Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Everything locks up/ is slow to open.


  • Please log in to reply
20 replies to this topic

#1 dep3333

dep3333

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 06 November 2012 - 12:49 AM

Caveat: This is my grandmothers old desktop so I expect it to have some issues. Everyone under the sun has used this thing at some point - especially kids. While I know that space is partly to blame, I'm also certain it has a virus, malware, unnecessary software, etc., that's adding to it.

Problem: Programs and searches take forever or will crash. Usually I'll get "not responding". You'd be better off if you got in your car, drove to the library, researched books, committed it to memory and then came home than trying to launch a web search on this thing. May God be with you if you have more than 2 programs/folders open.

What I've done: First, I removed any unnecessary programs/files/documents like pictures, old resumes, games, etc. I had CCleaner on here for a long time and used it regularly to keep temp files and such as clean as possible but that really didn't help much. Since then, I've removed Chrome and IE. Chrome constantly crashed to the point of it being useless. IE would launch to http://start.funmoods or some such thing, which is clearly a problem. I've searched and removed as many of the funmoods files as I could (both with malware softwares and a plain old Windows search and find tool. *It's probably important to note that about a month ago, I got the FBI Moneypack trojan. Through this forum, I was able to remove it, or at least remove enough to get the pc back to being functional. However, the issues of being slow and crashing were there before that. I'm now using Firefox.

System Info: Windows XP Home Edition v2002. AMD Sempron™ Processor, 3400+, 1.8 GHz, 448 MB Ram.

BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

  • Members
  • 2,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:08 AM

Posted 06 November 2012 - 02:08 PM

Update and do a quick scan with Malwarebytes remove all that it finds and reboot.
http://www.filehippo.com/download_malwarebytes_anti_malware/download/ecf14848530d11a2f09a94b92a69fcfa/

Post the log here,


Update do a quick scan with Superantispyware remove all this finds reboot.
http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE
post the log here.


Run a scan with Eset.
http://www.eset.com/us/online-scanner/
Make sure remove found threats and scan archives is checked.
When the scan finish list found threats save to clipboard copy to notepad Post the log here.




Please download MINITOOLBOX and run it.
http://download.bleepingcomputer.com/farbar/MiniToolBox.exe

Checkmark following boxes:


Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.



Download Adware Cleaner run it as admin Click the delete button allow it to run and post the log it creates.

http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner

Download Norman Malware Cleaner Run it Go to options then put a tick next to Enable rootkit cleaning. Hit the Full Scan>>>>>>>>Let it finish>>>>>>>>Go to the quarantine Tab>>>>>>> Tick the Select All>>>>>Then the Delete>>>>>>Quit
http://normanasa.vo.llnwd.net/o29/public/Norman_Malware_Cleaner.exe
A log will appear on your desktop post that here in your next reply.


REBoot after Norman.
What happens when you press Alt + F4 at the same time?

#3 dep3333

dep3333
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 06 November 2012 - 10:37 PM

Will try to get this done early in the morning. If not, it won't be till about 10 pm.

Thanks for responding!

#4 InadequateInfirmity

InadequateInfirmity

  • Members
  • 2,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:08 AM

Posted 07 November 2012 - 07:41 PM

:thumbup2:
What happens when you press Alt + F4 at the same time?

#5 dep3333

dep3333
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 07 November 2012 - 11:05 PM

Malwarebytes log:

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.07.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Owner :: OWNER-NUA4EKA61 [administrator]

Protection: Disabled

11/07/2012 3:42:25 AM
mbam-log-2012-11-07 (04-40-14).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 210013
Time elapsed: 57 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 10
HKCR\AppID\{186E19A3-B909-4F48-B687-BB81EB8BC7CE} (Trojan.BHO) -> No action taken.
HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> No action taken.
HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{517E0D3E-17A4-4592-926E-A082DB43B7D3} (PUP.FaceTheme) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{517E0D3E-17A4-4592-926E-A082DB43B7D3} (PUP.FaceTheme) -> No action taken.
HKCU\SOFTWARE\Fun Web Products (PUP.MyWebSearch) -> No action taken.
HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> No action taken.
HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> No action taken.
HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (PUP.MyWebSearch) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
D:\Documents and Settings\Owner\Application Data\hellomoto (Trojan.Ransom.FGen) -> No action taken.

Files Detected: 2
D:\Documents and Settings\Owner\Application Data\hellomoto\TujP.dat (Trojan.Ransom.FGen) -> No action taken.
D:\Documents and Settings\Owner\Application Data\hellomoto\BukF.dat (Trojan.Ransom.FGen) -> No action taken.

(end)

__________________________________________________________________________________________________________________

Superantispyware Log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/07/2012 at 05:42 AM

Application Version : 5.6.1014

Core Rules Database Version : 9542
Trace Rules Database Version: 7354

Scan type : Quick Scan
Total Scan Time : 00:48:40

Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 361
Memory threats detected : 0
Registry items scanned : 31545
Registry threats detected : 0
File items scanned : 6262
File threats detected : 2

Adware.Tracking Cookie
D:\Documents and Settings\Owner\Cookies\VVIG8QXZ.txt [ /ads.pubmatic.com ]
D:\Documents and Settings\Owner\Cookies\A1ONSRSH.txt [ /invitemedia.com ]

______________________________________________________________________________________________________________________________

Eset Log:

D:\Documents and Settings\Owner\Local Settings\Application Data\chromeupdate.crx JS/Redirector.NCG trojan deleted - quarantined
D:\Qoobox\Quarantine\D\DOCUME~1\Owner\LOCALS~1\Temp\NODEE3E.tmp.vir a variant of Win32/Medfos.DY trojan cleaned by deleting - quarantined
D:\Qoobox\Quarantine\D\RECYCLER\S-1-5-21-1229272821-436374069-839522115-1003\$01ce833422ee1c056e2e42e8fe3697a9\n.vir Win32/Sirefef.EV trojan cleaned by deleting - quarantined
D:\System Volume Information\_restore{E56F58A2-2BDA-45D7-AF87-7C6656A19FC4}\RP1140\A0081052.dll a variant of Win32/Adware.Facetheme.E application cleaned by deleting - quarantined
D:\System Volume Information\_restore{E56F58A2-2BDA-45D7-AF87-7C6656A19FC4}\RP1150\A0082838.ini Win32/Sirefef.EZ trojan cleaned by deleting - quarantined

_______________________________________________________________________________________________________________________________________

Minitoolbox Log:

MiniToolBox by Farbar Version: 07-11-2012
Ran by Owner (administrator) on 07-11-2012 at 18:50:17
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

NVIDIA nForce Networking Controller = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : owner-nua4eka61

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : hsd1.ga.comcast.net.



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : hsd1.ga.comcast.net.

Description . . . . . . . . . . . : NVIDIA nForce Networking Controller

Physical Address. . . . . . . . . : 00-18-F3-A6-28-D4

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 98.251.117.225

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 98.251.117.1

DHCP Server . . . . . . . . . . . : 69.252.196.132

DNS Servers . . . . . . . . . . . : 75.75.75.75

75.75.76.76

Lease Obtained. . . . . . . . . . : Wednesday, November 07, 2012 4:49:34 AM

Lease Expires . . . . . . . . . . : Friday, November 09, 2012 9:52:14 PM

Server: cdns01.comcast.net
Address: 75.75.75.75

Name: google.com
Addresses: 74.125.137.113, 74.125.137.139, 74.125.137.101, 74.125.137.100
74.125.137.102, 74.125.137.138



Pinging google.com [74.125.139.139] with 32 bytes of data:



Reply from 74.125.139.139: bytes=32 time=12ms TTL=48

Reply from 74.125.139.139: bytes=32 time=12ms TTL=48



Ping statistics for 74.125.139.139:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 12ms, Maximum = 12ms, Average = 12ms

Server: cdns01.comcast.net
Address: 75.75.75.75

Name: yahoo.com
Addresses: 72.30.38.140, 98.139.183.24, 98.138.253.109



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Reply from 98.139.183.24: bytes=32 time=119ms TTL=49

Reply from 98.139.183.24: bytes=32 time=82ms TTL=51



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 82ms, Maximum = 119ms, Average = 100ms

Server: cdns01.comcast.net
Address: 75.75.75.75

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 18 f3 a6 28 d4 ...... NVIDIA nForce Networking Controller
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 98.251.117.1 98.251.117.225 20
98.251.117.0 255.255.255.0 98.251.117.225 98.251.117.225 20
98.251.117.225 255.255.255.255 127.0.0.1 127.0.0.1 20
98.255.255.255 255.255.255.255 98.251.117.225 98.251.117.225 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 98.251.117.225 98.251.117.225 20
224.0.0.0 240.0.0.0 98.251.117.225 98.251.117.225 20
255.255.255.255 255.255.255.255 98.251.117.225 98.251.117.225 1
Default Gateway: 98.251.117.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 D:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 D:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 D:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 D:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 D:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 D:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 D:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 D:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 D:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 D:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 D:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 D:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 D:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 D:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 D:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 D:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 D:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 D:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 15 D:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/07/2012 05:32:03 AM) (Source: ESENT) (User: )
Description: Catalog Database (824) Database D:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb was partially detached. Error -1032 encountered updating database headers.

Error: (11/07/2012 05:32:03 AM) (Source: ESENT) (User: )
Description: Catalog Database (824) Unable to write a shadowed header for file D:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb. Error -1032.

Error: (11/07/2012 05:32:03 AM) (Source: ESENT) (User: )
Description: svchost (824) An attempt to open the file "D:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (10/31/2012 11:19:09 PM) (Source: MsiInstaller) (User: OWNER-NUA4EKA61)
Description: Product: Avatar - Legends of The Arena -- Error 1606.Could not access network location :.

Error: (10/31/2012 11:19:08 PM) (Source: MsiInstaller) (User: OWNER-NUA4EKA61)
Description: Product: Avatar - Legends of The Arena -- Error 1606.Could not access network location :.

Error: (10/31/2012 10:58:44 PM) (Source: ESENT) (User: )
Description: svchost (840) An attempt to open the file "D:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (10/31/2012 10:56:45 PM) (Source: MsiInstaller) (User: OWNER-NUA4EKA61)
Description: Product: Java™ 6 Update 15 -- Error 1606.Could not access network location :.

Error: (10/31/2012 10:56:44 PM) (Source: MsiInstaller) (User: OWNER-NUA4EKA61)
Description: Product: Java™ 6 Update 15 -- Error 1606.Could not access network location :.

Error: (10/31/2012 10:56:41 PM) (Source: MsiInstaller) (User: OWNER-NUA4EKA61)
Description: Product: Java™ 6 Update 15 -- Error 1606.Could not access network location :.

Error: (10/30/2012 09:57:21 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 30652250


System errors:
=============
Error: (11/07/2012 04:49:44 AM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume2

Error: (11/07/2012 02:14:07 AM) (Source: DCOM) (User: OWNER-NUA4EKA61)
Description: The server {2692A9D5-61DF-46D5-A5A1-A6CCA921D578} did not register with DCOM within the required timeout.

Error: (10/31/2012 11:22:15 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (10/31/2012 11:22:15 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (10/31/2012 11:22:15 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (10/31/2012 11:22:15 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (10/31/2012 11:22:15 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (10/31/2012 11:22:14 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (10/31/2012 11:22:14 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (10/31/2012 11:22:14 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126


Microsoft Office Sessions:
=========================
Error: (11/07/2012 05:32:03 AM) (Source: ESENT)(User: )
Description: Catalog Database824D:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb-1032

Error: (11/07/2012 05:32:03 AM) (Source: ESENT)(User: )
Description: Catalog Database824D:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb-1032

Error: (11/07/2012 05:32:03 AM) (Source: ESENT)(User: )
Description: svchost824D:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (10/31/2012 11:19:09 PM) (Source: MsiInstaller)(User: OWNER-NUA4EKA61)
Description: Product: Avatar - Legends of The Arena -- Error 1606.Could not access network location :.(NULL)(NULL)(NULL)

Error: (10/31/2012 11:19:08 PM) (Source: MsiInstaller)(User: OWNER-NUA4EKA61)
Description: Product: Avatar - Legends of The Arena -- Error 1606.Could not access network location :.(NULL)(NULL)(NULL)

Error: (10/31/2012 10:58:44 PM) (Source: ESENT)(User: )
Description: svchost840D:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (10/31/2012 10:56:45 PM) (Source: MsiInstaller)(User: OWNER-NUA4EKA61)
Description: Product: Java™ 6 Update 15 -- Error 1606.Could not access network location :.(NULL)(NULL)(NULL)

Error: (10/31/2012 10:56:44 PM) (Source: MsiInstaller)(User: OWNER-NUA4EKA61)
Description: Product: Java™ 6 Update 15 -- Error 1606.Could not access network location :.(NULL)(NULL)(NULL)

Error: (10/31/2012 10:56:41 PM) (Source: MsiInstaller)(User: OWNER-NUA4EKA61)
Description: Product: Java™ 6 Update 15 -- Error 1606.Could not access network location :.(NULL)(NULL)(NULL)

Error: (10/30/2012 09:57:21 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 30652250


=========================== Installed Programs ============================

Acrobat.com (Version: 1.7.186)
Adobe AIR (Version: 1.5.1.8210)
Adobe Flash Player 10 Plugin (Version: 10.3.181.26)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.278)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Adobe Shockwave Player 11.6 (Version: 11.6.7.637)
Apple Application Support (Version: 2.1.9)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (Version: 2.1.3.127)
Avatar - Legends of The Arena (Version: 1.03.0008)
Bonjour (Version: 3.0.0.10)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Data Fax SoftModem with SmartCP
ESET Online Scanner v3
iTunes (Version: 10.6.3.25)
Java Auto Updater (Version: 2.1.6.0)
Java™ 6 Update 15 (Version: 6.0.150)
Java™ 7 Update 5 (Version: 7.0.50)
Java™ SE Runtime Environment 6 Update 1 (Version: 1.6.0.10)
JavaFX 2.1.1 (Version: 2.1.1)
Learn2 Player (Uninstall Only)
Lexmark 2300 Series
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft VC9 runtime libraries (Version: 1.0.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 16.0.2 (x86 en-US) (Version: 16.0.2)
MSVCRT (Version: 14.0.1468.721)
NVIDIA Drivers
Photo Notifier and Animation Creator (Version: 1.0.0.1009)
QuickTime (Version: 7.72.80.56)
RealPlayer Basic
Realtek High Definition Audio Driver
Segoe UI (Version: 14.0.4327.805)
SUPERAntiSpyware (Version: 5.6.1014)
swMSM (Version: 12.0.0.1)
Unity Web Player (Version: 2.1.0f5_16147)
UnThreat Free AntiVirus Installer (Version: 4.2.33.0)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB961503) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Viewpoint Media Player
WebFldrs XP (Version: 9.50.5318)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows XP Service Pack 3 (Version: 20080414.031525)

========================= Memory info: ===================================

Percentage of memory in use: 71%
Total physical RAM: 446.48 MB
Available physical RAM: 129.41 MB
Total Pagefile: 1053.91 MB
Available Pagefile: 701.31 MB
Total Virtual: 2047.88 MB
Available Virtual: 1974.55 MB

========================= Partitions: =====================================

1 Drive c: (RECOVERY(D)) (Fixed) (Total:7.3 GB) (Free:0.34 GB) FAT32
2 Drive d: () (Fixed) (Total:104.46 GB) (Free:87.42 GB) NTFS

========================= Users: ========================================

User accounts for \\OWNER-NUA4EKA61

Administrator Guest HelpAssistant
Owner SUPPORT_388945a0


**** End of log ****

___________________________________________________________________________________________________________________________


AdWare Cleaner Log:

# AdwCleaner v2.007 - Logfile created 11/07/2012 at 18:55:04
# Updated 06/11/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Owner - OWNER-NUA4EKA61
# Boot Mode : Normal
# Running from : D:\Documents and Settings\Owner\My Documents\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : D:\WINDOWS\system32\conduitEngine.tmp
Folder Deleted : D:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : D:\Documents and Settings\Owner\Local Settings\Application Data\APN
Folder Deleted : D:\Documents and Settings\Owner\Local Settings\Application Data\Conduit
Folder Deleted : D:\Program Files\Viewpoint

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\IncrediMail_MediaBar_2
Key Deleted : HKCU\Software\FCTB000060231
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB35C569-5624-4CFC-8043-E5139F55A073}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{042DA63B-0933-403D-9395-B49307691690}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB35C569-5624-4CFC-8043-E5139F55A073}
Key Deleted : HKLM\Software\AskBarDis
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\f
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2724386
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\FCTB000060231
Key Deleted : HKLM\Software\ImInstaller
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\Viewpoint
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.5730.13

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtCzz0FtA0AyCtBzz0DyEyCyB0A0EtN0D0Tzu0CtByDzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=1832659496 --> hxxp://www.google.com

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\r1nkutwy.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [9059 octets] - [07/11/2012 18:54:15]
AdwCleaner[S1].txt - [8605 octets] - [07/11/2012 18:55:04]

########## EOF - D:\AdwCleaner[S1].txt - [8665 octets] ##########

_______________________________________________________________________________________________________________________________

Norman Malware Cleaner:

Norman Malware Cleaner v2.06.01
Copyright 1990 - 2012, Norman ASA.

Norman Scanner Engine Version: 7.00.12
nvcbin.def: Version: 7.00.1794, Date: 2012/11/07 08:23:42, Variants: 15286090
nvcmacro.def: Version: 0.00.00, Date: 1969/12/31 19:00:00, Variants: 0

Operating System: Windows XP Service Pack 3

Switches: /iagree /cleanrootkit /nomt

Scan started: 2012/11/07 19:58:32

Running pre-scan cleanup routine...

Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Scanning time: 1s

Scanning system for active rootkit activity...

Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Number of malicious files found: 0
Number of malicious files cleaned: 0
Scanning time: 0s

Scanning running processes and process memory...

Number of objects found: 1116
Number of objects scanned: 1116
Number of objects not scanned: 0
Number of malicious memory objects found: 0
Number of malicious objects cleaned: 0
Number of malicious files found: 0
Number of malicious files cleaned: 0
Scanning time: 1m 23s

Scanning system for FakeAV...

Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Number of malicious files found: 0
Number of malicious files cleaned: 0
Scanning time: 0s

Running full scan...
C:\I386\APPS\APP27103\SUPPORT\TOOLS\MSRDPCLI.EXE/noname.cab/instmsia.exe/noname.cab/instmsi.msi/file30: Not scanned: 0x00000001
C:\I386\APPS\APP27103\SUPPORT\TOOLS\MSRDPCLI.EXE/noname.cab/instmsiw.exe/noname.cab/instmsi.msi/file30: Not scanned: 0x00000001
D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat: Error opening file for read: 0x00000020
D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG: Error opening file for read: 0x00000020
D:\Documents and Settings\LocalService\NTUSER.DAT: Error opening file for read: 0x00000020
D:\Documents and Settings\LocalService\ntuser.dat.LOG: Error opening file for read: 0x00000020
D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat: Error opening file for read: 0x00000020
D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG: Error opening file for read: 0x00000020
D:\Documents and Settings\NetworkService\NTUSER.DAT: Error opening file for read: 0x00000020
D:\Documents and Settings\NetworkService\ntuser.dat.LOG: Error opening file for read: 0x00000020
D:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat: Error opening file for read: 0x00000020
D:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG: Error opening file for read: 0x00000020
D:\Documents and Settings\Owner\NTUSER.DAT: Error opening file for read: 0x00000020
D:\Documents and Settings\Owner\ntuser.dat.LOG: Error opening file for read: 0x00000020
D:\WINDOWS\system32\config\default: Error opening file for read: 0x00000020
D:\WINDOWS\system32\config\default.LOG: Error opening file for read: 0x00000020
D:\WINDOWS\system32\config\SAM: Error opening file for read: 0x00000020
D:\WINDOWS\system32\config\SAM.LOG: Error opening file for read: 0x00000020
D:\WINDOWS\system32\config\SECURITY: Error opening file for read: 0x00000020
D:\WINDOWS\system32\config\SECURITY.LOG: Error opening file for read: 0x00000020
D:\WINDOWS\system32\config\software: Error opening file for read: 0x00000020
D:\WINDOWS\system32\config\software.LOG: Error opening file for read: 0x00000020
D:\WINDOWS\system32\config\system: Error opening file for read: 0x00000020
D:\WINDOWS\system32\config\system.LOG: Error opening file for read: 0x00000020
D:\WINDOWS\Temp\Perflib_Perfdata_6dc.dat: Error opening file for read: 0x00000020

Number of files found: 65891
Number of archives unpacked: 10408
Number of objects found: 505010
Number of objects scanned: 504985
Number of objects not scanned: 25
Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Number of malicious files found: 0
Number of malicious files cleaned: 0
Scanning time: 2h 40m 47s

Running post-scan cleanup routine...

Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Scanning time: 1s

Results:
Total number of files found: 65891
Total number of archives unpacked: 10408
Total number of objects found: 506126
Total number of objects scanned: 506101
Total number of objects not scanned: 25
Total number of malicious objects found: 0
Total scanning time: 2h 42m 12s

______________________________________________________________________________________________________________________________________

I don't know if there will be any further instructions from you other than to shoot this dinosaur but for what it's worth, it's running better already. Thank you.

#6 InadequateInfirmity

InadequateInfirmity

  • Members
  • 2,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:08 AM

Posted 08 November 2012 - 07:38 PM

Please Re-run Malwarebytes update it do a quick scan and after the scan finishes select show found threats and make sure all items are checked and then reboot and post the new log.

Download tdss killer

http://support.kaspersky.com/downloads/utils/tdsskiller.exe



Right Click it Run as Admin . Click on Change parameters Select TDLFS file system

Hit the Scan button Post the LOG In your next reply

Do not change the default options on scan results



Run the program below as admin hit the scan button allow it to finish then hit the delete button.

http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

Download Rkill run it post the log.
http://www.bleepingcomputer.com/download/rkill/

Download the junkware removal tool save it to your desktop run it in safe mode post the log.
http://thisisudax.org/downloads/JRT.exe


Download Autoruns and Autorunsc Unzip it to your desktop and then double click autoruns.exe After the scan is finished then click on File>>>>>>>>>>>Save The default name will be autoruns.arn make sure to save it as Autoruns.txt under the file type option. in other words make sure it is a .txt file instead of .arn Attach the text in your next reply.

http://download.sysinternals.com/files/Autoruns.zip
What happens when you press Alt + F4 at the same time?

#7 InadequateInfirmity

InadequateInfirmity

  • Members
  • 2,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:08 AM

Posted 08 November 2012 - 07:43 PM

Un install the item below from your add remove programs.
UnThreat Free AntiVirus Installer (Version: 4.2.33.0)

Reboot and then install Avast free.
http://www.filehippo.com/download_avast_antivirus/download/3f0f6cf85120fa5ac62abb03aaeecda8/
What happens when you press Alt + F4 at the same time?

#8 dep3333

dep3333
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 10 November 2012 - 06:46 AM

New Malware log:

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.08.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Owner :: OWNER-NUA4EKA61 [administrator]

Protection: Enabled

11/08/2012 9:34:42 PM
mbam-log-2012-11-08 (21-34-42).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 210176
Time elapsed: 5 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 3
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


____________________________________________________________________________________________________________________

TDSS Killer:

I had issues with this. When I clicked "run as", my only option was Owner (which may be the same as Admin, idk.) When I chose that, it would initialize but then pop up a box that says "Can't initialize log". I clicked ok. It continued to do whatever it does and then another box came up that said "Can't load driver". I hit ok again and it goes to the Ready to Scan box. I changed the parameters per your instructions and hit scan. I don't know what it was supposed to do but when it was complete, it displayed No Threats Found.

___________________________________________________________________________________________________________________

Ran RogueKiller.exe

_____________________________________________________________________________________________________________________

RKill:

Rkill 2.4.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/09/2012 09:14:05 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* RpcSs => %SystemRoot%\system32\svchost.exe -k rpcss [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 11/09/2012 09:16:34 PM
Execution time: 0 hours(s), 2 minute(s), and 28 seconds(s)

___________________________________________________________________________________________________________________

Junkware Removal:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 2.8.7 (11.08.2012)
OS: Microsoft Windows XP x86
Ran by Owner on 11/09/2012 at 21:17:58.21
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{5aa2ba46-9913-4dc7-9620-69ab0fa17ae7}



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11/09/2012 at 21:25:12.75
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

_____________________________________________________________________________________________________________________

Autorun:

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "d:\program files\common files\adobe\arm\1.0\adobearm.exe"
+ "APSDaemon" "Apple Push" "Apple Inc." "d:\program files\common files\apple\apple application support\apsdaemon.exe"
+ "iTunesHelper" "iTunesHelper" "Apple Inc." "d:\program files\itunes\ituneshelper.exe"
+ "NvCplDaemon" "NVIDIA Display Properties Extension" "NVIDIA Corporation" "d:\windows\system32\nvcpl.dll"
+ "NvMediaCenter" "NVIDIA Media Center Library" "NVIDIA Corporation" "d:\windows\system32\nvmctray.dll"
+ "nwiz" "NVIDIA nView Wizard, Version 110.34 " "NVIDIA Corporation" "d:\windows\system32\nwiz.exe"
+ "RTHDCPL" "Realtek HD Audio Control Panel" "Realtek Semiconductor Corp." "d:\windows\rthdcpl.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
X "Address Book 6" "Outlook Express Setup Library" "Microsoft Corporation" "d:\program files\outlook express\setup50.exe"
X "Microsoft Outlook Express 6" "Outlook Express Setup Library" "Microsoft Corporation" "d:\program files\outlook express\setup50.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "d:\program files\common files\microsoft shared\office11\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
X "livecall" "Windows Live Messenger Protocol Handler Module" "Microsoft Corporation" "d:\program files\windows live\messenger\msgrapp.14.0.8117.0416.dll"
X "msnim" "Windows Live Messenger Protocol Handler Module" "Microsoft Corporation" "d:\program files\windows live\messenger\msgrapp.14.0.8117.0416.dll"
X "mso-offdap" "Microsoft Office XP Web Components" "Microsoft Corporation" "d:\program files\common files\microsoft shared\web components\10\owc10.dll"
X "mso-offdap11" "Microsoft Office Web Components 2003" "Microsoft Corporation" "d:\program files\common files\microsoft shared\web components\11\owc11.dll"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" ""
+ "0" "" "" "File not found: About:Home"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "SABShellExecuteHook Class" "ShellExecuteHook" "SuperAdBlocker.com" "d:\program files\superantispyware\sasseh.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "d:\program files\superantispyware\sasctxmn.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "d:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "d:\program files\superantispyware\sasctxmn.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "00nView" "NVIDIA Desktop Explorer, Version 110.34 " "NVIDIA Corporation" "d:\windows\system32\nvshell.dll"
+ "NvCplDesktopContext" "NVIDIA Display Properties Extension" "NVIDIA Corporation" "d:\windows\system32\nvcpl.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "d:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "d:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "d:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "d:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll"
+ "SSVHelper Class" "Java™ Platform SE binary" "Oracle Corporation" "d:\program files\java\jre7\bin\ssv.dll"
"Task Scheduler" "" "" ""
X "AppleSoftwareUpdate.job" "Apple Software Update" "Apple Inc." "d:\program files\apple software update\softwareupdate.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "!SASCORE" "SUPERAntiSpyware Core Service" "SUPERAntiSpyware.com" "d:\program files\superantispyware\sascore.exe"
X "AOL ACS" "AOL Connectivity Service" "America Online, Inc." "d:\program files\common files\aol\acs\acsd.exe"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "d:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "AppMgmt" "Provides software installation services such as Assign, Publish, and Remove." "" "File not found: D:\WINDOWS\System32\appmgmts.dll"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "d:\program files\bonjour\mdnsresponder.exe"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "d:\program files\ipod\bin\ipodservice.exe"
+ "JavaQuickStarterService" "Prefetches JRE files for faster startup of Java applets and applications" "Oracle Corporation" "d:\program files\oracle\javafx 2.1 runtime\bin\jqs.exe"
+ "lxcg_device" "Printer Communication System" " " "d:\windows\system32\lxcgcoms.exe"
+ "MBAMScheduler" "Malwarebytes Anti-Malware scheduler" "Malwarebytes Corporation" "d:\program files\malwarebytes' anti-malware\mbamscheduler.exe"
+ "MBAMService" "Malwarebytes Anti-Malware service" "Malwarebytes Corporation" "d:\program files\malwarebytes' anti-malware\mbamservice.exe"
+ "McciCMService" "mcci+McciCMService" "Alcatel-Lucent" "d:\program files\common files\motive\mccicmservice.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "d:\program files\common files\microsoft shared\source engine\ose.exe"
+ "WmdmPmSN" "Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device." "" "File not found: C:\WINDOWS\system32\mspmsnsv.dll"
"HKLM\System\CurrentControlSet\Services" "" "" ""
X "A2DDA" "" "" "File not found: D:\Documents and Settings\Administrator\My Documents\Downloads\emsisoftemergencykit\Run\a2ddax86.sys"
+ "ASCTRM" "TR Manager" "Windows ® 2000 DDK provider" "d:\windows\system32\drivers\asctrm.sys"
+ "catchme" "" "" "File not found: D:\ComboFix\catchme.sys"
+ "Changer" "" "" "File not found: D:\WINDOWS\System32\Drivers\Changer.sys"
+ "cpuz132" "" "" "File not found: D:\DOCUME~1\Owner\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "d:\windows\system32\drivers\gearaspiwdm.sys"
+ "HDAudBus" "High Definition Audio Bus Driver v1.0a" "Windows ® Server 2003 DDK provider" "d:\windows\system32\drivers\hdaudbus.sys"
+ "HSX_DP" "HSF_DP driver" "Conexant Systems, Inc." "d:\windows\system32\drivers\hsx_dp.sys"
+ "HSXHWBS2" "HSF_HWB2 WDM driver" "Conexant Systems, Inc." "d:\windows\system32\drivers\hsxhwbs2.sys"
+ "i2omgmt" "" "" "File not found: D:\WINDOWS\System32\Drivers\i2omgmt.sys"
+ "IntcAzAudAddService" "Realtek® High Definition Audio Function Driver" "Realtek Semiconductor Corp." "d:\windows\system32\drivers\rtkhdaud.sys"
+ "lbrtfdc" "" "" "File not found: D:\WINDOWS\System32\Drivers\lbrtfdc.sys"
+ "MBAMProtector" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "d:\windows\system32\drivers\mbam.sys"
+ "mdmxsdk" "Diagnostic Interface DRIVER" "Conexant" "d:\windows\system32\drivers\mdmxsdk.sys"
+ "MREMP50" "PCAUSA NDIS 5.0 MPR Protocol Driver" "Printing Communications Assoc., Inc. (PCAUSA)" "d:\program files\common files\motive\mremp50.sys"
+ "MREMPR5" "" "" "File not found: D:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS"
+ "MRENDIS5" "" "" "File not found: D:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS"
+ "MRESP50" "PCAUSA NDIS 5.0 SPR Protocol Driver" "Printing Communications Assoc., Inc. (PCAUSA)" "d:\program files\common files\motive\mresp50.sys"
+ "nv" "NVIDIA Compatible Windows 2000 Miniport Driver, Version 82.08 " "NVIDIA Corporation" "d:\windows\system32\drivers\nv4_mini.sys"
+ "NVENETFD" "NVIDIA Networking Function Driver." "NVIDIA Corporation" "d:\windows\system32\drivers\nvenetfd.sys"
+ "nvnetbus" "NVIDIA Networking Bus Driver." "NVIDIA Corporation" "d:\windows\system32\drivers\nvnetbus.sys"
+ "PCIDump" "" "" "File not found: D:\WINDOWS\System32\Drivers\PCIDump.sys"
+ "PDCOMP" "" "" "File not found: D:\WINDOWS\System32\Drivers\PDCOMP.sys"
+ "PDFRAME" "" "" "File not found: D:\WINDOWS\System32\Drivers\PDFRAME.sys"
+ "PDRELI" "" "" "File not found: D:\WINDOWS\System32\Drivers\PDRELI.sys"
+ "PDRFRAME" "" "" "File not found: D:\WINDOWS\System32\Drivers\PDRFRAME.sys"
+ "Ptilink" "Direct Parallel Link Driver" "Parallel Technologies, Inc." "d:\windows\system32\drivers\ptilink.sys"
+ "SASDIFSV" "SASDIFSV.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "d:\program files\superantispyware\sasdifsv.sys"
+ "SASKUTIL" "SASKUTIL.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "d:\program files\superantispyware\saskutil.sys"
+ "SBRE" "" "" "File not found: D:\WINDOWS\system32\drivers\SBREdrv.sys"
+ "Secdrv" "SafeDisc driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "d:\windows\system32\drivers\secdrv.sys"
+ "USBAAPL" "Apple Mobile Device USB Driver" "Apple, Inc." "d:\windows\system32\drivers\usbaapl.sys"
+ "wanatw" "Wan Miniport (ATW)" "America Online, Inc." "d:\windows\system32\drivers\wanatw4.sys"
+ "WDICA" "" "" "File not found: D:\WINDOWS\System32\Drivers\WDICA.sys"
+ "winachsx" "HSF_CNXT driver" "Conexant Systems, Inc." "d:\windows\system32\drivers\hsx_cnxt.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.iac2" "Indeo® audio software" "Intel Corporation" "d:\windows\system32\iac25_32.ax"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "d:\windows\system32\l3codeca.acm"
+ "msacm.sl_anet" "Audio codec for MS ACM" "Sipro Lab Telecom Inc." "d:\windows\system32\sl_anet.acm"
+ "msacm.trspch" "DSP Group TrueSpeech™ Audio Codec for MSACM V3.50" "DSP GROUP, INC." "d:\windows\system32\tssoft32.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "d:\windows\system32\iccvid.dll"
+ "vidc.iv31" "" "" "d:\windows\system32\ir32_32.dll"
+ "vidc.iv32" "" "" "d:\windows\system32\ir32_32.dll"
+ "vidc.iv41" "Intel Indeo® Video 4.5" "Intel Corporation" "d:\windows\system32\ir41_32.ax"
+ "vidc.iv50" "Intel Indeo® video 5.10" "Intel Corporation" "d:\windows\system32\ir50_32.dll"
"HKLM\Software\Classes\Filter" "" "" ""
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "d:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "d:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "d:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "d:\windows\system32\ir41_32.ax"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Movie Maker Filters" "Microsoft Corporation" "d:\program files\movie maker\wmm2filt.dll"
+ "ACELP.net Audio Decoder" "ACELP.net Audio Decoder" "Sipro Lab Telecom Inc." "d:\windows\system32\acelpdec.ax"
+ "Allocator Fix" "Movie Maker Filters" "Microsoft Corporation" "d:\program files\movie maker\wmm2filt.dll"
+ "Bitmap" "Movie Maker Filters" "Microsoft Corporation" "d:\program files\movie maker\wmm2filt.dll"
+ "CyberLink Audio Decoder" "CyberLink Audio Decoder Filter" "CyberLink Corp." "d:\program files\cyberlink\shared files\audiofilter\claud.ax"
+ "CyberLink Audio Effect" "CyberLink Audio Effect Filter" "CyberLink Corporation" "d:\program files\cyberlink\shared files\audiofilter\claudfx.ax"
+ "CyberLink AudioCD Filter" "CyberLink AudioCD Filter" "CyberLink Corp." "d:\program files\cyberlink\shared files\audiofilter\claudiocd.ax"
+ "CyberLink DVD Navigator" "CyberLink DVD Navigation Filter" "CyberLink Corp." "d:\program files\cyberlink\shared files\navfilter\clnavx.ax"
+ "CyberLink Line21 Decoder Filter" "CyberLink Line21 Decoder Filter" "CyberLink Corp." "d:\program files\cyberlink\shared files\videofilter\clline21.ax"
+ "CyberLink TimeStretch Filter" "CLAuTS.ax" "CyberLink Corp." "d:\program files\cyberlink\shared files\audiofilter\clauts.ax"
+ "CyberLink Video/SP Decoder" "CyberLink Video/SP Filter" "CyberLink Corp." "d:\program files\cyberlink\shared files\videofilter\clvsd.ax"
+ "Frame Eater" "Movie Maker Filters" "Microsoft Corporation" "d:\program files\movie maker\wmm2filt.dll"
+ "Indeo Video ® 5.1 Progressive Download Source" "Intel Indeo® video IVF Source Filter 5.10" "Intel Corporation" "d:\windows\system32\ivfsrc.ax"
+ "Indeo® audio software" "Indeo® audio software" "Intel Corporation" "d:\windows\system32\iac25_32.ax"
+ "Indeo® video 5.10 Compression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "d:\windows\system32\ir50_32.dll"
+ "Indeo® video 5.10 Decompression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "d:\windows\system32\ir50_32.dll"
+ "MPEG Layer-3 Decoder" "MPEG Layer-3 Audio Decoder" "Fraunhofer Institut Integrierte Schaltungen IIS" "d:\windows\system32\l3codecx.ax"
+ "Record Queue" "Movie Maker Filters" "Microsoft Corporation" "d:\program files\movie maker\wmm2filt.dll"
+ "ShotBoundaryDet" "Windows Movie Maker" "Microsoft Corporation" "d:\program files\movie maker\wmmfilt.dll"
+ "ShotDetect" "Movie Maker Filters" "Microsoft Corporation" "d:\program files\movie maker\wmm2filt.dll"
+ "Stetch" "Movie Maker Filters" "Microsoft Corporation" "d:\program files\movie maker\wmm2filt.dll"
+ "WIA Stream Snapshot Filter" "WIA Stream Snapshot Filter" "MyCompanyName" "d:\windows\system32\wiasf.ax"
+ "Windows Media Pad VU Data Grabber" "Windows Movie Maker" "Microsoft Corporation" "d:\program files\movie maker\wmmfilt.dll"
+ "WM VIH2 Fix" "Movie Maker Filters" "Microsoft Corporation" "d:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer" "Movie Maker Filters" "Microsoft Corporation" "d:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Movie Maker Filters" "Microsoft Corporation" "d:\program files\movie maker\wmm2filt.dll"
+ "WMT DirectX Transform Wrapper" "Movie Maker Filters" "Microsoft Corporation" "d:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Movie Maker Filters" "Microsoft Corporation" "d:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Movie Maker Filters" "Microsoft Corporation" "d:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Movie Maker Filters" "Microsoft Corporation" "d:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Movie Maker Filters" "Microsoft Corporation" "d:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Movie Maker Filters" "Microsoft Corporation" "d:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Movie Maker Filters" "Microsoft Corporation" "d:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Movie Maker Filters" "Microsoft Corporation" "d:\program files\movie maker\wmm2filt.dll"
+ "WMT Screen capture Filter" "Movie Maker Filters" "Microsoft Corporation" "d:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Movie Maker Filters" "Microsoft Corporation" "d:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Movie Maker Filters" "Microsoft Corporation" "d:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Movie Maker Filters" "Microsoft Corporation" "d:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Movie Maker Filters" "Microsoft Corporation" "d:\program files\movie maker\wmm2filt.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "d:\program files\bonjour\mdnsnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "2300 Series Port" "Printer Communication System" " " "d:\windows\system32\lxcglmpm.dll"

Edited by dep3333, 10 November 2012 - 06:56 AM.


#9 InadequateInfirmity

InadequateInfirmity

  • Members
  • 2,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:08 AM

Posted 10 November 2012 - 11:03 AM

How are things now?

Download Hitman Pro .
http://dl.surfright.nl/HitmanPro36.exe
Start the scan Go to setings.
Un-tick Scan for tracking Cookies.
Go back to scan Tab
Select ok
Then Next
No I only want to perform a one time scan to check this computer.
Enter your email to register.
Next.
After the scan make sure to select quarantine found threats.
Then select activate free license then follow the prompts.
Reboot your machine.
What happens when you press Alt + F4 at the same time?

#10 dep3333

dep3333
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 10 November 2012 - 01:16 PM

Things are a lot better, so thank you so much for your help! It still wants to temporarily freeze up when opening some web pages like Facebook. Could this be a java issue? iTunes takes a long time to open too. But again, it's remarkably better than where I started. I really appreciate your help.

I'll run hitman this afternoon and update you. And while I have your ear, I was thinking of setting up a user account for the kids to play games and get online but would like to restrict it so they can't download viruses or bad software. I'd like to keep this from happening again. Any suggestions?

#11 InadequateInfirmity

InadequateInfirmity

  • Members
  • 2,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:08 AM

Posted 10 November 2012 - 01:58 PM

Once we are done I will assist with setting up a new ACCOUNT. :)

Uninstall Super Anti Spyware it is good at finding things but can slow a machine down.

Here I would like you to disable all of your start-up items except avast.
Download Ccleaner hit the tools button then the start up tab then disable All items except avast.
http://download.piriform.com/ccsetup324.exe

Do not use the registry cleaner in Ccleaner!!

Then

Hit the Start button then Right Click My computer>>>>>>>>>>>>>>Properties>>>>>>>>>>>
Harwdare Tab>>>>>>>>>>>>>Device Manager.
Scroll down to the IDE ATA/ATAPI Controlers Left click the + to the left of the drivers.
Right Click and uninstall all of your Primary IDE drivers there most likely will be more than one of the Primary IDE Drivers Make sure and un-install All of them prior to rebooting.
Upon un-installing the last one your computer should prompt a reboot allow it.

Edited by InadequateInfirmity, 10 November 2012 - 01:59 PM.

What happens when you press Alt + F4 at the same time?

#12 dep3333

dep3333
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 10 November 2012 - 06:37 PM

Ok. Did the CCleaner and the Primary IDE thing and rebooted.

And now it prompts me to install new hardware except I don't know what hardware and windows can't find the needed files without a disk.

(Btw, I found out what happens when you press Alt+F4 at the same time. lol)

Edited by dep3333, 10 November 2012 - 06:56 PM.


#13 InadequateInfirmity

InadequateInfirmity

  • Members
  • 2,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:08 AM

Posted 11 November 2012 - 11:13 AM

The machine will prompt installing the newharware just reboot after.This will be soilved are you ready to set up the child account?
What happens when you press Alt + F4 at the same time?

#14 dep3333

dep3333
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 11 November 2012 - 02:10 PM

I'm ready!

#15 InadequateInfirmity

InadequateInfirmity

  • Members
  • 2,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:08 AM

Posted 11 November 2012 - 02:18 PM

Set up the guest account if I remember correctly the guest account will not be able to download let me know.
http://voices.yahoo.com/how-set-guest-account-windows-xp-computer-1521189.html

Also set your dns to google dns or open dns.
http://theos.in/windows-xp/free-fast-public-dns-server-list/

Also here is a command prompt that will help speed up internet explorer.

Open command prompt then type or copy and paste each line hitting enter after each.To open command prompt hit the windows key and r at the same time and type cmd.

regsvr32 Urlmon.dll

regsvr32 Mshtml.dll

regsvr32 Actxprxy.dll

regsvr32 Oleaut32.dll

regsvr32 Shell32.dll

regsvr32 Shdocvw.dll

Now reboot the machine


Then clear all of your restore points and create a new one you can do this by turning off system restore and rebooting and turning it back on and rebooting again.
http://support.microsoft.com/kb/310405

Then download Erunt and create a backup of your registry and then download ntregopt and run it and then reboot.
http://www.larshederer.homepage.t-online.de/erunt/

Now defrag your machine with auslogics select defrag and optimize just uncheck the boxes that suggest installing other software when installing auslogics disk defrag.
http://www.auslogics.com/en/downloads/disk-defrag/disk-defrag-setup.exe




Open command prompt and type or copy and paste the following hitting enter after each.


ipconfig /flushdns
ipconfig /registerdns
net stop "dns client"
net start "dns client"


Any more issues?
Have you opened the side of the machine and checked for dust build up?
What happens when you press Alt + F4 at the same time?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users