 12 2010 17:25:50 GMT-0500 (Eastern Standar[...]
Found : user_pref("CT2856425.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2856425.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2856425.LastLogin_3.2.5.2", "Mon Dec 13 2010 06:29:51 GMT-0500 (Eastern Standard Time)"[...]
Found : user_pref("CT2856425.LatestVersion", "3.2.5.2");
Found : user_pref("CT2856425.Locale", "en");
Found : user_pref("CT2856425.MCDetectTooltipHeight", "83");
Found : user_pref("CT2856425.MCDetectTooltipUrl", "hxxp://@[email protected]/rank/tooltip/?version=1");
Found : user_pref("CT2856425.MCDetectTooltipWidth", "295");
Found : user_pref("CT2856425.RadioIsPodcast", false);
Found : user_pref("CT2856425.RadioLastCheckTime", "Sun Dec 12 2010 17:26:14 GMT-0500 (Eastern Standard Time)[...]
Found : user_pref("CT2856425.RadioLastUpdateIPServer", "3");
Found : user_pref("CT2856425.RadioLastUpdateServer", "3");
Found : user_pref("CT2856425.RadioMediaID", "9962");
Found : user_pref("CT2856425.RadioMediaType", "Media Player");
Found : user_pref("CT2856425.RadioMenuSelectedID", "EBRadioMenu_CT28564259962");
Found : user_pref("CT2856425.RadioStationName", "California%20Rock");
Found : user_pref("CT2856425.RadioStationURL", "hxxp://feedlive.net/california.asx");
Found : user_pref("CT2856425.SavedHomepage", "hxxp://www.google.com");
Found : user_pref("CT2856425.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2856425.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT285[...]
Found : user_pref("CT2856425.SearchInNewTabEnabled", true);
Found : user_pref("CT2856425.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2856425.SearchInNewTabLastCheckTime", "Sun Dec 12 2010 17:26:09 GMT-0500 (Eastern Stand[...]
Found : user_pref("CT2856425.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2856425.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Found : user_pref("CT2856425.ServiceMapLastCheckTime", "Sun Dec 12 2010 17:25:45 GMT-0500 (Eastern Standard [...]
Found : user_pref("CT2856425.SettingsLastCheckTime", "Mon Dec 13 2010 06:29:50 GMT-0500 (Eastern Standard Ti[...]
Found : user_pref("CT2856425.SettingsLastUpdate", "1291704992");
Found : user_pref("CT2856425.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2856425.ThirdPartyComponentsLastCheck", "Sun Dec 12 2010 17:25:45 GMT-0500 (Eastern Sta[...]
Found : user_pref("CT2856425.ThirdPartyComponentsLastUpdate", "1246790578");
Found : user_pref("CT2856425.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Found : user_pref("CT2856425.UserID", "UN43686318833088966");
Found : user_pref("CT2856425.ValidationData_Toolbar", 1);
Found : user_pref("CT2856425.WeatherNetwork", "");
Found : user_pref("CT2856425.WeatherPollDate", "Mon Dec 13 2010 06:29:54 GMT-0500 (Eastern Standard Time)");
Found : user_pref("CT2856425.WeatherUnit", "F");
Found : user_pref("CT2856425.alertChannelId", "1248449");
Found : user_pref("CT2856425.myStuffEnabled", true);
Found : user_pref("CT2856425.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2856425.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2856425.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2856425.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2856425.testingCtid", "");
Found : user_pref("CT2856425.toolbarAppMetaDataLastCheckTime", "Sun Dec 12 2010 17:26:13 GMT-0500 (Eastern S[...]
Found : user_pref("CT2856425.toolbarContextMenuLastCheckTime", "Sun Dec 12 2010 17:26:13 GMT-0500 (Eastern S[...]
Found : user_pref("CT2856425.usagesFlag", 2);
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1248449/1244122/US", "\"0\"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2856425", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63426852822937[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=11/8/20[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2856425/CT2856425[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634[...]
Found : user_pref("CommunityToolbar.EngineOwner", "");
Found : user_pref("CommunityToolbar.EngineOwnerGuid", "");
Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "");
Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Found : user_pref("CommunityToolbar.OriginalEngineOwner", "");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "");
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "CT2856425");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2856425");
Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sun Dec 12 2010 18:26:09 GMT-0500 (Easte[...]
Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.alert.locale", "en");
Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sun Dec 12 2010 17:25:44 GMT-0500 (Eastern S[...]
Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291052234");
Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.alert.userId", "35d6386c-0737-4c18-b8d5-b8f084b78b96");
Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2856425");

