Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow XP laptop-removed some malware but still slow


  • Please log in to reply
16 replies to this topic

#1 whatisavailable

whatisavailable

  • Members
  • 212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:10:24 PM

Posted 31 December 2012 - 05:30 PM

Hi
I'm helping my sister with her painfully slow laptop. I was able to get it to speed up some by running malware removal tools like Malwarebytes but it appears something still exists since MS essentials gets turned off.
Let me know what logs are needed. I recently installed AVG 2013 but it didn't find anything.
Thanks!
Jim

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:24 PM

Posted 01 January 2013 - 03:06 PM

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 whatisavailable

whatisavailable
  • Topic Starter

  • Members
  • 212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:10:24 PM

Posted 01 January 2013 - 11:45 PM

Hi
Thanks for your help!
Here is the data I collected.

Results of screen317's Security Check version 0.99.56
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Disabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Windows Defender
Secunia PSI (2.0.0.3003)
Malwarebytes Anti-Malware version 1.65.1.1000
CCleaner
Java version out of Date!
Mozilla Firefox (17.0.1)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 9%
````````````````````End of Log``````````````````````


Farbar Service Scanner Version: 23-12-2012
Ran by Administrator (administrator) on 01-01-2013 at 22:36:16
Running from "C:\Documents and Settings\Administrator\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Network
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem: "C:\WINDOWS\system32\svchost.exe -k netsvcs".
The ServiceDll of EventSystem: "C:\WINDOWS\system32\es.dll".


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Avgfwfd(12) Avgtdix(13) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0D0000000400000001000000020000000300000008000000090000000B0000000C0000000D0000000500000006000000070000000A000000
IpSec Tag value is correct.

**** End of log ****

#4 whatisavailable

whatisavailable
  • Topic Starter

  • Members
  • 212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:10:24 PM

Posted 02 January 2013 - 01:09 AM

Hi
Here is the same ones from before with the computer booted normally.

Results of screen317's Security Check version 0.99.56
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
AVG Internet Security 2013
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Windows Defender
Secunia PSI (2.0.0.3003)
Malwarebytes Anti-Malware version 1.65.1.1000
CCleaner
Java version out of Date!
Mozilla Firefox (17.0.1)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 9%
````````````````````End of Log``````````````````````



MiniToolBox by Farbar Version: 25-11-2012
Ran by Linda Heil (administrator) on 01-01-2013 at 23:36:05
Running from "C:\Documents and Settings\Linda Heil\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================


127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com

There are 14996 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Realtek RTL8139/810x Family Fast Ethernet NIC = Local Area Connection (Media disconnected)
Broadcom 802.11b/g WLAN = Wireless Network Connection 2 (Credentials required)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection 2"

set address name="Wireless Network Connection 2" source=dhcp
set dns name="Wireless Network Connection 2" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection 2" source=dhcp

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : Compaq_Laptop

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : austin.rr.com



Ethernet adapter Wireless Network Connection 2:



Connection-specific DNS Suffix . : austin.rr.com

Description . . . . . . . . . . . : Broadcom 802.11b/g WLAN

Physical Address. . . . . . . . . : 00-14-A5-E6-8D-ED

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.101

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 209.18.47.61

209.18.47.62

Lease Obtained. . . . . . . . . . : Tuesday, January 01, 2013 10:49:13 PM

Lease Expires . . . . . . . . . . : Wednesday, January 02, 2013 10:49:13 PM



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC

Physical Address. . . . . . . . . : 00-16-D4-40-B6-3F

Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: google.com
Addresses: 74.125.227.110, 74.125.227.96, 74.125.227.97, 74.125.227.98
74.125.227.99, 74.125.227.100, 74.125.227.101, 74.125.227.102, 74.125.227.103
74.125.227.104, 74.125.227.105



Pinging google.com [173.194.46.14] with 32 bytes of data:



Reply from 173.194.46.14: bytes=32 time=70ms TTL=54

Reply from 173.194.46.14: bytes=32 time=17ms TTL=54



Ping statistics for 173.194.46.14:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 17ms, Maximum = 70ms, Average = 43ms

Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: yahoo.com
Addresses: 72.30.38.140, 98.138.253.109, 98.139.183.24



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Reply from 98.139.183.24: bytes=32 time=146ms TTL=49

