Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Computer Slows Down To A Crawl While Surfing The Net


  • This topic is locked This topic is locked
4 replies to this topic

#1 he's dead jim

he's dead jim

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Local time:01:44 AM

Posted 12 March 2014 - 11:01 PM

hello all. it's been awhile since my last visit. lol.

 

i am currently running a pentium 4 system with windows xp professional. (stop laughing)

 

for the last 2 weeks, my system has been slowing down whenever i surf the web. at first i thought it was my isp, but my other systems that are hooked up to the router work just fine.

 

my system is a bit slower lately, but not terribly so. however, when i start my browser, everything slows by about 25%. it doesn't matter which browser i use, IE of Firefox.

 

when i download anything, the system slows by about 75% and nothing can really be used until the download finishes. oddly enough, the download speeds are not affected.

 

also, my hard drive space is good. plenty of room. i'm usually the one people call for this sort of thing, but i leave the tough jobs for all of you.

 

:)

 

i ran hijack this and i have nothing starting up on boot.

 

i ran rkill and then ran the following:

 

tdsskiller - found nothing

 

spybot - found a non critical file but i didn't save the name before deleting it because i'm stupid.

 

malwarebytes - found nothing

 

superantispy - found nothing

 

i have also downloaded combofix, but have not used it yet.

 

i also disabled all plugins and addons, but it's just as slow.

 

all programs are fully updated as of 03-09-14.

 

i live in new york which is on the eastern standard time zone, so it is midnight, and i am going to bed. lol.

 

i will check this thread in the morning.

 

thanks in advance.


Edited by he's dead jim, 12 March 2014 - 11:02 PM.


BC AdBot (Login to Remove)

 


m

#2 mattsowders1989

mattsowders1989

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kentucky
  • Local time:12:44 AM

Posted 12 March 2014 - 11:16 PM

well im in the eastern time zone as well. ha.
 
i would run combofix, like you said. i would also run the following that you can get here at bleepingcomputer:
adwcleaner
junkware removal tool
 
if they dont find anything, id try to run check disk, have it search for bad sectors, if some are found, that may be some of your problem. i would say check your hardware, but you said you only get the slowdown when your using the net. try and see if you get a slowdown using anything else. could be a motherboard issue. post back some details and scan logs when you can
 
Matt


Mod Edit:

PM ing about forum rules on Combofix
~~ boopme

Edited by boopme, 13 March 2014 - 08:53 PM.


#3 he's dead jim

he's dead jim
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Local time:01:44 AM

Posted 13 March 2014 - 06:12 PM

thanks for the quick reply.
 
i ran combofix, adw cleaner, and junkware removal tool, and they all found something.
 
the computer runs faster now, but firefox is still slow at loading pages.
 
i am going to attatch the logs and then i will shut the system down and install a new ethernet card to see if my onboard nic is on its way out.
 
thanks again.

 

(sorry but I could not remember how to attatch the log files)