Profile name : default
File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\e8p9m1i3.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v12.0.1467.0

File : C:\Documents and Settings\HP_Administrator\Application Data\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [11852 octets] - [06/10/2012 09:43:59]

########## EOF - C:\AdwCleaner[R1].txt - [11913 octets] ##########
  • 0

#7
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

There appears to be some errors on the hard-drive itself, we will perform some in-depth maintenance next time round to see if that improves the overall situation.

For now lets proceed as follows shall we...

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please go here and download ERUNT.
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double-click on to erunt-setup.exe install ERUNT by following the prompts.
  • Use the default install settings but say no to the portion that asks you to add ERUNT to the Start-Up folder.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.
Note: If it is necessary to restore the registry, open the backup folder and start ERDNT.exe

Reset SP3 Firewall:

Click on Start >> Run... and cut/paste in the following and click on OK

firewall.cpl
Click on the Advanced tab >> Restore Defaults >> At the prompt click on Yes >> OK

Now click on the General tab >> select On(recommended) >> OK.

Re-scan with AdwCleaner:

  • Doublet-click on adwcleaner.exe to launch the application.
  • Now click on the Delete tab >> reboot(restart) your machine if not prompted to do so.
  • Please post the contents of the new log-file created in your next post.
Note: The log can also be located at C: >> AdwCleaner[XX].txt >> XX <-- denotes the number of times the application has been ran, so in this case should be something like S1.
  • 0

#8
Beatrix

Beatrix

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
# AdwCleaner v2.003 - Logfile created 10/07/2012 at 18:52:48
# Updated 23/09/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : HP_Administrator - YOUR-235B2CE4A2
# Boot Mode : Normal
# Running from : C:\Documents and Settings\HP_Administrator\My Documents\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1ehlfnc0.default\Conduit

***** [Registry] *****

Key Deleted : HKCU\Software\Headlight
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar
Key Deleted : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem
Key Deleted : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_launcher
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_launcher.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_printmanager
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_printmanager.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.tbtoolband
Key Deleted : HKLM\SOFTWARE\Classes\toolband.tbtoolband.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.useroptions
Key Deleted : HKLM\SOFTWARE\Classes\toolband.useroptions.1

