Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Very slow browser and security certificate errors


  • Please log in to reply
28 replies to this topic

#1 zimmer46

zimmer46

  • Members
  • 166 posts
  • OFFLINE
  •  
  • Local time:10:33 PM

Posted 24 October 2013 - 03:13 AM

Heelo,

I have an old laptop .  Celeron processor with 1Gb RAM rnning XP Pro.  Works OK and used mainly for basic web browsing and Facebook.  However, the browser is incredidbly slow and I have noticed a lot of Security Certificate Error returns when browsing.  EG every Google site seems to come back with an error.  I ram Malwarebytes and it found issues which it cleaned, but problem still persitsts so I fear something else is at work.

 

Would appreciate some assistance in getting the unit clean.  Thank you.

 

 

Andrew



BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:33 PM

Posted 24 October 2013 - 06:19 PM

p22002970.gif Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.

p22002970.gif Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


p22002970.gif Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size

Click Go and post the result.

p22002970.gif Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

p22002970.gifDownload Malwarebytes Anti-Rootkit from HERE to your Desktop.
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • DO NOT click on the Cleanup button. Simply exit the program.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt


p22002970.gif Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.


If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

NOTE Do NOT wrap your logs in "quote" or "code" brackets.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 zimmer46

zimmer46
  • Topic Starter

  • Members
  • 166 posts
  • OFFLINE
  •  
  • Local time:10:33 PM

Posted 25 October 2013 - 04:47 AM

Thank you your help Broni.  I think you have helped me in the past.  It is much appreciated.

 

After I posted the initial request I noticed that an scvhost process was running using 100% CPU and traced it to the Windows auto update process.  I disabled  that process and the laptop has been responding much faster. as soon as I re-enable it the CPU is overwhelmed and the laptop grinds to a halt.  So, the update process is currently disabled to allow me to work through your steps.

 

Logs as requested.  There is no Rootkit log as it did not find anthing.

 

 Results of screen317's Security Check version 0.99.74 
 Windows XP Service Pack 3 x86  
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Please wait while WMIC is being installed.d
i
s
p
l
a
y
N
a
m
e
ECHO is off.
a
v
a
s
t
!
ECHO is off.
A
n
t
i
v
i
r
u
s
ECHO is off.
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 MVPS Hosts File 
 Malwarebytes Anti-Malware version 1.75.0.1300 
 CCleaner    
 Mozilla Firefox 22.0 Firefox out of Date! 
````````Process Check: objlist.exe by Laurent```````` 
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast avastUI.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 8%
````````````````````End of Log``````````````````````
 

 

 

Farbar Service Scanner Version: 24-10-2013
Ran by User (administrator) on 25-09-2013 at 09:06:23
Running from "C:\Documents and Settings\User\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Disabled. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".

Windows Autoupdate Disabled Policy:
============================

Other Services:
==============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
aswTdi(13) Gpc(4) IPSec(6) irda(3) NetBT(7) NwlnkIpx(10) NwlnkNb(11) PSched(8) Tcpip(5)
0x0D0000000600000001000000020000000300000004000000050000000D000000090000000C00000007000000080000000A0000000B000000
IpSec Tag value is correct.

**** End of log ****

 

 

 

MiniToolBox by Farbar  Version: 13-07-2013
Ran by User (administrator) on 25-09-2013 at 09:09:25
Running from "C:\Documents and Settings\User\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

127.0.0.1       localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com

There are 15452 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

1394 Net Adapter = 1394 Connection (Connected)
Intel® PRO/Wireless 2915ABG Network Connection = Wireless Network Connection (Connected)
Realtek RTL8139 Family PCI Fast Ethernet NIC = Local Area Connection (Media disconnected)

# ----------------------------------
# Interface IP Configuration        
# ----------------------------------
pushd interface ip

# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=static addr=192.168.0.1 mask=255.255.255.0
set dns name="Local Area Connection" source=static addr=none register=PRIMARY
set wins name="Local Area Connection" source=static addr=none

popd
# End of interface IP configuration

 

Windows IP Configuration

 

        Host Name . . . . . . . . . . . . : user-b54076eb83

        Primary Dns Suffix  . . . . . . . :

        Node Type . . . . . . . . . . . . : Mixed

        IP Routing Enabled. . . . . . . . : Yes

        WINS Proxy Enabled. . . . . . . . : No

 