Reply from 98.139.183.24: bytes=32 time=112ms TTL=48



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 112ms, Maximum = 146ms, Average = 129ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 14 a5 e6 8d ed ...... Broadcom 802.11b/g WLAN - Packet Scheduler Miniport
0x3 ...00 16 d4 40 b6 3f ...... Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.101 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.101 192.168.1.101 25
192.168.1.101 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.101 192.168.1.101 25
224.0.0.0 240.0.0.0 192.168.1.101 192.168.1.101 25
255.255.255.255 255.255.255.255 192.168.1.101 3 1
255.255.255.255 255.255.255.255 192.168.1.101 192.168.1.101 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/01/2013 11:08:40 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (01/01/2013 11:08:05 PM) (Source: ESENT) (User: )
Description: Catalog Database (1960) Database C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb is partially attached. Attachment stage: 3. Error: -1032.

Error: (01/01/2013 11:08:04 PM) (Source: ESENT) (User: )
Description: svchost (1960) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (12/30/2012 03:20:28 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007043c.

Error: (12/30/2012 03:19:27 PM) (Source: MsiInstaller) (User: COMPAQ_LAPTOP)
Description: The installation of C:\Documents and Settings\Administrator\My Documents\Downloads\this.msi is not permitted due to an error in software restriction policy processing. The object cannot be trusted.

Error: (12/30/2012 03:19:07 PM) (Source: MsiInstaller) (User: COMPAQ_LAPTOP)
Description: The installation of C:\Documents and Settings\Administrator\My Documents\Downloads\HiJackThis.msi is not permitted due to an error in software restriction policy processing. The object cannot be trusted.

Error: (12/30/2012 03:18:47 PM) (Source: MsiInstaller) (User: COMPAQ_LAPTOP)
Description: The installation of C:\Documents and Settings\Administrator\My Documents\Downloads\HiJackThis.msi is not permitted due to an error in software restriction policy processing. The object cannot be trusted.

Error: (12/28/2012 11:10:05 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp, P4 4.1.522.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (12/27/2012 07:27:52 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 4.1.522.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (12/27/2012 06:42:29 PM) (Source: Application Error) (User: )
Description: Faulting application tweakingregistrybackup.exe, version 1.4.0.3, faulting module tweakingregistrybackup.exe, version 1.4.0.3, fault address 0x0013c4cf.
Processing media-specific event for [tweakingregistrybackup.exe!ws!]


System errors:
=============
Error: (01/01/2013 10:56:25 PM) (Source: Service Control Manager) (User: )
Description: The IMAPI CD-Burning COM Service service failed to start due to the following error:
%%1053

Error: (01/01/2013 10:56:25 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.

Error: (01/01/2013 10:56:20 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register with DCOM within the required timeout.

Error: (01/01/2013 10:55:13 PM) (Source: Service Control Manager) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
%%1070

Error: (01/01/2013 10:55:11 PM) (Source: Service Control Manager) (User: )
Description: The Telephony service hung on starting.

Error: (01/01/2013 10:52:47 PM) (Source: Service Control Manager) (User: )
Description: The vToolbarUpdater service failed to start due to the following error:
%%2

Error: (01/01/2013 10:52:47 PM) (Source: Service Control Manager) (User: )
Description: The TLRecAgent service failed to start due to the following error:
%%2

Error: (01/01/2013 10:52:47 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (01/01/2013 10:52:47 PM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3

Error: (01/01/2013 10:52:47 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5


Microsoft Office Sessions:
=========================
Error: (09/15/2010 04:14:01 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 2, Application Name: Microsoft Office Access, Application Version: 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 32 seconds with 0 seconds of active time. This session ended with a crash.

Error: (09/15/2010 04:11:06 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 2, Application Name: Microsoft Office Access, Application Version: 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 96 seconds with 0 seconds of active time. This session ended with a crash.

Error: (09/15/2010 04:08:54 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 2, Application Name: Microsoft Office Access, Application Version: 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 199 seconds with 60 seconds of active time. This session ended with a crash.