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.5730.13

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1ehlfnc0.default\prefs.js

Deleted : user_pref("CT2856425..clientLogIsEnabled", false);
Deleted : user_pref("CT2856425..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2856425..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2856425.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2856425.CTID", "CT2856425");
Deleted : user_pref("CT2856425.Chat.ServerLastCheckTime", "Mon Dec 13 2010 06:35:22 GMT-0500 (Eastern Standard[...]
Deleted : user_pref("CT2856425.CurrentServerDate", "13-12-2010");
Deleted : user_pref("CT2856425.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2856425.DownloadReferralCookieData", "{\"BannerName\":\"\",\"BannerTypeId\":\"\",\"Bann[...]
Deleted : user_pref("CT2856425.EMailNotifierPollDate", "Mon Dec 13 2010 06:35:22 GMT-0500 (Eastern Standard Ti[...]
Deleted : user_pref("CT2856425.ExternalComponentPollDate129355808684912503", "Sun Dec 12 2010 17:25:51 GMT-050[...]
Deleted : user_pref("CT2856425.ExternalComponentPollDate129355808684912504", "Sun Dec 12 2010 17:25:51 GMT-050[...]
Deleted : user_pref("CT2856425.ExternalComponentPollDate129355808685381259", "Sun Dec 12 2010 17:25:51 GMT-050[...]
Deleted : user_pref("CT2856425.FirstServerDate", "13-12-2010");
Deleted : user_pref("CT2856425.FirstTime", true);
Deleted : user_pref("CT2856425.FirstTimeFF3", true);
Deleted : user_pref("CT2856425.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2856425.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2856425.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2856425.HasUserGlobalKeys", true);
Deleted : user_pref("CT2856425.Initialize", true);
Deleted : user_pref("CT2856425.InitializeCommonPrefs", true);
Deleted : user_pref("CT2856425.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2856425.InstalledDate", "Sun Dec 12 2010 17:25:51 GMT-0500 (Eastern Standard Time)");
Deleted : user_pref("CT2856425.InvalidateCache", false);
Deleted : user_pref("CT2856425.IsGrouping", false);
Deleted : user_pref("CT2856425.IsMulticommunity", false);
Deleted : user_pref("CT2856425.IsOpenThankYouPage", true);
Deleted : user_pref("CT2856425.IsOpenUninstallPage", true);
Deleted : user_pref("CT2856425.LanguagePackLastCheckTime", "Sun Dec 12 2010 17:25:50 GMT-0500 (Eastern Standar[...]
Deleted : user_pref("CT2856425.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2856425.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2856425.LastLogin_3.2.5.2", "Mon Dec 13 2010 06:29:51 GMT-0500 (Eastern Standard Time)"[...]
Deleted : user_pref("CT2856425.LatestVersion", "3.2.5.2");
Deleted : user_pref("CT2856425.Locale", "en");
Deleted : user_pref("CT2856425.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2856425.MCDetectTooltipUrl", "hxxp://@[email protected]/rank/tooltip/?version=1");
Deleted : user_pref("CT2856425.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2856425.RadioIsPodcast", false);
Deleted : user_pref("CT2856425.RadioLastCheckTime", "Sun Dec 12 2010 17:26:14 GMT-0500 (Eastern Standard Time)[...]
Deleted : user_pref("CT2856425.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2856425.RadioLastUpdateServer", "3");
Deleted : user_pref("CT2856425.RadioMediaID", "9962");
Deleted : user_pref("CT2856425.RadioMediaType", "Media Player");
Deleted : user_pref("CT2856425.RadioMenuSelectedID", "EBRadioMenu_CT28564259962");
Deleted : user_pref("CT2856425.RadioStationName", "California%20Rock");
Deleted : user_pref("CT2856425.RadioStationURL", "hxxp://feedlive.net/california.asx");
Deleted : user_pref("CT2856425.SavedHomepage", "hxxp://www.google.com");
Deleted : user_pref("CT2856425.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2856425.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT285[...]
Deleted : user_pref("CT2856425.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2856425.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2856425.SearchInNewTabLastCheckTime", "Sun Dec 12 2010 17:26:09 GMT-0500 (Eastern Stand[...]
Deleted : user_pref("CT2856425.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2856425.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2856425.ServiceMapLastCheckTime", "Sun Dec 12 2010 17:25:45 GMT-0500 (Eastern Standard [...]
Deleted : user_pref("CT2856425.SettingsLastCheckTime", "Mon Dec 13 2010 06:29:50 GMT-0500 (Eastern Standard Ti[...]
Deleted : user_pref("CT2856425.SettingsLastUpdate", "1291704992");
Deleted : user_pref("CT2856425.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2856425.ThirdPartyComponentsLastCheck", "Sun Dec 12 2010 17:25:45 GMT-0500 (Eastern Sta[...]
Deleted : user_pref("CT2856425.ThirdPartyComponentsLastUpdate", "1246790578");
Deleted : user_pref("CT2856425.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Deleted : user_pref("CT2856425.UserID", "UN43686318833088966");
Deleted : user_pref("CT2856425.ValidationData_Toolbar", 1);
Deleted : user_pref("CT2856425.WeatherNetwork", "");
Deleted : user_pref("CT2856425.WeatherPollDate", "Mon Dec 13 2010 06:29:54 GMT-0500 (Eastern Standard Time)");
Deleted : user_pref("CT2856425.WeatherUnit", "F");
Deleted : user_pref("CT2856425.alertChannelId", "1248449");
Deleted : user_pref("CT2856425.myStuffEnabled", true);
Deleted : user_pref("CT2856425.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2856425.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2856425.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2856425.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2856425.testingCtid", "");
Deleted : user_pref("CT2856425.toolbarAppMetaDataLastCheckTime", "Sun Dec 12 2010 17:26:13 GMT-0500 (Eastern S[...]
Deleted : user_pref("CT2856425.toolbarContextMenuLastCheckTime", "Sun Dec 12 2010 17:26:13 GMT-0500 (Eastern S[...]
Deleted : user_pref("CT2856425.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1248449/1244122/US", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2856425", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63426852822937[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=11/8/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2856425/CT2856425[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634[...]
Deleted : user_pref("CommunityToolbar.EngineOwner", "");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "");
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2856425");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2856425");
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sun Dec 12 2010 18:26:09 GMT-0500 (Easte[...]
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sun Dec 12 2010 17:25:44 GMT-0500 (Eastern S[...]
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291052234");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "35d6386c-0737-4c18-b8d5-b8f084b78b96");
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2856425");