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Microsoft Windows XP x86
Ran by Johnny on Thu 03/13/2014 at  8:40:41.92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\smbarbroker.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\igearsettings
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\powerpack
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\smbarbroker.smbardealer
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\smbarbroker.smbardealer.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\updater.amiupd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\updater.amiupd.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{99c91fc5-db5b-4aa0-bb70-5d89c5a4df96}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110111251155}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0F2133BF-E71A-4FA7-9A33-18B92ACE295E}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] "hkey_current_user\software\pip"



~~~ Files

Successfully deleted: [File] C:\WINDOWS\Tasks\amiupdxp.job



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\trymedia"
Successfully deleted: [Folder] "C:\Program Files\coupons"
Successfully deleted: [Folder] "C:\WINDOWS\system32\ai_recyclebin"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\ask"





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 03/13/2014 at  8:45:45.89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

 

 

 

# AdwCleaner v3.021 - Report created 13/03/2014 at 08:47:17
# Updated 10/03/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Johnny - JOHNNY-FCE9EF16
# Running from : C:\Documents and Settings\Johnny\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found : C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\f6rx6iov.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
Folder Found : C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\f6rx6iov.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
Folder Found : C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\f6rx6iov.default\Extensions\donottrackplus@abine.com
Folder Found C:\Documents and Settings\All Users\Application Data\NCH Software
Folder Found C:\Documents and Settings\All Users\Application Data\QuickSet
Folder Found C:\Documents and Settings\All Users\Application Data\Vauodiixx
Folder Found C:\Documents and Settings\Johnny\Application Data\NCH Software
Folder Found C:\Program Files\WinToFlash Suggestor

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\caphyon
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Found : HKLM\Software\caphyon
Key Found : HKLM\SOFTWARE\Classes\AppID\{3A188115-B81B-48F2-A958-F974C8F3F309}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{43769158-3B03-4932-8D8A-8F0F344BF024}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Found : HKLM\SOFTWARE\Classes\Interface\{78CE34FD-F6D4-4866-B79C-A37268D06A04}
Key Found : HKLM\SOFTWARE\Classes\Interface\{80904944-C726-4C7D-A452-3FFF2A882095}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D9B1B31-D034-4738-8F6E-40F0AFCC742C}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\acaoakiamfeidcmgooclgeleejkbaecf
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Found : HKLM\Software\PIP

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\f6rx6iov.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [4575 octets] - [12/03/2014 23:35:44]
AdwCleaner[R1].txt - [2509 octets] - [13/03/2014 08:47:17]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [2569 octets] ##########
 

 

 

 

 

 

Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 03/13/2014 06:10:14 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * System Restore Disabled

   [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
   "DisableSR" = dword:00000001

 * Reparse Point/Junctions Found (Most likely legitimate)!

     * C:\WINDOWS\assembly\GAC_MSIL\CCC\2.0.0.0__90ba9c70f846762e => C:\WINDOWS\WinSxS\MSIL_CCC_90ba9c70f846762e_2.0.0.0_x-ww_c7ed2bb0 [Dir]
     * C:\WINDOWS\assembly\GAC_MSIL\CLI\2.0.0.0__90ba9c70f846762e => C:\WINDOWS\WinSxS\MSIL_CLI_90ba9c70f846762e_2.0.0.0_x-ww_42656733 [Dir]
     * C:\WINDOWS\assembly\GAC_MSIL\LOG\2.0.3693.42530__90ba9c70f846762e => C:\WINDOWS\WinSxS\MSIL_LOG_90ba9c70f846762e_2.0.3693.42530_x-ww_47e32df4 [Dir]
     * C:\WINDOWS\assembly\GAC_MSIL\MOM\2.0.0.0__90ba9c70f846762e => C:\WINDOWS\WinSxS\MSIL_MOM_90ba9c70f846762e_2.0.0.0_x-ww_a60193a8 [Dir]
