Solved Internet speed painfully slow. Other computers in house are much faster

M

michael311

Posts: 13   +0
Hi. When I run an internet speed test on this computer it shows a download speed 3 times slower than other computers and laptops in the house. This computer (emachine) is the computer that has the router installed. I do not know if the slow internet speed is caused by a virus or if I messed up the network configurations. I have tried many cleaners and scanners to try to fix the problem and then I found your site. Thank you very much for any help you can give.

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2011.12.31.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Mom :: EMACHINE [administrator]

12/31/2011 4:23:38 PM
mbam-log-2011-12-31 (16-23-38).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 218653
Time elapsed: 18 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

++++++++++++++++++

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-01-01 02:18:08
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0 WDC_WD80 rev.13.0
Running: 2u4t0xh6.exe; Driver: C:\DOCUME~1\Mom\LOCALS~1\Temp\fxlcapog.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip kmodurl.sys (Firewall TdiFilter Driver/Kingsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp kmodurl.sys (Firewall TdiFilter Driver/Kingsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp kmodurl.sys (Firewall TdiFilter Driver/Kingsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp kmodurl.sys (Firewall TdiFilter Driver/Kingsoft Corporation)

---- EOF - GMER 1.0.15 ----

+++++++++++++++++

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by Mom at 2:35:26 on 2012-01-01
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1125 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe
C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://my.yahoo.com/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\5.1.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\5.1.0.29\ips\IPSBHO.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\5.1.0.29\coIEPlg.dll
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [KSafeTray] "c:\program files\kingsoft\pcdoctor\KSafeTray.exe" -autorun
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 68.87.73.246 68.87.71.230 192.168.1.1
TCP: Interfaces\{5100D9CC-E15A-48F5-8C4D-7CF8BE488289} : DhcpNameServer = 68.87.73.246 68.87.71.230 192.168.1.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxsrvc.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\mom\application data\mozilla\firefox\profiles\4wngfs3y.default user\
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\mom\application data\mozilla\firefox\profiles\4wngfs3y.default user\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\mom\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2011-12-31 03:30:40 -------- d-----w- c:\documents and settings\mom\local settings\application data\KSafe
2011-12-31 01:53:08 -------- d-----w- c:\documents and settings\mom\application data\kingsoft
2011-12-31 01:43:43 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-12-31 01:29:01 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-31 01:19:10 9216 -c----w- c:\windows\system32\dllcache\fs_rec.sys
2011-12-31 01:19:10 77824 -c----w- c:\windows\system32\dllcache\ifsutil.dll
2011-12-31 01:19:10 57344 -c----w- c:\windows\system32\dllcache\uexfat.dll
2011-12-31 01:19:10 57344 ----a-w- c:\windows\system32\uexfat.dll
2011-12-31 01:19:10 18944 -c----w- c:\windows\system32\dllcache\fmifs.dll
2011-12-31 01:19:10 133632 -c----w- c:\windows\system32\dllcache\exfat.sys
2011-12-31 01:19:10 133632 ------w- c:\windows\system32\drivers\exfat.sys
2011-12-31 01:19:09 278528 -c----w- c:\windows\system32\dllcache\ulib.dll
2011-12-31 01:18:15 74752 -c----w- c:\windows\system32\dllcache\msw3prt.dll
2011-12-31 01:18:15 104960 -c----w- c:\windows\system32\dllcache\win32spl.dll
2011-12-31 01:17:37 62976 -c----w- c:\windows\system32\dllcache\cdrom.sys
2011-12-31 01:17:37 465920 -c----w- c:\windows\system32\dllcache\imapi2fs.dll
2011-12-31 01:17:37 465920 ------w- c:\windows\system32\imapi2fs.dll
2011-12-31 01:17:37 317952 -c----w- c:\windows\system32\dllcache\imapi2.dll
2011-12-31 01:17:37 317952 ------w- c:\windows\system32\imapi2.dll
2011-12-31 01:16:03 330752 -c----w- c:\windows\system32\dllcache\ipnathlp.dll
2011-12-31 01:15:50 -------- d-sh--w- C:\KRSHistory
2011-12-31 01:15:17 -------- d--h--w- C:\SafeRecycle
2011-12-31 01:15:14 -------- d-----w- c:\documents and settings\mom\application data\KSafe
2011-12-31 01:14:45 -------- d-sh--w- c:\documents and settings\all users\application data\KRSHistory
2011-12-31 01:14:44 -------- d-----w- c:\documents and settings\all users\application data\Safe
2011-12-31 01:13:19 -------- d-----w- c:\documents and settings\all users\application data\kingsoft
2011-12-31 01:12:46 -------- d-----w- c:\program files\Kingsoft
2011-12-28 01:30:13 -------- d-----w- c:\program files\Cisco Systems
2011-12-27 16:22:21 -------- d-----w- c:\documents and settings\all users\application data\Cisco Systems
.
==================== Find3M ====================
.
2011-12-31 01:43:18 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:33:08 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:03 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-11 23:01:35 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-10-11 23:01:35 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
.
============= FINISH: 2:36:24.48 ===============

