Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Slow moving Windows XP [Solved]


  • This topic is locked This topic is locked
16 replies to this topic

#1 TTGSC

TTGSC

    Authentic Member

  • Authentic Member
  • PipPip
  • 57 posts

Posted 05 February 2013 - 12:11 AM

Hi Having a few issues with my XP - programs are becoming increasingly slow to start and i get the occasional frozen program during operation. Logs posted below DDS (Ver_2012-11-20.01) - FAT32_x86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.11.2 Run by Kevin at 16:34:22 on 2013-02-05 Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1033.18.512.19 [GMT 10.5:30] . AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ============== Running Processes ================ . C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\DVDRAMSV.exe C:\WINDOWS\system32\HPSIsvc.exe C:\Program Files\Java\jre7\bin\jqs.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\tcpsvcs.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe C:\Program Files\Common Files\Apple\Mobile Device Support\ATH.exe C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\System32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.news.com.au/adelaidenow/ uSearch Bar = hxxp://www.google.com/ie uSearch Page = hxxp://www.google.com uDefault_Search_URL = hxxp://www.google.com/ie uProxyServer = proxy.iprimus.com.au:8080 uProxyOverride = *.iprimus.com.au;*.primustel.com.au;*.primus.com.au;<local>;*.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned> BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [DivXMediaServer] c:\program files\divx\divx media server\DivXMediaServer.exe mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t uPolicies-Explorer: NoDriveTypeAutoRun = dword:323 uPolicies-Explorer: NoDriveAutoRun = dword:55924053 uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDriveAutoRun = dword:55924053 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDrives = dword:0 mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDriveAutoRun = dword:55924053 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000 IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . . INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{95660D96-2C19-43FA-B1F3-6408E3A0DAB4} : NameServer = 192.231.203.132,192.231.203.3 TCP: Interfaces\{95660D96-2C19-43FA-B1F3-6408E3A0DAB4} : DHCPNameServer = 192.168.1.1 Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - <orphaned> WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - <orphaned> WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - <orphaned> WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - <orphaned> WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - <orphaned> WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - <orphaned> WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - <orphaned> Notify: avgrsstarter - avgrsstx.dll Notify: LMIinit - LMIinit.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - c:\program files\windows defender\MpShHook.dll Hosts: 127.0.0.1 ads.mcafee.com Hosts: 127.0.0.1 wdcs.trendmicro.com Hosts: 127.0.0.1 om.symantec.com Hosts: 127.0.0.1 oms.symantec.com Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\kevin\application data\mozilla\firefox\profiles\8uqh3fqo.default user\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.adelaidenow.com.au/|http://www.google.com.au/ FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid={2657AA22-8ECE-4BE4-94D8-4ED09071ADB0}&mid=f260c34d62f890694afb63b5635ec69b-b602d594afd2b0b327e07a06f36ca6a7e42546d0&lang=en&ds=AVG&pr=fr&d=2013-01-22 21:22:18&pid=avg&sg=&v=14.0.0.14&sap=ku&q= FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\windows\system32\adobe\director\np32dsw_1168638.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll FF - ExtSQL: 2012-12-06 09:28; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\kevin\application data\mozilla\firefox\profiles\8uqh3fqo.default user\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF - ExtSQL: 2013-01-16 08:12; {d8c4975b-9e4b-4574-b5ab-67fe58455a95}; c:\documents and settings\kevin\application data\mozilla\firefox\profiles\8uqh3fqo.default user\extensions\{d8c4975b-9e4b-4574-b5ab-67fe58455a95}.xpi FF - ExtSQL: !HIDDEN! 