Ethernet adapter Wireless Network Connection:

 

        Connection-specific DNS Suffix  . :

        Description . . . . . . . . . . . : Intel® PRO/Wireless 2915ABG Network Connection

        Physical Address. . . . . . . . . : 00-16-6F-6F-6E-1F

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 192.168.0.19

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        Default Gateway . . . . . . . . . : 192.168.0.1

        DHCP Server . . . . . . . . . . . : 192.168.0.1

        DNS Servers . . . . . . . . . . . : 192.168.0.1

        Lease Obtained. . . . . . . . . . : 25 September 2013 08:50:10

        Lease Expires . . . . . . . . . . : 26 September 2013 08:50:10

 

Ethernet adapter Local Area Connection:

 

        Media State . . . . . . . . . . . : Media disconnected

        Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethernet NIC

        Physical Address. . . . . . . . . : 00-0F-B0-EF-6C-1F

Server:  www.routerlogin.com
Address:  192.168.0.1

DNS request timed out.
    timeout was 2 seconds.
Name:    google.com
Addresses:  173.194.41.135, 173.194.41.130, 173.194.41.131, 173.194.41.142
   173.194.41.132, 173.194.41.128, 173.194.41.134, 173.194.41.136, 173.194.41.129
   173.194.41.133, 173.194.41.137

 

Pinging google.com [173.194.41.65] with 32 bytes of data:

 

Reply from 173.194.41.65: bytes=32 time=34ms TTL=58

Reply from 173.194.41.65: bytes=32 time=33ms TTL=58

 

Ping statistics for 173.194.41.65:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 33ms, Maximum = 34ms, Average = 33ms

Server:  www.routerlogin.com
Address:  192.168.0.1

Name:    yahoo.com
Addresses:  98.138.253.109, 206.190.36.45, 98.139.183.24

 

Pinging yahoo.com [98.138.253.109] with 32 bytes of data:

 

Request timed out.

Reply from 98.138.253.109: bytes=32 time=147ms TTL=51

 

Ping statistics for 98.138.253.109:

    Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),

Approximate round trip times in milli-seconds:

    Minimum = 147ms, Maximum = 147ms, Average = 147ms

 

Pinging 127.0.0.1 with 32 bytes of data:

 

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

 

Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 16 6f 6f 6e 1f ...... Intel® PRO/Wireless 2915ABG Network Connection - Packet Scheduler Miniport
0x3 ...00 0f b0 ef 6c 1f ...... Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1    192.168.0.19   25
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1   1
      169.254.0.0      255.255.0.0     192.168.0.19    192.168.0.19   20
      192.168.0.0    255.255.255.0     192.168.0.19    192.168.0.19   25
     192.168.0.19  255.255.255.255        127.0.0.1       127.0.0.1   25
    192.168.0.255  255.255.255.255     192.168.0.19    192.168.0.19   25
        224.0.0.0        240.0.0.0     192.168.0.19    192.168.0.19   25
  255.255.255.255  255.255.255.255     192.168.0.19               3   1
  255.255.255.255  255.255.255.255     192.168.0.19    192.168.0.19   1
Default Gateway:       192.168.0.1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\system32\nwprovau.dll [142336] (Microsoft Corporation)
Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/24/2013 09:54:27 AM) (Source: Application Hang) (User: )
Description: Fault bucket 1180947459.

Error: (09/24/2013 09:54:22 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (09/24/2013 09:07:22 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (09/23/2013 02:30:39 PM) (Source: Application Hang) (User: )
Description: Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/20/2013 07:01:26 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/20/2013 07:01:05 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/17/2013 04:38:34 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/02/2013 00:14:50 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/19/2013 02:03:34 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/19/2013 02:03:34 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

System errors:
=============
Error: (09/24/2013 06:33:58 PM) (Source: DCOM) (User: USER-B54076EB83)
Description: DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (09/24/2013 06:30:54 PM) (Source: DCOM) (User: USER-B54076EB83)
Description: DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (09/24/2013 06:15:32 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (09/24/2013 06:14:21 PM) (Source: DCOM) (User: USER-B54076EB83)
Description: DCOM got error "%%1084" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (09/24/2013 06:14:00 PM) (Source: DCOM) (User: USER-B54076EB83)
Description: DCOM got error "%%1084" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (09/24/2013 06:10:19 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Aavmker4
aswSnx
aswSP
aswTdi
Fips
intelppm

Error: (09/24/2013 06:09:31 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (09/24/2013 06:09:17 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service upnphost with arguments ""
in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}

Error: (09/24/2013 06:01:29 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the avast! Antivirus service.