Error: (07/31/2010 00:06:56 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4144 seconds with 240 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

3ivx MPEG-4 5.0.3 (remove only) (Version: 5.0.3)
ABBYY FineReader 6.0 Sprint (Version: 6.00.1395.4512)
Adobe Flash Player 11 ActiveX (Version: 11.5.502.135)
Apple Application Support (Version: 1.5.2)
Apple Mobile Device Support (Version: 3.4.1.2)
Apple Software Update (Version: 2.1.3.127)
Athlon 64 Processor Driver (Version: 1.2.2.2)
ATI Control Panel (Version: 6.14.10.5171)
ATI Display Driver (Version: 8.202-051201a2-029034C-HP)
Auslogics Disk Defrag (Version: version 3.1)
AVG 2013 (Version: 13.0.2637)
AVG 2013 (Version: 13.0.2805)
AVG 2013 (Version: 2013.0.2805)
Bonjour (Version: 2.0.5.0)
BufferChm (Version: 70.0.170.000)
CCleaner (Version: 3.08)
CCScore (Version: 6.02.1001.0001)
Conexant AC-Link Audio
CP_AtenaShokunin1Config (Version: 60.0.155.000)
CP_CalendarTemplates1 (Version: 60.0.155.000)
cp_LightScribeConfig (Version: 60.0.155.000)
cp_OnlineProjectsConfig (Version: 60.0.155.000)
CP_Package_Basic1 (Version: 60.0.155.000)
CP_Package_Variety1 (Version: 60.0.155.000)
CP_Package_Variety2 (Version: 60.0.155.000)
CP_Package_Variety3 (Version: 60.0.155.000)
CP_Panorama1Config (Version: 60.0.155.000)
cp_PosterPrintConfig (Version: 60.0.155.000)
cp_UpdateProjectsConfig (Version: 60.0.155.000)
Critical Update for Windows Media Player 11 (KB959772)
CSE HTML Validator Lite v9.03
CueTour (Version: 60.0.155.000)
D1300 (Version: 70.0.260.000)
D1300_Help (Version: 70.0.260.000)
Destinations (Version: 60.0.155.000)
dupeGuru (Version: 3.1.0)
EPSON Attach To Email (Version: 1.01.0000)
EPSON Copy Utility 3 (Version: 3.2.0.0)
EPSON Event Manager (Version: 1.80.00)
EPSON File Manager (Version: 1.3.0.0)
EPSON Perf 4490P Guide
EPSON Scan
EPSON Scan Assistant (Version: 1.10.00)
ESET Online Scanner v3
ESSCDBK (Version: 6.02.0001.0001)
ESScore (Version: 6.02.1001.0001)
ESSgui (Version: 6.02.1001.0001)
ESSini (Version: 6.02.1001.0001)
ESSPCD (Version: 6.02.1001.0001)
ESSSONIC (Version: 6.2.0001.0001)
ESSTOOLS (Version: 5.00.0000.0004)
essvatgt (Version: 6.02.1001.0001)
eSupportQFolder (Version: 1.00.0000)
FullDPAppQFolder (Version: 1.00.0000)
Google Chrome (Version: 23.0.1271.97)
Google Update Helper (Version: 1.3.21.123)
HiJackThis (Version: 1.0.0)
HP DVD Play 2.0
HP Help and Support (Version: 4.2.0006)
HP Imaging Device Functions 7.0 (Version: 7.0)
HP Photosmart and Deskjet 7.0 Software (Version: 7.1)
HP Photosmart Essential (Version: 1.9.1.3)
HP Photosmart Premier Software 6.0 (Version: 6.0)
HP Solution Center 7.0 (Version: 7.0)
HP User Guides--System Recovery (Version: 1.00.0001)
HP User Guides 0025 (Version: 1.00.0000)
HP Wireless Assistant 2.00 C1 (Version: 2.00 C1)
hph_ProductContext (Version: 70.0.260.000)
hph_readme (Version: 70.0.260.000)
hph_software (Version: 70.0.260.000)
hph_software_req (Version: 70.0.260.000)
HPPhotoSmartExpress (Version: 70.0.170.000)
HPProductAssistant (Version: 70.0.170.000)
HpSdpAppCoreApp (Version: 3.00.0000)
InstantShareDevices (Version: 60.0.155.000)
iTunes (Version: 10.3.1.55)
Java Auto Updater (Version: 2.0.5.1)
kgcbaby (Version: 5.03.0000.0002)
kgcbase (Version: 5.03.0000.0004)
kgchday (Version: 5.03.0000.0002)
kgchlwn (Version: 5.03.0000.0002)
kgcinvt (Version: 5.03.0000.0003)
kgckids (Version: 5.03.0000.0002)