2010-04-22 19:11; smartwebprinting@hp.com; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3 . ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-10-15 55776] R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 177376] R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-10-5 94048] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 35552] R0 BsStor;B.H.A Storage Helper Driver;c:\windows\system32\drivers\BsStor.sys [2003-12-8 9344] R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-10-22 179936] R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-9-21 19936] R1 AvgLdx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-2 159712] R1 AvgTdiX;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-9-21 164832] R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2010-8-23 186128] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-4-27 54752] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-2-28 12856] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-5-10 47640] R4 BsUDF;B.H.A UDF Filesystem;c:\windows\system32\drivers\BsUDF.sys [2003-12-8 390016] S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?] S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?] S3 MTK;Media Technology Kernel Driver;c:\windows\system32\drivers\FIDE.SYS [2008-10-14 15271] S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2012-8-11 18432] S3 pctplsg;pctplsg;\??\c:\windows\system32\drivers\pctplsg.sys --> c:\windows\system32\drivers\pctplsg.sys [?] S3 SWUSBFLT;Microsoft SideWinder VIA Filter Driver;c:\windows\system32\drivers\SWUSBFLT.SYS [2003-12-31 3968] S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?] S4 LMIRfsClientNP;LMIRfsClientNP; [x] . =============== Created Last 30 ================ . 2013-02-01 07:35:08 -------- d-sh--w- C:\FOUND.010 2013-01-30 11:40:07 -------- d-sh--w- c:\windows\ftpcache 2013-01-30 11:37:32 99896 ----a-w- c:\windows\system32\HPSIsvc.exe 2013-01-29 20:48:56 -------- d-sh--w- C:\FOUND.009 2013-01-25 10:46:11 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll 2013-01-22 10:52:35 -------- d-----w- c:\documents and settings\all users\application data\AVG Security Toolbar 2013-01-21 21:46:52 -------- d-----w- c:\documents and settings\all users\application data\AVG January 2013 Campaign 2013-01-19 08:20:00 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll . ==================== Find3M ==================== . 2013-01-09 19:21:10 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-01-09 19:21:10 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-12-19 07:03:10 859072 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-12-19 07:03:10 143872 ----a-w- c:\windows\system32\javacpl.cpl 2012-12-19 07:03:08 779704 ----a-w- c:\windows\system32\deployJava1.dll 2012-12-16 12:24:00 290560 ----a-w- c:\windows\system32\atmfd.dll 2012-11-13 20:29:04 354216 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl 2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys . ============= FINISH: 16:37:48.23 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume1 Install Date: 30/12/2003 2:15:29 PM System Uptime: 1/02/2013 5:58:52 PM (95 hours ago) . Motherboard: ASUSTeK Computer INC. | | P4SGX-MX Processor: Intel® Pentium® 4 CPU 2.66GHz | PGA 478 | 2660/133mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (FAT32) - 75 GiB total, 27.534 GiB free. D: is CDROM () E: is FIXED (NTFS) - 233 GiB total, 205.727 GiB free. F: is Removable G: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {36FC9E60-C465-11CF-8056-444553540000} Description: HP EWS Device ID: USB\VID_03F0&PID_032A&MI_01\6&2BACC7A3&0&0001 Manufacturer: Name: HP EWS PNP Device ID: USB\VID_03F0&PID_032A&MI_01\6&2BACC7A3&0&0001 Service: . ==== System Restore Points =================== . RP749: 11/12/2012 11:55:15 AM - System Checkpoint RP750: 12/12/2012 12:34:50 PM - System Checkpoint RP751: 13/12/2012 5:32:37 PM - Software Distribution Service 3.0 RP752: 14/12/2012 5:53:03 PM - System Checkpoint RP753: 15/12/2012 6:32:40 PM - System Checkpoint RP754: 16/12/2012 7:33:50 PM - System Checkpoint RP755: 17/12/2012 8:47:33 PM - System Checkpoint RP756: 18/12/2012 9:40:00 PM - System Checkpoint RP757: 19/12/2012 5:32:38 PM - Removed Java 7 Update 9 RP758: 19/12/2012 5:32:59 PM - Installed Java 7 Update 