It is currently Fri Nov 24, 2017 12:55 am


Need Help with System

Is your PC infected? Is it running slow? Just can't figure out what's making it sluggish? Here is the place to get some help.

Moderators: liljim, Gecko

Need Help with System

Postby westonm » Sat Sep 01, 2012 3:38 pm

I need help resolving issues I am having with my system. I have installed and run SpyBot and Ad-Aware. I also have Malwarebytes, SpywareBlaster, PC-Pitstop and RegCure installed and run on a regular basis. The following are my symptons and problems.:
1. Frequent program hangups, I have to re-boot several times daily
2. Extremely slow response, it takes a long time to load/run all programs
3. Slow, jerky painting of screens
4. Audio is frequently not understandable, breaks up and has static
5. The main XP screen, which says in the lower left hand corner - "Turn Off Computer" will frequently change to "Turn Off Office"

I was noticing that when the system would hang up , the task manager would list many copies of iexplore.exe under the processes. I believe that one of the anti-virus programs found and removed that since I haven't seen it in a few days.

Below is my HiJackThis log file:
Logfile of HijackThis v1.99.1
Scan saved at 9:15:33 AM, on 9/1/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\spoolsv.exe
I:\Program Files\SUPERAntiSpyware\SASCORE.EXE
I:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
I:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
I:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
I:\WINDOWS\system32\IProsetMonitor.exe
I:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\nvsvc32.exe
I:\Program Files\PCPitstop\PCPitstopScheduleService.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
I:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\Explorer.EXE
I:\Program Files\IDT\WDM\sttray.exe
I:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
I:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe
I:\WINDOWS\system32\RunDLL32.exe
I:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
I:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
I:\WINDOWS\system32\ctfmon.exe
I:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
I:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
I:\PROGRA~1\AD-AWA~1\AdAware.exe
I:\WINDOWS\system32\wuauclt.exe
I:\Program Files\Ipswitch\WS_FTP 12\WsftpCOMHelper.exe
I:\Program Files\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - I:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - I:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - I:\Program Files\adawaretb\adawareDx.dll
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [Carbonite Backup] I:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
O4 - HKLM\..\Run: [SBAutoUpdate] "I:\Program Files\SpywareBlaster\sbautoupdate.exe"
O4 - HKLM\..\Run: [Garmin Lifetime Updater] I:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
O4 - HKLM\..\Run: [APSDaemon] "I:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "I:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "I:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "I:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "I:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe"
O4 - HKLM\..\Run: [Ad-Aware Antivirus] "I:\Program Files\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] I:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] I:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://I:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - I:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - I:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - I:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - I:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - I:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Ad-Aware Service - Lavasoft Limited - I:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
O23 - Service: Adobe Active File Monitor V10 (AdobeActiveFileMonitor10.0) - Adobe Systems Incorporated - I:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - I:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - I:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - I:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - I:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc (file missing)
O23 - Service: Intel(R) PROSet Monitoring Service - Intel Corporation - I:\WINDOWS\system32\IProsetMonitor.exe
O23 - Service: MBAMService - Malwarebytes Corporation - I:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - I:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - I:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PCPitstop Scheduling - PC Pitstop LLC - I:\Program Files\PCPitstop\PCPitstopScheduleService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - I:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Ad-Aware (SBAMSvc) - GFI Software - I:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
O23 - Service: Audio Service (STacSV) - Unknown owner - i:\docume~1\weston\locals~1\temp\cdm\{d11a2c8c-bf5d-4f0b-bc5d-5e3752bab6bd}\STacSV.exe (file missing)

Thanks for any help anyone can provide.
westonm
Geek in Training
Geek in Training
 
Posts: 24
Joined: Sat Sep 01, 2012 3:23 pm
Location: Houston, TX
Operating System: Windows XP

Thanks given:0
Thanks received:0
Top

Re: Need Help with System

Postby Gecko » Sat Sep 01, 2012 8:32 pm

westonm,

Please download combofix to your desktop.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.

Double click combofix.exe and follow the prompts.

If combofix will not start or is ended before the "Blue window" please rename combofix.exe to cbf.exe and try again.

If cbf.exe will not start or is ended, you will have to run cbf.exe from safe mode.
Reboot in to Safe mode:
Restart Windows after you see the BIOS screen and before Windows starts to load.
Start tapping the F8 key. The Windows Advanced Options Menu appears.
Use the Arrow key to ensure that the Safe Mode option is selected.
Press Enter. The computer then begins to start in Safe mode.

