Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

For Jeff - Revived old Gateway tower with XP - Runs Slow! [Solved]

Gateway - XP - Runs slow

  • This topic is locked This topic is locked
26 replies to this topic

#16 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 02 March 2014 - 07:37 PM

I think that you should be just fine if only for movies, music and the like, but don't connect to the internet.  :)

 

When you get the new ComboFix log, be sure to post that ok?  


Posted Image
 
 

    Advertisements

Register to Remove


#17 peachy_dar

peachy_dar

    Silver Member

  • Authentic Member
  • PipPipPip
  • 385 posts
  • Interests:Riding our 2009 Navy Metallic blue Honda Goldwing Trike<br />Taking pictures and videos while riding the trike

Posted 02 March 2014 - 07:48 PM

:clap: jeff

 

Ran Combofix with NO problemo!!!  Please find attached the combofix.txt file!

 

Dar

Attached Files


Darlene

#18 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 02 March 2014 - 07:50 PM

Well done!  
 
81mYIKe.jpg  AdwCleaner
 
Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

------------


Posted Image
 
 

#19 peachy_dar

peachy_dar

    Silver Member

  • Authentic Member
  • PipPipPip
  • 385 posts
  • Interests:Riding our 2009 Navy Metallic blue Honda Goldwing Trike<br />Taking pictures and videos while riding the trike

Posted 02 March 2014 - 08:09 PM

:banana: Jeff

 

What a day!!  I've run adcleaner.... here is the text:

 

# AdwCleaner v3.020 - Report created 02/03/2014 at 21:01:59
# Updated 27/02/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Road Queen - GATEWAY
# Running from : C:\Documents and Settings\Road Queen\Desktop\MARCH 2014 PROBLEM\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v12.0 (en-US)

[ File : C:\Documents and Settings\Road Queen\Application Data\Mozilla\Firefox\Profiles\4e89e6pn.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [37669 octets] - [02/03/2014 15:42:42]
AdwCleaner[R1].txt - [958 octets] - [02/03/2014 21:00:16]
AdwCleaner[S0].txt - [38402 octets] - [02/03/2014 16:58:05]
AdwCleaner[S1].txt - [880 octets] - [02/03/2014 21:01:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [939 octets] ##########

:whistling: :whistling: :whistling: :whistling: :whistling: :whistling:

 

dar


Darlene

#20 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 03 March 2014 - 04:46 PM

Good job!  
 
ComboFix

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    ClearJavaCache::
     
    DDS::
    IE: &Add animation to IncrediMail Style Box - c:\program files\IncrediMail\bin\resources\WebMenuImg.htm
    IE: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
     
    Registry::
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "1590:UDP"=-
    "1591:UDP"=-
    "3389:TCP"=-

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
     
    CFScriptB-4.gif
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------
 
Post the new ComboFix log and let me know how your system is running now.   :)


Posted Image
 
 

#21 peachy_dar

peachy_dar

    Silver Member

  • Authentic Member
  • PipPipPip
  • 385 posts
  • Interests:Riding our 2009 Navy Metallic blue Honda Goldwing Trike<br />Taking pictures and videos while riding the trike

Posted 03 March 2014 - 06:23 PM

Jeff

 

I just got home from dinner and work.  I accidently left the kaspersky pure disk in the drive, and when I booted up the old gateway, guess what it read???  I'm installing it now.  It may not do much good after april 8th, but it will protect it up until then! 

 

so, why is it working now?  Was there something stopping it before?  what have you found on this old gateway??

 

dar


Darlene

#22 peachy_dar

peachy_dar

    Silver Member

  • Authentic Member
  • PipPipPip
  • 385 posts
  • Interests:Riding our 2009 Navy Metallic blue Honda Goldwing Trike<br />Taking pictures and videos while riding the trike

Posted 03 March 2014 - 07:16 PM

:banana: Here we go Jeff!

 

It did not ask to reboot, but I"m going to reboot anyway.  I took the chance to install kaspersky on here since I had so much trouble getting this pc to read this particular disk.  I know Im not supposed to install anything but this was a once in a blue moon thing here...

 

Let me know what ya found!