10 RP759: 19/12/2012 7:46:01 PM - Removed Adobe Reader X (10.1.4). RP760: 19/12/2012 7:49:53 PM - Installed Adobe Reader XI. RP761: 20/12/2012 8:39:37 PM - System Checkpoint RP762: 21/12/2012 7:00:24 PM - Software Distribution Service 3.0 RP763: 22/12/2012 7:36:01 PM - System Checkpoint RP764: 23/12/2012 8:23:31 PM - System Checkpoint RP765: 24/12/2012 8:26:27 PM - System Checkpoint RP766: 30/12/2012 8:31:31 PM - System Checkpoint RP767: 31/12/2012 9:29:05 PM - System Checkpoint RP768: 1/01/2013 10:29:08 PM - System Checkpoint RP769: 3/01/2013 6:55:51 AM - System Checkpoint RP770: 4/01/2013 8:06:27 AM - System Checkpoint RP771: 4/01/2013 7:00:42 PM - Software Distribution Service 3.0 RP772: 5/01/2013 7:42:25 PM - System Checkpoint RP773: 6/01/2013 8:41:23 PM - System Checkpoint RP774: 7/01/2013 9:12:39 PM - System Checkpoint RP775: 8/01/2013 9:52:48 PM - System Checkpoint RP776: 9/01/2013 10:03:36 PM - System Checkpoint RP777: 10/01/2013 7:02:32 PM - Software Distribution Service 3.0 RP778: 11/01/2013 7:45:34 PM - System Checkpoint RP779: 12/01/2013 8:17:12 PM - System Checkpoint RP780: 13/01/2013 8:25:56 PM - System Checkpoint RP781: 14/01/2013 9:36:51 PM - System Checkpoint RP782: 15/01/2013 10:08:17 PM - System Checkpoint RP783: 16/01/2013 10:34:51 PM - System Checkpoint RP784: 18/01/2013 7:54:10 AM - System Checkpoint RP785: 19/01/2013 10:00:51 AM - System Checkpoint RP786: 19/01/2013 6:48:38 PM - Installed Java 7 Update 11 RP787: 20/01/2013 7:37:43 PM - System Checkpoint RP788: 21/01/2013 7:48:30 PM - System Checkpoint RP789: 22/01/2013 8:50:52 PM - System Checkpoint RP790: 23/01/2013 9:32:26 PM - System Checkpoint RP791: 25/01/2013 9:16:10 PM - Installed Windows XP Wdf01009. RP792: 26/01/2013 10:06:12 PM - System Checkpoint RP793: 28/01/2013 10:40:07 AM - System Checkpoint RP794: 29/01/2013 6:20:06 PM - System Checkpoint RP795: 30/01/2013 6:25:02 PM - System Checkpoint RP796: 31/01/2013 7:10:56 PM - System Checkpoint RP797: 1/02/2013 8:44:59 PM - System Checkpoint RP798: 2/02/2013 9:10:14 PM - System Checkpoint RP799: 3/02/2013 10:10:10 PM - System Checkpoint RP800: 4/02/2013 11:09:59 PM - System Checkpoint . ==== Installed Programs ====================== . Adobe Acrobat 9 Pro - English, Français, Deutsch Adobe Acrobat 9.5.3 - CPSID_83708 Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader XI (11.0.01) Adobe Shockwave Player 11.6 Apple Application Support Apple Mobile Device Support Apple Software Update AVG 2013 Bonjour CCleaner Compatibility Pack for the 2007 Office system DivX Setup FileHippo.com Update Checker Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP LaserJet Professional P1100-P1560-P1600 Series iTunes Java 7 Update 11 Java Auto Updater Junk Mail filter update LogMeIn Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 Microsoft Office File Validation Add-In Microsoft Office Professional Edition 2003 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 MobileMe Control Panel Mozilla Firefox 18.0.1 (x86 en-US) Mozilla Maintenance Service Picasa 3 QuickTime Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) swMSM VC80CRTRedist - 8.0.50727.6195 Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live Mail Windows Live Photo Gallery Windows Live Sync Windows Live Writer . ==== Event Viewer Messages From Past Week ======== . 5/02/2013 4:11:38 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service. 31/01/2013 9:41:03 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service. 31/01/2013 6:54:20 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied. 30/01/2013 7:19:47 AM, error: Dhcp [1002] - The IP address lease 192.168.1.8 for the Network Card with network address 000C6EDF1785 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). 1/02/2013 6:07:19 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: TfFsMon TfSysMon 1/02/2013 6:06:57 PM, error: Service Control Manager [7001] - The Canon Camera Access Library 8 service depends on the SSDP Discovery Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 1/02/2013 6:06:57 PM, error: Service Control Manager [7000] - The Adobe Active File Monitor V4 service failed to start due to the following error: The system cannot find the path specified. . ==== End Of File ===========================

