Computer running slow

Inactive
By jcorvin
Mar 12, 2012
  1. Computer running slow, not much on mbam

    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.03.10.02

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 8.0.7601.17514
    Janet :: JANET-PC [administrator]

    3/11/2012 8:24:48 PM
    mbam-log-2012-03-11 (20-24-48).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 315633
    Time elapsed: 2 hour(s), 54 minute(s), 45 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-03-11 20:06:42
    Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 FUJITSU_ rev.8919
    Running: zwsohttg.exe; Driver: C:\Users\Janet\AppData\Local\Temp\fgloypow.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\tdx \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\Tcp wpsdrvnt.sys
    AttachedDevice \Driver\tdx \Device\Udp wpsdrvnt.sys
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Starter
    Boot Device: \Device\HarddiskVolume3
    Install Date: 12/7/2009 7:31:18 PM
    System Uptime: 3/7/2012 10:23:22 PM (94 hours ago)
    .
    Motherboard: Hewlett-Packard | | 308F
    Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz | CPU 1 | 800/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 137 GiB total, 91.226 GiB free.
    D: is FIXED (NTFS) - 11 GiB total, 1.903 GiB free.
    E: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP274: 2/28/2012 7:40:59 AM - Windows Update
    RP275: 3/2/2012 5:39:10 PM - Windows Update
    RP276: 3/3/2012 3:37:48 AM - Windows Update
    RP277: 3/9/2012 1:05:55 PM - Windows Update
    RP278: 3/10/2012 4:42:01 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Reader 9.5.0 MUI
    Adobe Shockwave Player
    ALOT Appbar
    AOL Email Toolbar
    AOL Toolbar
    AppGraffiti
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft WebCam Companion 3
    Ask Toolbar
    Atheros Driver Installation Program
    Bonjour
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Compatibility Pack for the 2007 Office system
    CyberLink DVD Suite
    D3DX10
    Facebook Video Calling 1.1.1.1
    Hewlett-Packard ACLM.NET v1.1.2.0
    Homepage Protection
    HP Customer Experience Enhancements
    HP Games
    HP Instant Web
    HP QuickSync
    HP Setup
    HP Support Assistant
    HP Update
    HP User Guides 0166
    HP Wireless Assistant
    IDT Audio
    Intel(R) Graphics Media Accelerator Driver
    IntelĀ® Matrix Storage Manager
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 29
    Junk Mail filter update
    LiveUpdate 3.3 (Symantec Corporation)
    Malwarebytes Anti-Malware version 1.60.1.1000
    Mario_Forever Toolbar
    Mesh Runtime
    Messenger Companion
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    MSVCRT
    OGA Notifier 2.0.0048.0
    PowerRecover
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Symantec Endpoint Protection
    Synaptics Pointing Device Driver
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
    Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    .
    ==== Event Viewer Messages From Past Week ========
    .
    3/9/2012 9:51:37 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{64E4EC34-BCBA-408B-A7C1-5AD25E669FD5} because another computer on the network has the same name. The server could not start.
    3/9/2012 9:50:57 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Symantec AntiVirus service.
    3/9/2012 8:28:46 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
    3/9/2012 12:32:41 PM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    3/9/2012 12:32:37 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinHttpAutoProxySvc service.
    3/9/2012 10:48:08 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinDefend service.
    3/6/2012 7:51:38 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UxSms service.
    3/11/2012 6:05:32 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    3/11/2012 5:58:54 AM, Error: Service Control Manager [7000] - The Computer Browser service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    3/11/2012 5:58:51 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
    3/11/2012 5:58:51 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Browser service.
    3/11/2012 5:35:53 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
    3/10/2012 2:14:26 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
    .
    ==== End Of File ===========================
    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.7601.17514
    Run by Janet at 20:06:55 on 2012-03-11
    Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.1015.115 [GMT -4:00]
    .
    AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_ee8b9ab8d1b9a68e\STacSV.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_ee8b9ab8d1b9a68e\aestsrv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\SPLASH.SYS\config\DVMExportService.exe
    C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\Program Files\HP\HPBTWD.exe
    C:\Program Files\Hewlett-Packard\HP QuickSync\QuickSync.exe
    C:\Program Files\Hewlett-Packard\HP QuickSync\jre\bin\javaw.exe
    C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Ask.com\Updater\Updater.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
    C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    c:\program files\aol email toolbar\AolMailTbServer.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10w_ActiveX.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.facebook.com/
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
    uInternet Settings,ProxyOverride = *.local
    mURLSearchHooks: AOLMAILTBSearch Class: {98572e47-b5fe-43de-9aea-492a1d3064cd} - c:\program files\aol email toolbar\aolmailtb.dll
    mURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - c:\program files\aol toolbar\aoltb.dll
    mURLSearchHooks: Mario Forever Toolbar: {707db484-2428-402d-afb5-d85b387544c7} - c:\program files\mario_forever\tbMari.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - c:\program files\aol toolbar\aoltb.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: AppGraffiti: {6f6a5334-78e9-4d9b-8182-8b41ea8c39ef} - c:\progra~1\appgra~1\APPGRA~1.DLL
