Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Extremely slow computer [Closed]


  • This topic is locked This topic is locked

#1
ShoalBear

ShoalBear

    Member

  • Member
  • PipPipPip
  • 212 posts
Helping a friend with a computer that is slower than molasses in February. Was hoping y'all could help cause you have saved me so many times before. Not sure if there is a virus, spyware, malware, or just that this computer is so old it needs to be booted out the door. Thanks in advance for any help you can offer. OTL file follows.

OTL logfile created on: 12/14/2012 12:10:42 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\XPuser\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.98 Mb Total Physical Memory | 50.51 Mb Available Physical Memory | 9.90% Memory free
1.22 Gb Paging File | 0.59 Gb Available in Paging File | 48.25% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 58.08 Gb Free Space | 77.96% Space Free | Partition Type: NTFS
Drive D: | 404.47 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: USER-FT45IBDYW1 | User Name: XPuser | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/14 12:09:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\XPuser\My Documents\Downloads\OTL.exe
PRC - [2012/01/21 12:30:58 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/03 20:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccsvchst.exe
PRC - [2009/08/19 09:25:52 | 001,589,208 | ---- | M] () -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
PRC - [2009/06/17 09:49:44 | 000,616,408 | ---- | M] () -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
PRC - [2009/04/24 01:57:42 | 001,025,320 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\SupportSoft\bin\bcont.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/26 12:55:04 | 000,283,912 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
PRC - [2004/03/09 10:26:52 | 000,876,656 | ---- | M] (Ahead Software AG) -- C:\Program Files\Ahead\InCD\incdsrv.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/21 12:30:44 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/03/15 06:13:46 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/03/24 20:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/08/19 09:25:52 | 001,589,208 | ---- | M] () -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
MOD - [2009/06/17 09:49:44 | 000,616,408 | ---- | M] () -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect\mswmcls.exe -- (WmcCdsLs)
SRV - File not found [On_Demand | Stopped] -- c:\program files\windows media connect\mswmccds.exe -- (WmcCds)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/12/14 12:07:15 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/08/03 20:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe -- (N360)
SRV - [2011/06/12 10:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/06/17 09:49:44 | 000,616,408 | ---- | M] () [Auto | Running] -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe -- (AntiSpywareService)
SRV - [2007/09/26 12:55:04 | 000,283,912 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe -- (ITMRTSVC)
SRV - [2004/03/18 15:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/03/09 10:26:52 | 000,876,656 | ---- | M] (Ahead Software AG) [Auto | Running] -- C:\Program Files\Ahead\InCD\incdsrv.exe -- (InCDsrv)
SRV - [2004/03/01 14:40:52 | 000,077,824 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:\WINDOWS\system32\hpbpro.exe -- (HP Port Resolver)
SRV - [2004/03/01 14:40:52 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:\WINDOWS\system32\hpboid.exe -- (HP Status Server)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\wanatw4.sys -- (wanatw)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\vsdatant.sys -- (vsdatant)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\LHidUsbK.Sys -- (LHidUsbK)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\iPodDrv.sys -- (iPodDrv)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/10/31 21:26:03 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20121106.032\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/10/31 21:26:03 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20121106.032\NAVENG.SYS -- (NAVENG)
DRV - [2012/10/05 14:42:14 | 000,373,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20121106.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2012/10/05 10:23:26 | 000,995,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20121030.002\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/08/08 18:36:45 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/08/08 18:36:45 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/08/21 18:53:36 | 000,362,360 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0404000.00C\symtdi.sys -- (SYMTDI)
DRV - [2011/08/21 18:53:35 | 000,173,176 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0404000.00C\symefa.sys -- (SymEFA)
DRV - [2011/08/03 20:19:30 | 000,485,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0404000.00C\cchpx86.sys -- (ccHP)
DRV - [2010/06/21 18:51:14 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2010/04/28 21:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0404000.00C\ironx86.sys -- (SymIRON)
