Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Running slow/can't find infection [Solved]


  • This topic is locked This topic is locked

#1
McKnight21

McKnight21

    Member

  • Member
  • PipPip
  • 17 posts
I ran an MBAM and Microsoft Security Essentials and didn't find any infections. The computer is very slow. Here are the two logs requested.

Extras:

OTL Extras logfile created on: 4/27/2013 1:27:12 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Valerie nance\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

253.98 Mb Total Physical Memory | 93.83 Mb Available Physical Memory | 36.94% Memory free
813.14 Mb Paging File | 539.78 Mb Available in Paging File | 66.38% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.71 Gb Total Space | 33.79 Gb Free Space | 64.11% Space Free | Partition Type: NTFS
Drive D: | 17.86 Gb Total Space | 17.80 Gb Free Space | 99.64% Space Free | Partition Type: NTFS

Computer Name: D2BXVS91 | User Name: Valerie nance | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)
"E:\SETUP.EXE" = E:\SETUP.EXE:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL -- (AOL LLC)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)
"E:\SETUP.EXE" = E:\SETUP.EXE:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (America Online, Inc.)
"C:\Program Files\America Online 9.0a\waol.exe" = C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed -- (America Online Inc)
"C:\Program Files\Common Files\AOL\1164506895\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1164506895\EE\AOLServiceHost.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL -- (America Online Inc.)
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0b\waol.exe" = C:\Program Files\America Online 9.0b\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- (LimeWire)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Disabled:Kodak Software Updater
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\att-nap\McciBrowser.exe" = C:\Program Files\att-nap\McciBrowser.exe:*:Enabled:motivebrowser.exe -- (Motive Communications, Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Documents and Settings\Valerie nance\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\Valerie nance\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)
"C:\Program Files\ATT-HSI\McciBrowser.exe" = C:\Program Files\ATT-HSI\McciBrowser.exe:*:Enabled:motivebrowser.exe -- (Alcatel-Lucent)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06040048-3E21-46D6-9A91-D927BA08F41D}" = Microsoft Encarta Encyclopedia Standard 2006
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}" = Microsoft Works Suite Add-in for Microsoft Word
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{364EC092-93CF-4DDC-9D7A-7278452028E0}" = Logitech QuickCam
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{5BF2B19D-9C79-492A-8969-F059F06A627F}" = Print to Fax
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B}" = Microsoft Streets & Trips 2006
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{BF311797-7DE8-4770-B16A-6475434E03FB}" = 964plc32
"{C22E50B4-B9D0-4a07-B1F3-12362514FEA7}" = The Sims™ 2 Double Deluxe
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}" = Alcatel SpeedTouch USB Software
"{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade
"{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}" = Search Assist
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"ATTToolbar" = AT&T Toolbar
"BellsouthHelpCenter4.0b_is1" = FastAccess® DSL Help Center 4.4
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"ConnectionManager" = BellSouth® FastAccess® Connection Manager
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Photo AIO Printer 964" = Dell Photo AIO Printer 964
"EADM" = EA Download Manager
"ie8" = Windows Internet Explorer 8
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"McAfee Uninstall Utility" = McAfee Uninstaller
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft Security Client" = Microsoft Security Essentials
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PROSet" = Intel® PRO Network Adapters and Drivers
"QcDrv" = Logitech® Camera Driver
"RadialpointClientGateway_is1" = AT&T Internet Security Wizard 1.5.11
"RealPlayer 6.0" = RealPlayer Basic
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2006Setup" = Microsoft Works Suite 2006 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = att.net Toolbar
"Yahoo! Mail" = att.net Internet Mail
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/25/2013 7:42:27 PM | Computer Name = D2BXVS91 | Source = Application Hang | ID = 1002
Description = Hanging application pinball.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/25/2013 7:42:27 PM | Computer Name = D2BXVS91 | Source = Application Hang | ID = 1002
Description = Hanging application pinball.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/25/2013 7:42:34 PM | Computer Name = D2BXVS91 | Source = Application Hang | ID = 1002
Description = Hanging application pinball.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/25/2013 7:42:34 PM | Computer Name = D2BXVS91 | Source = Application Hang | ID = 1002
Description = Hanging application pinball.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/27/2013 11:51:58 AM | Computer Name = D2BXVS91 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/27/2013 12:20:59 PM | Computer Name = D2BXVS91 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 4.2.223.0,
P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 4/27/2013 12:51:08 PM | Computer Name = D2BXVS91 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070652, P2 mpupdateengine, P3 am fe,
P4 11.1.4340.0, P5 mpsigstub.exe, P6 4.2.223.0, P7 microsoft security essentials,
P8 NIL, P9 NIL, P10 NIL.

Error - 4/27/2013 1:17:44 PM | Computer Name = D2BXVS91 | Source = Application Hang | ID = 1002
Description = Hanging application msseces.exe, version 4.2.223.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/27/2013 1:19:22 PM | Computer Name = D2BXVS91 | Source = Application Hang | ID = 1001
Description = Fault bucket -884341349.

Error - 4/27/2013 1:24:28 PM | Computer Name = D2BXVS91 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070652, P2 mpupdateengine, P3 am fe,
P4 11.1.4340.0, P5 mpsigstub.exe, P6 4.2.223.0, P7 microsoft security essentials,
P8 NIL, P9 NIL, P10 NIL.

[ System Events ]
Error - 4/27/2013 12:52:09 PM | Computer Name = D2BXVS91 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%854

Source
Path: http://go.microsoft....5D-99752CCA7094

Signature
Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 0.0.0.0 Error code: 0x80070652 Error description: Another
installation is already in progress. Complete that installation before proceeding
with this install.

Error - 4/27/2013 1:00:30 PM | Computer Name = D2BXVS91 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%854

Source
Path: http://go.microsoft....5D-99752CCA7094

Signature
Type: %%800 Update Type: %%803 User: D2BXVS91\Valerie nance Current Engine Version:
Previous Engine Version: 0.0.0.0 Error code: 0x800705b4 Error description: This operation
returned because the timeout period expired.

Error - 4/27/2013 1:00:31 PM | Computer Name = D2BXVS91 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%854

Source
Path: http://go.microsoft....5D-99752CCA7094

Signature
Type: %%801 Update Type: %%803 User: D2BXVS91\Valerie nance Current Engine Version:
Previous Engine Version: 0.0.0.0 Error code: 0x800705b4 Error description: This operation
returned because the timeout period expired.

Error - 4/27/2013 1:07:35 PM | Computer Name = D2BXVS91 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%859 Update Stage: %%854

Source
Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240016 Error description:
An unexpected problem occurred while checking for updates. For information on installing
or troubleshooting updates, see Help and Support.

Error - 4/27/2013 1:07:35 PM | Computer Name = D2BXVS91 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%859 Update Stage: %%854

Source
Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240016 Error description:
An unexpected problem occurred while checking for updates. For information on installing
or troubleshooting updates, see Help and Support.

Error - 4/27/2013 1:07:35 PM | Computer Name = D2BXVS91 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%859 Update Stage: %%853

Source
Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240016 Error description:
An unexpected problem occurred while checking for updates. For information on installing
or troubleshooting updates, see Help and Support.

Error - 4/27/2013 1:24:17 PM | Computer Name = D2BXVS91 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: Update Source: %%815 Update Stage: %%854 Source
Path: Signature Type: Update Type: User: NT AUTHORITY\NETWORK SERVICE Current Engine
Version: Previous Engine Version: Error code: 0x80070652 Error description: Another
installation is already in progress. Complete that installation before proceeding
with this install.

Error - 4/27/2013 1:24:49 PM | Computer Name = D2BXVS91 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%854

Source
Path: http://go.microsoft....5D-99752CCA7094

Signature
Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 0.0.0.0 Error code: 0x80070652 Error description: Another
installation is already in progress. Complete that installation before proceeding
with this install.

Error - 4/27/2013 1:24:49 PM | Computer Name = D2BXVS91 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%854

Source
Path: http://go.microsoft....5D-99752CCA7094

Signature
Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 0.0.0.0 Error code: 0x80070652 Error description: Another
installation is already in progress. Complete that installation before proceeding
with this install.

Error - 4/27/2013 1:24:49 PM | Computer Name = D2BXVS91 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%854

Source
Path: http://go.microsoft....5D-99752CCA7094

Signature
Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 0.0.0.0 Error code: 0x80070652 Error description: Another
installation is already in progress. Complete that installation before proceeding
with this install.


< End of report >

OTL logfile created on: 4/27/2013 1:27:12 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Valerie nance\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

253.98 Mb Total Physical Memory | 93.83 Mb Available Physical Memory | 36.94% Memory free
813.14 Mb Paging File | 539.78 Mb Available in Paging File | 66.38% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.71 Gb Total Space | 33.79 Gb Free Space | 64.11% Space Free | Partition Type: NTFS
Drive D: | 17.86 Gb Total Space | 17.80 Gb Free Space | 99.64% Space Free | Partition Type: NTFS

Computer Name: D2BXVS91 | User Name: Valerie nance | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/27 12:56:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Valerie nance\Desktop\OTL.exe
PRC - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/01/27 11:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/06/18 01:13:56 | 000,198,184 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/25 17:06:30 | 002,027,792 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2007/07/25 17:02:54 | 000,563,984 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2007/07/25 17:02:32 | 000,403,728 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2007/07/20 01:40:48 | 000,137,752 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2007/07/20 01:38:54 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2007/05/03 14:12:14 | 002,061,816 | ---- | M] (AT&T) -- C:\Program Files\AT&T\Internet Security Wizard\ISW.exe
PRC - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2004/10/15 15:54:14 | 000,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
PRC - [2004/10/15 15:54:12 | 000,046,768 | ---- | M] (America Online Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
PRC - [2003/08/27 11:29:46 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe


========== Modules (No Company Name) ==========

MOD - [2007/07/25 17:13:20 | 000,094,480 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\LAppRes.DLL
MOD - [2007/07/25 17:06:30 | 002,027,792 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
MOD - [2007/07/25 17:04:38 | 000,149,264 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\LogiVOIPDevicePlugin.dll
MOD - [2007/07/25 17:04:14 | 000,165,136 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\LogiCordless4001.dll
MOD - [2007/07/25 17:04:02 | 000,138,000 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\LogiCordless.dll
MOD - [2007/07/25 17:03:18 | 000,167,184 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\EFVal.dll
MOD - [2007/07/25 17:02:54 | 000,563,984 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
MOD - [2007/07/25 17:02:54 | 000,343,312 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\DevMngr.dll
MOD - [2007/07/20 01:39:16 | 000,068,120 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSPS.dll
MOD - [2005/07/12 09:34:22 | 000,491,520 | ---- | M] () -- C:\WINDOWS\system32\dlcjlmpm.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/07/20 01:42:30 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007/07/20 01:40:48 | 000,137,752 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007/07/20 01:38:54 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2005/07/12 09:33:02 | 000,491,520 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\dlcjcoms.exe -- (dlcj_device)
SRV - [2004/10/15 15:54:14 | 000,100,016 | ---- | M] (America Online, Inc) [Auto | Running] -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)
SRV - [2003/08/27 11:29:46 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (bvrp_pci)
DRV - [2013/04/27 13:02:23 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6DC9AC4E-AA26-4B5B-9EBC-A67FB7058C20}\MpKsl5b45e49e.sys -- (MpKsl5b45e49e)
DRV - [2010/05/26 21:21:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/05/26 21:20:34 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2007/07/20 01:39:50 | 002,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007/07/20 01:37:56 | 002,109,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2007/07/18 18:42:42 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2007/02/27 14:31:28 | 000,021,504 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/04/13 10:57:31 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/09/08 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 05:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2004/09/17 14:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2003/11/17 21:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 21:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 21:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw)
DRV - [2001/10/03 10:10:10 | 000,053,920 | ---- | M] (Alcatel Bell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcan5wn.sys -- (alcan5wn)
DRV - [2001/10/03 05:09:56 | 000,589,776 | R--- | M] (Alcatel Bell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.co...-inc&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.co...-inc&channel=us
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...-inc&channel=us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GGLL_en
IE - HKCU\..\SearchScopes\{71D4375E-5E34-4DF5-9B01-D0CBDEECF7C2}: "URL" = http://search.yahoo....p={SearchTerms}
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....ms}&fr=chr-atty
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()



O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O3 - HKLM\..\Toolbar: (att.net Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O4 - HKLM..\Run: [DLCJCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.DLL ()
O4 - HKLM..\Run: [HelpCenter4.1] C:\Program Files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [ISW.exe] C:\Program Files\AT&T\Internet Security Wizard\ISW.exe (AT&T)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10c.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {01118A01-3E00-11D2-8470-0060089874ED} https://password.bel...oad/tgctlsr.cab (SupportSoft Script Runner Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85466F57-74DC-45C3-9290-301243381581}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Valerie nance\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Valerie nance\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{37c3792a-a3a7-11dd-81b4-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{37c3792a-a3a7-11dd-81b4-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{37c3792a-a3a7-11dd-81b4-00038a000015}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/27 13:26:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Valerie nance\Desktop\OTL.exe
[2013/04/27 11:30:25 | 000,000,000 | ---D | C] -- C:\2dfcd25790aa9bd81b7514e9c2ee
[2013/04/27 11:16:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/04/27 10:54:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Valerie nance\My Documents\*.tmp files -> C:\Documents and Settings\Valerie nance\My Documents\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/27 13:16:23 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2013/04/27 12:56:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Valerie nance\Desktop\OTL.exe
[2013/04/27 11:32:09 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/04/27 11:23:57 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2013/04/27 11:16:37 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/04/27 11:16:18 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/04/27 11:06:34 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FD43698B-DBB5-4D59-BA70-83BC2B0B4A01}.job
[2013/04/20 10:20:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/04/20 10:20:45 | 266,391,552 | -HS- | M] () -- C:\hiberfil.sys
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Valerie nance\My Documents\*.tmp files -> C:\Documents and Settings\Valerie nance\My Documents\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/27 12:26:03 | 000,000,366 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2013/04/27 11:32:05 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/04/27 11:23:57 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2013/04/27 11:22:00 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/06/29 22:20:37 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2009/10/24 13:19:37 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Valerie nance\Application Data\setup_ldm.iss
[2008/04/14 18:00:57 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\Valerie nance\Application Data\dvd.bmk
[2007/02/23 21:48:19 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Valerie nance\Local Settings\Application Data\fusioncache.dat
[2006/09/04 20:55:17 | 000,009,846 | ---- | C] () -- C:\Documents and Settings\Valerie nance\Application Data\wklnhst.dat

========== ZeroAccess Check ==========

[2004/08/10 13:09:48 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2008/11/25 21:18:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AT&T
[2013/04/27 10:52:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATTToolbar
[2013/04/27 11:14:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATTYToolbar
[2006/09/29 00:21:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2009/11/01 23:27:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010/12/21 16:24:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2006/09/29 00:22:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Riverdeep Interactive Learning Limited
[2006/04/13 10:57:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/11/25 21:18:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valerie nance\Application Data\AT&T
[2008/12/06 16:38:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valerie nance\Application Data\ATTToolbar
[2007/02/18 01:45:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valerie nance\Application Data\Leadertech
[2010/04/04 15:29:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valerie nance\Application Data\mjusbsp
[2009/11/01 23:28:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valerie nance\Application Data\MSNInstaller
[2007/02/17 20:55:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valerie nance\Application Data\Simple Star
[2009/11/01 23:12:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valerie nance\Application Data\Walgreens

========== Purity Check ==========



< End of report >

Thanks for looking
McKnight21
  • 0

Advertisements


#2
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Hello McKnight21,

Welcome to Geekstogo.

Firstly, please go to Start > Control Panel >Add or Remove Programs (Programs and Features if you are a Vista user) and uninstall the following if they exist:

Viewpoint, Viewpoint Manager, Viewpoint Media Player.:

Viewpoint Manager is considered to be foistware. You can go to the link below to read about it.

http://www.clickz.com/news/article.php/3561546

Now

Please run OTL.exe

  • Under the Custom Scans/Fixes box at the bottom, copy and paste the content of the quote box below:

    :OTL
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

    :Files
    ipconfig /flushdns /c

    :Commands
    [resethosts]
    [emptytemp]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.The log is saved in the same location as OTL.
Next

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :folderfind
    Pinball
    :file
    pinball.exe
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found at on your Desktop entitled SystemLook.txt

Lastly in this post

Please download Security Check by screen317 from here .

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
So when you return please post
  • OTL.txt
  • SystemLook.txt
  • checkup.txt

  • 0

#3
McKnight21

McKnight21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Here are the logs you requested. Thanks for your help!
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Valerie nance\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Valerie nance\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 5394235 bytes

User: NetworkService
->Temp folder emptied: 139638 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner

User: Valerie nance
->Temp folder emptied: 117884452 bytes
->Temporary Internet Files folder emptied: 211140739 bytes
->Java cache emptied: 2927861 bytes
->FireFox cache emptied: 4783125 bytes
->Flash cache emptied: 1552074 bytes

User: Zhaquavez Petty
->Temp folder emptied: 46591622 bytes
->Temporary Internet Files folder emptied: 18494348 bytes
->Flash cache emptied: 715 bytes

%systemdrive% .tmp files removed: 393220 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 22333969 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 33544786 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34593 bytes
RecycleBin emptied: 71825350 bytes

Total Files Cleaned = 512.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 05082013_195023

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Valerie nance\Local Settings\Temp\Temporary Internet Files\Content.IE5\YTPIBIHC\;_ylc=X1MDOTc1NDYxNjgEX3IDMgRjYXRlZ29yeQNJREVOVElGSUVSBGV4dGZyb20DBGZiAzAEZnJjb2RlA2NzY195bWFpbGNnBGlzZXh0AzAEaXQDc2hvcnRjdXRzOi91cy9pbnN0YW5jZS9pZGVud[2].adNoOp&fr=csc_ymailcg not found!
File\Folder C:\Documents and Settings\Valerie nance\Local Settings\Temp\Temporary Internet Files\Content.IE5\YTPIBIHC\;_ylc=X1MDOTc1NDYxNjgEX3IDMgRjYXRlZ29yeQNJREVOVElGSUVSBGV4dGZyb20DBGZiAzAEZnJjb2RlA2NzY195bWFpbGNnBGlzZXh0AzAEaXQDc2hvcnRjdXRzOi91cy9pbnN0YW5jZS9pZGVud[3].adNoOp&fr=csc_ymailcg not found!
File\Folder C:\Documents and Settings\Valerie nance\Local Settings\Temp\Temporary Internet Files\Content.IE5\YH0JUHM5\;_ylc=X1MDOTc1NDYxNjgEX3IDMgRjYXRlZ29yeQNDT05DRVBUBGV4dGZyb20DBGZiAzAEZnJjb2RlA2NzY195bWFpbGNnBGlzZXh0AzAEaXQDc2hvcnRjdXRzOi9jb25jZXB0BG5fdHlwAzEEc2NsY[2].adNoOp&fr=csc_ymailcg not found!
File\Folder C:\Documents and Settings\Valerie nance\Local Settings\Temp\Temporary Internet Files\Content.IE5\YH0JUHM5\activity;src=1652863;met=1;v=1;pid=24846764;aid=187995556;ko=0;cid=26636828;rid=26654685;rv=2;&timestamp=1213753371656;eid1=2;ecn1=1;etm1=9;eid2=3;ecn2=1;etm2=1;eid3=4;e[1].gif not found!
File\Folder C:\Documents and Settings\Valerie nance\Local Settings\Temp\Temporary Internet Files\Content.IE5\PYRQ506S\dref=http%253A%252F%252Ffamilycrafts.about[1].htm%2526REF%253Dhttp%25253a%25252f%25252ffamilycrafts%25252eabout%25252ecom%25252flibrary%25252fmisc%25252fblvalsongs%25252ehtm not found!
File\Folder C:\Documents and Settings\Valerie nance\Local Settings\Temp\Temporary Internet Files\Content.IE5\PYRQ506S\dref=http%253A%252F%252Ffamilycrafts.about[1].html%2526REF%253Dhttp%25253a%25252f%25252ffamilycrafts%25252eabout%25252ecom%25252flibrary%25252fmisc%25252fblvalsongs%25252ehtm not found!
File\Folder C:\Documents and Settings\Valerie nance\Local Settings\Temp\Temporary Internet Files\Content.IE5\PYRQ506S\dref=http%253A%252F%252Ffamilycrafts.about[2].html%2526REF%253Dhttp%25253a%25252f%25252ffamilycrafts%25252eabout%25252ecom%25252flibrary%25252fmisc%25252fblvalsongs%25252ehtm not found!
File\Folder C:\Documents and Settings\Valerie nance\Local Settings\Temp\Temporary Internet Files\Content.IE5\PYRQ506S\dref=http%253A%252F%252Ffamilycrafts[1].shtml%2526REF%253Dhttp%25253a%25252f%25252ffamilycrafts%25252eabout%25252ecom%25252flibrary%25252fmisc%25252fblvalsongs%25252ehtm not found!
File\Folder C:\Documents and Settings\Valerie nance\Local Settings\Temp\Temporary Internet Files\Content.IE5\PYRQ506S\fcHandoff%2CSW2%3A!fcHandoff%2CSW3%3A!fcHandoff%26f%3D150550152%26p%3Dmail_candygram%26id%3D2%26cbk%3DfcLoaded%26bg%3Dtransparent%26tgt%3D_blank%26hs%3D2%26en%3Diso-8859-1%2&r=0 not found!
File\Folder C:\Documents and Settings\Valerie nance\Local Settings\Temp\Temporary Internet Files\Content.IE5\GZHJAQ39\DFME.net%252Fwmc%252Fen-US%252Fv%252Fwm%252F48892A6A0008F3C40000299922230682329B0A02D2089B9A019C04040A0DBFCFCBCFC8C9C8C8909B9D01089C%253Fcmd%253DList%2526no%253D1%2526sid%253Dc0 not found!
File\Folder C:\Documents and Settings\Valerie nance\Local Settings\Temp\Temporary Internet Files\Content.IE5\GZHJAQ39\dref=http%253A%252F%252Fwebmail.att[1].net%252Fwmc%252Fen-US%252Fv%252Fwm%252F48892A420001ED1400001D0B2223068232%253Fcmd%253DList%2526sid%253Dc0%2526from%253Dwmgoto not found!
File\Folder C:\Documents and Settings\Valerie nance\Local Settings\Temp\Temporary Internet Files\Content.IE5\GFWVSPKV\activity;src=1517707;met=1;v=1;pid=23959462;aid=177226248;ko=0;cid=24364670;rid=24382523;rv=1;&timestamp=1200533215296;eid1=2;ecn1=0;etm1=30;eid2=3;ecn2=1;etm2=4;eid3=4;[1].gif not found!
File\Folder C:\Documents and Settings\Valerie nance\Local Settings\Temp\Temporary Internet Files\Content.IE5\GFWVSPKV\dref=http%253A%252F%252Ffamilycrafts.about[1].htm%2526REF%253Dhttp%25253a%25252f%25252ffamilycrafts%25252eabout%25252ecom%25252flibrary%25252fmisc%25252fblvalsongs%25252ehtm not found!
File\Folder C:\Documents and Settings\Valerie nance\Local Settings\Temp\Temporary Internet Files\Content.IE5\GFWVSPKV\dref=http%253A%252F%252Ffamilycrafts.about[1].html%2526REF%253Dhttp%25253a%25252f%25252ffamilycrafts%25252eabout%25252ecom%25252flibrary%25252fmisc%25252fblvalsongs%25252ehtm not found!
File\Folder C:\Documents and Settings\Valerie nance\Local Settings\Temp\Temporary Internet Files\Content.IE5\GFWVSPKV\dref=http%253A%252F%252Ffamilycrafts.about[2].html%2526REF%253Dhttp%25253a%25252f%25252ffamilycrafts%25252eabout%25252ecom%25252flibrary%25252fmisc%25252fblvalsongs%25252ehtm not found!
File\Folder C:\Documents and Settings\Valerie nance\Local Settings\Temp\Temporary Internet Files\Content.IE5\GFWVSPKV\TE.htm%253Bgo%253D13%253Ba%253D%253Bkw%253D%253Bchan%253Dparenting%253Bsyn%253Dabout%253Btile%253D3%253Baf%253D0%253Br%253D-1%253Bsz%253D336x280%253Bord%253D181H17c0J20SA0X94424 not found!
File\Folder C:\Documents and Settings\Valerie nance\Local Settings\Temp\Temporary Internet Files\Content.IE5\E7UB09YN\dref=http%253A%252F%252Ffamilycrafts.about[1].htm%2526REF%253Dhttp%25253a%25252f%25252ffamilycrafts%25252eabout%25252ecom%25252flibrary%25252fmisc%25252fblvalsongs%25252ehtm not found!
File\Folder C:\Documents and Settings\Valerie nance\Local Settings\Temp\Temporary Internet Files\Content.IE5\E7UB09YN\dref=http%253A%252F%252Ffamilycrafts.about[1].html%2526REF%253Dhttp%25253a%25252f%25252ffamilycrafts%25252eabout%25252ecom%25252flibrary%25252fmisc%25252fblvalsongs%25252ehtm not found!
File\Folder C:\Documents and Settings\Valerie nance\Local Settings\Temp\Temporary Internet Files\Content.IE5\E7UB09YN\dref=http%253A%252F%252Ffamilycrafts.about[2].htm%2526REF%253Dhttp%25253a%25252f%25252ffamilycrafts%25252eabout%25252ecom%25252flibrary%25252fmisc%25252fblvalsongs%25252ehtm not found!