     * C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a => C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 [Dir]
     * C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35 => C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5 [Dir]

Checking Windows Service Integrity:

 * System Restore Service (srservice) is not Running.
   Startup Type set to: Disabled

 * wscsvc (wscsvc) is not Running.
   Startup Type set to: Disabled

 * Automatic Updates (wuauserv) is not Running.
   Startup Type set to: Disabled

 * System Restore Filter Driver (sr) is not Running.
   Startup Type set to: Disabled

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * Cannot edit the HOSTS file.
 * Permissions Fixed. Administrators can now edit the HOSTS file.

 * HOSTS file entries found:

  127.0.0.1       localhost
  127.0.0.1    www.007guard.com
  127.0.0.1    007guard.com
  127.0.0.1    008i.com
  127.0.0.1    www.008k.com
  127.0.0.1    008k.com
  127.0.0.1    www.00hq.com
  127.0.0.1    00hq.com
  127.0.0.1    010402.com
  127.0.0.1    www.032439.com
  127.0.0.1    032439.com
  127.0.0.1    www.0scan.com
  127.0.0.1    0scan.com
  127.0.0.1    1000gratisproben.com
  127.0.0.1    www.1000gratisproben.com
  127.0.0.1    1001namen.com
  127.0.0.1    www.1001namen.com
  127.0.0.1    100888290cs.com
  127.0.0.1    www.100888290cs.com
  127.0.0.1    www.100sexlinks.com

  20 out of 15493 HOSTS entries shown.
  Please review HOSTS file for further entries.

Program finished at: 03/13/2014 06:11:15 PM
Execution time: 0 hours(s), 1 minute(s), and 0 seconds(s)
 

 

 

 

 

 

ComboFix 14-03-13.01 - Johnny 03/13/2014  18:18:13.23.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2047.1608 [GMT -4:00]
Running from: c:\documents and settings\Johnny\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((   Files Created from 2014-02-13 to 2014-03-13  )))))))))))))))))))))))))))))))
.
.
2014-03-13 20:42 . 2010-09-23 19:46    102416    ----a-w-    c:\windows\system32\RTNUninst32.dll
2014-03-13 20:33 . 2010-11-24 01:58    21760    ----a-r-    c:\windows\system32\drivers\DlinkNdPt5x.sys
2014-03-13 20:33 . 2014-03-13 20:35    --------    d-----w-    c:\program files\D-Link
2014-03-13 19:55 . 2010-11-24 01:53    80416    ----a-r-    c:\windows\system32\RtNicProp.dll
2014-03-13 19:55 . 2010-11-24 01:53    130432    ----a-r-    c:\windows\system32\drivers\Dlkrt32.sys
2014-03-13 19:07 . 2014-03-13 19:07    --------    d-----w-    c:\documents and settings\Johnny\Application Data\Leadertech
2014-03-13 14:17 . 2009-09-28 09:22    364544    ----a-w-    c:\windows\system32\m4x32coinst.dll
2014-03-13 14:17 . 2009-09-28 09:22    298752    ----a-w-    c:\windows\system32\drivers\m4cxw2k3.sys
2014-03-13 13:57 . 2014-03-13 13:57    --------    d-----w-    c:\documents and settings\Johnny\Local Settings\Application Data\TMP
2014-03-13 12:40 . 2014-03-13 12:40    --------    d-----w-    c:\windows\ERUNT
2014-03-13 03:35 . 2014-03-13 12:50    --------    d-----w-    C:\AdwCleaner
2014-03-08 01:27 . 2014-03-08 01:27    --------    d-----w-    c:\documents and settings\Johnny\Application Data\CrystalIdea Software
2014-03-07 02:22 . 2014-03-07 02:22    --------    d-----w-    C:\downloads
2014-03-06 16:07 . 2014-03-06 16:07    --------    d-----w-    c:\program files\Repair File
2014-03-06 16:00 . 2014-03-06 16:00    --------    d-----w-    c:\documents and settings\Johnny\Application Data\25444
2014-03-04 17:33 . 2014-03-04 17:38    --------    d-----w-    c:\windows\system32\MRT
2014-03-04 16:33 . 2013-07-17 00:58    123008    -c----w-    c:\windows\system32\dllcache\usbvideo.sys
2014-03-04 16:33 . 2013-07-17 00:58    46848    -c----w-    c:\windows\system32\dllcache\irbus.sys
2014-03-04 16:33 . 2013-07-03 02:12    25088    -c----w-    c:\windows\system32\dllcache\hidparse.sys
2014-03-04 16:33 . 2013-08-09 00:55    144128    -c----w-    c:\windows\system32\dllcache\usbport.sys
2014-03-04 16:33 . 2013-08-09 00:55    32384    -c----w-    c:\windows\system32\dllcache\usbccgp.sys
2014-03-04 16:33 . 2013-08-09 00:55    5376    -c----w-    c:\windows\system32\dllcache\usbd.sys
2014-03-04 16:33 . 2009-03-18 11:02    30336    -c----w-    c:\windows\system32\dllcache\usbehci.sys
2014-02-27 03:45 . 2014-02-27 03:45    469488    ----a-w-    c:\windows\system32\cpnprt2wswin32.cid