+++++++++++++++++

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 1/3/2005 4:18:01 PM
System Uptime: 12/31/2011 1:09:07 PM (13 hours ago)
.
Motherboard: | |
Processor: Intel(R) Celeron(R) CPU 2.66GHz | J2E1 | 2666/133mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 4.184 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)
F: is Removable
G: is Removable
H: is Removable
I: is Removable
Z: is NetworkDisk (NTFS) - 75 GiB total, 4.184 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP2679: 11/3/2011 4:41:59 PM - System Checkpoint
RP2680: 11/4/2011 5:45:47 PM - System Checkpoint
RP2681: 11/5/2011 6:29:43 PM - System Checkpoint
RP2682: 11/6/2011 6:21:38 PM - System Checkpoint
RP2683: 11/7/2011 6:26:09 PM - System Checkpoint
RP2684: 11/8/2011 7:39:07 PM - System Checkpoint
RP2685: 11/9/2011 3:00:40 AM - Software Distribution Service 3.0
RP2686: 11/10/2011 3:17:40 AM - System Checkpoint
RP2687: 11/11/2011 3:00:38 AM - Software Distribution Service 3.0
RP2688: 11/12/2011 3:44:40 AM - System Checkpoint
RP2689: 11/13/2011 4:17:54 AM - System Checkpoint
RP2690: 11/14/2011 4:53:00 AM - System Checkpoint
RP2691: 11/15/2011 5:30:33 AM - System Checkpoint
RP2692: 11/16/2011 6:23:17 AM - System Checkpoint
RP2693: 11/17/2011 7:09:57 AM - System Checkpoint
RP2694: 11/18/2011 7:58:30 AM - System Checkpoint
RP2695: 11/19/2011 8:42:48 AM - System Checkpoint
RP2696: 11/20/2011 9:52:13 AM - System Checkpoint
RP2697: 11/21/2011 10:16:11 AM - System Checkpoint
RP2698: 11/22/2011 10:24:58 AM - System Checkpoint
RP2699: 11/23/2011 10:52:59 AM - System Checkpoint
RP2700: 11/24/2011 11:53:03 AM - System Checkpoint
RP2701: 11/25/2011 12:53:04 PM - System Checkpoint
RP2702: 11/26/2011 1:53:07 PM - System Checkpoint
RP2703: 11/27/2011 2:53:06 PM - System Checkpoint
RP2704: 11/28/2011 3:33:14 PM - System Checkpoint
RP2705: 11/29/2011 4:33:15 PM - System Checkpoint
RP2706: 12/1/2011 7:42:08 PM - System Checkpoint
RP2707: 12/2/2011 8:22:26 PM - System Checkpoint
RP2708: 12/3/2011 10:00:18 PM - System Checkpoint
RP2709: 12/4/2011 10:26:47 PM - System Checkpoint
RP2710: 12/5/2011 11:04:41 PM - System Checkpoint
RP2711: 12/6/2011 11:46:16 PM - System Checkpoint
RP2712: 12/8/2011 12:46:17 AM - System Checkpoint
RP2713: 12/9/2011 1:46:16 AM - System Checkpoint
RP2714: 12/10/2011 2:41:33 AM - System Checkpoint
RP2715: 12/11/2011 3:28:52 AM - System Checkpoint
RP2716: 12/12/2011 3:32:54 AM - System Checkpoint
RP2717: 12/13/2011 4:08:06 AM - System Checkpoint
RP2718: 12/14/2011 4:58:06 AM - System Checkpoint
RP2719: 12/15/2011 3:01:06 AM - Software Distribution Service 3.0
RP2720: 12/16/2011 3:29:57 AM - System Checkpoint
RP2721: 12/17/2011 4:19:31 AM - System Checkpoint
RP2722: 12/18/2011 5:19:28 AM - System Checkpoint
RP2723: 12/19/2011 6:19:29 AM - System Checkpoint
RP2724: 12/20/2011 6:59:18 AM - System Checkpoint
RP2725: 12/21/2011 7:45:55 AM - System Checkpoint
RP2726: 12/22/2011 8:10:21 AM - System Checkpoint
RP2727: 12/23/2011 9:08:07 AM - System Checkpoint
RP2728: 12/24/2011 9:48:39 AM - System Checkpoint
RP2729: 12/25/2011 12:17:51 PM - System Checkpoint
RP2730: 12/26/2011 12:44:03 PM - System Checkpoint
RP2731: 12/27/2011 1:34:09 PM - System Checkpoint
RP2732: 12/28/2011 1:35:21 PM - System Checkpoint
RP2733: 12/29/2011 2:06:16 PM - System Checkpoint
RP2734: 12/29/2011 3:02:58 PM - Removed Google Earth.
RP2735: 12/29/2011 3:03:56 PM - Installed Google Earth.
RP2736: 12/30/2011 12:33:54 PM - Installed Ad-Aware
RP2737: 12/30/2011 12:37:12 PM - Installed Ad-Aware
RP2738: 12/30/2011 8:17:28 PM - Installed Windows XP KB951830.
RP2739: 12/30/2011 8:18:08 PM - Installed Windows XP KB932716-v2.
RP2740: 12/30/2011 8:18:43 PM - Installed Windows XP KB953155.
RP2741: 12/30/2011 8:19:03 PM - Installed Windows Media Player KB952069.
RP2742: 12/30/2011 8:19:40 PM - Installed Windows XP KB955704.
RP2743: 12/30/2011 8:20:20 PM - Installed Windows XP KB2447568.
RP2744: 12/31/2011 9:15:13 PM - System Checkpoint
.
==== Installed Programs ======================
.
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.0.1)
Adobe Shockwave Player 11.5
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Batch File Modifier
Bionicle Translator
Bionicle Translator (C:\Program Files\Bionicle Translator\)
BlueJ 3.0.2
Bonjour
Bonjour Print Services
Cisco Connect
Cisco Network Magic
Citrix online plug-in - web
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
CleanUp!
Comcast High-Speed Internet Install Wizard
Compatibility Pack for the 2007 Office system
eMachines Bay Reader
ERUNT 1.1j
ExamView Pro
EXIFeditor
Family Lawyer 2000
Glary Utilities 2.41.0.1358
Google Chrome
Google Earth
Google Update Helper
GoToAssist 8.0.0.516
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB951830)
Intel Application Accelerator
Intel(R) Extreme Graphics Driver
Intel(R) PRO Network Adapters and Drivers
IObit Security 360
IrfanView (remove only)
iTunes
Java Auto Updater
Java DB 10.5.3.0
Java(TM) 6 Update 29
Java(TM) SE Development Kit 6 Update 21
Java(TM) SE Development Kit 6 Update 24
Jesper Office Spaceplanning
Kingsoft PC Doctor 3.2.0.41
Learn2 Player (Uninstall Only)
Legal Search
Macromedia Flash Player
Macromedia Shockwave Player
Malwarebytes Anti-Malware version 1.60.0.1800
Media Collage
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Data Access Components KB870669
Microsoft FrontPage Client - English
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Disc 2
Microsoft Office 2000 SR-1 Premium
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual Basic .NET Standard 2003 - English
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MotoConnect 1.1.31
Motorola Mobile Drivers Installation 4.7.1
Mozilla Firefox (3.5.17)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network Magic
Norton Security Suite
PDF2Word Converter
PDFTOEXCEL
Photo Story 3 for Windows
PowerDVD
Pure Networks Platform
Quicken 2009
QuickTime
RealPlayer
Realtek AC'97 Audio
Revo Uninstaller 1.91
RollerCoaster Tycoon 3
ScanSoft PaperPort Viewer 7.0
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB953155)
Serif PhotoPlus 5.5
Shutterfly Studio
Smart Defrag
SoftV92 Data Fax Modem with SmartCP
Sony USB Driver
Spybot - Search & Destroy
SUPERAntiSpyware
TestGen
The Plain-Language Law Dictionary
TrojanHunter 5.2
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB955704)
Viewpoint Media Player
Virtual Earth 3D (Beta)
Visual Basic .NET Standard 2003 - English
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual Studio.NET Baseline - English
WebFldrs XP
Winamp
Winamp Application Detect
Windows Backup Utility
Windows Defender
Windows Defender Signatures
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Player 10
Windows Movie Maker 2.0
Windows WMF Metafile Vulnerability HotFix 1.2
Windows XP Service Pack 3
Yahoo! Messenger
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
12/30/2011 9:56:36 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the service.
12/30/2011 9:56:06 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the KSafeSvc service.
12/27/2011 8:30:59 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Pure Networks Platform Service service to connect.
12/27/2011 8:30:59 AM, error: Service Control Manager [7000] - The Pure Networks Platform Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/27/2011 4:17:52 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
12/27/2011 4:12:19 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
12/27/2011 3:16:51 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 240 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
12/27/2011 12:16:50 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 60 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
12/27/2011 11:48:10 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
12/27/2011 11:46:50 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
12/27/2011 1:21:25 PM, error: NetBT [4321] - The name "MSHOME :1d" could not be registered on the Interface with IP address 192.168.1.103. The machine with the IP address 192.168.1.108 did not allow the name to be claimed by this machine.
12/27/2011 1:16:50 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 120 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
.
==== End Of File ===========================
 
Welcome aboard
yahooo.gif


I don't see anything malicious but....

You're running 3 AV programs, Lavasoft Ad-Watch Live! Anti-Virus, AVG and Norton.
TWO of them have to be uninstalled.
I suggest Lavasoft goes.
Then...
If AVG is another one to go make sure you use AVG Remover to uninstall it: http://www.avg.com/us-en/utilities
If Norton use this tool: https://www-secure.symantec.com/nor...&version=1&pvid=f-home&entsrc=redirect_pubweb

When done let me know how things are.
 
Hi Broni,
I thought I uninstalled AVG years ago when I got Norton with my ISP - Comcast. I guess it did not uninstall correctly at that time. I uninstalled LavaSoft Ad-aware and AVG (using your link) and rebooted. I also defraged the hard drive. My internet connection is still slow. On my other computers, when I run an internet speed test at Speedtest.net, I see download speeds around 25mbps. But this computer only shows about 10mbps when I run the test the first time. If I click "test again" then it starts showing faster results. I was doing this on IE but I also tried it with Chrome and got simular results.

Another thing that I notice is that when I go to various websites it takes forever to load. But if I click refresh or if I leave the site and then return to it, it loads much faster. This computer is used mostly by my wife so I'm just now noticing this happening as I'm trying to help her make it go faster.

Let me know if there is anything else I can do.

Thank you,

Michael
 
Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

============================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.

**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
When I tried to run ComboFix, it told me that AVG was still running (see attached) so I closed ComboFix. I do not know why AVG would still appear to be running. I uninstalled it a few years ago and I also uninstalled it with the link you provided. Here is the MBR textfile. Please let me know if I should retry ComboFix and the rest of your instructions.

aswMBR version 0.9.9.1124 Copyright(c) 2011 AVAST Software
Run date: 2012-01-02 09:32:54
-----------------------------
09:32:54.828 OS Version: Windows 5.1.2600 Service Pack 3
09:32:54.828 Number of processors: 1 586 0x303
09:32:54.828 ComputerName: EMACHINE UserName: Mom
09:32:55.843 Initialize success
09:35:05.046 AVAST engine defs: 12010200
09:36:02.843 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0
09:36:02.843 Disk 0 Vendor: WDC_WD80 13.0 Size: 76319MB BusType: 3
09:36:02.875 Disk 0 MBR read successfully
09:36:02.875 Disk 0 MBR scan
09:36:02.906 Disk 0 unknown MBR code
09:36:02.906 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76316 MB offset 63
09:36:02.906 Disk 0 scanning sectors +156296385
09:36:02.984 Disk 0 scanning C:\WINDOWS\system32\drivers
09:36:24.859 Service scanning
09:36:26.203 Modules scanning
09:36:47.562 Disk 0 trace - called modules:
09:36:47.562 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll IdeChnDr.sys
09:36:47.578 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a5e3030]
09:36:47.578 3 CLASSPNP.SYS[f76c7fd7] -> nt!IofCallDriver -> \Device\00000095[0x8a5cd030]
09:36:47.578 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0[0x8a5ce140]
09:36:48.109 AVAST engine scan C:\WINDOWS
09:36:57.437 AVAST engine scan C:\WINDOWS\system32
09:39:46.125 AVAST engine scan C:\WINDOWS\system32\drivers
09:40:14.359 AVAST engine scan C:\Documents and Settings\Mom
09:54:30.718 AVAST engine scan C:\Documents and Settings\All Users
09:58:41.453 Scan finished successfully
10:46:06.796 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Mom\Desktop\MBR.dat"
10:46:06.796 The log file has been saved successfully to "C:\Documents and Settings\Mom\Desktop\aswMBR.txt"
 

Attachments

  • ComboFix AVG Message.doc
    32 KB · Views: 2
Below is the ComboFix.txt file. Also, after completing ComboFix and opening IE, I got the message that IE was not my default browser. I'm not sure if this was caused by ComboFix or if something got hacked when I temporarily disabled Norton.

ComboFix 12-01-02.01 - Mom 01/02/2012 12:44:21.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1449 [GMT -5:00]
Running from: c:\documents and settings\Mom\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\Safe
c:\documents and settings\All Users\Application Data\Safe\zsinfo.dat
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Mom\GoToAssistDownloadHelper.exe
c:\documents and settings\Mom\WINDOWS
c:\windows\Downloaded Program Files\Temp
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\hack
c:\windows\system32\hack\OEMLINK\OEM1.reg
c:\windows\system32\hack\OEMLINK\OEM2.reg
c:\windows\system32\hack\OEMLINK\OEM3.reg
.
.
((((((((((((((((((((((((( Files Created from 2011-12-02 to 2012-01-02 )))))))))))))))))))))))))))))))
.
.
2012-01-02 16:28 . 2012-01-02 17:38 -------- d-----w- C:\32788R22FWJFW
2012-01-02 02:55 . 2011-08-19 21:33 25944 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2012-01-02 02:55 . 2010-11-26 23:02 14776 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2012-01-02 01:34 . 2011-10-21 09:01 24984 ----a-w- c:\windows\system32\drivers\BC.sys
2011-12-31 03:30 . 2011-12-31 03:30 -------- d-----w- c:\documents and settings\Mom\Local Settings\Application Data\KSafe
2011-12-31 01:53 . 2011-12-31 01:53 -------- d-----w- c:\documents and settings\Mom\Application Data\kingsoft
2011-12-31 01:43 . 2011-12-31 01:43 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-12-31 01:29 . 2011-12-31 01:31 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-31 01:19 . 2008-09-30 06:19 77824 -c----w- c:\windows\system32\dllcache\ifsutil.dll
2011-12-31 01:19 . 2008-09-30 06:19 57344 -c----w- c:\windows\system32\dllcache\uexfat.dll
2011-12-31 01:19 . 2008-09-30 06:19 57344 ----a-w- c:\windows\system32\uexfat.dll
2011-12-31 01:19 . 2008-09-30 06:19 18944 -c----w- c:\windows\system32\dllcache\fmifs.dll
2011-12-31 01:19 . 2008-09-29 10:21 133632 -c----w- c:\windows\system32\dllcache\exfat.sys
2011-12-31 01:19 . 2008-09-29 10:21 133632 ------w- c:\windows\system32\drivers\exfat.sys
2011-12-31 01:19 . 2008-09-29 10:20 9216 -c----w- c:\windows\system32\dllcache\fs_rec.sys
2011-12-31 01:19 . 2008-09-30 06:19 278528 -c----w- c:\windows\system32\dllcache\ulib.dll
2011-12-31 01:18 . 2008-08-28 07:46 74752 -c----w- c:\windows\system32\dllcache\msw3prt.dll
2011-12-31 01:18 . 2008-08-28 07:46 104960 -c----w- c:\windows\system32\dllcache\win32spl.dll
2011-12-31 01:17 . 2008-05-02 13:25 465920 -c----w- c:\windows\system32\dllcache\imapi2fs.dll
2011-12-31 01:17 . 2008-05-02 13:25 465920 ------w- c:\windows\system32\imapi2fs.dll
2011-12-31 01:17 . 2008-05-02 13:25 317952 -c----w- c:\windows\system32\dllcache\imapi2.dll
2011-12-31 01:17 . 2008-05-02 13:25 317952 ------w- c:\windows\system32\imapi2.dll
2011-12-31 01:17 . 2008-05-02 10:49 62976 -c----w- c:\windows\system32\dllcache\cdrom.sys
2011-12-31 01:16 . 2008-04-21 18:44 330752 -c----w- c:\windows\system32\dllcache\ipnathlp.dll
2011-12-31 01:15 . 2011-12-31 01:15 -------- d-----w- C:\KRSHistory
2011-12-31 01:15 . 2011-12-31 01:15 -------- d-----w- C:\SafeRecycle
2011-12-31 01:15 . 2011-12-31 01:15 -------- d-----w- c:\documents and settings\Mom\Application Data\KSafe
2011-12-31 01:14 . 2011-12-31 03:03 -------- d-sh--w- c:\documents and settings\All Users\Application Data\KRSHistory
2011-12-31 01:13 . 2011-12-31 03:08 -------- d-----w- c:\documents and settings\All Users\Application Data\kingsoft
2011-12-31 01:12 . 2011-12-31 01:12 -------- d-----w- c:\program files\Kingsoft
2011-12-28 01:30 . 2011-12-28 02:35 -------- d-----w- c:\program files\Cisco Systems
2011-12-27 16:22 . 2011-12-27 16:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Cisco Systems
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-31 01:43 . 2010-09-24 00:31 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-10 20:24 . 2009-10-14 00:47 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-23 13:25 . 2004-05-01 17:39 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20 . 2004-08-24 00:32 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2004-07-13 13:25 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2004-07-13 13:24 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2004-05-01 18:06 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2004-07-13 13:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:33 . 2004-05-01 17:39 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2002-08-29 08:04 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2004-07-13 13:24 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-11 23:01 . 2011-04-14 00:01 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-10-11 23:01 . 2011-04-14 00:01 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-10-10 14:22 . 2004-06-07 19:19 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-25 05:58 . 2011-04-25 05:58 124864 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2011-04-25 06:48 . 2011-04-25 06:48 13760 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2011-04-25 06:00 . 2011-04-25 06:00 71104 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2011-04-25 05:59 . 2011-04-25 05:59 92096 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2011-04-25 05:58 . 2011-04-25 05:58 22976 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2011-04-25 05:57 . 2011-04-25 05:57 255936 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2011-04-25 05:58 . 2011-04-25 05:58 32192 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2011-04-25 05:58 . 2011-04-25 05:58 40896 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2011-04-25 05:51 . 2011-04-25 05:51 898480 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2011-04-25 06:00 . 2011-04-25 06:00 24512 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
Code: 
<pre>
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\eMachines Bay  Reader\shwiconem .exe
</pre>
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2011-04-25 305088]
"KSafeTray"="c:\program files\Kingsoft\PCDoctor\KSafeTray.exe" [2011-12-20 1799584]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
backup=c:\windows\pss\BigFix.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 17:29 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-30 15:45 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
c:\program files\Common Files\Symantec Shared\ccApp.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-06-04 09:43 136176 ----atw- c:\documents and settings\Mom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-06-21 21:44 126976 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-06-21 21:48 155648 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IObit Security 360]
c:\program files\IObit\IObit Security 360\IS360tray.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 19:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 14:17 5252408 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 --sha-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV CfgWiz]
c:\program files\Common Files\Symantec Shared\CfgWiz.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth]
2009-07-07 19:48 647216 ----a-w- c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2011-04-16 17:03 490112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 15:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
c:\progra~1\SYMNET~1\SNDMon.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THGuard]
c:\program files\TrojanHunter 5.2\THGuard.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-04-16 17:03 273544 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL ACS"=2 (0x2)
"SymWSC"=2 (0x2)
"SNDSrvc"=3 (0x3)
"SBService"=2 (0x2)
"SAVScan"=2 (0x2)
"navapsvc"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"WinDefend"=2 (0x2)
"ioloSystemService"=2 (0x2)
"ioloFileInfoList"=2 (0x2)
"Bonjour Service"=2 (0x2)
"GoToAssist"=3 (0x3)
"Viewpoint Manager Service"=2 (0x2)
"nmservice"=2 (0x2)
"MDM"=2 (0x2)
"JavaQuickStarterService"=3 (0x3)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"ose"=3 (0x3)
"TrkWks"=2 (0x2)
"SwPrv"=3 (0x3)
"stisvc"=2 (0x2)
"FontCache3.0.0.0"=3 (0x3)
"CryptSvc"=3 (0x3)
"Lavasoft Ad-Aware Service"=2 (0x2)
"MotoConnect Service"=2 (0x2)
"avgwd"=2 (0x2)
"AVGIDSAgent"=2 (0x2)
"IS360service"=2 (0x2)
"YahooAUService"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"WZCSVC"=2 (0x2)
"VSS"=3 (0x3)
"UPS"=3 (0x3)
"Themes"=2 (0x2)
"TapiSrv"=3 (0x3)
"seclogon"=2 (0x2)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"ImapiService"=3 (0x3)
"aspnet_state"=3 (0x3)
"Pml Driver HPZ12"=2 (0x2)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Aim6"=
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"ShutterflyStudio"=c:\program files\Shutterfly\Studio\BIN\SFlyStudio.exe /trayonly
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe"
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" -hide
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
.
R0 BC;BC;c:\windows\system32\drivers\BC.sys [1/1/2012 8:34 PM 24984]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [4/24/2011 12:31 AM 64512]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [1/1/2012 9:55 PM 14776]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0501000.01D\symds.sys [10/11/2011 6:01 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0501000.01D\symefa.sys [10/11/2011 6:01 PM 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111221.003\BHDrvx86.sys [12/21/2011 8:23 PM 819320]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [7/14/2010 11:51 AM 65584]
R1 kmodurl;kmodurl;c:\program files\Kingsoft\PCDoctor\kmodurl.sys [11/22/2011 8:14 AM 111008]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0501000.01D\ironx86.sys [10/11/2011 6:01 PM 136312]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe [10/11/2011 6:01 PM 130008]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/11/2011 2:23 AM 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20111228.001\IDSXpx86.sys [12/28/2011 7:43 PM 356280]
S0 KSafeBootCheck;KSafeBootCheck;c:\windows\system32\Drivers\ksafebc.sys --> c:\windows\system32\Drivers\ksafebc.sys [?]
S2 KSafeSvc;KSafe service;c:\program files\Kingsoft\PCDoctor\KSafeSvc.exe [12/6/2011 8:31 AM 452000]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [10/25/2010 9:08 PM 6016]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [10/25/2010 9:08 PM 19968]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [10/25/2010 9:08 PM 8320]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [10/25/2010 9:08 PM 23424]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [10/25/2010 9:08 PM 9472]
S3 XIRLINK;Veo Mobile/Advanced Web Camera;c:\windows\system32\drivers\ucdnt.sys [1/26/2004 8:42 PM 728083]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe /medsvc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S4 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [6/24/2010 2:34 PM 91456]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [3/26/2008 6:54 PM 24652]
S4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
srv8D4
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-02 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-02-10 21:09]
.
2012-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4201832096-528728716-663957993-1006Core.job
- c:\documents and settings\Mom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-28 09:43]
.
2012-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4201832096-528728716-663957993-1006UA.job
- c:\documents and settings\Mom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-28 09:43]
.
2012-01-02 c:\windows\Tasks\SmartDefrag_Startup.job
- c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2012-01-02 15:35]
.
2012-01-02 c:\windows\Tasks\User_Feed_Synchronization-{661975AF-C571-478A-AE3A-8413A6BCE2D2}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
TCP: DhcpNameServer = 68.87.73.246 68.87.71.230 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-srv8D4
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-02 12:57
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
.
Completion time: 2012-01-02 13:00:51
ComboFix-quarantined-files.txt 2012-01-02 18:00
.
Pre-Run: 6,538,952,704 bytes free
Post-Run: 7,790,501,888 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 3BCA3CE3D5E609EFB7D72814A219E834
 
Unless you installed Viewpoint Manager knowledgeably...
Go Start>Control Panel>Add\Remove (Programs and Features in Vista), and...
Uninstall any of the following programs associated with Viewpoint:
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
This program does not do anything bad such as deliver ads or spy on you, but it is considered foistware ("drive-by-install") as it is installed without your consent through programs like AOL, AIM, Compuserve, etc.

============================================================

1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
SecCenter::
{17DDD097-36FF-435F-9E1B-52D74245D6BF}

RenV::
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\eMachines Bay  Reader\shwiconem .exe

Registry::
[-HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]

ClearJavaCache::


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
I uninstalled Viewpoint Media Player. The toolbar and manager were not listed.

I created the CFScript.txt file and dragged it to the ComboFix icon with Norton disabled. I ignored the AVG warning and clicked ok. Then it seemed like ComboFix did not do anything. It did not create a new ComboFix.txt file.

I tried repeating the steps and got an error message (screen shot attached). I clicked abort.
 

Attachments

  • ComboFix Error.doc
    29 KB · Views: 1
Delete your Combofix file, download fresh one and try again.
If still a problem, run the fix from safe mode.
 
Downloaded fresh ComboFix which ran easily. Txt file below. Once again, when I opened IE, it told me that IE was not my default browser.

I also noticed on the C drive a ComboFix folder with one file in it - gsar.3XE 15KB modified 8/30/2000.

ComboFix 12-01-02.02 - Mom 01/02/2012 22:12:04.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1387 [GMT -5:00]
Running from: c:\documents and settings\Mom\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Mom\Desktop\CFScript.txt
AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Safe
.
.
((((((((((((((((((((((((( Files Created from 2011-12-03 to 2012-01-03 )))))))))))))))))))))))))))))))
.
.
2012-01-02 16:28 . 2012-01-03 03:09 -------- d-----w- C:\32788R22FWJFW
2012-01-02 02:55 . 2011-08-19 21:33 25944 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2012-01-02 02:55 . 2010-11-26 23:02 14776 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2012-01-02 01:34 . 2011-10-21 09:01 24984 ----a-w- c:\windows\system32\drivers\BC.sys
2011-12-31 03:30 . 2011-12-31 03:30 -------- d-----w- c:\documents and settings\Mom\Local Settings\Application Data\KSafe
2011-12-31 01:53 . 2011-12-31 01:53 -------- d-----w- c:\documents and settings\Mom\Application Data\kingsoft
2011-12-31 01:43 . 2011-12-31 01:43 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-12-31 01:29 . 2011-12-31 01:31 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-31 01:19 . 2008-09-30 06:19 77824 -c----w- c:\windows\system32\dllcache\ifsutil.dll
2011-12-31 01:19 . 2008-09-30 06:19 57344 -c----w- c:\windows\system32\dllcache\uexfat.dll
2011-12-31 01:19 . 2008-09-30 06:19 57344 ----a-w- c:\windows\system32\uexfat.dll
2011-12-31 01:19 . 2008-09-30 06:19 18944 -c----w- c:\windows\system32\dllcache\fmifs.dll
2011-12-31 01:19 . 2008-09-29 10:21 133632 -c----w- c:\windows\system32\dllcache\exfat.sys
2011-12-31 01:19 . 2008-09-29 10:21 133632 ------w- c:\windows\system32\drivers\exfat.sys
2011-12-31 01:19 . 2008-09-29 10:20 9216 -c----w- c:\windows\system32\dllcache\fs_rec.sys
2011-12-31 01:19 . 2008-09-30 06:19 278528 -c----w- c:\windows\system32\dllcache\ulib.dll
2011-12-31 01:18 . 2008-08-28 07:46 74752 -c----w- c:\windows\system32\dllcache\msw3prt.dll
2011-12-31 01:18 . 2008-08-28 07:46 104960 -c----w- c:\windows\system32\dllcache\win32spl.dll
2011-12-31 01:17 . 2008-05-02 13:25 465920 -c----w- c:\windows\system32\dllcache\imapi2fs.dll
2011-12-31 01:17 . 2008-05-02 13:25 465920 ------w- c:\windows\system32\imapi2fs.dll
2011-12-31 01:17 . 2008-05-02 13:25 317952 -c----w- c:\windows\system32\dllcache\imapi2.dll
2011-12-31 01:17 . 2008-05-02 13:25 317952 ------w- c:\windows\system32\imapi2.dll
2011-12-31 01:17 . 2008-05-02 10:49 62976 -c----w- c:\windows\system32\dllcache\cdrom.sys
2011-12-31 01:16 . 2008-04-21 18:44 330752 -c----w- c:\windows\system32\dllcache\ipnathlp.dll
2011-12-31 01:15 . 2011-12-31 01:15 -------- d-----w- C:\KRSHistory
2011-12-31 01:15 . 2011-12-31 01:15 -------- d-----w- C:\SafeRecycle
2011-12-31 01:15 . 2011-12-31 01:15 -------- d-----w- c:\documents and settings\Mom\Application Data\KSafe
2011-12-31 01:14 . 2011-12-31 03:03 -------- d-sh--w- c:\documents and settings\All Users\Application Data\KRSHistory
2011-12-31 01:13 . 2011-12-31 03:08 -------- d-----w- c:\documents and settings\All Users\Application Data\kingsoft
2011-12-31 01:12 . 2011-12-31 01:12 -------- d-----w- c:\program files\Kingsoft
2011-12-28 01:30 . 2011-12-28 02:35 -------- d-----w- c:\program files\Cisco Systems
2011-12-27 16:22 . 2011-12-27 16:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Cisco Systems
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-31 01:43 . 2010-09-24 00:31 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-10 20:24 . 2009-10-14 00:47 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-23 13:25 . 2004-05-01 17:39 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20 . 2004-08-24 00:32 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2004-07-13 13:25 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2004-07-13 13:24 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2004-05-01 18:06 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2004-07-13 13:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:33 . 2004-05-01 17:39 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2002-08-29 08:04 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2004-07-13 13:24 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-11 23:01 . 2011-04-14 00:01 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-10-11 23:01 . 2011-04-14 00:01 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-10-10 14:22 . 2004-06-07 19:19 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-25 05:58 . 2011-04-25 05:58 124864 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2011-04-25 06:48 . 2011-04-25 06:48 13760 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2011-04-25 06:00 . 2011-04-25 06:00 71104 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2011-04-25 05:59 . 2011-04-25 05:59 92096 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2011-04-25 05:58 . 2011-04-25 05:58 22976 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2011-04-25 05:57 . 2011-04-25 05:57 255936 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2011-04-25 05:58 . 2011-04-25 05:58 32192 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2011-04-25 05:58 . 2011-04-25 05:58 40896 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2011-04-25 05:51 . 2011-04-25 05:51 898480 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2011-04-25 06:00 . 2011-04-25 06:00 24512 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-02_17.57.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-03 02:15 . 2012-01-03 02:15 16384 c:\windows\Temp\Perflib_Perfdata_1a8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2011-04-25 305088]
"KSafeTray"="c:\program files\Kingsoft\PCDoctor\KSafeTray.exe" [2011-12-20 1799584]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 17:29 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-30 15:45 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-06-04 09:43 136176 ----atw- c:\documents and settings\Mom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-06-21 21:44 126976 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-06-21 21:48 155648 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 19:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 14:17 5252408 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 --sha-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth]
2009-07-07 19:48 647216 ----a-w- c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2011-04-16 17:03 490112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 15:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-04-16 17:03 273544 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL ACS"=2 (0x2)
"SymWSC"=2 (0x2)
"SNDSrvc"=3 (0x3)
"SBService"=2 (0x2)
"SAVScan"=2 (0x2)
"navapsvc"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"WinDefend"=2 (0x2)
"ioloSystemService"=2 (0x2)
"ioloFileInfoList"=2 (0x2)
"Bonjour Service"=2 (0x2)
"GoToAssist"=3 (0x3)
"Viewpoint Manager Service"=2 (0x2)
"nmservice"=2 (0x2)
"MDM"=2 (0x2)
"JavaQuickStarterService"=3 (0x3)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"ose"=3 (0x3)
"TrkWks"=2 (0x2)
"SwPrv"=3 (0x3)
"stisvc"=2 (0x2)
"FontCache3.0.0.0"=3 (0x3)
"CryptSvc"=3 (0x3)
"Lavasoft Ad-Aware Service"=2 (0x2)
"MotoConnect Service"=2 (0x2)
"avgwd"=2 (0x2)
"AVGIDSAgent"=2 (0x2)
"IS360service"=2 (0x2)
"YahooAUService"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"WZCSVC"=2 (0x2)
"VSS"=3 (0x3)
"UPS"=3 (0x3)
"Themes"=2 (0x2)
"TapiSrv"=3 (0x3)
"seclogon"=2 (0x2)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"ImapiService"=3 (0x3)
"aspnet_state"=3 (0x3)
"Pml Driver HPZ12"=2 (0x2)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Aim6"=
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"ShutterflyStudio"=c:\program files\Shutterfly\Studio\BIN\SFlyStudio.exe /trayonly
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe"
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" -hide
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
.
R0 BC;BC;c:\windows\system32\drivers\BC.sys [1/1/2012 8:34 PM 24984]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [4/24/2011 12:31 AM 64512]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [1/1/2012 9:55 PM 14776]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0501000.01D\symds.sys [10/11/2011 6:01 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0501000.01D\symefa.sys [10/11/2011 6:01 PM 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111221.003\BHDrvx86.sys [12/21/2011 8:23 PM 819320]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [7/14/2010 11:51 AM 65584]
R1 kmodurl;kmodurl;c:\program files\Kingsoft\PCDoctor\kmodurl.sys [11/22/2011 8:14 AM 111008]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0501000.01D\ironx86.sys [10/11/2011 6:01 PM 136312]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe [10/11/2011 6:01 PM 130008]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/11/2011 2:23 AM 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20111228.001\IDSXpx86.sys [12/28/2011 7:43 PM 356280]
S0 KSafeBootCheck;KSafeBootCheck;c:\windows\system32\Drivers\ksafebc.sys --> c:\windows\system32\Drivers\ksafebc.sys [?]
S2 KSafeSvc;KSafe service;c:\program files\Kingsoft\PCDoctor\KSafeSvc.exe [12/6/2011 8:31 AM 452000]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [10/25/2010 9:08 PM 6016]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [10/25/2010 9:08 PM 19968]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [10/25/2010 9:08 PM 8320]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [10/25/2010 9:08 PM 23424]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [10/25/2010 9:08 PM 9472]
S3 XIRLINK;Veo Mobile/Advanced Web Camera;c:\windows\system32\drivers\ucdnt.sys [1/26/2004 8:42 PM 728083]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe /medsvc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S4 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [6/24/2010 2:34 PM 91456]
S4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
srv8D4
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-03 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-02-10 21:09]
.
2012-01-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4201832096-528728716-663957993-1006Core.job
- c:\documents and settings\Mom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-28 09:43]
.
2012-01-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4201832096-528728716-663957993-1006UA.job
- c:\documents and settings\Mom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-28 09:43]
.
2012-01-03 c:\windows\Tasks\SmartDefrag_Startup.job
- c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2012-01-02 15:35]
.
2012-01-02 c:\windows\Tasks\User_Feed_Synchronization-{661975AF-C571-478A-AE3A-8413A6BCE2D2}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
TCP: DhcpNameServer = 68.87.73.246 68.87.71.230 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Ad-Watch - c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-IObit Security 360 - c:\program files\IObit\IObit Security 360\IS360tray.exe
MSConfigStartUp-NAV CfgWiz - c:\program files\Common Files\Symantec Shared\CfgWiz.exe
MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSConfigStartUp-Symantec NetDriver Monitor - c:\progra~1\SYMNET~1\SNDMon.exe
MSConfigStartUp-THGuard - c:\program files\TrojanHunter 5.2\THGuard.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-02 22:20
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(4088)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2012-01-02 22:24:13
ComboFix-quarantined-files.txt 2012-01-03 03:24
.
Pre-Run: 7,713,333,248 bytes free
Post-Run: 7,850,778,624 bytes free
.
- - End Of File - - 0D0E287DC38BDA58804D57AF3BEC9493
 
it told me that IE was not my default browser
Click to expand...
Set it as default if this is what you use.

Combofix log looks good.

Any current issues?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
The computer seems as fast as new but the Internet is still very slow when I go to a site the first time. For example It takes almost 20 seconds just to go to Google.com. But if I navigate away from Google and then to back to Google, then Google loads back up in a few seconds. Also, at Speedtest.net, the first time it runs it shows a download speed of about 11mbps. But if I immediately click "Test Again" it bumps up to about 24mbps. If I wait a few minutes and click "Test Again" it goes back to 11mbps.

OLT did not create an Extras.txt file. I searched the entire hard drive for it. Here is the OLT.txt.

OTL logfile created on: 1/3/2012 6:42:06 AM - Run 5
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Mom\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.37 Gb Available Physical Memory | 68.59% Memory free
3.33 Gb Paging File | 3.00 Gb Available in Paging File | 89.93% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 7.27 Gb Free Space | 9.76% Space Free | Partition Type: NTFS
Drive E: | 64.30 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive Z: | 74.53 Gb Total Space | 7.27 Gb Free Space | 9.76% Space Free | Partition Type: NTFS

Computer Name: EMACHINE | User Name: Mom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Mom\desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)
PRC - C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
PRC - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe (Symantec Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - (gupdatem) Google Update Service (gupdatem) -- File not found
SRV - (gupdate) Google Update Service (gupdate) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (KSafeSvc) -- C:\Program files\Kingsoft\PCDoctor\KSafeSvc.exe (Kingsoft Corporation)
SRV - (N360) -- C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe (Symantec Corporation)
SRV - (nmservice) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.)
SRV - (MotoConnect Service) -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe ()
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\516\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (catchme) -- File not found
DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120102.036\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120102.036\NAVENG.SYS (Symantec Corporation)
DRV - (kmodurl) -- C:\Program Files\Kingsoft\PCDoctor\kmodurl.sys (Kingsoft Corporation)
DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111221.003\BHDrvx86.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (BC) -- C:\WINDOWS\system32\Drivers\BC.sys (Kingsoft Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20111228.001\IDSXpx86.sys (Symantec Corporation)
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (SymIMMP) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation)
DRV - (SymIM) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\System32\Drivers\N360\0501000.01D\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSPX.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\N360\0501000.01D\SYMTDI.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMEFA.SYS (Symantec Corporation)
DRV - (SymDS) -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMDS.SYS (Symantec Corporation)
DRV - (SmartDefragDriver) -- C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys ()
DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\N360\0501000.01D\Ironx86.SYS (Symantec Corporation)
DRV - (ctxusbm) -- C:\WINDOWS\system32\drivers\ctxusbm.sys (Citrix Systems, Inc.)
DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)
DRV - (motccgp) -- C:\WINDOWS\system32\drivers\motccgp.sys (Motorola)
DRV - (Motousbnet) -- C:\WINDOWS\system32\drivers\Motousbnet.sys (Motorola)
DRV - (motusbdevice) -- C:\WINDOWS\system32\drivers\motusbdevice.sys (Motorola Inc)
DRV - (purendis) -- C:\WINDOWS\system32\drivers\purendis.sys (Cisco Systems, Inc.)
DRV - (pnarp) -- C:\WINDOWS\system32\drivers\pnarp.sys (Cisco Systems, Inc.)
DRV - (motccgpfl) -- C:\WINDOWS\system32\drivers\motccgpfl.sys (Motorola)
DRV - (BTCFilterService) -- C:\WINDOWS\system32\drivers\motfilt.sys (Motorola Inc)
DRV - (MotoSwitchService) -- C:\WINDOWS\system32\drivers\motswch.sys (Motorola)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (SunkFilt) -- C:\WINDOWS\system32\drivers\Sunkfilt.sys (Alcor Micro Corp.)
DRV - (XIRLINK) -- C:\WINDOWS\system32\drivers\ucdnt.sys (Xirlink, Inc)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura Ltd)
DRV - (cdrbsvsd) -- C:\WINDOWS\System32\drivers\cdrbsvsd.sys (B.H.A Corporation)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI)
DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI)
DRV - (sonypvs1) -- C:\WINDOWS\system32\drivers\sonypvs1.sys (Sony Corporation)
DRV - (IdeChnDr) Intel(R) -- C:\WINDOWS\system32\DRIVERS\IdeChnDr.sys (Intel Corporation)
DRV - (IdeBusDr) -- C:\WINDOWS\system32\DRIVERS\IdeBusDr.sys (Intel Corporation)
DRV - (netrcacm) -- C:\WINDOWS\system32\drivers\netrcacm.sys (Thomson Multimedia)
DRV - (mxnic) -- C:\WINDOWS\system32\drivers\mxnic.sys (Macronix International Co., Ltd. )


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4201832096-528728716-663957993-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-4201832096-528728716-663957993-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-4201832096-528728716-663957993-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKU\S-1-5-21-4201832096-528728716-663957993-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4201832096-528728716-663957993-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-4201832096-528728716-663957993-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Mom\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Mom\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2011/11/23 08:58:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_4_3 [2012/01/02 21:14:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\

[2009/10/16 07:20:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Extensions
[2011/04/14 21:16:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\4wngfs3y.Default User\extensions
[2009/10/16 07:22:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\4wngfs3y.Default User\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/14 21:16:22 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\4wngfs3y.Default User\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/12/30 20:43:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/23 19:31:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/12/30 20:43:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\MOM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4WNGFS3Y.DEFAULT USER\EXTENSIONS\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}
File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG8\FIREFOX
[2011/12/30 20:43:19 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2011/04/25 00:58:10 | 000,124,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2011/04/25 01:00:08 | 000,071,104 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2011/04/25 00:59:06 | 000,092,096 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2011/04/25 00:58:38 | 000,022,976 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2011/12/30 20:43:18 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/04/25 01:49:00 | 000,485,288 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2010/12/09 05:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011/04/25 01:00:04 | 000,024,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Mom\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin8.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Mom\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Documents and Settings\Mom\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\gears.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Mom\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Documents and Settings\Mom\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Poppit = C:\Documents and Settings\Mom\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2012/01/02 12:56:56 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ips\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [KSafeTray] C:\Program files\Kingsoft\PCDoctor\KSafeTray.exe (Kingsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4201832096-528728716-663957993-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4201832096-528728716-663957993-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-4201832096-528728716-663957993-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-4201832096-528728716-663957993-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-4201832096-528728716-663957993-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-40e1-a617-af65a72a0465/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.73.246 68.87.71.230 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5100D9CC-E15A-48F5-8C4D-7CF8BE488289}: DhcpNameServer = 68.87.73.246 68.87.71.230 192.168.1.1
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Mom\Application Data\Shutterfly\Studio\ShutterflyDesktop.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mom\Application Data\Shutterfly\Studio\ShutterflyDesktop.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/05/01 12:54:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/03/18 00:42:28 | 000,000,154 | RH-- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: srv8D4 - File not found
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
 
The TechSpot Board told me my post was over 5000 characters so I had to split the OLT.txt file in two. Here is the rest of it.


Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\ucdvfw.dll (Xirlink, Inc)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XJPG - C:\WINDOWS\System32\CamFC.dll (Xirlink)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/03 06:34:03 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mom\Desktop\OTL.exe
[2012/01/02 22:09:30 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/01/02 22:06:45 | 004,361,321 | R--- | C] (Swearware) -- C:\Documents and Settings\Mom\Desktop\ComboFix.exe
[2012/01/02 12:41:25 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/01/02 12:38:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/01/02 12:38:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/01/02 12:38:24 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/01/02 12:38:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/01/02 11:29:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/02 11:28:48 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2012/01/02 09:31:40 | 004,702,720 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Mom\Desktop\aswMBR.exe
[2012/01/01 21:55:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Smart Defrag 2
[2012/01/01 20:34:41 | 000,024,984 | ---- | C] (Kingsoft Corporation) -- C:\WINDOWS\System32\drivers\BC.sys
[2012/01/01 02:25:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mom\Start Menu\Programs\Administrative Tools
[2011/12/30 22:30:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Local Settings\Application Data\KSafe
[2011/12/30 20:53:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Application Data\kingsoft
[2011/12/30 20:15:50 | 000,000,000 | ---D | C] -- C:\KRSHistory
[2011/12/30 20:15:17 | 000,000,000 | ---D | C] -- C:\SafeRecycle
[2011/12/30 20:15:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Application Data\KSafe
[2011/12/30 20:14:45 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\KRSHistory
[2011/12/30 20:13:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Kingsoft PC Doctor
[2011/12/30 20:13:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\kingsoft
[2011/12/30 20:12:46 | 000,000,000 | ---D | C] -- C:\Program Files\Kingsoft
[2011/12/29 15:04:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/12/27 20:30:13 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco Systems
[2011/12/27 11:22:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems

========== Files - Modified Within 30 Days ==========

[2012/01/03 06:34:09 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mom\Desktop\OTL.exe
[2012/01/03 06:08:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4201832096-528728716-663957993-1006UA.job
[2012/01/03 02:27:53 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{661975AF-C571-478A-AE3A-8413A6BCE2D2}.job
[2012/01/02 22:06:52 | 004,361,321 | R--- | M] (Swearware) -- C:\Documents and Settings\Mom\Desktop\ComboFix.exe
[2012/01/02 21:48:03 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_Startup.job
[2012/01/02 21:36:29 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2012/01/02 21:14:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/02 21:14:02 | 2137,903,104 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/02 20:08:00 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4201832096-528728716-663957993-1006Core.job
[2012/01/02 12:56:56 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/01/02 12:41:31 | 000,000,324 | RHS- | M] () -- C:\boot.ini
[2012/01/02 11:42:28 | 000,000,144 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\Internet Speed Painfully Slow. Other computers in house are much faster - TechSpot OpenBoards.url
[2012/01/02 10:52:59 | 000,000,214 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs.url
[2012/01/02 10:46:06 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\MBR.dat
[2012/01/02 09:32:49 | 004,702,720 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Mom\Desktop\aswMBR.exe
[2012/01/01 02:23:06 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Mom\Desktop\dds.scr
[2012/01/01 02:09:34 | 000,000,131 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\UPDATED 5-step Viruses-Spyware-Malware Preliminary Removal Instructions - TechSpot OpenBoards.url
[2011/12/31 13:06:35 | 000,000,207 | ---- | M] () -- C:\Boot.bak
[2011/12/31 11:59:45 | 000,000,594 | ---- | M] () -- C:\WINDOWS\System32\KSafeFileBootClean.config
[2011/12/30 20:19:46 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/12/30 20:13:26 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Kingsoft PC Doctor.lnk
[2011/12/29 15:04:15 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/12/15 03:33:52 | 000,302,824 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/15 03:13:20 | 000,002,246 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/01/02 12:41:31 | 000,000,207 | ---- | C] () -- C:\Boot.bak
[2012/01/02 12:41:28 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/01/02 12:38:24 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/01/02 12:38:24 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/01/02 12:38:24 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/01/02 12:38:24 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/01/02 12:38:24 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/01/02 11:42:28 | 000,000,144 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\Internet Speed Painfully Slow. Other computers in house are much faster - TechSpot OpenBoards.url
[2012/01/02 10:46:06 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\MBR.dat
[2012/01/01 21:56:11 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\SmartDefrag_Startup.job
[2012/01/01 21:55:38 | 000,025,944 | ---- | C] () -- C:\WINDOWS\System32\SmartDefragBootTime.exe
[2012/01/01 21:55:37 | 000,014,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2012/01/01 02:09:34 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\UPDATED 5-step Viruses-Spyware-Malware Preliminary Removal Instructions - TechSpot OpenBoards.url
[2011/12/31 11:59:45 | 000,000,594 | ---- | C] () -- C:\WINDOWS\System32\KSafeFileBootClean.config
[2011/12/30 20:13:26 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Kingsoft PC Doctor.lnk
[2011/12/29 15:04:15 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/12/27 20:30:38 | 000,001,810 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Cisco Connect.lnk
[2011/05/12 14:01:48 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/04/30 08:57:58 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/04/30 08:57:58 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/04/10 09:32:04 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QOL0iswi.dat
[2010/02/22 18:48:11 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\housecall.guid.cache
[2010/01/23 10:12:03 | 000,000,075 | ---- | C] () -- C:\WINDOWS\Ppviewer.INI
[2010/01/15 08:09:36 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2009/10/11 08:49:05 | 000,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2009/03/08 18:45:23 | 000,000,178 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2009/01/05 15:44:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/11/30 17:04:08 | 000,000,164 | ---- | C] () -- C:\WINDOWS\RECMGRUN.INI
[2008/11/30 17:03:39 | 000,003,455 | ---- | C] () -- C:\WINDOWS\RECVCALL.INI
[2008/09/27 09:05:08 | 000,000,067 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2008/07/17 11:32:06 | 004,567,040 | ---- | C] () -- C:\WINDOWS\System32\pdf2word.exe
[2007/11/12 07:34:55 | 000,000,032 | ---- | C] () -- C:\WINDOWS\concentr.ini
[2007/06/24 09:41:45 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2007/01/12 22:19:22 | 000,000,406 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI
[2007/01/06 21:13:43 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2006/11/28 10:30:12 | 002,309,120 | ---- | C] () -- C:\WINDOWS\System32\rotatepdf.exe
[2006/01/21 11:11:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\JDSecure31.INI
[2006/01/14 20:25:13 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2006/01/09 22:10:59 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2006/01/08 00:26:44 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/01/02 01:04:49 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\wmfhotfix.dll
[2005/10/17 19:26:19 | 000,099,965 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/10/08 20:56:35 | 000,205,312 | R--- | C] () -- C:\WINDOWS\patchw32.A025.dll
[2005/10/08 20:55:28 | 000,205,312 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2005/10/08 20:46:59 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\fusioncache.dat
[2005/09/13 20:10:34 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2005/08/12 15:23:10 | 000,022,259 | ---- | C] () -- C:\Documents and Settings\Mom\Application Data\Microsoft Excel.ADR
[2005/08/10 11:35:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2005/05/25 19:28:17 | 000,000,134 | ---- | C] () -- C:\WINDOWS\webica.ini
[2005/03/06 17:09:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/02/21 22:16:21 | 000,002,166 | ---- | C] () -- C:\Documents and Settings\Mom\Application Data\evpro32.prf
[2005/02/21 10:36:28 | 000,001,018 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2005/02/21 10:36:22 | 000,269,312 | ---- | C] () -- C:\WINDOWS\System32\FPXIG.DLL
[2005/02/21 10:36:22 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\IGFPX32P.DLL
[2005/02/21 10:36:22 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\JPEGACC.DLL
[2005/02/21 10:36:13 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\WELSOF32.DLL
[2005/01/23 13:01:18 | 000,000,560 | ---- | C] () -- C:\Documents and Settings\Mom\Application Data\ViewerApp.dat
[2005/01/23 11:37:38 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2005/01/15 22:23:20 | 000,118,784 | ---- | C] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/01/04 17:11:16 | 000,000,122 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2005/01/04 16:52:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2005/01/04 16:32:04 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/01/03 20:24:21 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/01/03 18:15:49 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/07/13 08:26:07 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/07/13 08:26:07 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/07/13 08:26:04 | 000,004,486 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/07/13 08:25:59 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/07/13 08:25:53 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/07/13 08:25:31 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/07/13 08:25:30 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/07/13 08:24:22 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/07/13 08:23:47 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/05/04 08:48:14 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2004/05/04 08:48:03 | 000,001,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2004/05/04 07:40:00 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2004/05/04 07:15:31 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSDRV.DAT
[2004/05/04 05:13:35 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/05/02 02:40:08 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/05/02 02:40:08 | 000,000,490 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/05/02 02:39:38 | 000,436,504 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/05/02 02:39:38 | 000,068,892 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/05/01 19:45:39 | 000,302,824 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/05/01 13:50:46 | 000,000,132 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004/05/01 13:50:09 | 000,000,310 | ---- | C] () -- C:\WINDOWS\net2fone.ini
[2004/05/01 13:50:05 | 000,013,287 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2004/05/01 13:45:34 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/05/01 13:09:46 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/05/01 12:57:14 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/05/01 12:51:51 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/05/01 05:46:30 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1999/01/22 13:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/11 20:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

========== LOP Check ==========

[2012/01/01 19:47:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/12/27 11:22:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2011/09/29 13:53:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2010/10/17 10:33:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/04/16 18:10:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2008/11/30 22:55:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2011/12/30 22:08:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kingsoft
[2011/12/30 22:03:38 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\KRSHistory
[2012/01/01 19:47:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2006/05/07 21:54:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2005/01/04 17:16:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2012/01/02 19:44:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/04/16 12:57:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2008/11/30 22:57:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\iolo
[2007/10/28 17:59:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\AppHelper Support
[2005/09/28 16:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Atari
[2008/11/30 00:13:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Auslogics
[2010/10/17 16:49:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\AVG10
[2005/05/06 23:14:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Camfrog
[2007/02/25 12:03:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\COWON
[2008/07/08 21:48:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\GARMIN
[2008/10/26 11:14:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\GlarySoft
[2007/11/12 07:32:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\ICAClient
[2007/01/14 19:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\IMVU
[2010/10/21 21:24:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\IObit
[2008/11/30 22:55:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\iolo
[2005/10/08 20:47:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\IsolatedStorage
[2011/12/30 20:53:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\kingsoft
[2011/12/30 20:15:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\KSafe
[2005/09/28 16:51:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Leadertech
[2007/11/11 14:40:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Pmcc
[2005/04/25 22:46:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Seven Zip
[2007/11/17 23:03:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Shutterfly
[2006/12/02 22:07:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Snapfish
[2011/04/14 18:59:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Tific
[2009/10/11 11:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\TrojanHunter
[2008/09/27 08:48:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\UltiConverters
[2008/10/26 09:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Uniblue
[2012/01/02 19:44:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Viewpoint
[2009/01/31 08:50:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\XnView
[2012/01/02 21:36:29 | 000,000,308 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job
[2012/01/02 21:48:03 | 000,000,276 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag_Startup.job
[2012/01/03 02:27:53 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{661975AF-C571-478A-AE3A-8413A6BCE2D2}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2011/04/25 15:43:22 | 000,014,307 | ---- | M] () -- C:\aaw7boot.log
[2011/04/12 13:08:37 | 000,000,968 | ---- | M] () -- C:\Antivirus AntiSpyware 2011.lnk
[2004/05/01 12:54:27 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/12/31 13:06:35 | 000,000,207 | ---- | M] () -- C:\Boot.bak
[2012/01/02 12:41:31 | 000,000,324 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2005/05/25 19:28:17 | 000,000,000 | ---- | M] () -- C:\COMLOG.txt
[2006/05/15 14:49:10 | 000,000,118 | ---- | M] () -- C:\COMLOG.zip
[2004/05/01 12:54:27 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2012/01/02 21:14:02 | 2137,903,104 | -HS- | M] () -- C:\hiberfil.sys
[2006/05/22 14:49:04 | 000,000,042 | ---- | M] () -- C:\index.htm
[2005/01/05 20:23:20 | 000,000,067 | ---- | M] () -- C:\inferno.log
[2004/05/01 12:54:27 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/12/06 08:11:09 | 000,002,023 | -H-- | M] () -- C:\IPH.PH
[2004/05/01 12:54:27 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/01/20 06:47:19 | 000,001,097 | ---- | M] () -- C:\net_save.dna
[2005/01/03 18:43:19 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/08/28 21:31:13 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/01/02 21:14:00 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2005/05/24 20:17:04 | 000,000,000 | ---- | M] () -- C:\palsound.txt
[2006/04/17 20:48:13 | 000,000,082 | ---- | M] () -- C:\Phone.txt
[2005/02/10 04:07:04 | 000,026,042 | ---- | M] () -- C:\redirect.ra
[2011/04/25 20:44:04 | 000,000,359 | ---- | M] () -- C:\rkill.log
[2011/05/01 21:01:41 | 000,061,634 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_01.05.2011_21.57.52_log.txt
[2011/05/15 16:35:05 | 000,061,956 | ---- | M] () -- C:\TDSSKiller.txt
[2006/03/22 22:20:20 | 000,000,851 | ---- | M] () -- C:\VundoFix.txt
[2007/07/13 20:57:23 | 000,000,146 | ---- | M] () -- C:\YServer.txt

< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2003/03/31 07:00:00 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/04/10 14:02:32 | 000,074,240 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp054.dll
[2007/04/09 12:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2008/05/06 19:47:40 | 000,069,632 | ---- | M] () -- C:\WINDOWS\Shutterfly Studio Screen Saver.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >
[2004/05/18 16:26:04 | 000,000,208 | ---- | M] () -- C:\Documents and Settings\All Users\Favorites\Yahoo! Mail.url
[2004/05/18 16:13:06 | 000,000,207 | ---- | M] () -- C:\Documents and Settings\All Users\Favorites\Yahoo!.url

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004/05/01 05:44:56 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004/05/01 05:44:56 | 000,602,112 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004/05/01 05:44:56 | 000,372,736 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/08/28 21:40:34 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >
[2005/10/28 22:19:06 | 000,023,552 | -HS- | M] () -- C:\WINDOWS\system32\Thumbs.db

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2005/01/03 19:00:04 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\Mom\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2005/01/03 16:18:32 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2012/01/02 09:32:49 | 004,702,720 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Mom\Desktop\aswMBR.exe
[2012/01/02 22:06:52 | 004,361,321 | R--- | M] (Swearware) -- C:\Documents and Settings\Mom\Desktop\ComboFix.exe
[2012/01/03 06:34:09 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mom\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2005/01/03 19:00:05 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Mom\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2012/01/03 06:40:11 | 000,229,376 | -HS- | M] () -- C:\Documents and Settings\Mom\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2004/09/22 18:46:10 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 19:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2003/03/31 07:00:00 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2002/08/20 21:32:18 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2002/08/20 21:32:22 | 000,000,807 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
[2008/05/02 09:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 12:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 19:12:28 | 001,695,232 | -HS- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2002/08/21 00:08:38 | 000,069,663 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgsin.exe
[2003/03/31 07:00:00 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2003/03/31 07:00:00 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2003/03/31 07:00:00 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2002/08/20 21:32:20 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/07/17 13:41:04 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< >

< End of report >
 
but the Internet is still very slow when I go to a site the first time
Click to expand...
Which browser?
Did you try different browser?

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
SRV - (gupdatem) Google Update Service (gupdatem) -- File not found
SRV - (gupdate) Google Update Service (gupdate) -- File not found
IE - HKU\S-1-5-21-4201832096-528728716-663957993-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
[2012/01/01 19:47:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2008/11/30 22:55:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2008/11/30 22:57:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\iolo
[2010/10/17 16:49:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\AVG10
[2008/10/26 09:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Uniblue
[2012/01/02 19:44:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Viewpoint

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

=============================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

=============================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Which browser?
Did you try different browser?
Click to expand...

I tested differnent links and internet speeds on IE and Chrome. Chrome is only slightly faster, but still very slow.

The ESET Scanner ran for a very long time and I had to leave it running when I went to bed. The next morning I saw the message that ESET did not find any threats, therefore there was not a log. However, I did get this scary email from my ISP Comcast:

Dear XFINITY Customer,
Constant Guard from XFINITY identified that one or more of your computers may be infected with a bot. A bot is a malicious form of software that is used to send spam, host a phishing site, or steal your identity by monitoring your keystrokes without your knowledge. It may be possible you are unaware that your computer is infected with a bot.
We strongly recommend you visit XFINITY.com/BotAssistance <http://www.xfinity.com/botassistance/?CMP=EMC-Email1&utm_source=Notification&utm_medium=Email&utm_campaign=Email1> for important information on how to remove malicious software from your computer(s).
We appreciate your prompt attention to this important security notice.
Sincerely,
Constant Guard from XFINITY
This is a service-related email. Comcast will occasionally send you service-related emails to inform you of service upgrades or new benefits to your Comcast High-Speed Internet service.

Copyright 2011. Comcast. All other trademarks are properties of their respective owners.

Comcast respects your privacy. For a complete description of our privacy policy, click here <http://xfinity.comcast.net/privacy/2011-03/> .

Comcast
One Comcast Center, 10th Floor
1701 JFK Boulevard
Philadelphia, PA 19103-2838
<http://msg.comcast.net/e/wb/[PH:EventId:AT].gif>
Click to expand...

Here are the other logs that were produced:

All processes killed
========== OTL ==========
Error: No service named gupdatem) Google Update Service (gupdatem was found to stop!
Service\Driver key gupdatem) Google Update Service (gupdatem not found.
File File not found not found.
Error: No service named gupdate) Google Update Service (gupdate was found to stop!
Service\Driver key gupdate) Google Update Service (gupdate not found.
File File not found not found.
HKU\S-1-5-21-4201832096-528728716-663957993-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll moved successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\Documents and Settings\All Users\Application Data\avg9\update\prepare\temp folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\update\prepare folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\update folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\Log folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\iolo\FileInfoList folder moved successfully.
C:\Documents and Settings\All Users\Application Data\iolo folder moved successfully.
C:\Documents and Settings\LocalService\Application Data\iolo folder moved successfully.
C:\Documents and Settings\Mom\Application Data\AVG10\cfgall folder moved successfully.
C:\Documents and Settings\Mom\Application Data\AVG10 folder moved successfully.
C:\Documents and Settings\Mom\Application Data\Uniblue\Registry Booster2 folder moved successfully.
C:\Documents and Settings\Mom\Application Data\Uniblue folder moved successfully.
C:\Documents and Settings\Mom\Application Data\Viewpoint\Viewpoint\Resources folder moved successfully.
C:\Documents and Settings\Mom\Application Data\Viewpoint\Viewpoint folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes
->Java cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 45867 bytes

User: Mom
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 93026845 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 62080149 bytes
->Flash cache emptied: 27489 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 9175107 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 44897 bytes

User: Owner

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16639 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 125906 bytes

Total Files Cleaned = 157.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: Mom
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: Owner

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 01032012_171222

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_1a8.dat not found!

Registry entries deleted on Reboot...

++++++++++++++++++

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
```````````````````````````````
Anti-malware/Other Utilities Check:
Spybot - Search & Destroy
Windows Defender
Windows Defender Signatures
HijackThis 2.0.2
Java DB 10.5.3.0
Java(TM) 6 Update 30
Java(TM) SE Development Kit 6 Update 21
Java(TM) SE Development Kit 6 Update 24
Out of date Java installed!
Adobe Flash Player ( 10.2.159.1) Flash Player Out of Date!
Adobe Reader X (10.0.1) Adobe Reader Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
``````````End of Log````````````


++++++++++++++++++++++++++++

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------
 
Comcast letter could have been caused by the infection we removed during the course of our topic.
By now you're good to go.
However BS from Comcast happens.
Believe it or not I received same email from Comcast some time ago and I obviously went ballistic.
Talked to some Comcast supervisor asking him to get their crap together.

================================================================

Uninstall:
Java(TM) SE Development Kit 6 Update 21
Java(TM) SE Development Kit 6 Update 24
Java DB 10.5.3.0

Update Adobe Flash Player
Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/...-flash-for-firefox-and-ie-without-any-extras/

Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions (if present).
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

As for your browsers slowness I suggest you start new topic in Windows forum.

Here.....

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.
 
Sorry for the delayed response... this took longer than I thought and I got busy.

I unintalled:
  • Java(TM) SE Development Kit 6 Update 21
  • Java(TM) SE Development Kit 6 Update 24
  • Java DB 10.5.3.0
  • Adobe Reader

I updated Adobe Flash Player

I installed Foxit Reader.

Here are the results of 13 items you listed:

1. OTL Log:

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mom
->Temp folder emptied: 5134293 bytes
->Temporary Internet Files folder emptied: 1900205 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Owner

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16639 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 7.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: Mom
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: Owner

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.31.0 log created on 01062012_215737

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Mom\Local Settings\Temp\~DFCCA7.tmp not found!
File\Folder C:\Documents and Settings\Mom\Local Settings\Temp\~DFCCB7.tmp not found!
File\Folder C:\Documents and Settings\Mom\Local Settings\Temp\~DFCD50.tmp not found!
File\Folder C:\Documents and Settings\Mom\Local Settings\Temp\~DFCD60.tmp not found!
File\Folder C:\Documents and Settings\Mom\Local Settings\Temp\~DFCE3C.tmp not found!
File\Folder C:\Documents and Settings\Mom\Local Settings\Temp\~DFCE4C.tmp not found!
C:\Documents and Settings\Mom\Local Settings\Temporary Internet Files\Content.IE5\W3UR2UR7\net[1].htm moved successfully.
C:\Documents and Settings\Mom\Local Settings\Temporary Internet Files\Content.IE5\W3UR2UR7\topic175505[1].html moved successfully.
C:\Documents and Settings\Mom\Local Settings\Temporary Internet Files\Content.IE5\G7SD9O44\partner[1].htm moved successfully.
C:\Documents and Settings\Mom\Local Settings\Temporary Internet Files\Content.IE5\EHUZHPGZ\918[1].htm moved successfully.
C:\Documents and Settings\Mom\Local Settings\Temporary Internet Files\Content.IE5\64VGEO01\partner[1].htm moved successfully.
C:\Documents and Settings\Mom\Local Settings\Temporary Internet Files\Content.IE5\64VGEO01\partner[2].htm moved successfully.
C:\Documents and Settings\Mom\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_2a8.dat not found!

Registry entries deleted on Reboot...

++++++++++

2. OTL Cleanup - done

3. Windows update is current

4. Trojans???? I don't think you ever told me if I had a Trojan. Please let me know.

5. WOT installed.

6. OK

7. OK

8. Secunia Personal Software Inspector - This took a lot of time. Had a particular issue with MS Office 2000 products. My current version is 2003 which was an upgrade package. It was hard to remove 2000 without messing up 2003.

9. Optional - I did not install FileHippo

10 Ran Defrag

11. understood. Unfortunately these installs are getting more and more sneaky.

12. OK.

13. The computer runs great. I still have the slow internet speed problem. I'm pretty sure it is an issue with my new router. I'm working with Cisco/Linksys tech support.

Let me know if there is anything else I should do. I have a couple of questions that I post next time.

Michael
 
Yes, you had some trojans, so sensitive password change is due as soon as possible.

Other than that...

Way to go!!
p4193510.gif

Good luck and stay safe :)
 
Hopefully these are my last questions.

1. Why does my computer still think I have AVG installed when I uninstalled it and also used your links to uninstall it.

2. Somewhere in our processes I started getting an error message popup with a followup message when I press cancel. See screen shot attached. Do you know why I'm getting these error messages.

Thank you,
 

Attachments

  • jusched.exe Application Error.doc
    39.5 KB · Views: 2
ComboFix kept warning me that AVG was running even though we have uninstalled it. I have also seen it in other programs. For example, Network Magic reports that I am running AVG.
 
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64-bit users go HERE
  • Double-click SystemLook.exe to run it.
  • Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box and paste it into the main textfield:
    Code: 
    :filefind
avg*
:folderfind
avg*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
 
Run as Administrator was not an option. I could only run it as current user (emachind/Mom). Here is the log:

SystemLook 30.07.11 by jpshortstuff
Log created at 22:41 on 12/01/2012 by Mom
Administrator - Elevation successful

========== filefind ==========

Searching for "avg*"
C:\Documents and Settings\Administrator\Desktop\avgrep.txt --a---- 2887 bytes [01:58 12/04/2011] [03:40 12/04/2011] 21A4783DCE47ECDFF18FF0783E709713
C:\Flash Drive Backup 10-27-2006\McCauley\Visual Basic\Ch 3, 4, and 6 grade program\Avg Score 1.frm --a---- 3898 bytes [13:47 28/10/2006] [16:29 16/10/1997] 0D3F48829F191C585E6E9BD1F5F02C52

========== folderfind ==========

Searching for "avg*"
No folders found.

-= EOF =-
 
Not much there.

Possibly some registry leftovers but they're not active so we won't dig there.
 
You must log in or register to reply here.

Similar threads

E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
R
Solved Data Hijacking, Help Please
2
Replies
37
Views
5K
Broni
Broni
Nicki
Solved Must have picked up something... some COVID computer variant???
Replies
9
Views
3K
Broni
Broni

Latest posts

Back