File\Folder C:\Documents and Settings\Valerie nance\Local Settings\Temp\Temporary Internet Files\Content.IE5\E7UB09YN\dref=http%253A%252F%252Ffamilycrafts.about[2].html%2526REF%253Dhttp%25253a%25252f%25252ffamilycrafts%25252eabout%25252ecom%25252flibrary%25252fmisc%25252fblvalsongs%25252ehtm not found!
File\Folder C:\Documents and Settings\Valerie nance\Local Settings\Temp\Temporary Internet Files\Content.IE5\E7UB09YN\dref=http%253A%252F%252Ffamilycrafts.about[3].html%2526REF%253Dhttp%25253a%25252f%25252ffamilycrafts%25252eabout%25252ecom%25252flibrary%25252fmisc%25252fblvalsongs%25252ehtm not found!
File\Folder C:\Documents and Settings\Valerie nance\Local Settings\Temp\Temporary Internet Files\Content.IE5\E7UB09YN\dref=http%253A%252F%252Ffamilycrafts.about[4].html%2526REF%253Dhttp%25253a%25252f%25252ffamilycrafts%25252eabout%25252ecom%25252flibrary%25252fmisc%25252fblvalsongs%25252ehtm not found!
File\Folder C:\Documents and Settings\Valerie nance\Local Settings\Temp\Temporary Internet Files\Content.IE5\E7UB09YN\dref=http%253A%252F%252Ffamilycrafts[1].shtml%2526REF%253Dhttp%25253a%25252f%25252ffamilycrafts%25252eabout%25252ecom%25252flibrary%25252fmisc%25252fblvalsongs%25252ehtm not found!
File\Folder C:\Documents and Settings\Valerie nance\Local Settings\Temp\Temporary Internet Files\Content.IE5\BHVF241K\dref=http%253[1].net%252Fwmc%252Fen-US%252Fv%252Fwm%252F48892A420006605800001D1D22230682329B0A02D2089B9A019C04040A0DBFCFCBCFC8C9C8C8909B9D01089C%253Fcmd%253DList%2526sid%253Dc0 not found!
File\Folder C:\Documents and Settings\Valerie nance\Local Settings\Temp\Temporary Internet Files\Content.IE5\7ASJVXCH\;_ylc=X1MDOTc1NDYxNjgEX3IDMgRjYXRlZ29yeQNDT05DRVBUBGVfdHlwA2RpcmVjdARleHRmcm9tAwRmYgMwBGZyY29kZQNjc2NfeW1haWxjZwRpc2V4dAMwBGl0A3Nob3[2].setAdContents&fr=csc_ymailcg&track=click not found!
File\Folder C:\Documents and Settings\Valerie nance\Local Settings\Temp\Temporary Internet Files\Content.IE5\7ASJVXCH\;_ylc=X1MDOTc1NDYxNjgEX3IDMgRjYXRlZ29yeQNJREVOVElGSUVSBGVfdHlwA2RpcmVjdARleHRmcm9tAwRmYgMwBGZyY29kZQNjc2NfeW1haWxjZwRpc2V4dAMwBGl0A3Nob3J0Y[2].adNoOp&fr=csc_ymailcg&track=click not found!
File\Folder C:\Documents and Settings\Valerie nance\Local Settings\Temp\Temporary Internet Files\Content.IE5\7ASJVXCH\;_ylc=X1MDOTc1NDYxNjgEX3IDMgRjYXRlZ29yeQNPUkdBTklaQVRJT04EZV90eXADZGlyZWN0BGV4dGZyb20DBGZiAzAEZnJjb2RlA2NzY195bWFpbGNnBGlzZXh0AzAEaX[2].setAdContents&fr=csc_ymailcg&track=click not found!
File\Folder C:\Documents and Settings\Valerie nance\Local Settings\Temp\Temporary Internet Files\Content.IE5\7ASJVXCH\;_ylc=X1MDOTc1NDYxNjgEX3IDMgRjYXRlZ29yeQNPUkdBTklaQVRJT04EZXh0ZnJvbQMEZmIDMARmcmNvZGUDY3NjX3ltYWlsY2cEaXNleHQDMARpdANzaG9ydGN1dHM6L3VzL2luc3RhbmNlL29yZ[1].adNoOp&fr=csc_ymailcg not found!
File\Folder C:\Documents and Settings\Valerie nance\Local Settings\Temp\Temporary Internet Files\Content.IE5\7ASJVXCH\CA2X19G2.com%2Fclassof1999rams&lmt=1213753710&dt=1213753710500&cc=12&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=-300&u_his=1&u_java=true&u_nplug=0&u_nmime=0 not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