    BHO: Mario Forever Toolbar: {707db484-2428-402d-afb5-d85b387544c7} - c:\program files\mario_forever\tbMari.dll
    BHO: ALOT Appbar Helper: {85f5cf95-ec8f-49fc-bb3f-38c79455cba2} - c:\program files\alotappbar\bin\bho\ALOTHelperBHO.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
    BHO: hpBHO Class: {abd3b5e1-b268-407b-a150-2641dab8d898} - c:\program files\common files\homepage protection\HomepageProtection.dll
    BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: AOL Email Toolbar Loader: {fbea8524-8c72-4208-9d12-7fb73e9926eb} - c:\program files\aol email toolbar\aolmailtb.dll
    TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - c:\program files\aol toolbar\aoltb.dll
    TB: AOL Email Toolbar: {a3704fa3-dbf6-46b5-b95e-0677dfd39577} - c:\program files\aol email toolbar\aolmailtb.dll
    TB: Mario Forever Toolbar: {707db484-2428-402d-afb5-d85b387544c7} - c:\program files\mario_forever\tbMari.dll
    TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: ALOT Appbar: {a531d99c-5a22-449b-83da-872725c6d0ed} - c:\program files\alotappbar\bin\ALOTHelper.dll
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [Facebook Update] "c:\users\janet\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
    uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10w_ActiveX.exe -update activex
    mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
    mRun: [HP BTW Detect Program] c:\program files\hp\HPBTWD.exe
    mRun: [HP] c:\program files\hewlett-packard\hp quicksync\QuickSync.exe
    mRun: [UpdatePRCShortCut] "c:\program files\hewlett-packard\recovery\muitransfer\muistartmenu.exe" "c:\program files\hewlett-packard\recovery" updatewithcreateonce "software\cyberlink\PowerRecover"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [<NO NAME>]
    mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    StartupFolder: c:\users\janet\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    StartupFolder: c:\users\janet\appdata\roaming\micros~1\windows\startm~1\programs\startup\zooskm~1.lnk - c:\program files\zooskmessenger\ZooskMessenger.exe
    uPolicies-system: WallpaperStyle = 2
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    dPolicies-system: WallpaperStyle = 2
    IE: &AOL Email Toolbar Search - c:\programdata\aol email toolbar\ietoolbar\resources\en-us\local\search.html
    IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://aolsvc.aol.com/onlinegames/bejeweled2/popcaploader_v10.cab
    TCP: DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{64E4EC34-BCBA-408B-A7C1-5AD25E669FD5} : DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{64E4EC34-BCBA-408B-A7C1-5AD25E669FD5}\16474777966696 : DhcpNameServer = 192.168.5.1 64.134.255.2 64.134.255.10
    TCP: Interfaces\{64E4EC34-BCBA-408B-A7C1-5AD25E669FD5}\25340535 : DhcpNameServer = 172.16.33.2
    TCP: Interfaces\{64E4EC34-BCBA-408B-A7C1-5AD25E669FD5}\4516378616 : DhcpNameServer = 192.168.2.1
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Notify: igfxcui - igfxdev.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 DVMIO;DVMIO;c:\splash.sys\config\dvmio.sys [2009-7-27 16984]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-16 106104]
    R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C60x86.sys [2009-4-27 50176]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-3-10 40776]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-6-24 167424]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-6-17 39272]
    S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
    S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
    S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-18 52224]
    .
    =============== Created Last 30 ================
    .
    2012-03-10 12:31:13 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2012-03-09 18:11:00 6552120 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{1affb3a5-f15a-4d7f-80ea-e010103fe274}\mpengine.dll
    2012-03-03 13:19:08 -------- d-----w- c:\users\janet\appdata\local\{38770F80-3672-402F-B0C3-B170C894D817}
    2012-03-03 13:18:41 -------- d-----w- c:\users\janet\appdata\local\{12682653-8A61-4BA2-AE61-9325793636ED}
    2012-02-28 01:30:14 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-02-28 01:30:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-02-24 14:05:10 -------- d-----w- c:\program files\alotappbar
    2012-02-20 03:08:37 -------- d-----w- c:\users\janet\appdata\local\{B0BEAB99-EF92-46A9-984B-C61B8A12185B}
    2012-02-19 15:07:55 -------- d-----w- c:\users\janet\appdata\local\{92C53FAD-3961-44A4-81B2-93E252B4D796}
    2012-02-19 00:46:58 -------- d-----w- c:\users\janet\appdata\local\{56714324-1E21-454F-8995-5D2C84CDF8AF}
    2012-02-19 00:46:30 -------- d-----w- c:\users\janet\appdata\local\{4B9C2818-047A-4187-AB3C-3971A95F6C4C}
    2012-02-16 20:43:26 478720 ----a-w- c:\windows\system32\timedate.cpl
    2012-02-16 20:43:09 690688 ----a-w- c:\windows\system32\msvcrt.dll
    2012-02-14 14:11:47 -------- d-----w- c:\users\janet\appdata\local\{342675C2-8707-4DD5-9ED1-784A1D348B2C}
    2012-02-14 14:11:14 -------- d-----w- c:\users\janet\appdata\local\{D1E2BE0E-C636-4D1A-A59E-E0FEEC5AE031}
    2012-02-14 01:49:49 -------- d-----w- c:\users\janet\appdata\local\{5AFBD24D-2F6C-4E6F-8236-2A2EEF720ED7}
    2012-02-14 01:49:18 -------- d-----w- c:\users\janet\appdata\local\{A78C5872-EB5F-4B41-B478-76C157AF12E7}
    2012-02-13 03:37:42 -------- d-----w- c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
    .
    ==================== Find3M ====================
    .
    2012-02-23 14:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
    2012-01-14 03:35:54 2343424 ----a-w- c:\windows\system32\win32k.sys
    2012-01-04 08:58:41 442880 ----a-w- c:\windows\system32\ntshrui.dll
    2011-12-16 07:54:22 981504 ----a-w- c:\windows\system32\wininet.dll
    2011-12-16 06:09:17 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    .
    ============= FINISH: 20:10:19.79 ===============
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Welcome to TechSpot!