Do not exit Combofix while it is running you my loose all your personal settings!
Important Note - Do not mouseclick combofix's window while it's running, that may cause it to stall.

When it's done running it will produce a log for you. Please post that log in your next reply.
User avatar
Gecko
Super Moderator
Super Moderator
 
Posts: 5207
Joined: Thu Oct 25, 2001 1:00 am
Location: Florida, USA

Thanks given:1
Thanks received:23
Top

Re: Need Help with System

Postby westonm » Sat Sep 01, 2012 11:52 pm

I completed tyhe combofix run and log file is as follows:

ComboFix 12-08-31.08 - Weston 09/01/2012 16:03:11.1.4 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3582.2799 [GMT -5:00]
Running from: i:\documents and settings\Weston\Desktop\ComboFix.exe
AV: Lavasoft Ad-Aware *Disabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
FW: Lavasoft Ad-Aware *Disabled* {FF1CD5B7-1553-4625-A258-1775385CED33}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
i:\documents and settings\All Users\Application Data\E75EF94CC3.sys
i:\documents and settings\All Users\Application Data\TEMP
i:\windows\system32\dllcache\dlimport.exe
i:\windows\system32\URTTemp
i:\windows\system32\URTTemp\fusion.dll
i:\windows\system32\URTTemp\mscoree.dll
i:\windows\system32\URTTemp\mscoree.dll.local
i:\windows\system32\URTTemp\mscorsn.dll
i:\windows\system32\URTTemp\mscorwks.dll
i:\windows\system32\URTTemp\msvcr71.dll
i:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-01 to 2012-09-01 )))))))))))))))))))))))))))))))
.
.
2012-08-31 15:24 . 2012-08-31 15:26 -------- d-----w- I:\rei
2012-08-31 15:24 . 2012-08-31 15:24 -------- d-----w- i:\program files\Reimage
2012-08-29 21:29 . 2012-08-29 21:29 -------- d-----w- i:\documents and settings\Mason\Local Settings\Application Data\adaware
2012-08-29 21:29 . 2012-08-29 21:29 -------- d-----w- i:\documents and settings\Mason\Application Data\Ad-Aware Antivirus
2012-08-29 20:48 . 2012-08-29 20:48 -------- d-----w- i:\documents and settings\Coleman\Local Settings\Application Data\adaware
2012-08-29 20:48 . 2012-08-29 20:48 -------- d-----w- i:\documents and settings\Coleman\Application Data\Ad-Aware Antivirus
2012-08-29 17:14 . 2012-08-29 17:14 73696 ----a-w- i:\program files\Mozilla Firefox\breakpadinjector.dll
2012-08-28 19:26 . 2012-08-28 19:26 -------- d-----w- i:\documents and settings\LocalService\Application Data\Ad-Aware Antivirus
2012-08-28 19:20 . 2012-08-28 20:18 -------- d-----w- i:\documents and settings\Weston\Local Settings\Application Data\adaware
2012-08-28 19:20 . 2011-11-29 11:59 77816 ----a-w- i:\windows\system32\drivers\sbapifs.sys
2012-08-28 19:20 . 2011-11-29 11:59 21240 ----a-w- i:\windows\system32\drivers\sbaphd.sys
2012-08-28 19:20 . 2012-08-28 19:20 -------- d-----w- i:\documents and settings\All Users\Application Data\Lavasoft
2012-08-28 19:20 . 2012-08-28 19:20 -------- d-----w- i:\windows\system32\drivers\VDD
2012-08-28 19:20 . 2012-08-28 19:27 -------- d-----w- i:\program files\Ad-Aware Antivirus
2012-08-28 19:19 . 2012-08-28 19:19 -------- d-----w- i:\documents and settings\Weston\Local Settings\Application Data\Downloaded Installations
2012-08-28 19:19 . 2012-09-01 14:04 -------- d-----w- i:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection
2012-08-28 19:18 . 2012-08-28 19:18 -------- d-----w- i:\program files\Toolbar Cleaner
2012-08-28 19:18 . 2012-08-28 19:18 -------- d-----w- i:\documents and settings\Weston\Application Data\adawaretb
2012-08-28 19:18 . 2012-08-28 19:18 -------- d-----w- i:\program files\adawaretb
2012-08-28 19:17 . 2012-08-28 21:13 -------- d-----w- i:\documents and settings\Weston\Application Data\Ad-Aware Antivirus
2012-08-28 19:07 . 2012-08-28 19:08 -------- d-----w- i:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-08-28 19:07 . 2012-08-28 19:07 -------- d-----w- i:\program files\Spybot - Search & Destroy
2012-08-27 02:35 . 2012-08-27 02:44 -------- d-----w- i:\documents and settings\All Users\Application Data\SecTaskMan
2012-08-27 02:34 . 2012-08-27 02:34 -------- d-----w- i:\program files\Security Task Manager
2012-08-21 18:46 . 2012-08-21 18:46 -------- d-----w- i:\documents and settings\Weston\Application Data\SUPERAntiSpyware.com
2012-08-21 18:46 . 2012-08-21 18:46 -------- d-----w- i:\program files\SUPERAntiSpyware
2012-08-21 18:46 . 2012-08-21 18:46 -------- d-----w- i:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-08-21 18:29 . 2012-08-21 18:29 -------- d-----w- i:\documents and settings\Weston\Application Data\Malwarebytes
2012-08-21 18:29 . 2012-08-21 18:29 -------- d-----w- i:\documents and settings\All Users\Application Data\Malwarebytes
2012-08-21 18:29 . 2012-08-21 18:29 -------- d-----w- i:\program files\Malwarebytes' Anti-Malware
2012-08-21 18:29 . 2012-07-03 18:46 22344 ----a-w- i:\windows\system32\drivers\mbam.sys
2012-08-19 22:17 . 2012-08-19 22:17 -------- d-----w- i:\documents and settings\Anna\.thumbnails
2012-08-19 19:49 . 2012-08-19 19:49 -------- d-----w- i:\documents and settings\Weston\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-08-19 19:49 . 2012-08-19 19:49 -------- d-----w- i:\program files\Adobe Download Assistant
2012-08-19 18:22 . 2012-08-19 18:22 -------- d-----w- i:\documents and settings\Weston\Local Settings\Application Data\IsolatedStorage