    Advertisements

Register to Remove


#2 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 05 February 2013 - 07:13 AM

Hello TTGSC,

My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

Please be advised, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advice, this will be a team effort. This may cause a delay, but I will do my best to keep it as short as possible. Please bear with me, I will post back to you as soon as I can.
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Important Note for Vista and Windows 7 users:

These tools MUST be run from the executable.(.exe) every time you run them with Admin Rights (Right click, choose "Run as Administrator")

Please stay with this topic until I let you know that your system appears to be "All Clear"
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#3 TTGSC

TTGSC

    Authentic Member

  • Authentic Member
  • PipPip
  • 57 posts

Posted 05 February 2013 - 02:32 PM

OCD thanks for looking into my problems.

#4 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 05 February 2013 - 05:40 PM

Hi TTGSC,

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices >> select Only Problems
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Next
  • Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool.
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click Scan

  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
In your next post please provide the following:
  • Results.txt
  • aswMBR log
  • attachMBR.zip
  • Did you experience the current issues prior to installing AVG? (freezing, sluggishness)

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#5 TTGSC

TTGSC

    Authentic Member

  • Authentic Member
  • PipPip
  • 57 posts

Posted 05 February 2013 - 08:10 PM

MiniToolBox by Farbar Version:10-01-2013 Ran by Kevin (administrator) on 06-02-2013 at 10:48:48 Running from "C:\downloads" Microsoft Windows XP Service Pack 3 (X86) Boot Mode: Normal *************************************************************************** ========================= Flush DNS: =================================== Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========================= IE Proxy Settings: ============================== Proxy is not enabled. ProxyServer: proxy.iprimus.com.au:8080 "Reset IE Proxy Settings": IE Proxy Settings were reset. ========================= FF Proxy Settings: ============================== "Reset FF Proxy Settings": Firefox Proxy settings were reset. ========================= Hosts content: ================================= 127.0.0.1 localhost 127.0.0.1 fr.a2dfp.net 127.0.0.1 m.fr.a2dfp.net 127.0.0.1 ad.a8.net 127.0.0.1 asy.a8ww.net 127.0.0.1 acezip.net 127.0.0.1 www.acezip.net 127.0.0.1 phpadsnew.abac.com 127.0.0.1 a.abnad.net 127.0.0.1 b.abnad.net 127.0.0.1 c.abnad.net 127.0.0.1 d.abnad.net 127.0.0.1 e.abnad.net 127.0.0.1 t.abnad.net 127.0.0.1 z.abnad.net 127.0.0.1 banners.absolpublisher.com 127.0.0.1 tracking.absolstats.com 127.0.0.1 adv.abv.bg 127.0.0.1 bimg.abv.bg 127.0.0.1 www2.a-counter.kiev.ua 127.0.0.1 track.acclaimnetwork.com 127.0.0.1 accuserveadsystem.com There are 26315 more lines starting with "127.0.0.1" ========================= IP Configuration: ================================ SiS 900-Based PCI Fast Ethernet Adapter = Local Area Connection (Connected) # ---------------------------------- # Interface IP Configuration # ---------------------------------- pushd interface ip # Interface IP Configuration for "Local Area Connection" set address name="Local Area Connection" source=dhcp set dns name="Local Area Connection" source=static addr=192.231.203.132 register=PRIMARY add dns name="Local Area Connection" addr=192.231.203.3 index=2 set wins name="Local Area Connection" source=dhcp popd # End of interface IP configuration Windows IP Configuration Host Name . . . . . . . . . . . . : Home Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : home Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : home Description . . . . . . . . . . . : SiS 900-Based PCI Fast Ethernet Adapter Physical Address. . . . . . . . . : 00-0C-6E-DF-17-85 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.1.6 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.1 DHCP Server . . . . . . . . . . . : 192.168.1.1 DNS Servers . . . . . . . . . . . : 192.231.203.132 192.231.203.3 Lease Obtained. . . . . . . . . . : Wednesday, 6 February 2013 1:42:43 AM Lease Expires . . . . . . . . . . : Thursday, 7 February 2013 1:42:43 AM Server: resolv.internode.on.net Address: 192.231.203.132 Name: google.com Addresses: 74.125.237.99, 74.125.237.100, 74.125.237.101, 74.125.237.102 74.125.237.103, 74.125.237.104, 74.125.237.105, 74.125.237.110, 74.125.237.96 74.125.237.97, 74.125.237.98 Pinging google.com [74.125.237.98] with 32 bytes of data: Reply from 74.125.237.98: bytes=32 time=47ms TTL=55 Reply from 74.125.237.98: bytes=32 time=48ms TTL=54 Ping statistics for 74.125.237.98: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 47ms, Maximum = 48ms, Average = 47ms Server: resolv.internode.on.net Address: 192.231.203.132 Name: yahoo.com Addresses: 98.138.253.109, 98.139.183.24, 206.190.36.45 Pinging yahoo.com [206.190.36.45] with 32 bytes of data: Reply from 206.190.36.45: bytes=32 time=247ms TTL=49 Reply from 206.190.36.45: bytes=32 time=232ms TTL=49 Ping statistics for 206.190.36.45: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 232ms, Maximum = 247ms, Average = 239ms Pinging 127.0.0.1 with 32 bytes of data: Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms =========================================================================== Interface