Error: (09/24/2013 04:49:47 PM) (Source: Service Control Manager) (User: )
Description: The IMAPI CD-Burning COM Service service failed to start due to the following error:
%%1053

Microsoft Office Sessions:
=========================
Error: (09/24/2013 09:54:27 AM) (Source: Application Hang)(User: )
Description: 1180947459

Error: (09/24/2013 09:54:22 AM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (09/24/2013 09:07:22 AM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (09/23/2013 02:30:39 PM) (Source: Application Hang)(User: )
Description: SpybotSD.exe1.6.2.46hungapp0.0.0.000000000

Error: (08/20/2013 07:01:26 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (08/20/2013 07:01:05 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (08/17/2013 04:38:34 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (08/02/2013 00:14:50 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (07/19/2013 02:03:34 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (07/19/2013 02:03:34 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

=========================== Installed Programs ============================

Agere Systems AC'97 Modem
Apple Application Support (Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (Version: 2.1.3.127)
avast! Free Antivirus (Version: 7.0.1474.0)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 3.15)
CPUID CPU-Z 1.59
Intel® Graphics Media Accelerator Driver for Mobile
iTunes (Version: 11.1.2.31)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Automated Troubleshooting Services Shim
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 22.0 (x86 en-US) (Version: 22.0)
Mozilla Maintenance Service (Version: 22.0)
MSXML 6.0 Parser (Version: 6.10.1129.0)
Realtek AC'97 Audio
Synaptics Pointing Device Driver (Version: 7.11.9.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows PowerShell™ 1.0 (Version: 2)
Windows XP Service Pack 3 (Version: 20080414.031525)

========================= Devices: ================================

========================= Memory info: ===================================

Percentage of memory in use: 57%
Total physical RAM: 1015.42 MB
Available physical RAM: 430.29 MB
Total Pagefile: 2443.71 MB
Available Pagefile: 2004.95 MB
Total Virtual: 2047.88 MB
Available Virtual: 1969.54 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:37.25 GB) (Free:16.08 GB) NTFS

========================= Users: ========================================

User accounts for \\USER-B54076EB83

Administrator            Guest                    HelpAssistant           
SUPPORT_388945a0         User                    

**** End of log ****

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.25.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
User :: USER-B54076EB83 [administrator]

25/09/2013 09:21:14
mbam-log-2013-09-25 (09-21-14).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 188945
Time elapsed: 10 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

 

 

Rkill 2.6.2 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/25/2013 10:32:54 AM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * Automatic Updates (wuauserv) is not Running.
   Startup Type set to: Disabled

Searching for Missing Digital Signatures:

 * C:\WINDOWS\System32\drivers\mqac.sys : 91,776 : 06/22/2009 12:48 AM : eee50bf24caeedb515a8f3b22756d3bb [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB971032\SP2QFE\mqac.sys : 91,776 : 06/22/2009 12:30 AM : 9229e191fe206628be17d1e67a5faed9 [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB971032$\mqac.sys : 72,960 : 08/04/2004 01:00 PM : db07b0088cdfd20c2a22e675120ede34 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\mqac.sys : 92,544 : 04/13/2008 07:39 PM : 70c14f5cca5cf73f8a645c73a01d8726 [Pos Repl]
 +-> C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\mqac.sys : 92,544 : 04/13/2008 07:39 PM : 70c14f5cca5cf73f8a645c73a01d8726 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\mqac.sys : 91,776 : 06/22/2009 12:48 AM : eee50bf24caeedb515a8f3b22756d3bb [Pos Repl]

Checking HOSTS File:

 * Cannot edit the HOSTS file.
 * Permissions Fixed. Administrators can now edit the HOSTS file.

 * HOSTS file entries found:

  127.0.0.1       localhost
  127.0.0.1 www.007guard.com
  127.0.0.1 007guard.com
  127.0.0.1 008i.com
  127.0.0.1 www.008k.com
  127.0.0.1 008k.com
  127.0.0.1 www.00hq.com
  127.0.0.1 00hq.com
  127.0.0.1 010402.com
  127.0.0.1 www.032439.com
  127.0.0.1 032439.com
  127.0.0.1 www.0scan.com
  127.0.0.1 0scan.com
  127.0.0.1 1000gratisproben.com
  127.0.0.1 www.1000gratisproben.com
  127.0.0.1 1001namen.com
  127.0.0.1 www.1001namen.com
  127.0.0.1 100888290cs.com
  127.0.0.1 www.100888290cs.com
  127.0.0.1 www.100sexlinks.com

  20 out of 15472 HOSTS entries shown.
  Please review HOSTS file for further entries.

Program finished at: 09/25/2013 10:34:25 AM
Execution time: 0 hours(s), 1 minute(s), and 31 seconds(s)



#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:33 PM

Posted 25 October 2013 - 10:30 AM

MBAR?


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 zimmer46

zimmer46
  • Topic Starter

  • Members
  • 166 posts
  • OFFLINE
  •  
  • Local time:10:33 PM

Posted 25 October 2013 - 11:19 AM

MBAR runs to completion and goes to the Clean Up screen saying ....

"Congratulations, no clean up is required"

"Scan finished. No malware found"

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:33 PM

Posted 25 October 2013 - 12:03 PM

p22002970.gif Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

=============================================================================

p22002970.gif Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


=============================================================================

p22002970.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


=======================================

p22002970.gif Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    NOTE. If Eset doesn't find any threats it'll NOT produce any log.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 zimmer46

zimmer46
  • Topic Starter

  • Members
  • 166 posts
  • OFFLINE
  •  
  • Local time:10:33 PM

Posted 25 October 2013 - 03:13 PM

Logs attached.

 

# AdwCleaner v3.010 - Report created 25/09/2013 at 20:11:37
# Updated 20/10/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : User - USER-B54076EB83
# Running from : C:\Documents and Settings\User\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\iMesh Applications
Folder Deleted : C:\Documents and Settings\User\Local Settings\Application Data\iMesh
Folder Deleted : C:\Documents and Settings\User\Local Settings\Application Data\PackageAware
Folder Deleted : C:\Documents and Settings\User\Application Data\wincoreimband
File Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\0\Extensions\freehdsport@freehdsport.tv.xpi
File Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\0\user.js

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DATAMNGR
Key Deleted : HKCU\Software\eed8dfb238ee44
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{364EA597-E728-4CE4-BB4A-ED846EF47970}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{364EA597-E728-4CE4-BB4A-ED846EF47970}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\iMesh Applications\iMesh\iMesh.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\iMesh Applications\iMesh\iMesh.exe]
Key Deleted : HKCU\Software\Imesh
Key Deleted : HKLM\Software\Tarma Installer

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v22.0 (en-US)

[ File : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\0\prefs.js ]

[ File : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\g5ue6l3q.default\prefs.js ]

*************************

AdwCleaner[R0].txt - [5603 octets] - [25/09/2013 20:10:35]
AdwCleaner[S0].txt - [5630 octets] - [25/09/2013 20:11:37]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5690 octets] ##########

 

 

# AdwCleaner v3.010 - Report created 25/09/2013 at 20:11:37
# Updated 20/10/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : User - USER-B54076EB83
# Running from : C:\Documents and Settings\User\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\iMesh Applications
Folder Deleted : C:\Documents and Settings\User\Local Settings\Application Data\iMesh
Folder Deleted : C:\Documents and Settings\User\Local Settings\Application Data\PackageAware
Folder Deleted : C:\Documents and Settings\User\Application Data\wincoreimband
File Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\0\Extensions\freehdsport@freehdsport.tv.xpi
File Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\0\user.js

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DATAMNGR
Key Deleted : HKCU\Software\eed8dfb238ee44
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{364EA597-E728-4CE4-BB4A-ED846EF47970}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{364EA597-E728-4CE4-BB4A-ED846EF47970}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\iMesh Applications\iMesh\iMesh.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\iMesh Applications\iMesh\iMesh.exe]
Key Deleted : HKCU\Software\Imesh
Key Deleted : HKLM\Software\Tarma Installer

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v22.0 (en-US)

[ File : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\0\prefs.js ]

[ File : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\g5ue6l3q.default\prefs.js ]

*************************

AdwCleaner[R0].txt - [5603 octets] - [25/09/2013 20:10:35]
AdwCleaner[S0].txt - [5630 octets] - [25/09/2013 20:11:37]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5690 octets] ##########

 

 

 

ESET did not find any threats - No log generated



#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:33 PM

Posted 25 October 2013 - 03:17 PM

You posted AdwCleaner log twice.

I still need JRT log.

 

How is computer doing anyway?


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 zimmer46

zimmer46
  • Topic Starter

  • Members
  • 166 posts
  • OFFLINE
  •  
  • Local time:10:33 PM

Posted 25 October 2013 - 04:37 PM

Ha ha.  No idea how I managed that !

JRT log below.

 

Laptop is running quite well.  Still get security certificate erros whenever I try to go to the site to download the Chrome browser, which is where this all started.  I still have Windows update service disabled to prevent the 100% CPU useage issue, but I guess that is another issue.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Microsoft Windows XP x86
Ran by User on 25/09/2013 at 20:18:59.01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}

 

~~~ Files

 

~~~ Folders

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25/09/2013 at 20:25:17.35
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:33 PM

Posted 25 October 2013 - 05:34 PM

Still get security certificate erros

 

In what browser?

Make sure your computer date and time are correct.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 zimmer46

zimmer46
  • Topic Starter

  • Members
  • 166 posts
  • OFFLINE
  •  
  • Local time:10:33 PM

Posted 26 October 2013 - 02:24 AM

Was happening in IE 8 mainly. However, you were correct. The time was set correctly, but the date was exactly 1 month behind. I reset it and the security certs have stopped. Seems to be working fine now.

I have been trying to fix the memory leak issue caused by Windows Update, but I don't think there is a fix. If I disable the service, the PC works fine, but as soon as I restart the service and try running Windows Update, the CPU maxes out at 100% and the PC grinds to a halt so I have just left it disabled. I understand XP will not receive any security update after April 2014 anyway.

#12 jacafrica

jacafrica

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 26 October 2013 - 05:19 AM

After spending countless hours for the solution to "security certificates errors" I found onthe net a very simple WORKING solution as follows : Go to Internet>Options>Advanced,and uncheck "warn about Certificates adress mismatch"

third from the bottom of the list

then save and restart the computer

et VOILA !!!!!



#13 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:33 PM

Posted 26 October 2013 - 01:36 PM

Download Windows Repair (All in One) from this site

Install the program then run it.

NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.


Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

p22002979.gif



Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

p22002980.gif


Go to Step 4 and under "System Restore" click on Create button:

p22002982.gif


Go to Start Repairs tab and click Start button.

Leave all checkmarks as they're.
NOTE for Windows 8 users. Reset Registry Permissions is NOT checked by design.

Click on Start button.

p22003030.gif

Post Windows Repair log (_windows_repair_log.txt) which is located in the following folder:
64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs

 

When done see how CPU usage is.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#14 zimmer46

zimmer46
  • Topic Starter

  • Members
  • 166 posts
  • OFFLINE
  •  
  • Local time:10:33 PM

Posted 27 October 2013 - 06:01 AM

OK ran the latest tools.  After restart the PC seemed OK.  I monitored the cpu usage in the Processes tab in TaskMgr and it settles to only a few % after all the startup stuff had completed.  However, within about 2/3 minutes an scvhost process moved to 99% and the PC ground to a halt again.  I tried running Windows Update but it never got beyong the "checking for available updates".  The yellow sheild icon was in the icon tray showing it was trying to download updates but it never got beyond 0%.  I left it for 2 hours without any change.

 

Decided to stop the update, and have again deactivated the Windows AutuUpdate service and PC works fine.

 

Log attached :-

 

Starting Repairs...
   Start (27/10/2013 09:04:02)

01 - Reset Registry Permissions 01/03
   HKEY_CURRENT_USER & Sub Keys
   Start (27/10/2013 09:04:02)
   Running Repair Under Current User Account
   Done (27/10/2013 09:04:25)

01 - Reset Registry Permissions 02/03
   HKEY_LOCAL_MACHINE & Sub Keys
   Start (27/10/2013 09:04:25)
   Running Repair Under System Account
   Done (27/10/2013 09:05:24)

01 - Reset Registry Permissions 03/03
   HKEY_CLASSES_ROOT & Sub Keys
   Start (27/10/2013 09:05:24)
   Running Repair Under System Account
   Done (27/10/2013 09:05:51)

03 - Register System Files
   Start (27/10/2013 09:05:51)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (27/10/2013 09:10:03)

04 - Repair WMI
   Start (27/10/2013 09:10:03)
   Running Repair Under Current User Account
   Done (27/10/2013 09:13:43)

05 - Repair Windows Firewall
   Start (27/10/2013 09:13:43)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (27/10/2013 09:13:57)

06 - Repair Internet Explorer
   Start (27/10/2013 09:13:57)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (27/10/2013 09:17:59)

07 - Repair MDAC/MS Jet
   Start (27/10/2013 09:17:59)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (27/10/2013 09:18:14)

08 - Repair Hosts File
   Start (27/10/2013 09:18:14)
   Running Repair Under System Account
   Done (27/10/2013 09:18:16)

09 - Remove Policies Set By Infections
   Start (27/10/2013 09:18:16)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (27/10/2013 09:18:21)

11 - Repair Icons
   Start (27/10/2013 09:18:21)
   Running Repair Under System Account
   Done (27/10/2013 09:18:23)

12 - Repair Winsock & DNS Cache
   Start (27/10/2013 09:18:23)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (27/10/2013 09:18:34)

14 - Repair Proxy Settings
   Start (27/10/2013 09:18:34)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (27/10/2013 09:18:39)

16 - Repair Windows Updates
   Start (27/10/2013 09:18:39)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (27/10/2013 09:19:14)

17 - Repair CD/DVD Missing/Not Working
   Start (27/10/2013 09:19:14)
   Done (27/10/2013 09:19:14)

18 - Repair Volume Shadow Copy Service
   Start (27/10/2013 09:19:14)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (27/10/2013 09:19:42)

20 - Repair MSI (Windows Installer)
   Start (27/10/2013 09:19:42)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (27/10/2013 09:19:59)

22.01 - Repair bat Association
   Start (27/10/2013 09:19:59)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (27/10/2013 09:20:03)

22.02 - Repair cmd Association
   Start (27/10/2013 09:20:03)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (27/10/2013 09:20:08)

22.03 - Repair com Association
   Start (27/10/2013 09:20:08)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (27/10/2013 09:20:13)

22.04 - Repair Directory Association
   Start (27/10/2013 09:20:13)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (27/10/2013 09:20:17)

22.05 - Repair Drive Association
   Start (27/10/2013 09:20:17)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (27/10/2013 09:20:22)

22.06 - Repair exe Association
   Start (27/10/2013 09:20:22)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (27/10/2013 09:20:27)

22.07 - Repair Folder Association
   Start (27/10/2013 09:20:27)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (27/10/2013 09:20:31)

22.08 - Repair inf Association
   Start (27/10/2013 09:20:31)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (27/10/2013 09:20:36)

22.09 - Repair lnk (Shortcuts) Association
   Start (27/10/2013 09:20:36)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (27/10/2013 09:20:41)

22.10 - Repair msc Association
   Start (27/10/2013 09:20:41)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (27/10/2013 09:20:45)

22.11 - Repair reg Association
   Start (27/10/2013 09:20:45)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (27/10/2013 09:20:50)

22.12 - Repair scr Association
   Start (27/10/2013 09:20:50)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (27/10/2013 09:20:55)

23 - Repair Windows Safe Mode
   Start (27/10/2013 09:20:55)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (27/10/2013 09:20:59)

24 - Repair Print Spooler
   Start (27/10/2013 09:20:59)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (27/10/2013 09:21:10)

25 - Restore Important Windows Services
   Start (27/10/2013 09:21:10)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (27/10/2013 09:21:17)

26 - Set Windows Services To Default Startup
   Start (27/10/2013 09:21:17)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (27/10/2013 09:21:40)

Cleaning up empty logs...

All Selected Repairs Done.
   Done (27/10/2013 09:21:40)
   Total Repair Time: 00:17:38

...YOU MUST RESTART YOUR SYSTEM...
   Running Repair Under Current User Account



#15 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:33 PM

Posted 27 October 2013 - 04:29 PM

That high CPU usage is still happening after running Windows Repair Tool?


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users