kgcmove (Version: 5.03.0000.0003)
kgcvday (Version: 5.03.0000.0002)
Kodak EasyShare software
KSU (Version: 632.62.0004.0001)
KWorld USB 2860 Device Driver
LightScribe 1.4.56.1 (Version: 1.4.56.1)
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB2604042)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.0 Security Update (KB2698035)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Ultimate 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.1.0522.0)
Microsoft Security Essentials (Version: 4.1.522.0)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000)
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft_VC90_CRT_x86 (Version: 1.0.0)
MobileMe Control Panel (Version: 3.1.6.0)
Mozilla Firefox 17.0.1 (x86 en-US) (Version: 17.0.1)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
netbrdg (Version: 6.02.1001.0001)
Notifier (Version: 6.02.0001.0001)
Office 2003 Trial Assistant (Version: 1.0.0)
OfotoXMI (Version: 6.02.0001.0001)
Online Testing Web Client
Opera 11.50 (Version: 11.50.1074)
OptionalContentQFolder (Version: 1.00.0000)
PCDADDIN (Version: 6.02.0001.0003)
PCDHELP (Version: 6.02.0001.0001)
PhotoGallery (Version: 60.0.155.000)
Picasa 3 (Version: 3.8)
PowerDirector
Quick Launch Buttons 5.20 G1 (Version: 5.20 G1)
Quicken 2006 (Version: 15.1.3.1)
RandMap (Version: 60.0.155.000)
Secunia PSI (2.0.0.3003)
SFR (Version: 6.02.0001.0001)
SHASTA (Version: 6.02.0001.0001)
SKIN0001 (Version: 6.02.1001.0001)
SkinsHP1 (Version: 60.0.155.000)
SKINXSDK (Version: 6.02.1001.0001)
SmartMusic 2011 (Version: 13.0.0)
Soft Data Fax Modem with SmartCP
SolutionCenter (Version: 70.0.170.000)
Sonic Audio Module (Version: 2.0.4)
Sonic Copy Module (Version: 2.0.4)
Sonic Data Module (Version: 2.0.4)
Sonic Express Labeler (Version: 2.0.0)
Sonic MyDVD Plus (Version: 6.2.0)
Sonic Update Manager (Version: 3.0.0)
Sonic_PrimoSDK (Version: 60.0.155.000)
SonicAC3Encoder (Version: 1.00.0000)
SonicMPEGEncoder (Version: 1.00.0000)
staticcr (Version: 5.03.0000.0001)
Status (Version: 70.0.170.000)
swMSM (Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 10.0.13.2)
Texas Instruments PCIxx21/x515/xx12 drivers. (Version: 1.15.0000)
The Price Is Right 1.1.4
TIPCI (Version: 1.15.0000)
Toolbox (Version: 70.0.170.000)
tooltips (Version: 6.02.0001.0001)
TrayApp (Version: 70.0.170.000)
Tweaking.com - Windows Repair (All in One) (Version: 1.9.2)
Unload (Version: 7.0.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760573) 32-Bit Edition
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 7 (KB976749) (Version: 1)
Update for Windows Internet Explorer 7 (KB980182) (Version: 1)
Update for Windows Internet Explorer 8 (KB2362765) (Version: 1)
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2616676-v2) (Version: 2)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update Rollup 2 for Windows XP Media Center Edition 2005
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
VPRINTOL (Version: 6.02.0001.0001)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 70.0.170.000)
Windows Defender (Version: 1.1.1593.21)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (Version: 1.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Search 4.0 (Version: 04.00.6001.503)
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3 (Version: 20080414.031525)
WIRELESS (Version: 6.02.0001.0001)
Wireless Home Network Setup (Version: 1.1.19.0)

========================= Memory info: ===================================

Percentage of memory in use: 90%
Total physical RAM: 382.17 MB
Available physical RAM: 37.97 MB
Total Pagefile: 916.25 MB
Available Pagefile: 155.46 MB
Total Virtual: 2047.88 MB
Available Virtual: 1982.09 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:44.03 GB) (Free:6.13 GB) NTFS
2 Drive d: (PRESARIO_RP) (Fixed) (Total:11.83 GB) (Free:0.66 GB) FAT32

========================= Users: ========================================

User accounts for \\COMPAQ_LAPTOP

Administrator ASPNET Guest
HelpAssistant Jim Linda Heil
SUPPORT_388945a0


**** End of log ****

Will post others soon - system low virtual memory error just popped up.

#5 whatisavailable

whatisavailable
  • Topic Starter

  • Members
  • 212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:10:24 PM

Posted 02 January 2013 - 01:27 AM

Please remove any personally identifying information once you've reviewed the logs.
Thanks!

Farbar Service Scanner Version: 23-12-2012
Ran by Linda Heil (administrator) on 02-01-2013 at 00:17:34
Running from "C:\Documents and Settings\Linda Heil\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============
BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Avgfwfd(12) Avgtdix(13) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0D0000000400000001000000020000000300000008000000090000000B0000000C0000000D0000000500000006000000070000000A000000
IpSec Tag value is correct.

**** End of log ****

#6 whatisavailable

whatisavailable
  • Topic Starter

  • Members
  • 212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:10:24 PM

Posted 02 January 2013 - 03:32 PM

MBAM log - nothing found.
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.02.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Linda Heil :: COMPAQ_LAPTOP [administrator]

1/2/2013 1:59:44 AM
mbam-log-2013-01-02 (01-59-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 271554
Time elapsed: 1 hour(s), 42 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#7 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:24 PM

Posted 02 January 2013 - 06:47 PM

I still need aswMBR log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#8 whatisavailable

whatisavailable
  • Topic Starter

  • Members
  • 212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:10:24 PM

Posted 02 January 2013 - 07:32 PM

I know. Last time I tried to run it the computer rebooted. Haven't been able to run it again yet.

#9 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:24 PM

Posted 02 January 2013 - 07:38 PM

Try to run it from safe mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#10 whatisavailable

whatisavailable
  • Topic Starter

  • Members
  • 212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:10:24 PM

Posted 02 January 2013 - 07:40 PM

Attempting that now. Computer is glacial slow.

#11 whatisavailable

whatisavailable
  • Topic Starter

  • Members
  • 212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:10:24 PM

Posted 03 January 2013 - 09:55 PM

Finally got something. The first log I got right before the laptop rebooted the first time it ran. The 2nd one appears to be clean...weird.

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-02 14:35:26
-----------------------------
14:35:26.781 OS Version: Windows 5.1.2600 Service Pack 3
14:35:26.781 Number of processors: 1 586 0x2C02
14:35:26.781 ComputerName: COMPAQ_LAPTOP UserName: Linda Heil
14:37:11.656 Initialize success
14:52:39.187 AVAST engine defs: 13010200
14:58:45.437 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
14:58:45.500 Disk 0 Vendor: WDC_WD600UE-22KVT0 01.03K01 Size: 57231MB BusType: 3
14:58:45.531 Disk 0 MBR read successfully
14:58:45.531 Disk 0 MBR scan
14:58:49.609 Disk 0 unknown MBR code
14:58:49.640 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 45088 MB offset 63
14:58:52.562 Disk 0 Partition 2 00 0C FAT32 LBA RECOVERY 12135 MB offset 92357685
14:58:54.718 Disk 0 scanning sectors +117210240
14:58:55.812 Disk 0 scanning C:\WINDOWS\system32\drivers
15:00:51.734 Service scanning
15:02:55.421 Service MpKsl2b2e20be c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{361D582D-81FD-4296-B330-C7E6F2160A03}\MpKsl2b2e20be.sys **LOCKED** 32
15:05:08.343 Modules scanning
15:06:43.968 Disk 0 trace - called modules:
15:06:44.000 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
15:06:44.000 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8338b030]
15:06:44.000 3 CLASSPNP.SYS[f75fefd7] -> nt!IofCallDriver -> \Device\0000007f[0x83345540]
15:06:44.000 5 ACPI.sys[f7495620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x833457f0]
15:06:47.875 AVAST engine scan C:\WINDOWS
15:08:01.312 AVAST engine scan C:\WINDOWS\system32
15:27:39.843 File: C:\WINDOWS\system32\QuickTime.qts **HIDDEN**
15:27:40.250 File: C:\WINDOWS\system32\QuickTimeVR.qtx **HIDDEN**
15:33:38.484 AVAST engine scan C:\WINDOWS\system32\drivers
15:35:27.562 AVAST engine scan C:\Documents and Settings\Linda Heil
15:55:05.375 AVAST engine scan C:\Documents and Settings\All Users
16:04:08.843 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Linda Heil\Desktop\MBR.dat"
16:04:09.234 The log file has been saved successfully to "C:\Documents and Settings\Linda Heil\Desktop\aswMBR.txt"



aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-03 12:10:24
-----------------------------
12:10:24.984 OS Version: Windows 5.1.2600 Service Pack 3
12:10:24.984 Number of processors: 1 586 0x2C02
12:10:24.984 ComputerName: COMPAQ_LAPTOP UserName: Administrator
12:10:42.546 Initialize success
12:19:22.750 AVAST engine defs: 13010300
12:20:12.890 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
12:20:12.968 Disk 0 Vendor: WDC_WD600UE-22KVT0 01.03K01 Size: 57231MB BusType: 3
12:20:13.046 Disk 0 MBR read successfully
12:20:13.078 Disk 0 MBR scan
12:20:45.671 Disk 0 unknown MBR code
12:20:45.734 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 45088 MB offset 63
12:21:01.156 Disk 0 Partition 2 00 0C FAT32 LBA RECOVERY 12135 MB offset 92357685
12:21:03.000 Disk 0 scanning sectors +117210240
12:21:05.187 Disk 0 scanning C:\WINDOWS\system32\drivers
12:24:01.250 Service scanning
12:26:42.609 Modules scanning
12:27:23.578 Disk 0 trace - called modules:
12:27:23.687 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
12:27:25.093 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x833746d0]
12:27:25.187 3 CLASSPNP.SYS[f7511fd7] -> nt!IofCallDriver -> \Device\0000007d[0x83377c28]
12:27:25.281 5 ACPI.sys[f7488620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8335b810]
12:27:30.437 AVAST engine scan C:\WINDOWS
12:27:56.109 AVAST engine scan C:\WINDOWS\system32
12:50:32.281 AVAST engine scan C:\WINDOWS\system32\drivers
12:52:00.609 AVAST engine scan C:\Documents and Settings\Administrator
12:56:24.781 AVAST engine scan C:\Documents and Settings\All Users
13:02:06.546 Scan finished successfully
15:33:51.781 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
15:33:51.828 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"
15:34:41.390 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Linda Heil\Desktop\MBR.dat"
15:34:41.500 The log file has been saved successfully to "C:\Documents and Settings\Linda Heil\Desktop\aswMBR-2.txt"

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:24 PM

Posted 03 January 2013 - 09:58 PM

So far I don't see anything malicious there.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

=============================================================================

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next...

  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.


=============================================================================

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    NOTE. If Eset doesn't find any threats it'll NOT produce any log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#13 whatisavailable

whatisavailable
  • Topic Starter

  • Members
  • 212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:10:24 PM

Posted 04 January 2013 - 01:58 AM

Log
# AdwCleaner v2.104 - Logfile created 01/04/2013 at 00:44:14
# Updated 29/12/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Administrator - COMPAQ_LAPTOP
# Boot Mode : Safe mode with networking
# Running from : C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

File : C:\Documents and Settings\Linda Heil\Application Data\Mozilla\Firefox\Profiles\66w0n7qd.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d6ydzonx.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [4910 octets] - [24/12/2012 22:42:26]
AdwCleaner[S1].txt - [5103 octets] - [24/12/2012 22:43:03]
AdwCleaner[S2].txt - [2301 octets] - [24/12/2012 23:29:19]
AdwCleaner[S3].txt - [1068 octets] - [04/01/2013 00:44:14]

########## EOF - C:\AdwCleaner[S3].txt - [1128 octets] ##########

#14 whatisavailable

whatisavailable
  • Topic Starter

  • Members
  • 212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:10:24 PM

Posted 04 January 2013 - 01:14 PM

ESET found nothing.

#15 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:24 PM

Posted 04 January 2013 - 06:15 PM

How is computer doing?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users