    Do you understand that there are many reason that a computer can be slow- malware is only 1 of them. You do have some entries to be removed, but you also have a great number of processes running. If most or all are configured on start on boot and run in the background, you will be slow to load them all, slow to surf carrying all the running processes and gathering temporary internet files as you go, then slow to shut all of those program down.

    So it will help me if you can give me a clearer description of "slow."
    =======================================
    It also appears that you are using a netbook with Install Date: 12/7/2009. Have you ever check the Control Panel> Programs in the 3 years to see what's installed? Have you uninstalled what you don't want or use? Have you ever checked the Start Menu to see what is checked to start on boot? Do you do any routine maintenance to delete temporary internet files and Cookies, Disc Cleanup and Defrag?
    =========================================
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Before you run the Combofix scan, please disable any security software you have running.

    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe [​IMG]& follow the prompts.
    • If prompted for Recovery Console, please allow.
    • Once installed, you should see a blue screen prompt that says:
      • The Recovery Console was successfully installed.[/b]
      • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
      • Note: No query will be made if the Recovery Console is already on the system.
    • .Close/disable all anti virus and anti malware programs
      (If you need help with this, please see HERE)
    • .Close any open browsers.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
    Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    =====================================
    To run the Eset Online Virus Scan:
    If you use Internet Explorer:
    1. Open the ESETOnlineScan
    2. Skip to #4 to "Continue with the directions"