2012-08-18 17:57 . 2012-08-19 13:52 -------- d-----w- i:\program files\Kyodai Mahjongg 2006
2012-08-18 17:27 . 2012-08-18 17:27 -------- d-----w- i:\documents and settings\All Users\Application Data\NVIDIA
2012-08-18 17:27 . 2012-08-18 17:27 -------- d-----w- i:\documents and settings\UpdatusUser
2012-08-18 17:26 . 2012-03-22 06:09 27968 ----a-r- i:\windows\system32\nvhdap32.dll
2012-08-18 17:26 . 2012-03-22 06:09 123584 ----a-r- i:\windows\system32\drivers\nvhda32.sys
2012-08-18 17:26 . 2012-03-22 06:09 876864 ----a-r- i:\windows\system32\nvhdagenco3220103.dll
2012-08-16 18:27 . 2012-08-16 18:27 -------- d-sh--w- i:\documents and settings\Weston\UserData
2012-08-07 13:32 . 2012-08-07 13:32 -------- d-----w- i:\windows\_ISTMP5.DIR
2012-08-07 13:32 . 2012-08-07 13:32 -------- d-----w- i:\windows\_ISTMP6.DIR
2012-08-06 23:38 . 2012-08-06 23:38 -------- d-----w- i:\documents and settings\Weston\Application Data\Ipswitch
2012-08-06 23:38 . 2012-08-06 23:38 -------- d-----w- i:\program files\Ipswitch
2012-08-06 23:38 . 2012-08-06 23:38 -------- d-----w- i:\documents and settings\All Users\Application Data\Ipswitch
2012-08-06 22:04 . 2012-08-06 22:04 -------- d-----w- i:\program files\Filezilla
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 13:02 . 2012-05-29 16:08 70344 ----a-w- i:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-15 13:02 . 2012-05-29 16:08 426184 ----a-w- i:\windows\system32\FlashPlayerApp.exe
2012-07-06 13:58 . 2006-02-28 12:00 78336 ----a-w- i:\windows\system32\browser.dll
2012-07-04 14:05 . 2012-05-27 21:46 139784 ----a-w- i:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40 . 2006-02-28 12:00 1866112 ----a-w- i:\windows\system32\win32k.sys
2012-07-02 17:49 . 2006-02-28 12:00 916992 ----a-w- i:\windows\system32\wininet.dll
2012-07-02 17:49 . 2006-02-28 12:00 43520 ------w- i:\windows\system32\licmgr10.dll
2012-07-02 17:49 . 2006-02-28 12:00 1469440 ------w- i:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2006-02-28 12:00 385024 ------w- i:\windows\system32\html.iec
2012-06-07 01:59 . 2012-06-07 01:59 1070152 ----a-w- i:\windows\system32\MSCOMCTL.OCX
2012-06-05 15:50 . 2012-05-27 23:32 1372672 ------w- i:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2006-02-28 12:00 1172480 ----a-w- i:\windows\system32\msxml3.dll
2012-06-04 21:50 . 2012-06-04 21:27 3766 --sha-w- i:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2012-06-04 04:32 . 2006-02-28 12:00 152576 ----a-w- i:\windows\system32\schannel.dll
2012-08-29 17:14 . 2012-05-28 23:32 266720 ----a-w- i:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2012-04-11 20:08 87440 ----a-w- i:\program files\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2012-05-09 04:39 1011344 ----a-r- i:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2012-05-09 04:39 1011344 ----a-r- i:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2012-05-09 04:39 1011344 ----a-r- i:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="i:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 4777856]
"SpybotSD TeaTimer"="i:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="i:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"SysTrayApp"="i:\program files\IDT\WDM\sttray.exe" [2008-04-11 413696]
"Carbonite Backup"="i:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2012-05-09 1061520]
"SBAutoUpdate"="i:\program files\SpywareBlaster\sbautoupdate.exe" [2012-02-06 939184]
"Garmin Lifetime Updater"="i:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-06-04 1466760]
"APSDaemon"="i:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"AdobeAAMUpdater-1.0"="i:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"AdobeCS6ServiceManager"="i:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"NvMediaCenter"="NvMCTray.dll" [2012-04-26 108352]
"NvCplDaemon"="i:\windows\system32\NvCpl.dll" [2012-04-26 15496000]
"Malwarebytes' Anti-Malware"="i:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"Ad-Aware Browsing Protection"="i:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "i:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- i:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"i:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"i:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"i:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"i:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"i:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"i:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"i:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"i:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"i:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"i:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"i:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"i:\\Documents and Settings\\Weston\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"i:\\Program Files\\Ipswitch\\WS_FTP 12\\wsftpgui.exe"=
"i:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"i:\\Program Files\\Kyodai Mahjongg 2006\\kmj.exe"=
"i:\\Program Files\\adawaretb\\dtUser.exe"=
.
R1 SASDIFSV;SASDIFSV;i:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;i:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R1 sbaphd;sbaphd;i:\windows\system32\drivers\sbaphd.sys [8/28/2012 2:20 PM 21240]
R2 !SASCORE;SAS Core Service;i:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
R2 Ad-Aware Service;Ad-Aware Service;i:\program files\Ad-Aware Antivirus\AdAwareService.exe [7/12/2012 6:32 PM 1239952]
R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;i:\program files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [9/14/2011 10:06 PM 169624]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;i:\windows\system32\IPROSetMonitor.exe [3/12/2012 10:57 AM 133280]
R2 MBAMService;MBAMService;i:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/21/2012 1:29 PM 655944]
R2 nvUpdatusService;NVIDIA Update Service Daemon;i:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [8/18/2012 12:27 PM 2458944]
R2 PCPitstop Scheduling;PCPitstop Scheduling;i:\program files\PCPitstop\PCPitstopScheduleService.exe [5/30/2012 9:23 AM 86016]
R2 sbapifs;sbapifs;i:\windows\system32\drivers\sbapifs.sys [8/28/2012 2:20 PM 77816]
R3 MBAMProtector;MBAMProtector;i:\windows\system32\drivers\mbam.sys [8/21/2012 1:29 PM 22344]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;i:\windows\system32\drivers\nvhda32.sys [8/18/2012 12:26 PM 123584]
S1 SBRE;SBRE;i:\windows\system32\drivers\SBREDrv.sys [10/26/2011 2:23 PM 101112]
S2 gupdate;Google Update Service (gupdate);i:\program files\Google\Update\GoogleUpdate.exe [6/27/2012 5:02 PM 136176]
S2 SBAMSvc;Ad-Aware;i:\program files\Ad-Aware Antivirus\SBAMSvc.exe [12/19/2011 1:20 PM 3289032]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;i:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [5/29/2012 11:08 AM 250056]
S3 cpuz134;cpuz134;\??\i:\docume~1\Weston\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> i:\docume~1\Weston\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 gupdatem;Google Update Service (gupdatem);i:\program files\Google\Update\GoogleUpdate.exe [6/27/2012 5:02 PM 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;i:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/28/2012 6:32 PM 114144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-28 i:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
- i:\progra~1\AD-AWA~1\AdAwareLauncher.exe [2012-07-12 23:32]
.
2012-09-01 i:\windows\Tasks\Adobe Flash Player Updater.job
- i:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-29 13:02]
.
2012-09-01 i:\windows\Tasks\AdobeAAMUpdater-1.0-WMAYNARD-Anna.job
- i:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-07-15 11:09]
.
2012-09-01 i:\windows\Tasks\AdobeAAMUpdater-1.0-WMAYNARD-Weston.job
- i:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-07-15 11:09]
.
2012-08-26 i:\windows\Tasks\AppleSoftwareUpdate.job
- i:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-09-01 i:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- i:\program files\Google\Update\GoogleUpdate.exe [2012-06-27 22:02]
.
2012-09-01 i:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- i:\program files\Google\Update\GoogleUpdate.exe [2012-06-27 22:02]
.
2012-08-31 i:\windows\Tasks\ParetoLogic Registration3.job
- i:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2012-06-27 21:06]
.
2012-09-01 i:\windows\Tasks\ParetoLogic Update Version3 Startup Task.job
- i:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2012-06-27 21:06]
.
2012-08-27 i:\windows\Tasks\ParetoLogic Update Version3.job
- i:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2012-06-27 21:06]
.
2012-09-01 i:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2052111302-1563985344-839522115-1004.job
- i:\program files\Real\RealUpgrade\realupgrade.exe [2012-06-21 17:00]
.
2012-09-01 i:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2052111302-1563985344-839522115-1007.job
- i:\program files\Real\RealUpgrade\realupgrade.exe [2012-06-21 17:00]
.
2012-09-01 i:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2052111302-1563985344-839522115-1004.job
- i:\program files\Real\RealUpgrade\realupgrade.exe [2012-06-21 17:00]
.
2012-08-30 i:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2052111302-1563985344-839522115-1007.job
- i:\program files\Real\RealUpgrade\realupgrade.exe [2012-06-21 17:00]
.
2012-08-29 i:\windows\Tasks\RegCure Pro.job
- i:\program files\ParetoLogic\RegCure Pro\RegCurePro.exe [2011-12-21 22:07]
.
2012-08-31 i:\windows\Tasks\Reimage Reminder.job
- i:\program files\Reimage\Reimage Repair\ReimageReminder.exe [2012-08-02 12:30]
.
2012-09-01 i:\windows\Tasks\User_Feed_Synchronization-{712E1E74-77AA-4035-8CC1-528433DE115F}.job
- i:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://xfinity.comcast.net/
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - i:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - i:\documents and settings\Weston\Application Data\Mozilla\Firefox\Profiles\8qvw9xu9.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-01 17:07
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2052111302-1563985344-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(740)
i:\program files\SUPERAntiSpyware\SASWINLO.DLL
i:\windows\system32\WININET.dll
.
Completion time: 2012-09-01 17:11:06
ComboFix-quarantined-files.txt 2012-09-01 22:11
.
Pre-Run: 929,363,927,040 bytes free
Post-Run: 930,821,726,208 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 7AA0A7146CAF60B25C2FC256169C5DA0
westonm
Geek in Training
Geek in Training
 