 

dar

 

 

 

ComboFix 14-03-03.02 - Road Queen 03/03/2014  19:41:34.8.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1919.933 [GMT -5:00]
Running from: c:\documents and settings\Road Queen\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Road Queen\Desktop\CFScript.txt
AV: Kaspersky PURE 3.0 *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky PURE 3.0 *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Road Queen\Application Data\inst.exe
c:\windows\system32\drivers\etc\hosts.ics
.
.
(((((((((((((((((((((((((   Files Created from 2014-02-04 to 2014-03-04  )))))))))))))))))))))))))))))))
.
.
2014-03-04 00:29 . 2011-06-02 19:39    39736    ----a-w-    c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2014-03-04 00:29 . 2011-06-02 19:39    88632    ----a-w-    c:\windows\system32\drivers\CSCrySec.sys
2014-03-04 00:27 . 2014-03-04 00:27    --------    d-----w-    c:\program files\Common Files\InfoWatch
2014-03-04 00:27 . 2014-03-04 00:32    --------    d-----w-    c:\documents and settings\All Users\Application Data\Kaspersky Lab
2014-03-04 00:27 . 2014-03-04 00:27    --------    d-----w-    c:\program files\Kaspersky Lab
2014-03-04 00:27 . 2014-03-04 00:31    --------    d-----w-    c:\windows\LastGood
2014-03-04 00:26 . 2013-11-12 03:18    74336    ----a-w-    c:\windows\system32\drivers\klflt.sys
2014-03-04 00:20 . 2014-03-04 00:20    --------    d-----w-    c:\documents and settings\All Users\Kaspersky Lab Setup Files
2014-03-02 23:54 . 2014-03-02 23:54    --------    d-----w-    c:\documents and settings\Road Queen\Application Data\Temp
2014-03-02 23:54 . 2014-03-02 23:54    --------    d-----w-    c:\documents and settings\All Users\Application Data\Kodak
2014-03-02 22:59 . 2014-03-03 01:40    --------    d-----w-    c:\documents and settings\2014 USER
2014-03-02 20:53 . 2014-03-02 22:45    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-03-02 20:53 . 2014-03-02 21:55    107224    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-03-02 20:52 . 2014-03-02 20:52    52312    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-03-02 20:42 . 2014-03-03 02:02    --------    d-----w-    C:\AdwCleaner
2014-03-02 18:30 . 2014-03-02 18:30    --------    d-----w-    c:\documents and settings\Road Queen\Application Data\Malwarebytes
2014-03-02 18:30 . 2014-03-02 18:30    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2014-03-02 18:30 . 2013-04-04 19:50    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-03-02 04:28 . 2014-03-02 04:28    1072544    ----a-w-    c:\windows\system32\nvdrsdb0.bin
2014-03-02 04:28 . 2014-03-02 04:28    1    ----a-w-    c:\windows\system32\nvdrssel.bin
2014-03-02 04:28 . 2014-03-02 04:28    1072544    ----a-w-    c:\windows\system32\nvdrsdb1.bin
2014-03-02 04:28 . 2014-03-02 04:28    --------    d-----w-    c:\program files\NVIDIA Corporation
2014-03-02 01:57 . 2014-03-02 01:57    --------    d-----w-    c:\documents and settings\MY MUSIC
2014-03-02 01:43 . 2014-03-02 01:43    --------    d-sh--w-    c:\documents and settings\LocalService\IETldCache
2014-03-02 00:34 . 2014-03-02 00:41    --------    d-----w-    c:\windows\system32\MRT
2014-03-01 23:28 . 2014-03-01 23:28    8281168    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
2014-03-01 23:19 . 2014-03-01 23:19    17268616    ----a-w-    c:\windows\system32\FlashPlayerInstaller.exe
2014-03-01 22:59 . 2014-03-01 22:59    --------    d--h--w-    c:\documents and settings\All Users\Application Data\Common Files
2014-03-01 22:52 . 2014-03-01 23:19    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-01 22:52 . 2014-03-01 23:19    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-03-01 22:28 . 2014-03-01 22:28    --------    d-----w-    C:\c1d2b7e59498d2acfa6e
2014-03-01 22:04 . 2014-03-01 22:04    --------    d-----w-    c:\program files\Mozilla Maintenance Service
2014-03-01 22:03 . 2014-03-01 22:03    2106216    ----a-w-    c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2014-03-01 22:03 . 2014-03-01 22:03    1998168    ----a-w-    c:\program files\Mozilla Firefox\d3dx9_43.dll
2014-03-01 22:03 . 2014-03-01 22:03    588728    ----a-w-    c:\program files\Mozilla Firefox\gkmedias.dll
2014-03-01 22:03 . 2014-03-01 22:03    43960    ----a-w-    c:\program files\Mozilla Firefox\mozglue.dll
2014-03-01 22:03 . 2014-03-01 22:03    157352    ----a-w-    c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2014-03-01 22:03 . 2014-03-01 22:03    129976    ----a-w-    c:\program files\Mozilla Firefox\maintenanceservice.exe
2014-03-01 22:03 . 2014-03-01 22:03    626688    ----a-w-    c:\program files\Mozilla Firefox\msvcr80.dll
2014-03-01 22:03 . 2014-03-01 22:03    548864    ----a-w-    c:\program files\Mozilla Firefox\msvcp80.dll
2014-03-01 22:03 . 2014-03-01 22:03    479232    ----a-w-    c:\program files\Mozilla Firefox\msvcm80.dll
2014-03-01 21:46 . 2014-03-01 21:46    --------    d-----w-    c:\documents and settings\Road Queen\Local Settings\Application Data\Microsoft Help
2014-03-01 21:05 . 2014-03-01 21:05    --------    d-----w-    c:\documents and settings\Road Queen\Local Settings\Application Data\PCHealth
2014-03-01 20:23 . 2013-07-03 02:12    25088    -c----w-    c:\windows\system32\dllcache\hidparse.sys
2014-03-01 20:23 . 2013-07-03 01:59    14976    -c----w-    c:\windows\system32\dllcache\usbscan.sys
2014-03-01 20:22 . 2013-07-17 00:58    123008    -c----w-    c:\windows\system32\dllcache\usbvideo.sys
2014-03-01 20:22 . 2013-07-17 00:58    46848    -c----w-    c:\windows\system32\dllcache\irbus.sys
2014-03-01 20:22 . 2013-08-09 00:55    144128    -c----w-    c:\windows\system32\dllcache\usbport.sys
2014-03-01 20:22 . 2013-08-09 00:55    32384    -c----w-    c:\windows\system32\dllcache\usbccgp.sys
2014-03-01 20:22 . 2013-08-09 00:55    5376    -c----w-    c:\windows\system32\dllcache\usbd.sys
2014-03-01 20:22 . 2009-03-18 11:02    30336    -c----w-    c:\windows\system32\dllcache\usbehci.sys
2014-03-01 20:20 . 2013-02-12 00:32    12928    -c----w-    c:\windows\system32\dllcache\usb8023x.sys
2014-03-01 20:20 . 2013-02-12 00:32    12928    -c----w-    c:\windows\system32\dllcache\usb8023.sys
2014-03-01 20:15 . 2014-02-05 23:26    522240    -c----w-    c:\windows\system32\dllcache\jsdbgui.dll
2014-03-01 19:58 . 2006-03-29 14:05    32768    ------w-    c:\windows\system32\IJRMF.exe
2014-03-01 19:40 . 2012-06-02 20:19    15384    ----a-w-    c:\windows\system32\wuapi.dll.mui
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-01 22:54 . 2010-02-04 01:29    47360    ----a-w-    c:\documents and settings\Road Queen\Application Data\pcouffin.sys
2014-03-01 20:22 . 2014-03-01 20:22    118784    ----a-w-    c:\windows\web\Wallpaper\hyy_11_05_calendar2.exe
2014-02-05 23:26 . 2006-06-17 09:23    920064    ----a-w-    c:\windows\system32\wininet.dll
2014-02-05 23:26 . 2006-06-17 09:23    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2014-02-05 23:26 . 2006-06-17 09:23    1469440    ----a-w-    c:\windows\system32\inetcpl.cpl
2014-02-05 23:26 . 2006-06-17 09:23    18944    ----a-w-    c:\windows\system32\corpol.dll
2014-02-05 22:24 . 2006-06-17 09:23    385024    ----a-w-    c:\windows\system32\html.iec
2014-01-23 01:37 . 2014-01-23 01:37    107256    ----a-w-    c:\windows\system32\drivers\RapportKELL.sys
2014-01-04 03:13 . 2006-06-17 09:23    420864    ----a-w-    c:\windows\system32\vbscript.dll
2013-12-05 11:26 . 2006-06-17 09:23    1172992    ----a-w-    c:\windows\system32\msxml3.dll
2014-03-01 22:03 . 2011-04-22 18:40    97208    ----a-w-    c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2012-12-20 23:20    459784    ----a-w-    c:\program files\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-04 68856]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-11-10 5244216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VX3000"="c:\windows\vVX3000.exe" [2006-10-13 707376]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-02-28 185896]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-14 16010752]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"QuickTime Task"="c:\program files\QUICKTIME\QTTASK.EXE" [2008-01-05 282624]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"CHotkey"="zHotkey.exe" [2004-12-09 550912]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 77312]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]
"PivotSoftware"="c:\program files\Portrait Displays\Pivot Software\wpctrl.exe" [2007-02-09 694008]
"DT GWY"="c:\program files\Common Files\Portrait Displays\Shared\DT_startup.exe" [2008-06-25 81920]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe" [2013-11-12 356128]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Event Reminder.lnk - c:\program files\PrintMaster 16\pmremind.exe [2004-1-20 339968]
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-8-1 111376]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\UPnP\\yupnpsrv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
.
R0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\drivers\CSCrySec.sys [3/3/2014 7:29 PM 88632]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [1/22/2014 8:37 PM 107256]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\drivers\CSVirtualDiskDrv.sys [3/3/2014 7:29 PM 39736]
R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [11/11/2013 10:18 PM 44000]
R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [11/11/2013 10:18 PM 145040]
R1 RapportCerberus_59849;RapportCerberus_59849;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys [3/1/2014 4:08 PM 340432]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [1/22/2014 8:37 PM 155704]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [1/22/2014 8:37 PM 228888]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [3/2/2014 1:30 PM 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/2/2014 1:30 PM 701512]
R2 PdiService;Portrait Displays SDK Service;c:\program files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [3/27/2009 9:27 PM 90112]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [1/22/2014 8:37 PM 1444120]
R3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [6/11/2012 4:22 PM 240208]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [6/27/2012 2:09 PM 35672]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/2/2014 1:30 PM 22856]
S2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [6/11/2012 4:22 PM 193616]
S2 CSObjectsSrv;CryptoStorage control service;c:\program files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [9/25/2013 3:42 PM 818888]
S2 gupdate1c985a11a9ca53b;Google Update Service (gupdate1c985a11a9ca53b);c:\program files\Google\Update\GoogleUpdate.exe [2/2/2009 8:45 PM 133104]
S3 EraserUtilDrv10741;EraserUtilDrv10741;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10741.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10741.sys [?]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [9/27/2006 4:12 PM 10664]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [11/11/2013 10:18 PM 24160]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [11/11/2013 10:18 PM 24672]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [2/3/2010 8:29 PM 47360]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - AVP
*NewlyCreated* - CSCRYSEC
*NewlyCreated* - CSVIRTUALDISKDRV
*NewlyCreated* - KL1
*NewlyCreated* - KLIF
*NewlyCreated* - KLTDI
*NewlyCreated* - KNEPS
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-01 23:19]
.
2014-03-04 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2006-12-25 19:21]
.
2014-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 01:45]
.
2014-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 01:45]
.
2014-03-04 c:\windows\Tasks\User_Feed_Synchronization-{5E05261E-1193-4CB6-BCEE-20C057ECD00C}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
2014-03-04 c:\windows\Tasks\User_Feed_Synchronization-{C553D9FA-0964-4A1E-AE14-7E6FD5C03094}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
2014-03-04 c:\windows\Tasks\{A8878FF8-D0B5-4EA3-BFCB-4FEABADB6743}_PIROZZI_Owner.job
- c:\windows\system32\mobsync.exe [2006-06-17 00:12]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1 71.252.0.12
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_settings_POTT20009/include/vzTCPConfig.CAB
FF - ProfilePath - c:\documents and settings\Road Queen\Application Data\Mozilla\Firefox\Profiles\4e89e6pn.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/|http://forums.whatth...t=62384#p630084
FF - ExtSQL: !HIDDEN! 2009-06-23 22:03; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-03-03 20:07
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3909265270-4093740595-4061975602-1009\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\HID\Vid_0461&Pid_4d16\6&235ebf88&0&0000\LogConf]
@DACL=(02 0000)
.
Completion time: 2014-03-03  20:12:42
ComboFix-quarantined-files.txt  2014-03-04 01:12
ComboFix2.txt  2014-03-03 01:45
ComboFix3.txt  2010-04-30 02:34
.
Pre-Run: 191,702,802,432 bytes free
Post-Run: 191,712,321,536 bytes free
.
- - End Of File - - 2F4F7E4775874BE37A5D83DB749BF486
B20939CD98B7710036274839082AE757
 