List 0x1 ........................... MS TCP Loopback interface 0x2 ...00 0c 6e df 17 85 ...... SiS 900-Based PCI Fast Ethernet Adapter - Packet Scheduler Miniport =========================================================================== =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.6 20 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 169.254.0.0 255.255.0.0 192.168.1.6 192.168.1.6 20 192.168.1.0 255.255.255.0 192.168.1.6 192.168.1.6 20 192.168.1.6 255.255.255.255 127.0.0.1 127.0.0.1 20 192.168.1.255 255.255.255.255 192.168.1.6 192.168.1.6 20 224.0.0.0 240.0.0.0 192.168.1.6 192.168.1.6 20 255.255.255.255 255.255.255.255 192.168.1.6 192.168.1.6 1 Default Gateway: 192.168.1.1 =========================================================================== Persistent Routes: None ========================= Winsock entries ===================================== Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation) Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation) Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation) Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation) Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation) Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) ========================= Event log errors: =============================== Application errors: ================== Error: (02/06/2013 10:38:46 AM) (Source: Bonjour Service) (User: ) Description: Client application bug: DNSServiceResolve(5c:59:48:6c:5a:e9@fe80::5e59:48ff:fe6c:5ae9._apple-mobdev._tcp.local.) active for over two minutes. This places considerable burden on the network. Error: (02/06/2013 10:36:27 AM) (Source: Bonjour Service) (User: ) Description: ERROR: handle_resolve_request bad interfaceIndex 24 Error: (02/06/2013 10:36:27 AM) (Source: Bonjour Service) (User: ) Description: ERROR: handle_resolve_request bad interfaceIndex 23 Error: (02/06/2013 10:36:27 AM) (Source: Bonjour Service) (User: ) Description: ERROR: handle_resolve_request bad interfaceIndex 22 Error: (02/06/2013 10:36:27 AM) (Source: Bonjour Service) (User: ) Description: ERROR: handle_resolve_request bad interfaceIndex 21 Error: (02/06/2013 10:36:27 AM) (Source: Bonjour Service) (User: ) Description: ERROR: handle_resolve_request bad interfaceIndex 20 Error: (02/06/2013 10:36:27 AM) (Source: Bonjour Service) (User: ) Description: ERROR: handle_resolve_request bad interfaceIndex 19 Error: (02/06/2013 10:36:27 AM) (Source: Bonjour Service) (User: ) Description: ERROR: handle_resolve_request bad interfaceIndex 18 Error: (02/06/2013 10:36:27 AM) (Source: Bonjour Service) (User: ) Description: ERROR: handle_resolve_request bad interfaceIndex 17 Error: (02/06/2013 10:36:27 AM) (Source: Bonjour Service) (User: ) Description: ERROR: handle_resolve_request bad interfaceIndex 16 System errors: ============= Error: (02/05/2013 04:11:38 PM) (Source: Service Control Manager) (User: ) Description: Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service. Error: (02/05/2013 01:43:58 PM) (Source: Service Control Manager) (User: ) Description: Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service. Error: (02/05/2013 01:43:31 PM) (Source: Service Control Manager) (User: ) Description: Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service. Error: (02/02/2013 09:53:34 AM) (Source: Service Control Manager) (User: ) Description: Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service. Error: (02/02/2013 09:52:34 AM) (Source: Service Control Manager) (User: ) Description: Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service. Error: (02/01/2013 10:28:33 PM) (Source: Service Control Manager) (User: ) Description: Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service. Error: (02/01/2013 06:07:19 PM) (Source: Service Control Manager) (User: ) Description: The following boot-start or system-start driver(s) failed to load: TfFsMon TfSysMon Error: (02/01/2013 06:06:57 PM) (Source: Service Control Manager) (User: ) Description: The Canon Camera Access Library 8 service depends on the SSDP Discovery Service service which failed to start because of the following error: %%1058 Error: (02/01/2013 06:06:57 PM) (Source: Service Control Manager) (User: ) Description: The Adobe Active File Monitor V4 service failed to start due to the following error: %%3 Error: (01/31/2013 09:41:03 PM) (Source: Service Control Manager) (User: ) Description: Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service. Microsoft Office Sessions: ========================= Error: (02/06/2013 10:38:46 AM) (Source: Bonjour Service)(User: ) Description: Client application bug: DNSServiceResolve(5c:59:48:6c:5a:e9@fe80::5e59:48ff:fe6c:5ae9._apple-mobdev._tcp.local.) active for over two minutes. This places considerable burden on the network. Error: (02/06/2013 10:36:27 AM) (Source: Bonjour Service)(User: ) Description: ERROR: handle_resolve_request bad interfaceIndex 24 Error: (02/06/2013 10:36:27 AM) (Source: Bonjour Service)(User: ) Description: ERROR: handle_resolve_request bad interfaceIndex 23 Error: (02/06/2013 10:36:27 AM) (Source: Bonjour Service)(User: ) Description: ERROR: handle_resolve_request bad interfaceIndex 22 Error: (02/06/2013 10:36:27 AM) (Source: Bonjour Service)(User: ) Description: ERROR: handle_resolve_request bad interfaceIndex 21 Error: (02/06/2013 10:36:27 AM) (Source: Bonjour Service)(User: ) Description: ERROR: handle_resolve_request bad interfaceIndex 20 Error: (02/06/2013 10:36:27 AM) (Source: Bonjour Service)(User: ) Description: ERROR: handle_resolve_request bad interfaceIndex 19 Error: (02/06/2013 10:36:27 AM) (Source: Bonjour Service)(User: ) Description: ERROR: handle_resolve_request bad interfaceIndex 18 Error: (02/06/2013 10:36:27 AM) (Source: Bonjour Service)(User: ) Description: ERROR: handle_resolve_request bad interfaceIndex 17 Error: (02/06/2013 10:36:27 AM) (Source: Bonjour Service)(User: ) Description: ERROR: handle_resolve_request bad interfaceIndex 16 =========================== Installed Programs ============================ Adobe Acrobat 9 Pro - English, Français, Deutsch (Version: 9.5.3) Adobe Acrobat 9.5.3 - CPSID_83708 Adobe AIR (Version: 3.3.0.3560) Adobe Flash Player 11 ActiveX (Version: 11.5.502.146) Adobe Flash Player 11 Plugin (Version: 11.5.502.146) Adobe Reader XI (11.0.01) (Version: 11.0.01) Adobe Shockwave Player 11.6 (Version: 11.6.8.638) Apple Application Support (Version: 2.3.2) Apple Mobile Device Support (Version: 6.0.1.3) Apple Software Update (Version: 2.1.3.127) AVG 2013 (Version: 13.0.2639) AVG 2013 (Version: 13.0.2897) AVG 2013 (Version: 2013.0.2897) Bonjour (Version: 3.0.0.10) CCleaner (Version: 3.25) Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000) DivX Setup (Version: 2.6.1.22) FileHippo.com Update Checker HP LaserJet Professional P1100-P1560-P1600 Series iTunes (Version: 11.0.1.12) Java 7 Update 11 (Version: 7.0.110) Java Auto Updater (Version: 2.1.9.0) Junk Mail filter update (Version: 14.0.8117.416) LogMeIn (Version: 4.1.1586) Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729) Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729) Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729) Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 Microsoft Office File Validation Add-In (Version: 14.0.5130.5003) Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0) Microsoft Silverlight (Version: 5.1.10411.0) Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) MobileMe Control Panel (Version: 3.1.8.0) Mozilla Firefox 18.0.1 (x86 en-US) (Version: 18.0.1) Mozilla Maintenance Service (Version: 18.0.1) Picasa 3 (Version: 3.8) QuickTime (Version: 7.73.80.64) swMSM (Version: 12.0.0.1) VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0) Windows Live Call (Version: 14.0.8117.0416) Windows Live Communications Platform (Version: 14.0.8117.416) Windows Live Essentials (Version: 14.0.8117.0416) Windows Live Essentials (Version: 14.0.8117.416) Windows Live Family Safety (Version: 14.0.8118.427) Windows Live Mail (Version: 14.0.8117.0416) Windows Live Photo Gallery (Version: 14.0.8117.416) Windows Live Sync (Version: 14.0.8117.416) Windows Live Writer (Version: 14.0.8117.0416) ========================= Devices: ================================ Name: HP EWS Description: HP EWS Class Guid: {36FC9E60-C465-11CF-8056-444553540000} Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ========================= Memory info: =================================== Percentage of memory in use: 50% Total physical RAM: 511.53 MB Available physical RAM: 253.74 MB Total Pagefile: 2017.96 MB Available Pagefile: 1249.38 MB Total Virtual: 2047.88 MB Available Virtual: 1974.9 MB ========================= Partitions: ===================================== 2 Drive c: () (Fixed) (Total:74.54 GB) (Free:27.43 GB) FAT32 4 Drive e: (My Book) (Fixed) (Total:232.88 GB) (Free:205.73 GB) NTFS ========================= Users: ======================================== User accounts for \\HOME Administrator Carol Guest HelpAssistant Kevin LogMeInRemoteUser SUPPORT_388945a0 ========================= Minidump Files ================================== No minidump file found **** End of log **** aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software Run date: 2013-02-06 11:14:27 ----------------------------- 11:14:27.937 OS Version: Windows 5.1.2600 Service Pack 3 11:14:27.937 Number of processors: 1 586 0x209 11:14:27.968 ComputerName: HOME UserName: 11:14:30.000 Initialize success 11:44:54.296 AVAST engine defs: 13020501 11:56:47.828 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 11:56:47.843 Disk 0 Vendor: SAMSUNG_SP0802N TK100-23 Size: 76351MB BusType: 3 11:56:47.859 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c 11:56:47.859 Disk 1 Vendor: WDC_WD2500JB-00REA0 20.00K20 Size: 238475MB BusType: 3 11:56:47.875 Disk 0 MBR read successfully 11:56:47.875 Disk 0 MBR scan 11:56:49.000 Disk 0 Windows XP default MBR code 11:56:49.031 Disk 0 Partition 1 80 (A) 0C FAT32 LBA MSWIN4.1 76347 MB offset 63 11:56:49.562 Disk 0 scanning sectors +156360645 11:56:49.640 Disk 0 scanning C:\WINDOWS\system32\drivers 11:58:07.406 Service scanning 11:59:00.625 Modules scanning 11:59:10.046 Disk 0 trace - called modules: 11:59:10.062 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 11:59:10.062 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f98ab8] 11:59:10.062 3 CLASSPNP.SYS[f85f5fd7] -> nt!IofCallDriver -> \Device\00000061[0x82f95f18] 11:59:10.078 5 ACPI.sys[f856c620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x82f97d98] 11:59:11.640 AVAST engine scan C:\WINDOWS 11:59:58.296 AVAST engine scan C:\WINDOWS\system32 12:09:17.812 AVAST engine scan C:\WINDOWS\system32\drivers 12:09:59.187 AVAST engine scan C:\Documents and Settings\Kevin 12:15:10.359 AVAST engine scan C:\Documents and Settings\All Users a problem, the MBR dat file when right clicked does not give me the option required. All things have been working fine with AVG, this problem has developed over time. 12:19:16.421 Scan finished successfully 12:32:16.421 Disk 0 MBR has been saved successfully to "C:\downloads\MBR.dat" 12:32:16.453 The log file has been saved successfully to "C:\downloads\aswMBR.txt"

#6 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 06 February 2013 - 10:47 AM

Hi TTGSC,

Unfortunately, I believe the primary cause of your issue is running Windows XP with limited resources (512 MB of RAM). Today's programs can be quite a strain on your resources. Perhaps adding additional RAM might help improve your performance. Please do not make any changes to your system until we have finished.

There are however a few things we can try to help increase the performance of your computer.

As you stated AVG seems to be working fine, and that may be the case. But, AVG is known to be tough on system resources. With that in mind I would consider switching to a different Anti-Virus program.

Here are a few FREE Anti-Virus programs. Just choose one:
Next

Your Bonjour Service from Apple seems to be having difficulty starting at times. Let's uninstall it, the reinstall.
  • Please go to Start > Control Panel > Add Remove Programs.
  • Locate the following programs:
    • Bonjour (Version: 3.0.0.10)
  • Click Remove and allow Windows to completely remove each one in turn.Then reboot your computer to complete this part of the process.
Next

Reinstall the Bonjour Service from Apple

  • Go to http://support.apple...jourPSSetup.exe and download the file
  • Save it to your desktop
  • Double-click the Bonjour setup file and click "Next" at the welcome screen.
  • Review the license agreement and click "I accept the terms in the license agreement" to proceed.
  • Click "Install."
  • Click "Finish" once installation has completed. You have now reinstalled Bonjour for Windows.
Next

Disk Defragmenter for XP
  • Open My Computer.
  • Right-click the local disk volume that you want to defragment, and then click Properties.
  • On the Tools tab, click Defragment Now.
  • Click Defragment.
= = = = = = = = = =
  • Any change in performance?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#7 TTGSC

TTGSC

    Authentic Member

  • Authentic Member
  • PipPip
  • 57 posts

Posted 06 February 2013 - 03:01 PM

OCD just for my info, is adding additional RAM an easy thing to do?

#8 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 06 February 2013 - 07:30 PM

Hi TTGSC,

just for my info, is adding additional RAM an easy thing to do?

It is a relatively easy process. The actual steps will be slightly different depending on whether your computer is a Tower or a Laptop. The only difference being the steps taken to access the RAM modules. Once you locate the RAM modules the steps are nearly identical.

Crucial.com is the site I have used for many years, you can download their free Memory Advisor tool that will scan your system and tell you what they suggest adding based on your system.

Memory Advisor - will give you recommendations of upgrade options.

System Scanner - will give you the specs for your system.

Desktop PC installation Video

Laptop Installation Video
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#9 TTGSC

TTGSC

    Authentic Member

  • Authentic Member
  • PipPip
  • 57 posts

Posted 08 February 2013 - 08:29 PM

OCD it took a while but i have completed your tasks. Yes it does appear to be working more efficiently, in saying that it was pretty slow previous to this. Your work has made a difference

#10 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 09 February 2013 - 10:07 AM

Hi TTGSC,

Glad you are seing some progress. :) Let's run a few scans to make sure we haven't missed anything.

= = = = = = = = = =

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan as shown below.

    Posted Image

  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Next

Please run Eset Online Scanner

Administrator rights are required to run ESET Online Scanner
  • Place a check mark in the box YES, I accept the Terms Of Use
  • Click the Start button.
  • Now click the Install button.
  • Click Start. The scanner engine will initialize and update.
  • Do Not place a check mark in the box beside Remove found threats.
  • Click the Scan button. The scan will now run, please be patient.
  • When the scan finishes click the Details tab.
  • Copy and paste the contents of the C:\Program Files\ESET\log.txt into your next reply.
In your next post please provide the following:
  • MBAM log
  • ESET log.txt
  • Any remaining issues?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

    Advertisements

Register to Remove


#11 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 12 February 2013 - 07:49 AM

Hi TTGSC, Just checking in to see if you still need help?
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#12 TTGSC

TTGSC

    Authentic Member

  • Authentic Member
  • PipPip
  • 57 posts

Posted 12 February 2013 - 03:01 PM

Just a bit caught up with things at the moment. all logs to be posted in a day or two. here is a start Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.02.09.08 Windows XP Service Pack 3 x86 NTFS Internet Explorer 7.0.5730.13 Kevin :: HOME [administrator] 10/02/2013 11:27:36 AM mbam-log-2013-02-10 (11-27-36).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 339885 Time elapsed: 55 minute(s), 44 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

#13 TTGSC

TTGSC

    Authentic Member

  • Authentic Member
  • PipPip
  • 57 posts

Posted 14 February 2013 - 01:05 AM

ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=fd29f0cc62334743b07c933ed60ed8f0 # engine=13139 # end=finished # remove_checked=false # archives_checked=false # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-02-13 01:34:36 # local_time=2013-02-13 12:04:36 (+0930, Cen. Australia Daylight Time) # country="Australia" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=3074 16777213 100 84 466436 7205098 0 0 # compatibility_mode=5892 16776574 100 100 55310002 201522822 0 0 # scanned=133561 # found=0 # cleaned=0 # scan_time=8330 ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=fd29f0cc62334743b07c933ed60ed8f0 # engine=13143 # end=finished # remove_checked=false # archives_checked=false # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-02-13 01:02:12 # local_time=2013-02-13 11:32:12 (+0930, Cen. Australia Daylight Time) # country="Australia" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=3074 16777213 100 84 507692 7246354 0 0 # compatibility_mode=5892 16776574 100 100 55351258 201564078 0 0 # scanned=133766 # found=0 # cleaned=0 # scan_time=8862

#14 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 14 February 2013 - 12:38 PM

Hi TTGSC,

Your log appears to be clean. We have a few items to take care of before we get to the All Clean Speech.

Clean up with OTL:
  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.
Next

You can now delete any tools and/or logs remaining on your desktop.

Next
  • Please go to Start > Control Panel > Add Remove Programs.
  • Locate the following programs:
    • Java 7 Update 11
  • Click Remove and allow Windows to completely remove each one in turn.Then reboot your computer to complete this part of the process.
Next
Next

Even though I just had you update Java, this next step needs to be carried out.

There is a vulnerablilty with regards to Java and web browsers. Therefore, we recommend to disable java in web browsers.
More information can be found here: http://www.techsuppo...ers-683721.html

Disable Java in Web Browsers

  • Click on the Start button and then click on the Control Panel option.
  • In the Control Panel Search enter Java Control Panel.
  • Click on the Java icon to open the Java Control Panel.
Posted Image

Disable Java through the Java Control Panel

  • In the Java Control Panel, click on the Security tab.
  • Deselect the check box for Enable Java content in the browser. This will disable the Java plug-in in the browser.
  • Click Apply. When the Windows User Account Control (UAC) dialog appears, allow permissions to make the changes.
  • Click OK in the Java Plug-in confirmation window.
  • Restart the browser for changes to take effect.
Posted Image

Next

Clear Java Cache
  • Start button, select Control Panel.
  • In the Control Panel, open the Java Control Panel.
  • Click on Settings button under Temporary Internet Files.
  • Click Delete Files button at the Temporary Files Settings window.
  • Click on OK button at confirmation dialog.
  • Exit the Control Panel.
Next

Create a System Restore Point in Windows XP
  • Click on Start > All Programs > Accessories > System Tools > and click on System Restore.
  • Click on the Create a Restore Point radio button and then click Next.
  • Give your restore point a description.
  • Next click the Create button and your restore point will be created.
  • Exit out of System Tools.
Next

Remove all old Restore Points except the most recent one.
  • Click Start, Run and type CLEANMGR and press Enter
  • Select the hard disk partition and press OK
  • At the top of the dialog, click the tab More Options
  • Under System Restore section, click the button "Clean up"
= = = = = = = = = =

With the above items taken care of let's move on to the All Clean part of the process.

This infection appears to have been cleaned, but I can not give you any absolute guarantees. As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.

Here are some tips to reduce the potential for spyware infection in the future:

Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.
Make your Mozilla Firefox more secure - This can be done by adding these add-ons:
Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

Free Anti-Virus
Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here. **There are firewalls listed in this tutorial that could be downloaded and used but I would personally only recommend using one of the following two below:
Online Armor Free
Agnitum Outpost Firewall Free

Make sure you keep your Windows OS current. Windows XP users can visit Windows update regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open.

Consider a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

WOT (Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.

Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place?

Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#15 TTGSC

TTGSC

    Authentic Member

  • Authentic Member
  • PipPip
  • 57 posts

Posted 16 February 2013 - 08:00 PM

OCD completed all of the tasks, thanks for your help.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users