SystemLook 30.07.11 by jpshortstuff
Log created at 20:11 on 08/05/2013 by Valerie nance
Administrator - Elevation successful

========== folderfind ==========

Searching for "Pinball"
C:\Program Files\Windows NT\Pinball d------ [18:01 10/08/2004]

========== file ==========

pinball.exe - Unable to find/read file.

-= EOF =-

Results of screen317's Security Check version 0.99.63
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
McAfee Uninstaller
Microsoft Security Essentials
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.70.0.1100
Adobe Flash Player 11.7.700.169
Adobe Reader 7 Adobe Reader out of Date!
Mozilla Firefox (20.0.1)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 2%
````````````````````End of Log``````````````````````
  • 0

#4
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Hello again McKnight21,

Run the System File Checker.

Follow these steps:

  • Click Start > Run and type sfc /scannow (note the space, it should be there), and then press ENTER.
  • Follow the prompts throughout the System File Checker process.
  • Restart your computer when System File Checker process is complete.
Next

Click on Start > Accessories > Tools > System Tools > Disk Defragmenter and click on the defragmenter button. If you haven't done this before it may take a very long time to complete its task.

Finally in this post

Please download Farbar Service Scanner and run.

  • Make sure the following options are checked:


  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Other Services

[*]Press Scan
[*]A log (FSS.txt) will be created in the same directory the tool is run.
[*]Copy and paste the log back here.
[/list]
  • 0

#5
McKnight21

McKnight21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
I had run the disk defragmenter before I posted so it did not need to run. Here is the log requested.

Once again,
Thanks

Farbar Service Scanner Version: 14-04-2013
Ran by Valerie nance (administrator) on 09-05-2013 at 05:26:34
Running from "C:\Documents and Settings\Valerie nance\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x080000000400000001000000020000000300000008000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****
  • 0

#6
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt.
  • Copy and paste that log as a reply to this topic and tell me how your machine is now.

  • 0

#7
McKnight21

McKnight21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
[email protected] as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=3693bc4ba0b32b43acfc7c8a451e1104
# engine=13795
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-05-10 02:31:06
# local_time=2013-05-09 09:31:07 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5892 16777213 88 94 151721 9354723 0 0
# scanned=57724
# found=0
# cleaned=0
# scan_time=14061

It seems to be better. I really need to add more RAM and I'm sure that would make a difference. How do I make sure I am purchasing the correct one?

Thanks,
McKnight21
  • 0

#8
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Hello again McKnight21,

Yes I think more RAM would help a bit. RAM is not everything though, the speed of your processor has a bearing, number of programs starting up, temporary files left on your machine etc. We have addressed the temporary files, system files and fragmentation but you may be interested in Artellos hints.

Go here for information about what makes your computer slow by Artellos.

Also this tool may be helpful:

For safely cleaning temporary files this free program may interest you:
As far as RAM is concerned you can have up to 4GB on your XP system. For 32 bit systems with more than 4GB of ram installed, the maximum amount used will only be 4GB. This is a limitation on 32-bit applications.

How do I make sure I am purchasing the correct one?


Yes you need to insert the right one with the right timing. I am not a techie so can't really tell you. My XP machine used something with these words on it UNB PC3200 CL3 but that might not apply to your machine. You could take out one of your memory cards (if you are computer savvy) and take it along to a computer parts provider and see if they can help you. Alternatively you could ask the people you purchased your machine from. Further, you could open a topic in our XP forum here and see if someone knows.

From a malware viewpoint I think your machines is good to go now.

We have a couple of last steps to perform and then you're all set.Posted Image

Please run OTL.exe

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [CLEARALLRESTOREPOINTS]
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
Step 2

  • Double-click OTL.exe to run it. (Vista users, please right click on OTL.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.
Any other tools remaining may be deleted.

-------------------------------------------------------------------------------------------------------------------

A reminder: Remember to (re-install if uninstalled during cleaning) update and turn back on any anti-malware programs you may have turned off during the cleaning process.
-------------------------------------------------------------------------------------------------------------------

Here are some things that I think are worth having a look at if you don't already know about them:

---------------------------------------------------------------------------------------------------------------------

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article Strong passwords: How to create and use them.

----------------------------------------------------------------------------------------------------------------------

Regularly check that your Java is up to date. Older versions are vunerable to malicious attack.

  • Download Java for Windows

    Reboot your computer.
    You also need to unininstall older versions of Java.
  • Click Start > Control Panel > Add or Remove Programs
  • Remove all Java updates except the latest one you have just installed.
--------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future:



If you do not already have automatic updates set then it is recommended that you do set Windows to check, download and install your updates automatically.

* Click Start > Control Panel > System and Security > Windows Update
* Under Windows Update click on Turn automatic updating on or off
* Check items shown to ensure you receive updates automatically. Click OK.

Be aware of what emails you open and websites you visit.

Go here for some good advice about how to prevent infection.

A fun way to check your online safety literacy.

Quiz - getsafeonline

Have a safe and happy computing day!
  • 0

#9
McKnight21

McKnight21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
This is the information from the log. I wasn't sure if this was what I was suppose to get.

========== COMMANDS ==========
Error creating restore point.

OTL by OldTimer - Version 3.2.69.0 log created on 05122013_081250

I haven't run the clean up yet. Wanted to check on this first.

Thanks,
McKnight 21
  • 0

#10
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts

This is the information from the log. I wasn't sure if this was what I was suppose to get.

========== COMMANDS ==========
Error creating restore point.


Doesn't usually happen with an XP machine but it does happen sometimes.

Do this instead:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Restart your computer.

3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]System Restore will now be active again.
  • 0

Advertisements


#11
McKnight21

McKnight21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
I forgot to ask earlier. I have two users on this computer, should I have checked the box on OTL to check all users during the scans? If I didn't did it check everything it needed to check?

Thanks,
McKnight21
  • 0

#12
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Yes it scanned only the user mode it was in but the ESET scan would have covered all users.

I think you are okay but if you like, and to make absolutely sure, you could run a scan with the Scan All Users box checked and post the results back here. :)
  • 0

#13
McKnight21

McKnight21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
If you think the other scan did both users, then I am good with that. Thanks for all your help!!!

McKnight21
  • 0

#14
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts

Thanks for all your help!!!


You are very welcome. :happy:
  • 0

#15
McKnight21

McKnight21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Upgraded RAM to 2GB and the computer is running great. Thanks so much for your help.

McKnight21
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP