Jump to content

Build Theme!
  •  
  • Infected?

big grin WE'RE SURE THAT YOU'LL LOVE US!

We invite you to ask questions, share experiences, and learn. It's 100% free. Did we mention that it's free. It is. It's free. Join 91600 other members! Anybody can ask, anybody can answer. Consistently helpful members with best answers are invited to staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Slow Laptop - XP even with only MS Office, Chrome [Closed]


  • This topic is locked This topic is locked
13 replies to this topic

#1 solo58

solo58

    Authentic Member

  • Authentic Member
  • PipPip
  • 220 posts

Posted 21 January 2014 - 01:17 PM

My 2007 Dell Latitude D420 is running like a turtle.  I can see the screen scroll down when it changes.  

I have run Malware bytes, with no malware detected.

I've cleared cache and temp files with TFC.

I've checked applications with Revo Uninstaller - and can't find anything out of the ordinary.  

I have more than 40G free in a 75G drive.

I reloaded MS Windows XP in 2011, and have current Windows updates. 

My MS security essentials is updated and functioning. 

On Task Manager, Chrome seems to be using the most memory - I have 7 tabs open - I'd like to continue to be able to run multiple tabs in Chrome. 

Help!

 

 


    Advertisements

Register to Remove


#2 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 24 January 2014 - 04:08 AM

:welcome:

Hello solo58,

my name is Jo and I will help you with your computer problems.


Please be advised that I am currently in training, so my responses will need to be approved by one of our experts before I post them. This is only to ensure you are receiving accurate instructions. It may cause a delay in my replies.


Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
I will return as soon as possible with more instructions.



***


Graduate of the WTT Classroom
Cheers,
Jo

#3 solo58

solo58

    Authentic Member

  • Authentic Member
  • PipPip
  • 220 posts

Posted 24 January 2014 - 08:11 AM

Danke, Jo, for helping me. 



#4 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 24 January 2014 - 12:21 PM

Hello solo58,

1. Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***

2. Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***

3. Download OTL to your desktop.
  • Double click on the icon to run it.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note: These logs can be located in the OTL folder on your C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

***


Graduate of the WTT Classroom
Cheers,
Jo

#5 solo58

solo58

    Authentic Member

  • Authentic Member
  • PipPip
  • 220 posts

Posted 24 January 2014 - 03:20 PM

Checkup Results

 

 Results of screen317's Security Check version 0.99.79  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
 Windows Firewall Enabled!  
Please wait while WMIC compiles updated MOF files.d 
ECHO is off.
ECHO is off.
ECHO is off.
ECHO is off.
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Out of date HijackThis  installed! 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 HijackThis 2.0.2    
 CCleaner     
 JavaFX 2.1.1    
 Java 7 Update 25  
 Java version out of Date! 
 Adobe Reader 10.1.9 Adobe Reader out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:: 2% 
````````````````````End of Log`````````````````````` 
 
 
OTL Results
 

OTL logfile created on: 1/24/2014 4:08:06 PM - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Documents and Settings\solitarios\My Documents\Computer Stuff
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1,014.00 Mb Total Physical Memory | 357.00 Mb Available Physical Memory | 35.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 44.92 Gb Free Space | 60.28% Space Free | Partition Type: NTFS
Drive D: | 939.75 Mb Total Space | 34.77 Mb Free Space | 3.70% Space Free | Partition Type: FAT
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: LATITUDE-436C06
Current User Name: solitarios
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\solitarios\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe (Google)
PRC - C:\Documents and Settings\solitarios\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Documents and Settings\solitarios\Local Settings\Application Data\Google\Update\1.3.22.3\GoogleCrashHandler.exe (Google Inc.)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\WINDOWS\system32\HPSIsvc.exe (HP)
PRC - C:\Documents and Settings\solitarios\My Documents\Computer Stuff\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe ()
PRC - C:\Program Files\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe ()
PRC - C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel® Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Documents and Settings\solitarios\My Documents\Computer Stuff\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (vToolbarUpdater17.0.12) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe (AVG Secure Search)
SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (IntuitUpdateServiceV4) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (HPSIService) -- C:\WINDOWS\system32\HPSIsvc.exe (HP)
SRV - (AllShare) -- C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe ()
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (EvtEng) Intel® -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV - (WLANKEEPER) Intel® -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe (Intel® Corporation)
SRV - (S24EventMonitor) Intel® -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel® Corporation)
SRV - (RegSrvc) Intel® -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV - (spupdsvc) -- C:\WINDOWS\system32\spupdsvc.exe (Microsoft Corporation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MTK) -- C:\WINDOWS\System32\Drivers\mtk.sys File not found
DRV - (HTCAND32) -- C:\WINDOWS\System32\Drivers\ANDROIDUSB.sys File not found
DRV - (avgtp) -- C:\WINDOWS\system32\drivers\avgtpx86.sys (AVG Technologies)
DRV - (MpFilter) -- C:\WINDOWS\system32\DRIVERS\MpFilter.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (mvusbews) -- C:\WINDOWS\system32\drivers\mvusbews.sys (Marvell Semiconductor, Inc.)
DRV - (NWADI) -- C:\WINDOWS\system32\drivers\NWADIenum.sys (Novatel Wireless Inc)
DRV - (NWUSBPort2_000) Novatel Wireless USB Status2 Port Driver (vGEN) -- C:\WINDOWS\system32\drivers\nwusbser2_000.sys (Novatel Wireless Inc.)
DRV - (NWUSBPort_000) Novatel Wireless USB Status Port Driver (vGEN) -- C:\WINDOWS\system32\drivers\nwusbser_000.sys (Novatel Wireless Inc.)
DRV - (NWUSBModem_000) Novatel Wireless USB Modem Driver (vGEN) -- C:\WINDOWS\system32\drivers\nwusbmdm_000.sys (Novatel Wireless Inc.)
DRV - (NWUSBCDFIL) -- C:\WINDOWS\system32\drivers\NwUsbCdFil.sys (Novatel Wireless Inc.)
DRV - (VX3000) -- C:\WINDOWS\system32\drivers\VX3000.sys (Microsoft Corporation)
DRV - (NETw5x32) Intel® -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (USBCCID) -- C:\WINDOWS\system32\drivers\usbccid.sys (Microsoft Corporation)
DRV - (OMCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/08/08 20:25:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar\FireFoxExt\17.0.0.12 File not found
 
 
O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} https://webmail.maxinc.com/dwa85W.cab (IBM Lotus iNotes 8.5 Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1330540140015 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1349137346390 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll (AVG Secure Search)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\solitarios\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\solitarios\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/02/29 11:08:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/01/23 15:55:50 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\solitarios\Recent
[2014/01/21 14:04:50 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2014/01/21 06:32:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\solitarios\Application Data\Mozilla
[2013/12/31 14:16:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\solitarios\Application Data\ElevatedDiagnostics
[2013/12/31 14:14:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2013/12/31 14:07:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
 
========== Files - Modified Within 30 Days ==========
 
[2014/01/24 15:35:01 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/24 15:30:01 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1425521274-1801674531-1003UA.job
[2014/01/24 15:13:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/01/24 09:16:46 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2014/01/24 09:10:44 | 000,559,930 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2014/01/24 09:10:44 | 000,473,454 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/01/24 09:10:44 | 000,076,382 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/01/24 09:06:53 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/01/24 09:06:41 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/24 09:06:36 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2014/01/24 09:06:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/01/24 09:06:29 | 1063,378,944 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/23 15:57:18 | 003,780,608 | ---- | M] () -- C:\Documents and Settings\solitarios\ntuser.dat
[2014/01/23 15:57:18 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\solitarios\ntuser.ini
[2014/01/23 13:51:06 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2014/01/21 20:30:03 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1425521274-1801674531-1003Core.job
[2014/01/21 14:04:51 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\solitarios\Desktop\HijackThis.lnk
[2014/01/19 02:32:23 | 000,231,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2014/01/17 07:35:43 | 000,002,341 | ---- | M] () -- C:\Documents and Settings\solitarios\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/01/17 07:35:43 | 000,002,323 | ---- | M] () -- C:\Documents and Settings\solitarios\Desktop\Google Chrome.lnk
 
========== Files Created - No Company Name ==========
 
[2014/01/21 14:04:51 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\solitarios\Desktop\HijackThis.lnk
[2013/12/31 15:02:38 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/05/21 21:16:41 | 000,180,624 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2012/11/24 16:14:47 | 000,000,022 | ---- | C] () -- C:\WINDOWS\DeDup.ini
[2012/04/02 12:31:40 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\HP1100LM.DLL
[2012/04/02 12:30:51 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\mvusbews.dll
[2012/04/02 12:30:46 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\HP1100SMs.dll
[2012/04/02 12:30:26 | 000,284,160 | ---- | C] () -- C:\WINDOWS\System32\mvhlewsi.dll
[2012/02/29 16:44:18 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/29 13:12:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012/02/29 12:59:31 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4814.dll
[2011/02/09 23:03:48 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2009/06/26 16:21:02 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini
[2009/04/01 09:48:16 | 000,053,478 | ---- | C] () -- C:\WINDOWS\mvtcpui.ini
 
========== LOP Check ==========
 
[2012/10/30 09:15:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask
[2013/10/22 11:51:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar
[2013/10/22 09:44:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/06/13 20:12:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HTC
[2012/06/13 20:09:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motorola
[2013/10/22 12:33:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ODIR
[2012/06/16 15:34:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WEngineLite
[2012/11/12 20:26:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\solitarios\Application Data\Auslogics
[2013/10/22 11:51:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\solitarios\Application Data\AVG SafeGuard toolbar
[2013/12/31 14:16:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\solitarios\Application Data\ElevatedDiagnostics
[2012/04/01 14:10:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\solitarios\Application Data\MSNInstaller
[2012/08/06 14:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\solitarios\Application Data\Oracle
 
========== Purity Check ==========
 
 
< End of report >
 
Extras Results
 

OTL Extras logfile created on: 1/24/2014 4:08:06 PM - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Documents and Settings\solitarios\My Documents\Computer Stuff
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1,014.00 Mb Total Physical Memory | 357.00 Mb Available Physical Memory | 35.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 44.92 Gb Free Space | 60.28% Space Free | Partition Type: NTFS
Drive D: | 939.75 Mb Total Space | 34.77 Mb Free Space | 3.70% Space Free | Partition Type: FAT
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: LATITUDE-436C06
Current User Name: solitarios
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe" = C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe:*:Enabled:AllShare -- ()
"C:\Program Files\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe" = C:\Program Files\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe:*:Enabled:PCSM_http_ss_win_pro -- ()
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeEnC2.exe" = C:\Program Files\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeTray.exe" = C:\Program Files\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe -- (Microsoft Corporation)
"C:\Documents and Settings\solitarios\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\solitarios\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\Java\jre7\bin\java.exe" = C:\Program Files\Java\jre7\bin\java.exe:*:Disabled:Java™ Platform SE binary -- (Oracle Corporation)
"C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update v4 Shared Downloads Server -- (Intuit Inc.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{0CD47142-BA4F-46B0-AA92-2675864928B8}" = Microsoft Security Client
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FE80E58-0774-4EC3-B6BA-68876B88D4B9}" = TurboTax 2011 wvaiper
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{46805428-E44F-4529-8008-867DD190D506}" = TurboTax 2012 wvaiper
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5179641A-DC14-3A2E-BD53-480D4136C368}" = Google Talk Plugin
"{5469D537-9B44-4c78-BF2D-5F9807564F74}" = HP PSC & OfficeJet 4.7
"{56D4499E-AC3E-4B8D-91C9-C700C148C44B}" = Google Drive
"{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}" = Microsoft LifeCam
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72EEB695-388B-4835-8EA6-0C04545B06B9}" = Intel® PROSet/Wireless WiFi Software
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89EC099E-958D-462E-972C-385591946978}" = TurboTax 2012 WinPerFedFormset
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A8B1F076-965D-4663-A9D4-C2FB58A42AE4}" = TurboTax 2012 WinPerTaxSupport
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.9)
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CAC2CF93-B532-4A88-81FE-110750C3E4BA}" = Verizon Wireless USB760 Firmware Updates
"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
"{E83F5F27-43F3-4163-ABE5-F68C989286ED}" = TurboTax 2012 wrapper
"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F014B696-28C5-4554-802F-A15380418F53}" = TurboTax 2012 WinPerReleaseEngine
"{F19553C5-F843-4C27-BF9F-9DE4D901B895}" = Verizon Mobile Broadband Drivers
"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"CCleaner" = CCleaner
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HP LaserJet Professional P1100-P1560-P1600 Series" = HP LaserJet Professional P1100-P1560-P1600 Series
"HP Photo & Imaging" = HP Image Zone 4.7
"HTC_WModemDriver" = WModem Driver Installer
"ie8" = Windows Internet Explorer 8
"InstallShield_{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Picasa 3" = Picasa 3
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"ProInst" = Intel PROSet Wireless
"Revo Uninstaller" = Revo Uninstaller 1.95
"TurboTax 2011" = TurboTax 2011
"TurboTax 2012" = TurboTax 2012
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 12/28/2013 10:10:36 PM | Computer Name = LATITUDE-436C06 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 with error: This network connection does not exist.  
 
Error - 12/30/2013 1:24:09 PM | Computer Name = LATITUDE-436C06 | Source = ESENT | ID = 485
Description = wuauclt (6108) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log"
 failed with system error 32 (0x00000020): "The process cannot access the file because
 it is being used by another process. ".  The delete file operation will fail with
 error -1032 (0xfffffbf8).
 
Error - 12/30/2013 1:24:09 PM | Computer Name = LATITUDE-436C06 | Source = ESENT | ID = 485
Description = wuauclt (6108) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log"
 failed with system error 32 (0x00000020): "The process cannot access the file because
 it is being used by another process. ".  The delete file operation will fail with
 error -1032 (0xfffffbf8).
 
Error - 12/30/2013 1:24:09 PM | Computer Name = LATITUDE-436C06 | Source = ESENT | ID = 486
Description = wuauclt (4940) An attempt to move the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log"
 to "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" failed with system 
error 183 (0x000000b7): "Cannot create a file when that file already exists. ". 
 The move file operation will fail with error -1022 (0xfffffc02).
 
Error - 12/30/2013 1:24:09 PM | Computer Name = LATITUDE-436C06 | Source = ESENT | ID = 413
Description = wuauclt (4940) Unable to create a new logfile because the database
 cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured,
 or corrupted. Error -1022.
 
Error - 12/30/2013 1:24:09 PM | Computer Name = LATITUDE-436C06 | Source = ESENT | ID = 492
Description = wuauclt (4940) The logfile sequence in "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\"
 has been halted due to a fatal error.  No further updates are possible for the 
databases that use this logfile sequence.  Please correct the problem and restart
 or restore from backup.
 
Error - 1/16/2014 12:33:58 PM | Computer Name = LATITUDE-436C06 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
 P2 4.4.304.0, P3 timeout, P4 1.1.10201.0, P5 fixed, P6 2 _ 1024, P7 5 _ not boot,
 P8 NIL, P9 NIL, P10 NIL.
 
Error - 1/21/2014 4:23:28 PM | Computer Name = LATITUDE-436C06 | Source = ESENT | ID = 485
Description = wuauclt (3816) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log"
 failed with system error 32 (0x00000020): "The process cannot access the file because
 it is being used by another process. ".  The delete file operation will fail with
 error -1032 (0xfffffbf8).
 
Error - 1/21/2014 4:58:16 PM | Computer Name = LATITUDE-436C06 | Source = Chrome | ID = 1
Description = 
 
Error - 1/23/2014 11:41:14 AM | Computer Name = LATITUDE-436C06 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
 P2 4.4.304.0, P3 timeout, P4 1.1.10201.0, P5 fixed, P6 2 _ 1024, P7 5 _ not boot,
 P8 NIL, P9 NIL, P10 NIL.
 
[ System Events ]
Error - 1/23/2014 4:58:54 PM | Computer Name = LATITUDE-436C06 | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
 error:   %%1058
 
Error - 1/23/2014 4:58:54 PM | Computer Name = LATITUDE-436C06 | Source = Service Control Manager | ID = 7001
Description = The Windows Service Pack Installer update service service depends 
on the Security Accounts Manager service which failed to start because of the following
 error:   %%1058
 
Error - 1/23/2014 4:59:00 PM | Computer Name = LATITUDE-436C06 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
 permission for the COM Server application with CLSID   {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
 
 to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20).  This security permission
 can be modified using the Component Services administrative tool.
 
Error - 1/23/2014 4:59:01 PM | Computer Name = LATITUDE-436C06 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
 permission for the COM Server application with CLSID   {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
 
 to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20).  This security permission
 can be modified using the Component Services administrative tool.
 
Error - 1/23/2014 4:59:01 PM | Computer Name = LATITUDE-436C06 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
 permission for the COM Server application with CLSID   {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
 
 to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20).  This security permission
 can be modified using the Component Services administrative tool.
 
Error - 1/24/2014 10:06:42 AM | Computer Name = LATITUDE-436C06 | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
 error:   %%1058
 
Error - 1/24/2014 10:06:42 AM | Computer Name = LATITUDE-436C06 | Source = Service Control Manager | ID = 7001
Description = The Windows Service Pack Installer update service service depends 
on the Security Accounts Manager service which failed to start because of the following
 error:   %%1058
 
Error - 1/24/2014 10:06:57 AM | Computer Name = LATITUDE-436C06 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
 permission for the COM Server application with CLSID   {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
 
 to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20).  This security permission
 can be modified using the Component Services administrative tool.
 
Error - 1/24/2014 10:06:57 AM | Computer Name = LATITUDE-436C06 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
 permission for the COM Server application with CLSID   {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
 
 to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20).  This security permission
 can be modified using the Component Services administrative tool.
 
Error - 1/24/2014 10:06:57 AM | Computer Name = LATITUDE-436C06 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
 permission for the COM Server application with CLSID   {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
 
 to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20).  This security permission
 can be modified using the Component Services administrative tool.
 
 
< End of report >
 


#6 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 25 January 2014 - 12:18 PM

Hi solo58,

what were the results of the Malwarebytes Anti-Rootkit scan?


Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    The actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


Graduate of the WTT Classroom
Cheers,
Jo

#7 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 28 January 2014 - 03:19 AM

Hi,

it has been several days since I sent my last set of instructions to help with your computer problem.

Please let me know if you are having problems and still need help.

Note: Threads will be closed if no response after 3 days.
Graduate of the WTT Classroom
Cheers,
Jo

#8 solo58

solo58

    Authentic Member

  • Authentic Member
  • PipPip
  • 220 posts

Posted 29 January 2014 - 07:51 AM

Sorry about that, Jo.  

Was out of touch for a bit.  

I don't quite understand the instruction, "If you see an entry you want to keep, let me know about it."

Can you explain? 

Thanks



#9 solo58

solo58

    Authentic Member

  • Authentic Member
  • PipPip
  • 220 posts

Posted 29 January 2014 - 08:04 AM

Here's the report.  There was only a toolbar updater and I chose to also clean that. 

 

 # AdwCleaner v3.018 - Report created 29/01/2014 at 08:55:17

# Updated 28/01/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : solitarios - LATITUDE-436C06
# Running from : C:\Documents and Settings\solitarios\My Documents\Downloads\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : vToolbarUpdater17.0.12
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe]
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\AVG Security Toolbar
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Google Chrome v
 
[ File : C:\Documents and Settings\solitarios\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [4083 octets] - [29/01/2014 08:53:22]
AdwCleaner[S0].txt - [4090 octets] - [29/01/2014 08:55:17]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4150 octets] ##########


#10 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 29 January 2014 - 12:36 PM

Hi solo58,

Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.


***


Run OTL again.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • don't check the boxes beside LOP Check and Purity Check this time.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window OTL.Txt.
  • Please copy (Edit->Select All, Edit->Copy) the content of the file and post it with your next reply.

***


Graduate of the WTT Classroom
Cheers,
Jo

#11 solo58

solo58

    Authentic Member

  • Authentic Member
  • PipPip
  • 220 posts

Posted 29 January 2014 - 02:03 PM

I ran them both,  see below.  

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Microsoft Windows XP x86
Ran by solitarios on Wed 01/29/2014 at 14:30:33.10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 01/29/2014 at 14:36:18.73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

OTL logfile created on: 1/29/2014 2:41:04 PM - Run 2
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Documents and Settings\solitarios\My Documents\Computer Stuff
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1,014.00 Mb Total Physical Memory | 577.00 Mb Available Physical Memory | 57.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 44.83 Gb Free Space | 60.15% Space Free | Partition Type: NTFS
Drive D: | 939.75 Mb Total Space | 34.77 Mb Free Space | 3.70% Space Free | Partition Type: FAT
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: LATITUDE-436C06
Current User Name: solitarios
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe (Google Inc.)
PRC - c:\Program Files\Microsoft Security Client\MpCmdRun.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\WINDOWS\system32\HPSIsvc.exe (HP)
PRC - C:\Documents and Settings\solitarios\My Documents\Computer Stuff\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe ()
PRC - C:\Program Files\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe ()
PRC - C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel® Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Documents and Settings\solitarios\My Documents\Computer Stuff\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (IntuitUpdateServiceV4) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (HPSIService) -- C:\WINDOWS\system32\HPSIsvc.exe (HP)
SRV - (AllShare) -- C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe ()
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (EvtEng) Intel® -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV - (WLANKEEPER) Intel® -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe (Intel® Corporation)
SRV - (S24EventMonitor) Intel® -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel® Corporation)
SRV - (RegSrvc) Intel® -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV - (spupdsvc) -- C:\WINDOWS\system32\spupdsvc.exe (Microsoft Corporation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MTK) -- C:\WINDOWS\System32\Drivers\mtk.sys File not found
DRV - (HTCAND32) -- C:\WINDOWS\System32\Drivers\ANDROIDUSB.sys File not found
DRV - (avgtp) -- C:\WINDOWS\system32\drivers\avgtpx86.sys (AVG Technologies)
DRV - (MpFilter) -- C:\WINDOWS\system32\DRIVERS\MpFilter.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (mvusbews) -- C:\WINDOWS\system32\drivers\mvusbews.sys (Marvell Semiconductor, Inc.)
DRV - (NWADI) -- C:\WINDOWS\system32\drivers\NWADIenum.sys (Novatel Wireless Inc)
DRV - (NWUSBPort2_000) Novatel Wireless USB Status2 Port Driver (vGEN) -- C:\WINDOWS\system32\drivers\nwusbser2_000.sys (Novatel Wireless Inc.)
DRV - (NWUSBPort_000) Novatel Wireless USB Status Port Driver (vGEN) -- C:\WINDOWS\system32\drivers\nwusbser_000.sys (Novatel Wireless Inc.)
DRV - (NWUSBModem_000) Novatel Wireless USB Modem Driver (vGEN) -- C:\WINDOWS\system32\drivers\nwusbmdm_000.sys (Novatel Wireless Inc.)
DRV - (NWUSBCDFIL) -- C:\WINDOWS\system32\drivers\NwUsbCdFil.sys (Novatel Wireless Inc.)
DRV - (VX3000) -- C:\WINDOWS\system32\drivers\VX3000.sys (Microsoft Corporation)
DRV - (NETw5x32) Intel® -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (USBCCID) -- C:\WINDOWS\system32\drivers\usbccid.sys (Microsoft Corporation)
DRV - (OMCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/08/08 20:25:26 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} https://webmail.maxinc.com/dwa85W.cab (IBM Lotus iNotes 8.5 Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1330540140015 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1349137346390 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\solitarios\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\solitarios\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/02/29 11:08:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/01/29 14:30:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/01/29 08:52:49 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/25 00:31:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\solitarios\Application Data\Mozilla
[2014/01/23 15:55:50 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\solitarios\Recent
[2014/01/21 14:04:50 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2013/12/31 14:16:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\solitarios\Application Data\ElevatedDiagnostics
[2013/12/31 14:14:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2013/12/31 14:07:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
 
========== Files - Modified Within 30 Days ==========
 
[2014/01/29 14:35:00 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/29 14:30:03 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1425521274-1801674531-1003UA.job
[2014/01/29 14:13:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/01/29 11:13:13 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2014/01/29 11:07:16 | 000,559,930 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2014/01/29 11:07:16 | 000,473,454 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/01/29 11:07:16 | 000,076,382 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/01/29 11:03:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/01/29 11:03:13 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/29 11:03:09 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2014/01/29 11:03:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/01/29 11:03:03 | 1063,378,944 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/29 09:09:20 | 003,780,608 | ---- | M] () -- C:\Documents and Settings\solitarios\ntuser.dat
[2014/01/29 09:09:20 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\solitarios\ntuser.ini
[2014/01/29 09:09:04 | 000,000,573 | ---- | M] () -- C:\WINDOWS\win.ini
[2014/01/29 09:09:04 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2014/01/29 09:09:04 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2014/01/28 17:36:37 | 000,002,341 | ---- | M] () -- C:\Documents and Settings\solitarios\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/01/28 17:36:37 | 000,002,323 | ---- | M] () -- C:\Documents and Settings\solitarios\Desktop\Google Chrome.lnk
[2014/01/26 20:30:00 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1425521274-1801674531-1003Core.job
[2014/01/23 13:51:06 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2014/01/21 14:04:51 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\solitarios\Desktop\HijackThis.lnk
[2014/01/19 02:32:23 | 000,231,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
 
========== Files Created - No Company Name ==========
 
[2014/01/21 14:04:51 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\solitarios\Desktop\HijackThis.lnk
[2013/12/31 15:02:38 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/05/21 21:16:41 | 000,180,624 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2012/11/24 16:14:47 | 000,000,022 | ---- | C] () -- C:\WINDOWS\DeDup.ini
[2012/04/02 12:31:40 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\HP1100LM.DLL
[2012/04/02 12:30:51 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\mvusbews.dll
[2012/04/02 12:30:46 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\HP1100SMs.dll
[2012/04/02 12:30:26 | 000,284,160 | ---- | C] () -- C:\WINDOWS\System32\mvhlewsi.dll
[2012/02/29 16:44:18 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/29 13:12:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012/02/29 12:59:31 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4814.dll
[2011/02/09 23:03:48 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2009/06/26 16:21:02 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini
[2009/04/01 09:48:16 | 000,053,478 | ---- | C] () -- C:\WINDOWS\mvtcpui.ini
 
========== LOP Check ==========
 
[2013/10/22 11:51:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar
[2013/10/22 09:44:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/06/13 20:12:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HTC
[2012/06/13 20:09:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motorola
[2013/10/22 12:33:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ODIR
[2012/06/16 15:34:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WEngineLite
[2012/11/12 20:26:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\solitarios\Application Data\Auslogics
[2013/10/22 11:51:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\solitarios\Application Data\AVG SafeGuard toolbar
[2013/12/31 14:16:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\solitarios\Application Data\ElevatedDiagnostics
[2012/04/01 14:10:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\solitarios\Application Data\MSNInstaller
[2012/08/06 14:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\solitarios\Application Data\Oracle
 
========== Purity Check ==========
 
 
< End of report >


#12 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 30 January 2014 - 01:27 AM

Hi solo58,
 

what were the results of the Malwarebytes Anti-Rootkit scan?

You did not answer my question from post #6.
Run the tool again (instructions: post #4) and show the log here!


On your Desktop:
Now please go to the MBAR folder and then run the "fixdamage.exe" tool that's inside the mbar\plugins folder.


Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure "Include All Files" option remains checked.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Graduate of the WTT Classroom
Cheers,
Jo

#13 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 01 February 2014 - 01:55 AM

still need help?


Graduate of the WTT Classroom
Cheers,
Jo

#14 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 02 February 2014 - 01:15 AM

Due to inactivity this topic will be closed.
If you need help please start a new thread.

New members follow the instructions here http://forums.whatth...ed_t106388.html and start a new topic
Graduate of the WTT Classroom
Cheers,
Jo

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users