Posts: 24
Joined: Sat Sep 01, 2012 3:23 pm
Location: Houston, TX
Operating System: Windows XP

Thanks given:0
Thanks received:0
Top

Re: Need Help with System

Postby Gecko » Sun Sep 02, 2012 4:09 pm

So how is it running now?
User avatar
Gecko
Super Moderator
Super Moderator
 
Posts: 5207
Joined: Thu Oct 25, 2001 1:00 am
Location: Florida, USA

Thanks given:1
Thanks received:23
Top

Re: Need Help with System

Postby westonm » Sun Sep 02, 2012 5:56 pm

It was running a lot better last night and earlier this morning. However it has a spell this morning when it locked up on IE and I had to reboot. When I logged in again it was running very slowly and would lock up. After rebooting the fourth time it started running well again and is running well now. I looked at task manager when it was locking up and there was a file "System" for user System that was just eating up CPU at a rate of 30% to 50%. I had seen that before and always thought it was just trying to clean up something but wonder if it could be a problem. While it is running good, a look at task manager shows "System" using0% to 1%. So I am not sure if it a problem or a symptom.
westonm
Geek in Training
Geek in Training
 
Posts: 24
Joined: Sat Sep 01, 2012 3:23 pm
Location: Houston, TX
Operating System: Windows XP

Thanks given:0
Thanks received:0
Top

Re: Need Help with System

Postby Gecko » Mon Sep 03, 2012 4:40 pm

Just to make sure please do an online scan with ESET Online Scanner. You must use Internet Explorer as it uses ActiveX.