Profile name : default
File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\e8p9m1i3.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v12.0.1467.0

File : C:\Documents and Settings\HP_Administrator\Application Data\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [11983 octets] - [06/10/2012 09:43:59]
AdwCleaner[R2].txt - [12044 octets] - [07/10/2012 18:45:50]
AdwCleaner[R3].txt - [12105 octets] - [07/10/2012 18:51:52]
AdwCleaner[S1].txt - [12716 octets] - [07/10/2012 18:52:48]

########## EOF - C:\AdwCleaner[S1].txt - [12777 octets] ##########

Edited by Beatrix, 07 October 2012 - 05:39 PM.

  • 0

#9
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

Please refrain from editing posts, I am aware you re-ran AdwCleaner again in Search mode, most likely by mistake. That in itself is not a problem and these things happen but if you edit posts, something I may need to be able too review could be over looked. So just post a new reply in future rather than editing one, thank you.

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.

Hard-Drive Maintenance/Repair:

The below may take some time to complete...

Note: for the CHKDSK portion you may refer to this tutorial of mine here and follow the instructions for Graphical Mode if you so wish.

  • Click Start >> Run... then type in CMD and click on OK.
  • At the Command Prompt C:\ > type the following:
  • CD C:\ and hit the Enter/Return key.
  • Now type in DEFRAG C: -F
  • A Analysis report will be displayed and then Windows will start the Defragmentation run automatically.
  • This may take some time, when completed the Command Prompt C:\ > will appear.
  • Now type in CHKDSK C: /R and hit the Enter/Return key.
  • When prompted with:

CHKDSK cannot run because the volume is in use by another process
Would you like to schedule this volume to be checked next time the system
restarts (Y/N)

  • Hit the Y key then at the Command Prompt C:\ >
  • Type in EXIT and and hit the Enter/Return key.
  • Now Reboot(Restart) your computer.
Note: Upon Reboot(Restart) the CHKDSK(check-disk) will start and carry out the repairs required.

You should see a screen like this just after the Post(power on self test) screen:

Posted Image

Note: Do not touch either the keyboard or Mouse, otherwise the Check-Disk will be cancelled and you computer will continue to boot-up as normal.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here to run the scan...

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • Eset online scanner log.

  • 0

#10
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

Advertisements


#11
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Topic re-opened at OP's request...
  • 0

#12
Beatrix

Beatrix

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I have to re-run Eset, I did not see where I could copy a logfile and I don't have one anywhere.

The scan did find a searchsuite toolbar.
  • 0

#13
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

I have to re-run Eset, I did not see where I could copy a logfile and I don't have one anywhere.

The scan did find a searchsuite toolbar.

Did you opt to uninstall the scanner after completion ? If not the log should be located here:-

Click on Start >> My Computer >> C:\ >> Program Files >> ESET >> EsetOnlineScanner >> log.txt. <-- This is the scan log

In the event you did uninstall, merely follow my instructions again for the scan in post #9 and re-run the Eset online scanner.
  • 0

#14
Beatrix

Beatrix

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
start-up and initial load of search engines is still slow

however, once search engine is loaded, internet browsing is much faster than before



[email protected] as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=69cd13e13a180a498c8293bf4c40c7e8
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-10-15 04:31:13
# local_time=2012-10-15 12:31:13 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=3589 16777189 80 86 29117541 113543150 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=74778
# found=1
# cleaned=0
# scan_time=10628
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\ilividsetupv1.exe Win32/Toolbar.SearchSuite application (unable to clean) 00000000000000000000000000000000 I
[email protected] as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=69cd13e13a180a498c8293bf4c40c7e8
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-10-16 03:22:01
# local_time=2012-10-15 11:22:01 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=3589 16777189 80 86 29199271 113624880 0 0
# compatibility_mode=8192 67108863 100 0 12218 12218 0 0
# scanned=75473
# found=1
# cleaned=0
# scan_time=11138
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\ilividsetupv1.exe Win32/Toolbar.SearchSuite application (unable to clean) 00000000000000000000000000000000 I
  • 0

#15
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

start-up and initial load of search engines is still slow

however, once search engine is loaded, internet browsing is much faster than before

Did you encounter any problems with the advised Hard-Drive Maintenance/Repair or with running TFC(Temp File Cleaner) ?

Reason asking you mentioned in the PM(private message) requesting this topic be re-opened you encountered some problems...

I am actually beginning to suspect the Hard-Drive on your machine may be the cause. As it stands far as I can ascertain Malware is no longer the root cause. Though also feasible the installed Norton Security Suite may be the reason as these types of combination software can really slow a system down.

How long do you have left on the Norton subscription before it expires ?

Java Advice:

The version installed is out of date and deemed a security risk, so uninstall both Java™ 6 Update 26 and Java Auto Updater(if present).

Regarding a new Java installation, I strongly advise against re-installing a updated version at present because the software as a whole has been severely exploited of late and your machine could end up seriously infected. Even though this exploit has been reportedly fixed there is still a vulnerability with the software.

Your choice if you wish to go ahead and reinstall but as mentioned I advise against it and for the present I do not even have anything Java related installed on my machines.

So let myself know what you wish to do about this in your next reply please.

Next:

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete this file (if present):

C:\Documents and Settings\HP_Administrator\My Documents\Downloads\ilividsetupv1.exe

Re-check Hard Disk For Errors:

Delete the original checkhd.txt if still present on the desktop, then empty the Recycle Bin(this will also fully get rid of the previously deleted ilividsetupv1.exe).

Press Start->Run, then copy/paste the following command into the box and press OK:

cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"

A blank command window will open on your desktop, then close in a few minutes. This is normal.

A file icon named checkhd.txt should appear on your Desktop. Please post the contents of this file.

Reset IE7:

  • Start Internet Explorer.
  • On the Tools menu, click Internet Options.
  • On the Advanced tab, click Reset.
  • In the Reset Internet Explorer Settings dialogue box, click Reset to confirm.
Note: Any add-ons will require to be reapplied after the above reset.

Next:

In your next reply answer my questions please. Post the new checkhd.txt and provide a quick update also, thank you.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP