Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Typing Lagging. Very Annoying.


  • This topic is locked This topic is locked
50 replies to this topic

#1 CBGal76

CBGal76

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:NL
  • Local time:06:59 AM

Posted 17 March 2012 - 02:02 PM

My mother was given a computer, and it was working fine for awhile. My cousin added norton to her computer, and while it slowed it down a bit, it was still running good. Then one day mom said she signed on and then went on the internet, and she tried typing and every letter she typed took a second or two to show up. Deleting anything takes twice as long. For the last day I have been trying to fix it. Cleaned off all junk. Ran a free registry cleaner. Created another account on her computer to see if it was just something with her account, but the same thing still happened. I'm so frustrated, because usually after working on something, even if it takes me a day, after doing research on the computer I can figure it out. This time I cant. I'm on my own computer right now, with hers beside me, because if I had to type this on her computer, it would have taken at least an hour for all of this to show up even if I typed it an hour ago.

I don't know a whole lot about the computer. This is what I do know. Its a Dell Inspiron 1501 I believe and has Windows XP on it. The little stickers say AMD 64 Athlon x2. There is a TON of space left on it. Only a 1/4 of it is used. My mother isn't computer savy, and I worry she might have opened a virus, cause she opens all those stupid forward from friends, which I've told her not to open any links on chain email a thousand times. She just used the computer for email (online) and facebook and to do the occasional lookup. She doesn't even have any files saved on it. I added Revo-Unstaller on it and went through the whole gamete of cleaners and checkers on it and cleaned up even more space.

I was in this group before, and I know there is probably more I should be telling you, but I cant think of anything else to tell you. I hope I hear from someone soon before I take her computer and throw it through the window :blink: !! LOL. Actually, she is leaving for a month and a half on the 27th, so I would like to try to have it fixed before she leaves so she can take it with her to Florida. Any help would be appreciated.

CBGal76

Edited by elise025, 17 March 2012 - 02:26 PM.
As a log is posted I am moving this to the Malware Removal forum ~Elise

:smash: CBGal76


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:29 AM

Posted 17 March 2012 - 03:09 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

1.Do not run any other tool untill instructed to do so!
doing so will only at best cause you unneeded worry as it finds our backups and may even list our tools
and at worst can cause conficts with our tools and lead to unforseen things to happen2.Please Do not Attach logs or put in code boxes.
besides the time it takes me to open the reports it makes it harder to find something if I need to go back to do more research and putting them in code boxes just makes them so hard to read3. After each step give me a little feedback
It does not need to be long but just something so I know how things are going it can be something like
I am still getting redirected
The computer is running as it should
Don't put things like - it is the same as before or still the same this just makes me go back and look for you last feedback as to how things are4. read every post completely before doing anything
Pay special attention to the Notes** I have put in
These are things I have found that happen allot and can be taken care of easily just by reading the Notes**

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Backup The Computer!!

If you have not done it yet spend a few minutes to backup the computer. Removing malware can be unpredictable and this may save you and me allot of grief later.

There is some good info in the Preparation Guide on how to make full backups and how to restore it back if something goes wrong. Read the tutorial and print it out so you will know what to do in case the unforeseen happens.

When you have the computer backed up you may do the following.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:29 AM

Posted 17 March 2012 - 03:10 PM

Double post - see post above please



gringo

Edited by gringo_pr, 17 March 2012 - 03:11 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:29 AM

Posted 20 March 2012 - 12:17 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 CBGal76

CBGal76
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:NL
  • Local time:06:59 AM

Posted 20 March 2012 - 12:50 AM

Thanks for the reply. I JUST got a notification that someone replied to this thread. Right now its 3:19 AM Newfoundland time, and I was heading to bed. Please extend my time. I will do everything you ask tomorrow when I get up and on the go. Thanks so much!

:smash: CBGal76


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:29 AM

Posted 20 March 2012 - 01:07 AM

no problem I will see you tomarrow


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 CBGal76

CBGal76
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:NL
  • Local time:06:59 AM

Posted 20 March 2012 - 12:33 PM

OK. I'm so use to windows 7 on my own computer that I cant figure out where to back up moms on windows xp.

:smash: CBGal76


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:29 AM

Posted 20 March 2012 - 01:02 PM

Hello


at least backup the pics and documents to a safe place


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 CBGal76

CBGal76
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:NL
  • Local time:06:59 AM

Posted 20 March 2012 - 01:18 PM

Running DDS. I shut of Norton Antivirus, is that what I had to shut off?

:smash: CBGal76


#10 CBGal76

CBGal76
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:NL
  • Local time:06:59 AM

Posted 20 March 2012 - 01:29 PM

Attach-
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 12/4/2007 9:30:59 PM
System Uptime: 3/20/2012 1:43:43 PM (2 hours ago)
.
Motherboard: Dell Inc. | | 0UW744
Processor: AMD Athlon™ 64 X2 Dual-Core Processor TK-55 | Socket M2/S1G1 | 1800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 71 GiB total, 53.794 GiB free.
D: is CDROM ()
E: is FIXED (FAT32) - 466 GiB total, 402.581 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 3/18/2012 4:01:40 AM - System Checkpoint
RP2: 3/20/2012 3:26:08 PM - System Checkpoint
.
==== Installed Programs ======================
.
.
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
AMD Processor Driver
AOLIcon
ATI Catalyst Control Center
ATI Display Driver
Broadcom Management Programs
Conexant HDA D110 MDC V.92 Modem
Critical Update for Windows Media Player 11 (KB959772)
Dell DataSafe Online
Dell Support Center
Dell System Restore
Dell Wireless WLAN Card
DellSupport
Documentation & Support Launcher
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
J2SE Runtime Environment 5.0 Update 6
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MicroStaff WINASPI
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Musicmatch for Windows Media Player
Norton Internet Security
PowerDVD 5.9
QuickSet
QuickTime
Revo Uninstaller Pro 2.5.7
SearchAssist
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2530548)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Sonic Activation Module
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
VC80CRTRedist - 8.0.50727.6195
Viewpoint Media Player
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
3/17/2012 3:39:09 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK8 APPDRV BHDrvx86 ccSet_NIS eeCtrl Fips SRTSPX SymIRON SYMTDI
3/17/2012 3:38:13 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
3/17/2012 3:38:01 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/16/2012 9:00:55 PM, error: Service Control Manager [7000] - The SupportSoft Sprocket Service (dellsupportcenter) service failed to start due to the following error: The system cannot find the file specified.
3/16/2012 10:16:32 PM, error: ACPIEC [1] - \Device\ACPIEC: The embedded controller (EC) hardware didn't respond within the timeout period. This may indicate an error in the EC hardware or firmware, or possibly a poorly designed BIOS which accesses the EC in an unsafe manner. The EC driver will retry the failed transaction if possible.
3/13/2012 1:34:01 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the SENS service.
.
==== End Of File ===========================

DDS-
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by John Hurley at 15:47:00 on 2012-03-20
Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.894.218 [GMT -2.5:30]
.
AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Norton Internet Security\Engine\19.6.1.8\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet Security\Engine\19.6.1.8\ccSvcHst.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1071128
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\19.6.1.8\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\19.6.1.8\ips\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\19.6.1.8\coIEPlg.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [MotiveReportAgent] "c:\program files\common files\motive\mccibootstrapper.exe" /url="-appkey=motive -windowcontext=reportagent -url=file://c:\program files\common files\motive\reportagent.html" /browsertype=custommsie /browserpath="c:\program files\common files\motive\MotiveBrowser.exe" /hidden
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
Trusted Zone: bittornado.com\www
Trusted Zone: mininova.org\www
Trusted Zone: softpedia.com\www
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{E40B2486-1BEC-4B44-A788-9E3A67797637} : DhcpNameServer = 192.168.0.1
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1306010.008\symds.sys [2012-3-8 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1306010.008\symefa.sys [2012-3-8 905336]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\bashdefs\20120317.002\BHDrvx86.sys [2012-3-20 820856]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1306010.008\ccsetx86.sys [2012-3-8 132744]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1306010.008\ironx86.sys [2012-3-8 149624]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\19.6.1.8\ccsvchst.exe [2012-3-8 138232]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-5 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\ipsdefs\20120317.002\IDSXpx86.sys [2012-3-20 356280]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\virusdefs\20120319.033\NAVENG.SYS [2012-3-20 86136]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\virusdefs\20120319.033\NAVEX15.SYS [2012-3-20 1576312]
S3 RapportIaso;RapportIaso;\??\c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys --> c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-1-16 27064]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys --> c:\windows\system32\drivers\rt2870.sys [?]
.
=============== Created Last 30 ================
.
2012-03-20 18:03:52 -------- d-----w- c:\windows\system32\NtmsData
2012-03-17 07:17:47 -------- d-----w- c:\program files\ZeoBIT
2012-03-17 07:17:04 -------- d-----w- c:\documents and settings\all users\application data\ZeoBIT
2012-03-17 06:59:50 -------- d-----w- c:\documents and settings\john hurley\application data\ParetoLogic
2012-03-17 06:59:50 -------- d-----w- c:\documents and settings\john hurley\application data\DriverCure
2012-03-17 06:59:27 -------- d-----w- c:\documents and settings\all users\application data\ParetoLogic
2012-03-17 04:29:34 -------- d-----w- c:\windows\pss
2012-03-17 02:26:21 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-03-17 02:26:21 -------- d-----w- c:\windows\system32\wbem\Repository
2012-03-16 22:39:01 -------- d-----w- c:\documents and settings\john hurley\application data\VS Revo Group
2012-03-08 22:55:25 345208 ----a-w- c:\windows\system32\drivers\nis\1306010.008\symtdiv.sys
2012-03-08 22:55:23 388216 ----a-w- c:\windows\system32\drivers\nis\1306010.008\symtdi.sys
2012-03-08 22:55:23 318584 ----a-w- c:\windows\system32\drivers\nis\1306010.008\symnets.sys
2012-03-08 22:55:21 905336 ----a-w- c:\windows\system32\drivers\nis\1306010.008\symefa.sys
2012-03-08 22:55:21 340088 ----a-r- c:\windows\system32\drivers\nis\1306010.008\symds.sys
2012-03-08 22:55:20 574584 ----a-w- c:\windows\system32\drivers\nis\1306010.008\srtsp.sys
2012-03-08 22:55:20 32888 ----a-w- c:\windows\system32\drivers\nis\1306010.008\srtspx.sys
2012-03-08 22:55:20 149624 ----a-w- c:\windows\system32\drivers\nis\1306010.008\ironx86.sys
2012-03-08 22:55:19 132744 ----a-w- c:\windows\system32\drivers\nis\1306010.008\ccsetx86.sys
2012-03-08 22:53:50 4782 ----a-w- c:\windows\system32\drivers\nis\1306010.008\symvtcer.dat
2012-03-08 22:53:49 -------- d-----w- c:\windows\system32\drivers\nis\1306010.008
.
==================== Find3M ====================
.
2012-03-13 17:13:16 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-03-13 17:13:15 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 15:47:44.12 ===============

:smash: CBGal76


#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:29 AM

Posted 20 March 2012 - 03:14 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 CBGal76

CBGal76
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:NL
  • Local time:06:59 AM

Posted 20 March 2012 - 04:48 PM

OK. I shut off my norton. I ran combofix, and it had to update the backup. I did that, then it went on to finish scanning. At arround 15, a blue screen came up saying an error occured and that it had to restart. So I restarted it, turned off norton again and ran combo fix again, and it worked perfect this time. The log is below. The computer is still lagging A LOT when I type, there seems to be no change! I tried to write on the affected computer, but it was taking too long. I wrote all this out, and it took about 10 minutes, and when it finally finished, it just had the first line that I wrote, written all over again about 6 times. So nothing has changed.

ComboFix 12-03-20.01 - John Hurley 03/20/2012 18:41:33.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.894.373 [GMT -2.5:30]
Running from: c:\documents and settings\John Hurley\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\DragToDiscUserNameD.txt
c:\documents and settings\All Users\Application Data\ZeoBIT
c:\program files\ZeoBIT
.
.
((((((((((((((((((((((((( Files Created from 2012-02-20 to 2012-03-20 )))))))))))))))))))))))))))))))
.
.
2012-03-20 20:43 . 2012-03-20 20:43 -------- d-----w- c:\windows\system32\drivers\MCLIENT
2012-03-20 20:43 . 2012-03-20 20:43 -------- d-----w- c:\program files\Norton Management
2012-03-20 18:03 . 2012-03-20 18:04 -------- d-----w- c:\windows\system32\NtmsData
2012-03-17 06:59 . 2012-03-17 06:59 -------- d-----w- c:\documents and settings\John Hurley\Application Data\ParetoLogic
2012-03-17 06:59 . 2012-03-17 06:59 -------- d-----w- c:\documents and settings\John Hurley\Application Data\DriverCure
2012-03-17 06:59 . 2012-03-17 07:13 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2012-03-17 06:36 . 2012-03-17 06:40 -------- d-----w- c:\documents and settings\Jean Y Peddle
2012-03-17 06:07 . 2012-03-17 06:25 -------- d-----w- c:\documents and settings\Administrator
2012-03-17 02:26 . 2012-03-17 02:26 -------- d-----w- c:\windows\system32\wbem\Repository
2012-03-16 22:39 . 2012-03-16 22:39 -------- d-----w- c:\documents and settings\John Hurley\Application Data\VS Revo Group
2012-03-08 22:53 . 2012-03-14 15:25 -------- d-----w- c:\windows\system32\drivers\NIS\1306010.008
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-13 17:13 . 2011-07-07 23:07 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-03-13 17:13 . 2011-07-07 23:07 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-02-03 09:22 . 2004-08-10 18:51 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06 . 2012-02-16 19:29 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2004-08-10 19:01 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 -c--a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 -c--a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2007-08-25 03:52 . 2007-12-25 00:52 300400 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-22 761947]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-02-20 1191936]
"SigmatelSysTrayApp"="stsystra.exe" [2006-09-22 282624]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"MotiveReportAgent"="c:\program files\Common Files\Motive\McciBootStrapper.exe" [2007-05-23 202240]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-12 03:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1306010.008\symds.sys [3/8/2012 8:25 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1306010.008\symefa.sys [3/8/2012 8:25 PM 905336]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120317.002\BHDrvx86.sys [3/20/2012 2:05 PM 820856]
R1 ccSet_MCLIENT;Norton Management Settings Manager;c:\windows\system32\drivers\MCLIENT\0201000.00C\ccSetx86.sys [3/20/2012 6:13 PM 132744]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1306010.008\ccsetx86.sys [3/8/2012 8:25 PM 132744]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1306010.008\ironx86.sys [3/8/2012 8:25 PM 149624]
R2 MCLIENT;Norton Management;c:\program files\Norton Management\Engine\2.1.0.12\ccSvcHst.exe [3/20/2012 6:13 PM 138232]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\19.6.1.8\ccsvchst.exe [3/8/2012 8:24 PM 138232]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/5/2012 2:52 PM 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120317.002\IDSXpx86.sys [3/20/2012 2:06 PM 356280]
S3 RapportIaso;RapportIaso;\??\c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys --> c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [1/16/2012 4:44 PM 27064]
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-13 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:02]
.
2012-03-20 c:\windows\Tasks\User_Feed_Synchronization-{DBC2753F-EF20-4F3E-B131-3AB1F518F592}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 07:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
Trusted Zone: bittornado.com\www
Trusted Zone: mininova.org\www
Trusted Zone: softpedia.com\www
TCP: DhcpNameServer = 192.168.0.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
MSConfigStartUp-RecoverFromReboot - c:\windows\Temp\RecoverFromReboot.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-20 18:51
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MCLIENT]
"ImagePath"="\"c:\program files\Norton Management\Engine\2.1.0.12\ccSvcHst.exe\" /s \"MCLIENT\" /m \"c:\program files\Norton Management\Engine\2.1.0.12\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.6.1.8\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.6.1.8\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(824)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
.
Completion time: 2012-03-20 18:53:58
ComboFix-quarantined-files.txt 2012-03-20 21:23
.
Pre-Run: 57,566,531,584 bytes free
Post-Run: 57,812,152,320 bytes free
.
- - End Of File - - BE3647FEA659AA2ECDC45F470A6C781C

Edited by CBGal76, 20 March 2012 - 04:54 PM.

:smash: CBGal76


#13 CBGal76

CBGal76
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:NL
  • Local time:06:59 AM

Posted 20 March 2012 - 04:56 PM

After all this, I would also like to know how to change the computers name from John Hurley (my uncles name, who owned this computer) to my mothers name. I changed it in the users account, but everything is still showing up as his name, as you can see in the log.

:smash: CBGal76


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:29 AM

Posted 20 March 2012 - 10:15 PM

Greetings

try this - http://windows.microsoft.com/en-US/windows-vista/Change-your-computer-name

I want you to reset the DMA you can do this by this script here - Reset DMA

If you have problems when you click on the link try to right click on the link and select "Save Target As" and then save to your desktop.
Once it is on your desktop right click on the file and select "Run"

If you still can't run it then you can go here "Reset DMA" to see what I want to do



I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 CBGal76

CBGal76
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:NL
  • Local time:06:59 AM

Posted 21 March 2012 - 01:04 AM

OK. Its 3:30 AM again here in Newfoundland and I need to go to bed. I get off at 3:30 tomorrow, so as soon as I get home I will do all of this! Thanks for all your help.

:smash: CBGal76





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users