DRV - [2010/04/21 18:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\N360\0404000.00C\srtsp.sys -- (SRTSP)
DRV - [2010/04/21 18:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0404000.00C\srtspx.sys -- (SRTSPX)
DRV - [2010/04/13 17:45:36 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)
DRV - [2010/04/13 17:45:36 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)
DRV - [2010/04/13 17:45:36 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)
DRV - [2010/04/13 17:45:36 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)
DRV - [2010/04/13 17:45:36 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)
DRV - [2010/04/09 19:21:22 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/04/01 13:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2010/01/25 18:56:44 | 000,009,472 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motusbdevice.sys -- (motusbdevice)
DRV - [2009/10/27 11:02:14 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2009/10/14 19:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0404000.00C\symds.sys -- (SymDS)
DRV - [2009/06/19 15:59:34 | 000,019,712 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2009/01/29 16:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2009/01/29 16:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2008/04/13 10:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/11/02 14:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2004/09/30 01:27:00 | 000,016,880 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctpdusb.sys -- (Jukebox3)
DRV - [2004/08/03 21:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139)
DRV - [2004/08/03 21:29:26 | 000,327,040 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtaa.sys -- (ati2mtaa)
DRV - [2004/06/15 14:52:40 | 000,061,157 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/04/23 09:40:08 | 000,120,960 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\viaudios.sys -- (VIAudio)
DRV - [2004/03/09 10:29:16 | 000,027,664 | ---- | M] (Ahead Software AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\incdpass.sys -- (InCDPass)
DRV - [2004/03/09 10:29:07 | 000,009,561 | ---- | M] (Ahead Software AG) [Recognizer | System | Unknown] -- C:\WINDOWS\System32\drivers\incdrec.sys -- (InCDrec)
DRV - [2004/03/09 10:29:03 | 000,099,568 | ---- | M] (Ahead Software AG) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\incdfs.sys -- (InCDfs)
DRV - [2004/03/05 14:15:34 | 000,647,929 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 14:14:42 | 001,233,525 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 14:13:38 | 000,037,048 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2003/11/07 07:07:52 | 000,391,680 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\viasens.sys -- (VIASens)
DRV - [2002/08/19 08:12:29 | 000,095,884 | ---- | M] (Visual Networks) [Kernel | Boot | Unknown] -- C:\WINDOWS\System32\drivers\ipvnmon.sys -- (IPVNMon)
DRV - [2002/04/09 18:44:00 | 000,039,552 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2002/03/19 12:20:00 | 000,027,648 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1)
DRV - [2002/03/19 12:20:00 | 000,027,648 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp)
DRV - [2001/12/17 22:45:04 | 000,003,279 | ---- | M] (VIA Technologies. Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VIAPFD.SYS -- (VIAPFD)
DRV - [2001/10/17 20:00:00 | 000,006,144 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\viaidexp.sys -- (ViaIde)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)
DRV - [2001/08/17 06:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 05:28:02 | 000,907,456 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys -- (HCF_MSFT)
DRV - [2001/08/17 04:48:52 | 000,281,856 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mpaa.sys -- (ati2mpaa)
DRV - [2001/07/30 10:34:28 | 000,585,840 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2001/07/16 11:17:30 | 000,076,610 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\basic2.sys -- (basic2)
DRV - [2001/07/16 11:16:58 | 000,539,917 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\v124nt.sys -- (V124)
DRV - [2001/07/15 18:05:54 | 000,067,222 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rksample.sys -- (Rksample)
DRV - [2001/07/03 17:42:30 | 000,017,776 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cnxtdiag.sys -- (Cnxtdiag)
DRV - [2001/06/24 17:16:36 | 000,427,215 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\k56nt.sys -- (K56)
DRV - [2001/06/24 17:16:08 | 000,124,189 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fsksnt.sys -- (Fsks)
DRV - [2001/06/24 17:15:20 | 000,215,195 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\faxnt.sys -- (SoftFax)
DRV - [2001/06/24 17:14:18 | 000,059,375 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tonesnt.sys -- (Tones)
DRV - [2001/06/24 17:13:56 | 000,308,403 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fallback.sys -- (Fallback)
DRV - [2001/05/15 00:35:02 | 000,029,076 | R--- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fetnd5a.sys -- (FETNDIS)