Check (tick) this box: YES, I accept the Terms of Use.
Click on the Start button next to it.
When prompted to run ActiveX. click Yes.
You will be asked to install an ActiveX. Click Install.
Once installed, the scanner will be initialized.
After the scanner is initialized, click Start.
Check (tick) Remove found threats box.
Check (tick) Scan unwanted applications.
Click on Scan.
It will start scanning. Please be patient.
Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.
User avatar
Gecko
Super Moderator
Super Moderator
 
Posts: 5207
Joined: Thu Oct 25, 2001 1:00 am
Location: Florida, USA

Thanks given:1
Thanks received:23
Top

Re: Need Help with System

Postby westonm » Tue Sep 04, 2012 2:06 pm

Well that was interesting. I started the scan yesterday afternoon and when I went to bed it was still running. That was just under 6 hours. At that time it had found 10 files but they were all on the C: drive which I am not using anymore. It is not a bootable drive as I have moved all systems to what is now my I; Drive. When I got up this morning, it was locked up on the screen saver and would not do anything so I had to power off and back on. The log file is as follows:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK


That is all there was in it.
It does seem to be running faster/smoother but I can't tell if it actually scanned I: or not. It is installed on I: so I guess I could assume it did and hung up before it could write the log file.

It did check on the update for RegCure this morinng, which it has not been able to complete before and I didn't realize it was not completing. Every few days the update screen would show up on bootup and it would just close a minute or so later, this time is did the update and completed it. And so far it seems to be running faster. I guess I will see what happens for a few days before I can say it is cured, but it is looking better. Should I try to run the eset scan again, I don't know if it will let me do that as it says it is a one time free scan and I don't think I need to sccan C: again. Is it possible that something on C: was giving me the problems?
westonm
Geek in Training
Geek in Training
 
Posts: 24
Joined: Sat Sep 01, 2012 3:23 pm
Location: Houston, TX
Operating System: Windows XP

Thanks given:0
Thanks received:0
Top

Re: Need Help with System

Postby Gecko » Tue Sep 04, 2012 2:44 pm

It sounds like you C drive has a bad sector and that is why the scan stalled.

Let's try something else then. Download Malwarebytes Anti-Malware to your desktop and run the install. During the install check the box Check for Update once it's updated then run a Full scan and make sure you uncheck your C drive and that your I drive is checked

When Malwarebytes Anti-Malware is finished it will produce a log, paste the contents of that log into your next reply.
User avatar
Gecko
Super Moderator
Super Moderator
 
Posts: 5207
Joined: Thu Oct 25, 2001 1:00 am
Location: Florida, USA

Thanks given:1
Thanks received:23
Top

Re: Need Help with System

Postby westonm » Wed Sep 05, 2012 2:09 am

Yeah the possibility of a bad sector on the C: drive was why I installed a new drive and am moving programs over to it. It is still a work in progress.

I ran MalwareBytes and the following is the log:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.04.11

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Weston :: WMAYNARD [administrator]

Protection: Enabled

9/4/2012 6:02:45 PM
mbam-log-2012-09-04 (18-02-45).txt

Scan type: Full scan (I:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 448061
Time elapsed: 1 hour(s), 42 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 38
I:\Documents and Settings\Weston\My Documents\Install Files\MS Security Essentials\microsoft security essentials setup.exe (PUP.AdBundle) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{1DFC5597-CFB3-4449-BE52-C27C436F11D0}\RP138\A0057947.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{1DFC5597-CFB3-4449-BE52-C27C436F11D0}\RP75\A0018480.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{1DFC5597-CFB3-4449-BE52-C27C436F11D0}\RP75\A0018485.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{1DFC5597-CFB3-4449-BE52-C27C436F11D0}\RP75\A0018509.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{1DFC5597-CFB3-4449-BE52-C27C436F11D0}\RP75\A0018510.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{1DFC5597-CFB3-4449-BE52-C27C436F11D0}\RP75\A0018511.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{1DFC5597-CFB3-4449-BE52-C27C436F11D0}\RP75\A0018512.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{1DFC5597-CFB3-4449-BE52-C27C436F11D0}\RP75\A0018513.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{1DFC5597-CFB3-4449-BE52-C27C436F11D0}\RP75\A0018515.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{1DFC5597-CFB3-4449-BE52-C27C436F11D0}\RP75\A0018516.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{1DFC5597-CFB3-4449-BE52-C27C436F11D0}\RP75\A0018517.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{1DFC5597-CFB3-4449-BE52-C27C436F11D0}\RP75\A0018518.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{1DFC5597-CFB3-4449-BE52-C27C436F11D0}\RP75\A0018519.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{1DFC5597-CFB3-4449-BE52-C27C436F11D0}\RP75\A0018520.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{1DFC5597-CFB3-4449-BE52-C27C436F11D0}\RP75\A0018521.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{1DFC5597-CFB3-4449-BE52-C27C436F11D0}\RP75\A0018522.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{1DFC5597-CFB3-4449-BE52-C27C436F11D0}\RP75\A0018523.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{1DFC5597-CFB3-4449-BE52-C27C436F11D0}\RP75\A0018524.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{1DFC5597-CFB3-4449-BE52-C27C436F11D0}\RP75\A0018525.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{1DFC5597-CFB3-4449-BE52-C27C436F11D0}\RP75\A0018527.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{1DFC5597-CFB3-4449-BE52-C27C436F11D0}\RP75\A0018528.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{1DFC5597-CFB3-4449-BE52-C27C436F11D0}\RP75\A0018529.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{1DFC5597-CFB3-4449-BE52-C27C436F11D0}\RP75\A0018530.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{1DFC5597-CFB3-4449-BE52-C27C436F11D0}\RP75\A0018533.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{1DFC5597-CFB3-4449-BE52-C27C436F11D0}\RP75\A0018539.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{1DFC5597-CFB3-4449-BE52-C27C436F11D0}\RP75\A0018540.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{1DFC5597-CFB3-4449-BE52-C27C436F11D0}\RP75\A0018541.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{1DFC5597-CFB3-4449-BE52-C27C436F11D0}\RP75\A0018542.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{1DFC5597-CFB3-4449-BE52-C27C436F11D0}\RP75\A0018543.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{1DFC5597-CFB3-4449-BE52-C27C436F11D0}\RP75\A0018544.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{1DFC5597-CFB3-4449-BE52-C27C436F11D0}\RP75\A0018545.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{1DFC5597-CFB3-4449-BE52-C27C436F11D0}\RP75\A0018546.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{1DFC5597-CFB3-4449-BE52-C27C436F11D0}\RP75\A0018547.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{1DFC5597-CFB3-4449-BE52-C27C436F11D0}\RP75\A0018548.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{1DFC5597-CFB3-4449-BE52-C27C436F11D0}\RP75\A0018549.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{1DFC5597-CFB3-4449-BE52-C27C436F11D0}\RP75\A0018514.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{1DFC5597-CFB3-4449-BE52-C27C436F11D0}\RP80\A0018630.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

(end)
westonm
Geek in Training
Geek in Training
 
Posts: 24
Joined: Sat Sep 01, 2012 3:23 pm
Location: Houston, TX
Operating System: Windows XP

Thanks given:0
Thanks received:0
Top

Re: Need Help with System

Postby Gecko » Wed Sep 05, 2012 11:36 am

westonm,

Good the only things found was already Quarantined your system should be clean!
User avatar
Gecko
Super Moderator
Super Moderator
 
Posts: 5207
Joined: Thu Oct 25, 2001 1:00 am
Location: Florida, USA

Thanks given:1
Thanks received:23
Top

Re: Need Help with System

Postby westonm » Wed Sep 05, 2012 1:48 pm

Thanks Gecko for your help and patients. I am still getting pretty slow performance but maybe it is a hardware issue. I guess I will start looking at that again. At times it runs pretty well and other times is is terrible and I think I should be getting better consistent performance. Thanks again, you guys that do this are amazing.
westonm
Geek in Training
Geek in Training
 
Posts: 24
Joined: Sat Sep 01, 2012 3:23 pm
Location: Houston, TX
Operating System: Windows XP

Thanks given:0
Thanks received:0
Top

Re: Need Help with System

Postby Gecko » Wed Sep 05, 2012 3:16 pm

I would need some system specs before I could help chase down your slowing issue.
How much RAM is installed?
Hard disk size and available unused space?

Also we should check for system errors
Go to Start > Control panel > Administrative tools > Event viewer > look in the system section.