Darlene

#23 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 03 March 2014 - 08:20 PM

Hi Dar,

 

There was quite a bit of garbage on the system that needed cleaning.

 

and let me know how your system is running now. 

:)


Posted Image
 
 

#24 peachy_dar

peachy_dar

    Silver Member

  • Authentic Member
  • PipPipPip
  • 385 posts
  • Interests:Riding our 2009 Navy Metallic blue Honda Goldwing Trike<br />Taking pictures and videos while riding the trike

Posted 06 March 2014 - 04:35 PM

Hi Dar,

 

There was quite a bit of garbage on the system that needed cleaning.

 

and let me know how your system is running now. 

:)

Hi Jeff

 

I haven't been ignoring you, hubby came down with a nasty sinus infection, high fever, aches, pains, chills, doc gave him a Zpack - things are improving!!!  YAH!!  so, I haven't had the chance to give the old gateway a work out.  I was able to read the Kaspersky disk,,,,strange....any idea why??

 

I may get up there tonight....dont' give up on me!!

 

and a big thank you for your help again!!!

 

Dar


Darlene

#25 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 06 March 2014 - 06:10 PM

No worries.  Hope he gets to feeling better.  :)

 

When you get a chance, give the system a run and let me know how it is working.


Posted Image
 
 

    Advertisements

Register to Remove


#26 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 09 March 2014 - 05:24 PM

Per OP PM I will close this topic.  Installed new operating system.


Posted Image
 
 

#27 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 09 March 2014 - 05:25 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.
Posted Image
 
 

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users