DRV - [2000/03/29 16:11:20 | 000,008,096 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\MASPINT.SYS -- (MASPINT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/.../search/ie.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://rd.yahoo.com/.../search/ie.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/.../search/ie.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://rd.yahoo.com/.../search/ie.html
IE - HKCU\..\SearchScopes,DefaultScope = {9F43C08A-B349-4702-BA0F-4B91F5887473}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{9F43C08A-B349-4702-BA0F-4B91F5887473}: "URL" = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...il&geo=US&ver=4
IE - HKCU\..\SearchScopes\Comcast: "URL" = http://search.xfinit...art_tech_search
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2379: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\WINDOWS\cache\npyaxmpb.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2011/10/13 22:51:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn_2010_9_0_6 [2012/12/14 11:42:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/21 12:31:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/11/11 13:54:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\XPuser\Application Data\Mozilla\Extensions
[2011/11/11 13:52:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/21 12:31:02 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/04 19:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/04 19:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2010/04/09 19:34:55 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (XFINITY Toolbar) - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files\xfin_portal\comcastdx.dll ()
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\4.4.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar5.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Updater For XFIN_PORTAL) - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files\xfin_portal\auxi\comcastAu.dll (Visicom Media)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar5.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (XFINITY Toolbar) - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files\xfin_portal\comcastdx.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.4.0.12\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar5.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.4.0.12\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE File not found
O4 - HKCU..\Run: [ComcastAntispyClient] C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe ()
O4 - HKCU..\Run: [Desktop Software] C:\Program Files\Common Files\SupportSoft\bin\bcont.exe (SupportSoft, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...83/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9CF28A69-7659-4C51-BFD5-9ADE19E19EC3} http://download.yaho...rod/yregcfg.cab (RegConfig Class)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...7831.5188541667 (Reg Error: Key error.)
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} http://www.microsoft...ols/SassCln.CAB (SassCln Object)
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} http://download.yaho...mail/ac4sbc.cab (Reg Error: Key error.)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcaf...,20/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73BFEF88-04A2-4A30-BC4F-B285DF8F770D}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7B6AF95B-0FA9-4A6E-82B9-3BFB5D703D86}: DhcpNameServer = 10.10.10.1 206.13.28.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/10/30 16:57:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/10/03 18:26:52 | 000,501,367 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2007/10/03 18:35:24 | 000,502,441 | R--- | M] () - D:\autorun_bt.inf -- [ CDFS ]
O32 - AutoRun File - [2007/10/03 18:43:54 | 000,501,442 | R--- | M] () - D:\autorun_network.inf -- [ CDFS ]
O32 - AutoRun File - [2007/10/03 18:52:26 | 000,501,376 | R--- | M] () - D:\autorun_usb.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/14 12:07:18 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/12/14 11:49:24 | 000,001,940 | ---- | M] () -- C:\Documents and Settings\XPuser\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2012/12/14 11:44:50 | 000,444,456 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/12/14 11:44:50 | 000,072,332 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/12/14 11:42:12 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/12/14 11:41:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/12/14 11:41:48 | 534,827,008 | -HS- | M] () -- C:\hiberfil.sys
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/04 17:30:09 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\XPuser\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2012/08/11 14:33:23 | 000,000,014 | ---- | C] () -- C:\Documents and Settings\XPuser\usb001
[2011/11/07 19:13:48 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\XPuser\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/13 16:21:59 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/10/01 23:18:05 | 000,002,272 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/09/12 18:34:30 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2007/10/28 16:08:56 | 000,001,763 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2003/07/26 16:02:13 | 000,063,730 | ---- | C] () -- C:\Program Files\viewsonicinstruct_xp.pdf