You are looking for any red or yellow icons, double click on the icon.
Click inside the 'Description' section then highlight the text and copy and paste it into notepad.
At the bottom of the event window check 'words' and then copy and paste that text also
Then paste it all into your reply to this thread.
User avatar
Gecko
Super Moderator
Super Moderator
 
Posts: 5207
Joined: Thu Oct 25, 2001 1:00 am
Location: Florida, USA

Thanks given:1
Thanks received:23
Top

Re: Need Help with System

Postby westonm » Wed Sep 05, 2012 5:34 pm

Wow - I didn't expect you to help with hardware diagnostics but if you are willing I can sure use the help.
The computer processor is:
Intel Core 2 Quad - Q6600 @ 2.40 Ghz with 3.5 GB RAM
The disk is:
Size 931 GB - Free 866 GB

I recently installed a new video card - old one caused system to shut down. The new one isn't as high end a card as I had before, but the specs were greater so I thought it would be ok. The cars is a GEFORCE GT 610 - specs are:
GPU Engine Specs:48CUDA Cores810Graphics Clock (MHz)1620Processor Clock (MHz)6.5Texture Fill Rate (billion/sec)Memory Specs:1.8 GbpsMemory Clock 1024MBStandard Memory ConfigDDR3Memory Interface64-bitMemory Interface Width14.4

I am not sure you want me to include the entire system errors record. There were 61 for the month of Sept/Aug and 91 for July. June was when I replaced the drive so there wasn't much then. I looked at them and they are varied, some multiple entries for the same app such as iexplorer and Outlook, Office etc. I am sure you would want me to cut that down some, so how would you want it limited.

Let me know if we need to move this to another topic on the board now that we are out of the HiJackThis phase.
westonm
Geek in Training
Geek in Training
 
Posts: 24
Joined: Sat Sep 01, 2012 3:23 pm
Location: Houston, TX
Operating System: Windows XP

Thanks given:0
Thanks received:0
Top

Re: Need Help with System

Postby Gecko » Thu Sep 06, 2012 2:13 pm

You have plenty of RAM and free disk space.

As for the system errors, how about giving me the one about IE and Outlook to start with.

When was the last time you ran Windows Update?
User avatar
Gecko
Super Moderator
Super Moderator
 
Posts: 5207
Joined: Thu Oct 25, 2001 1:00 am
Location: Florida, USA

Thanks given:1
Thanks received:23
Top

Re: Need Help with System

Postby westonm » Thu Sep 06, 2012 4:30 pm

The info for iexplore was under the heading Application and not system - guess I saw that one just looking around. Here is the last hangup for iexplorer:

This was on 9/5/12
Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

0000: 6c707041 74616369 206e6f69 676e6148
0010: 65692020 6f6c7078 652e6572 38206578
0020: 362e302e 2e313030 30373831 6e692032
0030: 6e756820 70706167 302e3020 302e302e
0040: 20746120 7366666f 30207465 30303030
0050: 303030

The next most recent under application was on 9/4/12 and here is the info:

Hanging application mbam.exe, version 1.62.0.87, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

0000: 6c707041 74616369 206e6f69 676e6148
0010: 626d2020 652e6d61 31206578 2e32362e
0020: 37382e30 206e6920 676e7568 20707061
0030: 2e302e30 20302e30 6f207461 65736666
0040: 30302074 30303030 3030

Here is the last on on OUTLOOK (on 8/31/12)

Hanging application OUTLOOK.EXE, version 12.0.6661.5003, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

0000: 6c707041 74616369 206e6f69 676e6148
0010: 554f2020 4f4f4c54 58452e4b 32312045
0020: 362e302e 2e313636 33303035 206e6920
0030: 676e7568 20707061 2e302e30 20302e30
0040: 6f207461 65736666 30302074 30303030
0050: 3030

Under the System heading here are the last couple

On 9/6/12
The Ad-Aware service hung on starting.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Nothing under data box.

Also on 9/6/12 - This one appears frequently
The Audio Service service failed to start due to the following error:
The system cannot find the path specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
And nothing in the Data box

On 9/5/12
Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Nothing in data box.

Another one that shows up frequently as a warning

TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

In the Data box
0000: 00000000 00540001 00000000 80001082
0010: 00000001 00000000 00000000 00000000
0020: 00000000 00000000

Windows update is set to run automatically everyday at 3:00 am
westonm
Geek in Training
Geek in Training
 
Posts: 24
Joined: Sat Sep 01, 2012 3:23 pm
Location: Houston, TX
Operating System: Windows XP

Thanks given:0
Thanks received:0
Top

Next

Return to Malware Support

Who is online

Users browsing this forum: No registered users and 2 guests

cron