      If you are using a browser other than Internet Explorer
    3. Open Eset Smart Installer
      [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
      [o] Double click on the desktop icon to run.
      [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
    4. Continue with the directions.
    5. Check 'Yes I accept terms of use.'
    6. Click Start button
    7. Accept any security warnings from your browser.
      [​IMG]
    8. Uncheck 'Remove found threats'
    9. Check 'Scan archives/
    10. Leave remaining settings as is.
    11. Press the Start button.
    12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    13. When the scan completes, press List of found threats
    14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    15. Push the Back button, then Finish
    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    ==================================
    Please leave the logs in your next reply.
    ===================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't follow directions given to someone else
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    Threads are closed after 5 days if there is no reply.
  3. jcorvin

    jcorvin Newcomer, in training Topic Starter

    This is a friends computer. There does not appear to be any previous maintenance. I had deleted temporary internet files, and it took forever, lol.

    I understand that malware is not always the issue, but I figured it was probably present given the lack of maint,
    I have just forgotten the basics outside of malware removal.

    I tried running eset both ways. I tried disabling pop up blocker and turning down int explorer security.

    I can't get it to run.

    Here is combofix

    ComboFix 12-03-12.03 - Janet 03/12/2012 19:31:14.1.2 - x86
    Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.1015.216 [GMT -4:00]
    Running from: c:\users\Janet\Desktop\ComboFix.exe
    AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
    SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\Common Files\Uninstall
    c:\program files\HP\HPBTWD.exe
    c:\windows\Downloaded Program Files\popcaploader.dll
    c:\windows\Downloaded Program Files\popcaploader.inf
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-02-12 to 2012-03-12 )))))))))))))))))))))))))))))))
    .
    .
    2012-03-12 23:47 . 2012-03-12 23:47 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-03-09 18:11 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1AFFB3A5-F15A-4D7F-80EA-E010103FE274}\mpengine.dll
    2012-02-28 01:30 . 2012-02-28 01:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-02-28 01:30 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-02-16 20:43 . 2011-12-30 05:27 478720 ----a-w- c:\windows\system32\timedate.cpl
    2012-02-16 20:43 . 2011-12-16 07:52 690688 ----a-w- c:\windows\system32\msvcrt.dll
    2012-02-13 03:37 . 2012-02-13 03:37 -------- d-----w- c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-23 14:18 . 2010-02-07 14:15 237072 ------w- c:\windows\system32\MpSigStub.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{707db484-2428-402d-afb5-d85b387544c7}]
    2009-08-30 14:28 2259480 ----a-w- c:\program files\Mario_Forever\tbMari.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{707db484-2428-402d-afb5-d85b387544c7}"= "c:\program files\Mario_Forever\tbMari.dll" [2009-08-30 2259480]
    .
    [HKEY_CLASSES_ROOT\clsid\{707db484-2428-402d-afb5-d85b387544c7}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{707DB484-2428-402D-AFB5-D85B387544C7}"= "c:\program files\Mario_Forever\tbMari.dll" [2009-08-30 2259480]
    .
    [HKEY_CLASSES_ROOT\clsid\{707db484-2428-402d-afb5-d85b387544c7}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Facebook Update"="c:\users\Janet\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-09-01 137536]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-06-12 1533224]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-06-29 458844]
    "UpdatePRCShortCut"="c:\program files\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
    "WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-07-09 115560]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
    .
    c:\users\Janet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    ZooskMessenger.lnk - c:\program files\ZooskMessenger\ZooskMessenger.exe [N/A]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
    "WallpaperStyle"= 2
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
    S1 DVMIO;DVMIO;c:\splash.sys\config\dvmio.sys [2009-07-27 16984]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_ee8b9ab8d1b9a68e\aestsrv.exe [2009-03-02 81920]
    S2 DvmMDES;DeviceVM Meta Data Export Service;c:\splash.sys\config\DVMExportService.exe [2009-07-09 323584]
    S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-04 106104]
    S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C60x86.sys [2009-04-28 50176]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-24 167424]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - FGLOYPOW
    *Deregistered* - fgloypow
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-03-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4107308365-2542691797-2888270749-1000Core.job
    - c:\users\Janet\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-01 20:30]
    .
    2012-03-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4107308365-2542691797-2888270749-1000UA.job
    - c:\users\Janet\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-01 20:30]
    .
    2012-02-17 c:\windows\Tasks\HPCeeScheduleForJanet.job
    - c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.facebook.com/
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.2.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    HKLM-Run-HP BTW Detect Program - c:\program files\HP\HPBTWD.exe
    SafeBoot-Symantec Antvirus
    AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-4107308365-2542691797-2888270749-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-4107308365-2542691797-2888270749-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-03-12 19:53:26
    ComboFix-quarantined-files.txt 2012-03-12 23:53
    .
    Pre-Run: 97,835,962,368 bytes free
    Post-Run: 98,029,416,448 bytes free
    .
    - - End Of File - - 808CE20590F447D6A3D7A8CA13A676C1
  4. jcorvin

    jcorvin Newcomer, in training Topic Starter

    I just doublechecked to make sure scripts were allowed at prompt - nothing.

    Oddly enough, I don't even get the yellow explorer title bar to click, I just get a little picture loading icon in the popup window followed by a red X
  5. jcorvin

    jcorvin Newcomer, in training Topic Starter

    computer now seems to have mail.ru

    is this a virus?
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    I am sorry about the delay- I've been sick.
    Please tell your friend that if he does not improve his browsing habits, we will continue to be slow and expose the system to malware.
    ===================================
    Please observe:Directions in Combofix are:
    The heading on Combofix log you left:
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
    Code:
    File::
    Folder::
    c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
    DDS::
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
    mURLSearchHooks: Mario Forever Toolbar: {707db484-2428-402d-afb5-d85b387544c7} - c:\program files\mario_forever\tbMari.dll
    BHO: AppGraffiti: {6f6a5334-78e9-4d9b-8182-8b41ea8c39ef} - c:\progra~1\appgra~1\APPGRA~1.DLL
    BHO: Mario Forever Toolbar: {707db484-2428-402d-afb5-d85b387544c7} - c:\program files\mario_forever\tbMari.dll
    BHO: ALOT Appbar Helper: {85f5cf95-ec8f-49fc-bb3f-38c79455cba2} - c:\program files\alotappbar\bin\bho\ALOTHelperBHO.dll
    BHO: hpBHO Class: {abd3b5e1-b268-407b-a150-2641dab8d898} - c:\program files\common files\homepage protection\HomepageProtection.dll
    BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: Mario Forever Toolbar: {707db484-2428-402d-afb5-d85b387544c7} - c:\program files\mario_forever\tbMari.dll
    TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: ALOT Appbar: {a531d99c-5a22-449b-83da-872725c6d0ed} - c:\program files\alotappbar\bin\ALOTHelper.dll
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
    mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
    Registry::
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}]
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{707db484-2428-402d-afb5-d85b387544c7}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{707db484-2428-402d-afb5-d85b387544c7}"=- 
    [HKEY_CLASSES_ROOT\clsid\{707db484-2428-402d-afb5-d85b387544c7}]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{707DB484-2428-402D-AFB5-D85B387544C7}"=- 
    [HKEY_CLASSES_ROOT\clsid\{707db484-2428-402d-afb5-d85b387544c7}]
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=-
    
    Clearjavacache::
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
    ======================================
    I have included the following in the script. You should uninstall the related programs, then use Windows Explorer to right click> Delete on their program folder:
    1. Mario Forever Toolbar - a Conduit "Community Toolbar" - modifies the default IE URL search hook. Conduit toolbars are reputed to have a certain trackware functionality.
    2. AppGraffiti Facebook Layouts plugin, a required install before any software can be downloaded - also see privacy policy. See Privacy Policy> http://www.appgraffiti.com/Legal/Privacy.aspx
    3. . ALOT Appbar Helper alotappbar.dll, ALOTHelperBHO.dll>See Privacy Policy> alot.com AppBar
      From WOT Site Advisor: Warning! This site has a poor reputation.(alot.com)
      Previous blacklisting by a trusted source may still affect this site's reputation.
      Fails: Trustworthiness, Vendor reliability, Privacy, Child Safety
    4. . HelloWorldBHO >HomepageProtection.dll Browser plugin, comes pre-installed on certain brand (HP) computers and connects to browser.cdn.aol.com/toolbar/browserpages/homepageprotection/metrics.html, also see this forum thread. There will be a "Homepage Protection" entry in Control Panel > Add/Remove Programs cq Programs and Features, which can simply be uninstalled if desired
    ====================================
    Please tell me more clearly what the problem is running the Eset scan.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.