========== ZeroAccess Check ==========

[2004/03/06 17:10:27 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\System32\shdocvw.dll -- [2010/06/24 04:10:44 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009/02/09 04:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008/04/13 16:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2008/12/06 21:18:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2010/08/22 23:33:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\doubleTwist Corporation
[2010/10/29 17:29:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DvdTransformerV2
[2005/04/08 16:26:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameBlend
[2008/01/06 21:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2008/11/14 19:54:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kinoma
[2008/11/14 21:00:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Marlin
[2009/01/19 17:09:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MemeoCommon
[2009/12/04 13:36:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OfficeGuardian
[2010/10/31 14:09:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OfficeGuardianV2
[2008/10/27 13:08:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2004/08/08 17:25:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/06/07 00:10:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/23 21:30:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2012/11/08 16:53:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPuser\Application Data\CallingID
[2011/10/31 10:30:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPuser\Application Data\comcasttb
[2012/07/07 20:30:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XPuser\Application Data\xfin_portal

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ABE30DDB
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B623B5B8
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DEE424C
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6BABB0BF

< End of report >
  • 0

Advertisements


#2
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
  • 0

#3
ShoalBear

ShoalBear

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 212 posts
It took a long time, but I finally got all of these run...here are the reports!!

Results of screen317's Security Check version 0.99.56
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
Adobe Flash Player 11.5.502.135
Adobe Reader 7 Adobe Reader out of Date!
Mozilla Firefox (9.0.1)
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 9%
````````````````````End of Log``````````````````````




# AdwCleaner v2.101 - Logfile created 12/16/2012 at 13:05:11
# Updated 16/12/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : XPuser - USER-FT45IBDYW1
# Boot Mode : Normal
# Running from : C:\Documents and Settings\XPuser\My Documents\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Program Files\Free Offers from Freeze.com
Folder Deleted : C:\Program Files\GamesBar
Folder Deleted : C:\Program Files\Trymedia
Folder Deleted : C:\Program Files\Viewpoint

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v9.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\XPuser\Application Data\Mozilla\Firefox\Profiles\uxz25wtl.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1821 octets] - [16/12/2012 13:05:11]

########## EOF - C:\AdwCleaner[S1].txt - [1881 octets] ##########



RogueKiller V8.4.0 [Dec 15 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : XPuser [Admin rights]
Mode : Remove -- Date : 12/16/2012 13:36:41

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[HJ] HKLM\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> REPLACED (1)
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> REPLACED (0)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[12] : NtAlertResumeThread @ 0x8062FFDC -> HOOKED (Unknown @ 0x823EF050)
SSDT[13] : NtAlertThread @ 0x805771F8 -> HOOKED (Unknown @ 0x822CD050)
SSDT[17] : NtAllocateVirtualMemory @ 0x805691EA -> HOOKED (Unknown @ 0x82266A88)
SSDT[19] : NtAssignProcessToJobObject @ 0x805A2C27 -> HOOKED (Unknown @ 0x822D7050)
SSDT[31] : NtConnectPort @ 0x8059110B -> HOOKED (Unknown @ 0x82E30050)
SSDT[43] : NtCreateMutant @ 0x805775C8 -> HOOKED (Unknown @ 0x8225D9F8)
SSDT[52] : NtCreateSymbolicLinkObject @ 0x805A0036 -> HOOKED (Unknown @ 0x8225AAE8)
SSDT[53] : NtCreateThread @ 0x80578803 -> HOOKED (Unknown @ 0x82DD8A70)
SSDT[57] : NtDebugActiveProcess @ 0x8065BF7D -> HOOKED (Unknown @ 0x82347050)
SSDT[66] : NtDeviceIoControlFile @ 0x805795B9 -> HOOKED (IPVNMon.sys @ 0xF8272803)
SSDT[68] : NtDuplicateObject @ 0x805748C2 -> HOOKED (Unknown @ 0x82242560)
SSDT[83] : NtFreeVirtualMemory @ 0x80569B15 -> HOOKED (Unknown @ 0x82265430)
SSDT[89] : NtImpersonateAnonymousToken @ 0x805893EB -> HOOKED (Unknown @ 0x82318050)