2014-02-27 03:45 . 2014-02-27 03:45    465280    ----a-w-    c:\windows\system32\cpnprt2win32.cid
2014-02-19 19:58 . 2014-02-19 19:58    --------    d-----w-    c:\documents and settings\Johnny\Local Settings\Application Data\Nickelodeon
2014-02-19 19:57 . 2014-02-19 19:58    --------    d-----w-    c:\documents and settings\Johnny\Local Settings\Application Data\Monkey Quest
2014-02-19 18:07 . 2014-02-19 18:07    --------    d-----w-    c:\documents and settings\Johnny\Application Data\Unity
2014-02-19 17:51 . 2014-02-19 17:51    --------    d-----w-    c:\documents and settings\Johnny\Application Data\.mono
2014-02-19 17:51 . 2014-02-19 17:51    --------    d-----w-    c:\documents and settings\All Users\Application Data\.mono
2014-02-19 17:49 . 2014-02-19 17:49    --------    d-----w-    c:\documents and settings\Johnny\Local Settings\Application Data\Unity
2014-02-19 08:34 . 2014-02-19 08:34    --------    d-----w-    c:\program files\UnrealStreaming
2014-02-19 08:27 . 2014-02-19 08:27    --------    d-----w-    c:\program files\SplitMediaLabs
2014-02-18 17:15 . 2014-02-18 17:16    --------    d-----w-    c:\documents and settings\Johnny\Local Settings\Application Data\Duplicate Image Finder
2014-02-16 11:16 . 2014-02-16 11:17    --------    d-----w-    c:\program files\Mozilla Thunderbird
2014-02-12 15:59 . 2014-02-12 15:59    --------    d-----w-    c:\documents and settings\Johnny\Local Settings\Application Data\Mozilla
2014-02-12 15:59 . 2014-03-03 05:49    --------    d-----w-    c:\program files\Mozilla Maintenance Service
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-11 19:29 . 2012-04-03 03:57    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-03-11 19:29 . 2011-10-11 18:56    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-05 23:26 . 2004-08-04 12:00    920064    ----a-w-    c:\windows\system32\wininet.dll
2014-02-05 23:26 . 2004-08-04 12:00    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2014-02-05 23:26 . 2004-08-04 12:00    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2014-02-05 23:26 . 2004-08-04 12:00    18944    ----a-w-    c:\windows\system32\corpol.dll
2014-02-05 22:24 . 2004-08-04 12:00    385024    ----a-w-    c:\windows\system32\html.iec
2014-01-30 03:11 . 2014-01-30 03:11    1409    ----a-w-    c:\windows\QTFont.for
2014-01-18 19:03 . 2013-11-02 14:18    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2014-01-08 02:46 . 2014-01-08 02:47    8192    ----a-w-    c:\windows\system32\srvany.exe
2014-01-04 03:13 . 2004-08-04 12:00    420864    ----a-w-    c:\windows\system32\vbscript.dll
2013-09-06 16:33 . 2013-09-06 16:36    4285990    ----a-w-    c:\program files\DX - Universal Update Pack - Addon Creator.exe
2012-04-10 00:44 . 2012-04-10 00:44    504320    ----a-w-    c:\program files\WININQUIRY.exe
2011-10-18 12:43 . 2011-10-18 12:43    61440    ----a-w-    c:\program files\CWID.exe
2011-10-16 21:10 . 2011-10-16 21:10    270142    ----a-w-    c:\program files\Minecraft.exe
2011-10-12 02:01 . 2011-10-12 02:01    45056    ----a-w-    c:\program files\FreeDVD.exe
2011-10-11 23:44 . 2011-10-11 23:44    132597    ----a-w-    c:\program files\Flash_Disinfector.exe
2011-10-11 16:19 . 2011-10-11 16:19    50688    ----a-w-    c:\program files\ATF-Cleaner.exe
2010-11-11 19:34 . 2011-10-11 19:17    201728    ----a-w-    c:\program files\hjsplit.exe
2008-09-10 19:00 . 2012-06-10 18:48    81920    ----a-w-    c:\program files\sherlock.exe
2007-03-22 00:19 . 2011-10-12 03:17    643072    ----a-w-    c:\program files\RipIt4Me.exe
2009-09-27 14:39    415744    --sh--w-    c:\windows\system32\avisynth.dll
2004-02-22 15:11    764416    --sh--w-    c:\windows\system32\devil.dll
2011-02-11 15:26    112128    --sha-r-    c:\windows\system32\OptimFROG.dll
2012-10-06 00:54    188416    --sha-r-    c:\windows\system32\winDCE32.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\CodeMeter\\Runtime\\bin\\CodeMeter.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
"56569:TCP"= 56569:TCP:Pando Media Booster
"56569:UDP"= 56569:UDP:Pando Media Booster
.
R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [10/7/2010 3:36 PM 234160]
R0 MDPMGRNT;MacDrive partition driver;c:\windows\system32\drivers\MDPMGRNT.SYS [5/12/2010 2:51 PM 29792]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [10/11/2011 12:26 AM 13696]
R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [10/11/2011 12:27 AM 6272]
R1 CBDisk;CBDisk;c:\windows\system32\drivers\CBDisk.sys [11/3/2011 1:50 PM 57800]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [1/25/2012 12:33 AM 21992]
R2 WLNdis50;Wireless Lan NDIS Protocol I/O Control;c:\windows\system32\drivers\WLNdis50.sys [10/15/2011 9:15 PM 20480]
S2 Ca1528av;SPCA1528 Video Camera Service;c:\windows\system32\drivers\Ca1528av.sys [6/1/2013 2:58 PM 516480]
S2 Scutum50;Scutum50 NDIS Protocol Driver; [x]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [10/11/2011 12:30 AM 1691480]
S3 Bulk1528;SPCA1528 Still Camera Service;c:\windows\system32\drivers\Bulk1528.sys [6/1/2013 2:58 PM 11648]
S3 DLINKVLANMP;D-Link Virtual Adapter;c:\windows\system32\DRIVERS\DLINKVLAN.SYS --> c:\windows\system32\DRIVERS\DLINKVLAN.SYS [?]
S3 DLKRT32;D-Link DGE-530T Gigabit Ethernet Adapter Driver;c:\windows\system32\drivers\Dlkrt32.sys [3/13/2014 3:55 PM 130432]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [9/28/2012 11:05 PM 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [9/28/2012 11:05 PM 8456]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [6/14/2013 11:50 PM 30464]
S3 m4cxw2k3;NDIS5.1 Miniport Driver for D-Link DGE-5xx Gigabit Ethernet Adapter;c:\windows\system32\drivers\m4cxw2k3.sys [3/13/2014 10:17 AM 298752]
S3 pmxscan;Memorex USB Kernel;c:\windows\system32\drivers\usbscan.sys [11/9/2011 10:23 PM 14976]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 4:30 AM 15544]
S3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle;c:\windows\system32\drivers\RTL8187B.sys [1/4/2014 11:26 PM 264576]
S3 SkLaggProtocol;Marvell Link Aggregation Protocol;c:\windows\system32\DRIVERS\yk51x86l.sys --> c:\windows\system32\DRIVERS\yk51x86l.sys [?]
S3 SkVlanProtocol;Marvell VLAN Protocol;c:\windows\system32\DRIVERS\yk51x86v.sys --> c:\windows\system32\DRIVERS\yk51x86v.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/10/2013 1:38 PM 11520]
S4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [8/11/2011 7:38 PM 116608]
S4 Blackberry Device Manager;BlackBerry Device Manager;c:\program files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [1/18/2013 6:10 PM 577536]
S4 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\CodeMeter\Runtime\bin\CodeMeter.exe [3/4/2013 10:57 AM 2571704]
S4 Garmin Core Update Service;Garmin Core Update Service;c:\program files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [9/19/2013 8:46 AM 250200]
S4 KMService;KMService;c:\windows\system32\srvany.exe [1/7/2014 10:47 PM 8192]
S4 MacDrive8Service;MacDrive 8 service;c:\program files\Mediafour\MacDrive 8\MacDrive8Service.exe [10/8/2010 12:11 PM 131584]
S4 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [10/14/2011 2:01 AM 994360]
S4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [9/5/2013 11:34 AM 171680]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 22798560
*NewlyCreated* - RDPNP
*Deregistered* - 22798560
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 18:24    451872    ----a-w-    c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 167.206.13.180 167.206.13.181
FF - ProfilePath - c:\documents and settings\Johnny\Application Data\Mozilla\Firefox\Profiles\f6rx6iov.default\
FF - prefs.js: browser.startup.homepage - www.google.com
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-03-13 18:23
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(876)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1168)
c:\windows\system32\WININET.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2014-03-13  18:26:23
ComboFix-quarantined-files.txt  2014-03-13 22:26
ComboFix2.txt  2014-03-13 13:09
.
Pre-Run: 42,705,833,984 bytes free
Post-Run: 42,693,632,000 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
.
- - End Of File - - 2B19D187B2D160986828444B974928B2
8F558EB6672622401DA993E1E865C861
 



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,173 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:44 AM

Posted 13 March 2014 - 08:48 PM

Removed reply to ComboFix log and moved to forum for those logs.
Virus, Trojan, Spyware, and Malware Removal Logs
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,173 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:44 AM

Posted 14 March 2014 - 09:48 AM

This PC is fixed .. Pm from OP.

Closed post.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users