SSDT[91] : NtImpersonateThread @ 0x8057F929 -> HOOKED (Unknown @ 0x8236A050)
SSDT[97] : NtLoadDriver @ 0x805A425D -> HOOKED (Unknown @ 0x82E5E3D8)
SSDT[108] : NtMapViewOfSection @ 0x8057AC99 -> HOOKED (Unknown @ 0x82265350)
SSDT[114] : NtOpenEvent @ 0x8057FC98 -> HOOKED (Unknown @ 0x82A6C050)
SSDT[122] : NtOpenProcess @ 0x80574AA9 -> HOOKED (Unknown @ 0x82266448)
SSDT[123] : NtOpenProcessToken @ 0x80571009 -> HOOKED (Unknown @ 0x823D0050)
SSDT[125] : NtOpenSection @ 0x8056E467 -> HOOKED (Unknown @ 0x82363050)
SSDT[128] : NtOpenThread @ 0x8059323B -> HOOKED (Unknown @ 0x82266378)
SSDT[137] : NtProtectVirtualMemory @ 0x80574E58 -> HOOKED (Unknown @ 0x8225ABB8)
SSDT[206] : NtResumeThread @ 0x80578E76 -> HOOKED (Unknown @ 0x8237F050)
SSDT[213] : NtSetContextThread @ 0x8062E33F -> HOOKED (Unknown @ 0x822C6050)
SSDT[228] : NtSetInformationProcess @ 0x80570D15 -> HOOKED (Unknown @ 0x822582E0)
SSDT[240] : NtSetSystemInformation @ 0x805A8349 -> HOOKED (Unknown @ 0x822C8050)
SSDT[253] : NtSuspendProcess @ 0x8062FF21 -> HOOKED (Unknown @ 0x823E2050)
SSDT[254] : NtSuspendThread @ 0x805E05AB -> HOOKED (Unknown @ 0x822CC050)
SSDT[257] : NtTerminateProcess @ 0x805839B9 -> HOOKED (Unknown @ 0x823EB050)
SSDT[258] : NtTerminateThread @ 0x80577F1F -> HOOKED (Unknown @ 0x823C7050)
SSDT[267] : NtUnmapViewOfSection @ 0x8057A81E -> HOOKED (Unknown @ 0x823C1050)
SSDT[277] : NtWriteVirtualMemory @ 0x8057F712 -> HOOKED (Unknown @ 0x82266970)
S_SSDT[307] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x823F4050)
S_SSDT[383] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x8233A050)
S_SSDT[414] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x82B40050)
S_SSDT[416] : NtUserGetKeyState -> HOOKED (Unknown @ 0x823FD050)
S_SSDT[428] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x82E3C188)
S_SSDT[460] : NtUserMessageCall -> HOOKED (Unknown @ 0x82EE8D40)
S_SSDT[475] : NtUserPostMessage -> HOOKED (Unknown @ 0x82E70560)
S_SSDT[476] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x82E6FF80)
S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x821D9598)
S_SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x82DFF2A8)

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST380011A +++++
--- User ---
[MBR] 7decae5e6ace5062e763cb4efbac9c21
[BSP] 731523eaf262babb466790c464be54ef : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76285 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: HP Officejet H470 USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2]_D_12162012_02d1336.txt >>
RKreport[1]_S_12162012_02d1335.txt ; RKreport[2]_D_12162012_02d1336.txt
  • 0

#4
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello


I want you to reset the DMA you can do this by this script here - Reset DMA

If you have problems when you click on the link try to right click on the link and select "Save Target As" and then save to your desktop.
Once it is on your desktop right click on the file and select "Run"

If you still can't run it then you can go here "Reset DMA" to see what I want to do



Gringo
  • 0

#5
ShoalBear

ShoalBear

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 212 posts
Did this as said...is there more to look for, or should the computer just work faster now?
  • 0

#6
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello ShoalBear

hopefully it is working faster after that

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#7
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
  • 0

#8
ShoalBear

ShoalBear

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 212 posts
Gringo, sorry for the delay in getting back to you...Xmas is such a busy time of year. I will not have access to the computer until after the holiday, as my friend is out of town for a few days. Please do not close this topic, as I will be back and will complete the steps you have listed so far.

As to performance, it is still pretty slow...but I have faith that you will help me. :)
  • 0

#9
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
I will wait and give you a bump in a couple of days
  • 0

#10
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
  • 0

Advertisements


#11
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
  • 0

#12
ShoalBear

ShoalBear

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 212 posts
I am sorry it is taking so long, Gringo_PR...but should be able to get back to you by the 3rd to continue on this. I do appreciate your help and your patience. Hope you have a great New Year's and will talk to you next year ;)
  • 0

#13
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
no problem and talk to you then



gringo
  • 0

#14
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello


Just checking on you to see if you are ready to finish this up
  • 0

#15
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP