GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

Slow PC

View previous topic View next topic Go down

Slow PC

Post by tack06 on Tue Dec 25, 2012 5:52 pm

Internet running slow
videos skip when playing
computer slow when loading appications

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:50:00 AM, on 12/25/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PrintCtrl.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\MPS\mpsevh.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\BBPrint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\PrintDisp.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\PROGRA~1\McAfee\MSC\mcsvrcnt.exe
c:\PROGRA~1\mcafee\msc\mcupdui.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Trecie\My Documents\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL
R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
O2 - BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~1\SEARCH~1\Datamngr\BROWSE~1.DLL
O2 - BHO: DataMngr - {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} - C:\PROGRA~1\SEARCH~1\Datamngr\BROWSE~1.DLL
O2 - BHO: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Search-Results Toolbar - {f34c9277-6577-4dff-b2d7-7d58092f272f} - C:\PROGRA~1\SEARCH~2\Datamngr\SRTOOL~1\searchresultsDx.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: (no name) - {23ED2206-856D-461A-BBCF-1C2466AC5AE3} - (no file)
O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O3 - Toolbar: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O3 - Toolbar: &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
O3 - Toolbar: Search-Results Toolbar - {f34c9277-6577-4dff-b2d7-7d58092f272f} - C:\PROGRA~1\SEARCH~2\Datamngr\SRTOOL~1\searchresultsDx.dll
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [BbPrintMonitor] C:\Program Files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\BBPrint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [PrintDisp] C:\WINDOWS\system32\PrintDisp.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Monitor] "C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe"
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\SEARCH~2\Datamngr\DATAMN~1.EXE
O4 - HKLM\..\Run: [ROC_roc_ssl_v12] "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Video Add-on\isfmntr.exe
O8 - Extra context menu item: &Google Search - [You must be registered and logged in to see this link.] Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: &Translate English Word - [You must be registered and logged in to see this link.] Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - [You must be registered and logged in to see this link.] Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - [You must be registered and logged in to see this link.] Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - [You must be registered and logged in to see this link.] Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - [You must be registered and logged in to see this link.] Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Support - {967DADB9-3A57-438C-AE67-8F079B2A1EFF} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (file missing) (HKCU)
O18 - Protocol: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\TransCore\3sixty Freight Match Prerequisites\Skype4COM.dll
O20 - AppInit_DLLs: C:\PROGRA~1\SEARCH~2\Datamngr\datamngr.dll C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll NVDESK32.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: designers - {f0c5ef8b-f4bb-4612-9ea8-361fff3da3d5} - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwssvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Printer Control - ActMask Co.,Ltd - [You must be registered and logged in to see this link.] - C:\WINDOWS\system32\PrintCtrl.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
O24 - Desktop Component 0: (no name) - [You must be registered and logged in to see this link.]
O24 - Desktop Component 1: (no name) - [You must be registered and logged in to see this link.]

--
End of file - 15082 bytes

tack06
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2012-12-25
OS : Windows XP

View user profile

Back to top Go down

Re: Slow PC

Post by Dr Jay on Tue Jan 01, 2013 3:47 pm

Hi there. Sorry you didn't receive help on this. Do you need help still?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13706
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Slow PC

Post by tack06 on Fri Jan 04, 2013 8:09 am

yes please

tack06
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2012-12-25
OS : Windows XP

View user profile

Back to top Go down

Re: Slow PC

Post by Dr Jay on Fri Jan 04, 2013 9:56 am

ComboFix scan

Please download ComboFix by sUBs
[You must be registered and logged in to see this link.]

Please save the file to your Desktop.

Important information about ComboFix


After the download:

  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". [You must be registered and logged in to see this link.] if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:

  • Double click on ComboFix.exe & follow the prompts.
  • When ComboFix finishes, it will produce a report for you.
  • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13706
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Slow PC

Post by tack06 on Tue Jan 08, 2013 7:46 am

ComboFix 13-01-06.01 - Trecie 01/08/2013 1:02.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.590 [GMT -6:00]
Running from: c:\documents and settings\Trecie\My Documents\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
c:\documents and settings\All Users\Application Data\33b64130804b84ca6d88886080d23bd6_c
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\ZangoSA
c:\documents and settings\All Users\Application Data\ZangoSA\ZangoSA.dat
c:\documents and settings\All Users\Application Data\ZangoSA\ZangoSAAbout.mht
c:\documents and settings\All Users\Application Data\ZangoSA\ZangoSAEULA.mht
c:\documents and settings\All Users\Start Menu\Programs\Zango
c:\documents and settings\All Users\Start Menu\Programs\Zango\Zango Customer Support Center.lnk
c:\documents and settings\All Users\Start Menu\Programs\Zango\Zango Games!.lnk
c:\documents and settings\All Users\Start Menu\Programs\Zango\Zango Library.lnk
c:\documents and settings\All Users\Start Menu\Programs\Zango\Zango Screensavers!.lnk
c:\documents and settings\All Users\Start Menu\Programs\Zango\Zango Videos!.lnk
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Ricky\WINDOWS
c:\documents and settings\Trecie\Application Data\alot
c:\documents and settings\Trecie\Application Data\alot\BrowserSearch\BrowserSearch.xml
c:\documents and settings\Trecie\Application Data\alot\BrowserSearch\BrowserSearch.xml.backup
c:\documents and settings\Trecie\Application Data\alot\Button_0\Button_0.xml
c:\documents and settings\Trecie\Application Data\alot\Button_0\Button_0.xml.backup
c:\documents and settings\Trecie\Application Data\alot\Button_1\Button_1.xml
c:\documents and settings\Trecie\Application Data\alot\Button_1\Button_1.xml.backup
c:\documents and settings\Trecie\Application Data\alot\Button_10\Button_10.xml
c:\documents and settings\Trecie\Application Data\alot\Button_10\Button_10.xml.backup
c:\documents and settings\Trecie\Application Data\alot\Button_11\Button_11.xml
c:\documents and settings\Trecie\Application Data\alot\Button_11\Button_11.xml.backup
c:\documents and settings\Trecie\Application Data\alot\Button_2\Button_2.xml
c:\documents and settings\Trecie\Application Data\alot\Button_2\Button_2.xml.backup
c:\documents and settings\Trecie\Application Data\alot\Button_3\Button_3.xml
c:\documents and settings\Trecie\Application Data\alot\Button_3\Button_3.xml.backup
c:\documents and settings\Trecie\Application Data\alot\Button_4\Button_4.xml
c:\documents and settings\Trecie\Application Data\alot\Button_4\Button_4.xml.backup
c:\documents and settings\Trecie\Application Data\alot\Button_5\Button_5.xml
c:\documents and settings\Trecie\Application Data\alot\Button_5\Button_5.xml.backup
c:\documents and settings\Trecie\Application Data\alot\toolbar.xml
c:\documents and settings\Trecie\Application Data\WeatherDPA
c:\documents and settings\Trecie\Application Data\WeatherDPA\Weather\WeatherStartup.xml
c:\documents and settings\Trecie\WINDOWS
c:\progra~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
c:\progra~1\SEARCH~1\Datamngr\BROWSE~1.DLL
c:\program files\AntiVirGear 3.8
c:\program files\AntiVirGear 3.8\vpp.ini
c:\program files\BasicScan
c:\program files\BasicScan\uninstall.exe
c:\program files\FunWebProducts
c:\program files\FunWebProducts\ScreenSaver\Cache\0838070A.jpg
c:\program files\FunWebProducts\ScreenSaver\Cache\files.ini
c:\program files\FunWebProducts\ScreenSaver\Images\07F83B12.urr
c:\program files\FunWebProducts\ScreenSaver\Images\07F95368.urr
c:\program files\FunWebProducts\ScreenSaver\Images\0838306C.dat
c:\program files\FunWebProducts\ScreenSaver\Images\wrkparam.lst
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn-new.html
c:\program files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn-new.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\FunWebProducts\Shared\Cache\WebfettiBtn-new.html
c:\program files\FunWebProducts\Shared\Cache\WebfettiBtn.html
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\ThirdPartyInstallers\SymcPCCUInstaller.exe
c:\program files\MyWebSearch\bar\1.bin\ThirdPartyInstallers\SymcPCCUInstaller.log
c:\program files\MyWebSearch\bar\2.bin\CHROME.MANIFEST
c:\program files\MyWebSearch\bar\2.bin\chrome\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\2.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\2.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\2.bin\F3DTACTL.DLL
c:\program files\MyWebSearch\bar\2.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\2.bin\F3HKSTUB.DLL
c:\program files\MyWebSearch\bar\2.bin\F3HTmlmu.dll
c:\program files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\2.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\2.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\2.bin\F3REGHK.DLL
c:\program files\MyWebSearch\bar\2.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\2.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\2.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\2.bin\F3SCrctr.dll
c:\program files\MyWebSearch\bar\2.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\2.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\2.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\2.bin\INSTALL.RDF
c:\program files\MyWebSearch\bar\2.bin\M3AUXSTB.DLL
c:\program files\MyWebSearch\bar\2.bin\M3DLGHK.DLL
c:\program files\MyWebSearch\bar\2.bin\M3FFTBPR.DLL
c:\program files\MyWebSearch\bar\2.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\2.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\2.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\2.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\2.bin\M3MSg.dll
c:\program files\MyWebSearch\bar\2.bin\M3OUtlcn.dll
c:\program files\MyWebSearch\bar\2.bin\M3PATCH.DLL
c:\program files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\2.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\2.bin\M3TPINST.DLL
c:\program files\MyWebSearch\bar\2.bin\M3UNPAT.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSMLBTN.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\2.bin\MWSUABTN.DLL
c:\program files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\000728F2.bmp
c:\program files\MyWebSearch\bar\Cache\000AD03F
c:\program files\MyWebSearch\bar\Cache\00441FD1
c:\program files\MyWebSearch\bar\Cache\0081DF9E.bin
c:\program files\MyWebSearch\bar\Cache\0081E125.bmp
c:\program files\MyWebSearch\bar\Cache\0081E1D1.bin
c:\program files\MyWebSearch\bar\Cache\0081E309.bin
c:\program files\MyWebSearch\bar\Cache\00853215.bin
c:\program files\MyWebSearch\bar\Cache\00853409
c:\program files\MyWebSearch\bar\Cache\00F5DEDF.exe
c:\program files\MyWebSearch\bar\Cache\07F81625
c:\program files\MyWebSearch\bar\Cache\07F824BB.bin
c:\program files\MyWebSearch\bar\Cache\07F82661.bin
c:\program files\MyWebSearch\bar\Cache\07F828B3.bin
c:\program files\MyWebSearch\bar\Cache\07F8298E.bin
c:\program files\MyWebSearch\bar\Cache\083D7117
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Message\COMMON\8_step1.gif
c:\program files\MyWebSearch\bar\Message\COMMON\autoup.gif
c:\program files\MyWebSearch\bar\Message\COMMON\autoup.htm
c:\program files\MyWebSearch\bar\Message\COMMON\bkez.jpg
c:\program files\MyWebSearch\bar\Message\COMMON\bkgr.jpg
c:\program files\MyWebSearch\bar\Message\COMMON\bkgs.jpg
c:\program files\MyWebSearch\bar\Message\COMMON\bklf.jpg
c:\program files\MyWebSearch\bar\Message\COMMON\bkrg.jpg
c:\program files\MyWebSearch\bar\Message\COMMON\bkwebfet.jpg
c:\program files\MyWebSearch\bar\Message\COMMON\bkzc.jpg
c:\program files\MyWebSearch\bar\Message\COMMON\bkzl.jpg
c:\program files\MyWebSearch\bar\Message\COMMON\bkzn.jpg
c:\program files\MyWebSearch\bar\Message\COMMON\bkzq.jpg
c:\program files\MyWebSearch\bar\Message\COMMON\bkzr.jpg
c:\program files\MyWebSearch\bar\Message\COMMON\bkzu.jpg
c:\program files\MyWebSearch\bar\Message\COMMON\bkzv.jpg
c:\program files\MyWebSearch\bar\Message\COMMON\bkzw.jpg
c:\program files\MyWebSearch\bar\Message\COMMON\bkzwinky.jpg
c:\program files\MyWebSearch\bar\Message\COMMON\blubtn2d.png
c:\program files\MyWebSearch\bar\Message\COMMON\blubtn2r.png
c:\program files\MyWebSearch\bar\Message\COMMON\blubtn3d.png
c:\program files\MyWebSearch\bar\Message\COMMON\blubtn3r.png
c:\program files\MyWebSearch\bar\Message\COMMON\center.htm
c:\program files\MyWebSearch\bar\Message\COMMON\index.htm
c:\program files\MyWebSearch\bar\Message\COMMON\mid_dots.gif
c:\program files\MyWebSearch\bar\Message\COMMON\protect.htm
c:\program files\MyWebSearch\bar\Message\COMMON\rebut4.htm
c:\program files\MyWebSearch\bar\Message\COMMON\rebut4b.htm
c:\program files\MyWebSearch\bar\Message\COMMON\rebut4c.htm
c:\program files\MyWebSearch\bar\Message\COMMON\shield.png
c:\program files\MyWebSearch\bar\Message\COMMON\shocked.gif
c:\program files\MyWebSearch\bar\Message\COMMON\stop.gif
c:\program files\MyWebSearch\bar\Message\COMMON\systray.htm
c:\program files\MyWebSearch\bar\Message\COMMON\systrayp.htm
c:\program files\MyWebSearch\bar\Message\COMMON\tp_grad.gif
c:\program files\MyWebSearch\bar\Message\COMMON\warn.gif
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Overlay\COMMON.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_FeatCk.dat
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\Video Add-on
c:\program files\Video Add-on\ot.ico
c:\program files\Video Add-on\ts.ico
c:\windows\desktop
c:\windows\desktop\Compaq Knowledge Center.lnk
c:\windows\iun6002.exe
c:\windows\Readme.txt
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\5401ba459b2aae8d.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\regobj.dll
c:\windows\system32\setb0.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_BASICSCAN_SERVICE
-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_MyWebSearchService
.
.
((((((((((((((((((((((((( Files Created from 2012-12-08 to 2013-01-08 )))))))))))))))))))))))))))))))
.
.
2013-01-08 07:29 . 2013-01-08 07:29 0 ----a-w- c:\windows\system32\sho25B.tmp
2013-01-08 07:29 . 2013-01-08 07:29 0 ----a-w- c:\windows\system32\sho25A.tmp
2013-01-07 13:12 . 2012-11-08 16:00 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BD449865-A3CE-4D68-BFAB-429DD5FA1F43}\mpengine.dll
2013-01-06 08:03 . 2012-11-08 16:00 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-06 00:43 . 2013-01-06 00:43 -------- d-----w- c:\documents and settings\Trecie\Application Data\DDMSettings
2013-01-06 00:35 . 2013-01-06 00:37 -------- d-----w- c:\documents and settings\Trecie\Application Data\DivX
2013-01-06 00:33 . 2013-01-06 00:35 -------- d-----w- c:\program files\Common Files\DivX Shared
2013-01-03 19:36 . 2013-01-03 19:36 -------- d-----w- c:\documents and settings\Trecie\Local Settings\Application Data\Sun
2013-01-03 19:21 . 2013-01-03 19:20 859072 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-01-03 19:21 . 2013-01-03 19:20 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-12-14 22:08 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-12-14 21:49 . 2012-12-14 21:50 -------- d-----w- c:\program files\Microsoft Security Client
2012-12-13 08:44 . 2012-12-13 08:44 -------- d-----w- c:\program files\MSXML 4.0
2012-12-11 22:44 . 2012-12-11 22:44 135168 ----a-r- c:\documents and settings\Trecie\Application Data\Microsoft\Installer\{3B65B12C-961B-4A4B-AE39-118C85C9F10B}\NewShortcut3_3B65B12C961B4A4BAE39118C85C9F10B.EXE
2012-12-11 22:44 . 2012-12-11 22:44 135168 ----a-r- c:\documents and settings\Trecie\Application Data\Microsoft\Installer\{3B65B12C-961B-4A4B-AE39-118C85C9F10B}\NewShortcut2_3B65B12C961B4A4BAE39118C85C9F10B.EXE
2012-12-11 22:44 . 2012-12-11 22:44 135168 ----a-r- c:\documents and settings\Trecie\Application Data\Microsoft\Installer\{3B65B12C-961B-4A4B-AE39-118C85C9F10B}\ARPPRODUCTICON.exe
2012-12-11 22:42 . 2012-12-11 22:42 -------- d-----w- C:\Majestic Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-03 19:20 . 2011-09-03 04:37 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-01-03 19:20 . 2011-09-03 04:37 779704 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-16 12:23 . 2001-10-23 01:14 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-13 20:29 . 2012-11-13 20:29 354216 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2012-11-13 01:25 . 2001-10-23 01:15 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-02 02:02 . 2004-01-22 05:06 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17 . 2004-08-24 02:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17 . 2003-01-29 18:02 43520 ------w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17 . 2003-01-29 18:01 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2004-08-04 05:59 385024 ------w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-04-09 1519272]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn1\yt.dll" [2012-01-12 1517368]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"MoneyAgent"="c:\program files\Microsoft Money\System\Money Express.exe" [2000-07-19 176183]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-06-02 273544]
"BbPrintMonitor"="c:\program files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\BBPrint.exe" [2010-11-30 167072]
"PrintDisp"="c:\windows\system32\PrintDisp.exe" [2011-02-19 826368]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2012-09-28 298376]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-04-09 1557160]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"WCOLOREAL"="c:\program files\COMPAQ\Coloreal\coloreal.exe" [2001-09-26 131072]
"srmclean"="c:\cpqs\Scom\srmclean.exe" [2001-07-24 36864]
"SAITEKAUTOCONFIGURE"="c:\program files\Saitek\Saitek Gaming Extensions\saicnfig.exe" [2001-01-19 45056]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-06 421888]
"Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [2000-07-13 28739]
"Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [2000-07-13 311350]
"BbInstallUser"="c:\program files\Bluebeam Software\Pushbutton PDF\Bluebeam Admin User.exe" [2011-08-12 38560]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-01 344064]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2012-11-13 450560]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2012-11-30 1263512]
.
c:\documents and settings\Trecie\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE [2012-1-4 3208032]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Microsoft Office.lnk - c:\program files\Office2K\Office\OSA9.EXE [N/A]
Microsoft Works Calendar Reminders.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2000-7-13 24633]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Sony\\Station\\Launchpad\\LaunchPad.exe"=
"c:\\Program Files\\StarWarsGalaxies\\SWGVoiceService.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Documents and Settings\\Trecie\\My Documents\\Downloads\\cnet_ClassicPDFSetup_exe.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Searchqu Toolbar\\Datamngr\\ToolBar\\dtUser.exe"=
"c:\\Program Files\\Search Results Toolbar\\Datamngr\\SRTOOL~1\\dtUser.exe"=
"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=
.
R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [1/4/2012 2:22 PM 822624]
R2 Printer Control;Printer Control;c:\windows\system32\PrintCtrl.exe [9/29/2011 6:21 PM 65536]
R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [10/1/2011 8:30 AM 508776]
R3 Gcr432;Gcr432;c:\windows\system32\drivers\gcr432.sys [9/14/2001 5:08 PM 53445]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [12/2/2009 10:23 PM 584680]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [12/2/2009 10:23 PM 209512]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [12/2/2009 10:23 PM 20584]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [12/2/2009 10:23 PM 18280]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [10/1/2011 8:30 AM 219496]
S1 EACMOS;EACMOS;c:\windows\system32\drivers\EACMOS.SYS --> c:\windows\system32\drivers\EACMOS.SYS [?]
S1 MpKslfb3370d6;MpKslfb3370d6;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{84463356-7111-4421-94D4-4DB84D5F9357}\MpKslfb3370d6.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{84463356-7111-4421-94D4-4DB84D5F9357}\MpKslfb3370d6.sys [?]
S3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\drivers\btblan.sys [12/10/2011 11:06 AM 33792]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 10:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57]
.
2013-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-02 22:33]
.
2013-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-02 22:33]
.
2013-01-07 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 23:25]
.
2013-01-08 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1079118523-2771580065-2541319435-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 16:47]
.
2013-01-08 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1079118523-2771580065-2541319435-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 16:47]
.
2013-01-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1079118523-2771580065-2541319435-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 16:47]
.
2013-01-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1079118523-2771580065-2541319435-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 16:47]
.
2012-12-21 c:\windows\Tasks\ReclaimerResumeInstall_Trecie.job
- c:\documents and settings\Trecie\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-21 06:31]
.
2012-11-21 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2012-04-09 23:43]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
Trusted Zone: cod.edu\www
TCP: DhcpNameServer = 192.168.15.1
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
HKCU-Run-Tsa2 - c:\progra~1\COMMON~1\tsa\tsm2.exe
HKCU-Run-SYSfit - c:\windows\SYSfit.exe
HKCU-Run-SpySweeper - c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
HKCU-Run-DR_S - c:\program files\DR_S\DR_S.exe
HKLM-Run-ROC_roc_ssl_v12 - c:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe
HKLM-Run-WorksFUD - (no file)
HKLM-Run-Symantec NetDriver Monitor - c:\progra~1\SYMNET~1\SNDMon.exe
HKLM-Run-qkmpcnpnb - c:\windows\System32\qpdjrl.exe
HKLM-Run-PowerStrip - c:\program files\powerstrip\pstrip.exe
HKLM-Run-POINTER - point32.exe
HKLM-Run-MoviePlace - c:\program files\MoviePlace\MoviePlace.exe
HKLM-Run-MemBoost - c:\documents and settings\Ricky\My Documents\My Received Files\memfree.exe
HKLM-Run-CPQEASYACC - c:\program files\Compaq\Easy Access Button Support\StartEAK.exe
HKLM-Run-AllBeautifulGirls - c:\program files\AllBeautifulGirls\AllBeautifulGirls.exe
HKLM-Run-AGEIA PhysX SysTray - c:\program files\AGEIA Technologies\TrayIcon.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2013-01-08 01:33
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(672)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2288)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\nvsvc32.exe
c:\windows\system32\pctspk.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\SEARCH~2\Datamngr\DATAMN~1.EXE
q:\140062.enu\Office14\ONENOTEM.EXE
c:\program files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
.
**************************************************************************
.
Completion time: 2013-01-08 01:43:15 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-08 07:43
.
Pre-Run: 17,475,911,680 bytes free
Post-Run: 19,390,394,368 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 5DEA30A430FBC1E85F0E6E5AFF43E47C

tack06
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2012-12-25
OS : Windows XP

View user profile

Back to top Go down

Re: Slow PC

Post by Dr Jay on Tue Jan 08, 2013 8:08 pm

Adware Cleaning

Please download [You must be registered and logged in to see this link.] by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.



Junkware Removal Tool

Please download [You must be registered and logged in to see this link.] to your desktop.
  • Warning! Once the scan is complete JRT will shut down your browser with NO warning.

  • Shut down your protection software now to avoid potential conflicts.
  • Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click [You must be registered and logged in to see this link.] to see a list of security programs that should be disabled and how to disable them.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Copy and Paste the JRT.txt log into your next message.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13706
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Slow PC

Post by tack06 on Wed Jan 09, 2013 12:52 am

# AdwCleaner v2.105 - Logfile created 01/08/2013 at 18:41:58
# Updated 08/01/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Trecie - COMPAQ
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Trecie\My Documents\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\search results toolbar
File Deleted : C:\Documents and Settings\All Users\Desktop\iLivid.lnk
File Deleted : C:\Documents and Settings\Trecie\Start Menu\Programs\iLivid.lnk
File Deleted : C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
Folder Deleted : C:\Documents and Settings\All Users\Application Data\boost_interprocess
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\Inbox Toolbar
Folder Deleted : C:\Documents and Settings\Ricky\Application Data\Inbox Toolbar
Folder Deleted : C:\Documents and Settings\Ricky\Application Data\Searchqutoolbar
Folder Deleted : C:\Documents and Settings\Ricky\Local Settings\Application Data\AskToolbar
Folder Deleted : C:\Documents and Settings\Trecie\Application Data\Inbox Toolbar
Folder Deleted : C:\Documents and Settings\Trecie\Application Data\searchquband
Folder Deleted : C:\Documents and Settings\Trecie\Application Data\Searchqutoolbar
Folder Deleted : C:\Documents and Settings\Trecie\Local Settings\Application Data\APN
Folder Deleted : C:\Documents and Settings\Trecie\Local Settings\Application Data\AskToolbar
Folder Deleted : C:\Documents and Settings\Trecie\Local Settings\Application Data\Ilivid
Folder Deleted : C:\Documents and Settings\Trecie\Local Settings\Application Data\Ilivid Player
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files\Ilivid
Folder Deleted : C:\Program Files\Inbox Toolbar
Folder Deleted : C:\Program Files\Searchqu Toolbar
Folder Deleted : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\alot
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\APN DTX
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Fun Web Products
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\ilividtoolbarguid
Key Deleted : HKCU\Software\Inbox Toolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33524C00-63FB-43DB-A6BF-0A4E14B24649}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{042DA63B-0933-403D-9395-B49307691690}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\searchqutoolbar
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67FA02C4-AB30-4e77-A640-78EE8EC8673B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{799391D3-EB86-4BAC-9BD3-CBFEA58A0E15}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CE4DB5A3-58E6-41f1-8761-47238DF4F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61}
Key Deleted : HKLM\SOFTWARE\Classes\iLividIEHelper.DNSGuard
Key Deleted : HKLM\SOFTWARE\Classes\iLividIEHelper.DNSGuard.1
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{15FD8424-D12A-4C51-8C6C-D5D57B80F781}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2447E305-5E90-42A8-BD1E-0BC333B807E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2557DD3F-23A0-477C-BCD8-90FD0AECC4B8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2893116C-A176-42B1-8794-DA8C9FC45564}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3CEB04AB-08AF-45F4-81B4-70D13C1F7B85}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{40CA90F3-4098-4877-AE87-23EB612B18C7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C3B62AF-CA25-4FBA-8405-32E44F83BB6F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{50D2FDCC-2707-49CB-8223-7FE0424909AA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5A635A91-C303-45C9-8DB9-F759D98A3B9D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{67B3BECF-7B6F-42B2-99F0-F7656F89CFFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{715FFD42-4E05-4EAB-9513-C8DAA5395AE2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{759D6F7C-8D30-45B6-ABEA-FA51C190EED5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7E335D04-2E6E-4D0E-A921-C3D9192E7121}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{878CE013-7BA9-4650-A78C-B2234C0C1648}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8EE46F55-1CE1-4DB9-811A-68938EC7F3DD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{99FDCA0C-7380-4E9C-8D99-5DC4750334EF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9A4A64A4-A2FB-48FA-9BBA-1AC50267695D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A7213D71-47E1-4832-92D7-D61DFE9F231F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A87DFD99-CF81-4241-85CE-881E0026B686}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B1D9F4B1-B9FF-463F-BF15-AB9CB26160F7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B20D7ADD-989C-4BC0-A797-F6FE7998EFD7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFC20A15-B0AC-44CC-A25A-A7039014BA9F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C96B9FAE-A032-4100-BB47-32EF05E28BE4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CF82F350-E1C4-4916-AC12-BA73DB60AFB7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F019AEC4-4C95-46DE-A107-E302473E3B9A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.ThirdPartyInstaller
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.ThirdPartyInstaller.1
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\inbox
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{615E8AA1-6BB8-4A3D-A1CC-373194DB612C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}
Key Deleted : HKLM\Software\iLividSRTB
Key Deleted : HKLM\Software\Inbox Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Office\Word\Addins\HostOL.MailAnim
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\alotToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BasicScan
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilivid
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilividtoolbarguid
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstall
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\alotToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilividtoolbarguid
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows Media\Wmsdk\Sources [F3PopularScreenSavers]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [m3ffxtbr@mywebsearch.com]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Documents and Settings\Ricky\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Documents and Settings\Trecie\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted [l.20] : urls_to_restore_on_startup = [ "hxxp://us.mg4.mail.yahoo.com/neo/launch?.rand=91548465&act[...]
Deleted [l.78] : search_url = "hxxp://dts.search-results.com/sr?src=crb&gct=ds&appid=341&systemid=406&apn_dtid[...]
Deleted [l.2584] : urls_to_restore_on_startup = [ "hxxp://us.mg4.mail.yahoo.com/neo/launch?.rand=91548465&action[...]

*************************

AdwCleaner[S1].txt - [19342 octets] - [08/01/2013 18:41:58]

########## EOF - C:\AdwCleaner[S1].txt - [19403 octets] ##########

tack06
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2012-12-25
OS : Windows XP

View user profile

Back to top Go down

Re: Slow PC

Post by tack06 on Wed Jan 09, 2013 4:21 am

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.4.1 (01.06.2013:2)
OS: Microsoft Windows XP x86
Ran by Trecie on Tue 01/08/2013 at 18:57:13.20
Blog: [You must be registered and logged in to see this link.]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\applications\ilividsetup.exe
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{02478d38-c3f9-4efb-9b51-7695eca05670}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478d38-c3f9-4efb-9b51-7695eca05670}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{5aa2ba46-9913-4dc7-9620-69ab0fa17ae7}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\Trecie\Application Data\ilividtoolbarguid"
Successfully deleted: [Folder] "C:\Documents and Settings\Trecie\Application Data\searchresultstb"
Successfully deleted: [Folder] "C:\Documents and Settings\Trecie\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Program Files\alot"





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 01/08/2013 at 19:16:39.60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

tack06
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2012-12-25
OS : Windows XP

View user profile

Back to top Go down

Re: Slow PC

Post by Dr Jay on Wed Jan 09, 2013 7:23 pm

Good job!

ESET Online Scan

Please run a free online scan with the [You must be registered and logged in to see this link.]

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
  • Click Start or wait for the scanner to load.
  • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, there are a couple of things to keep in mind:
  • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
  • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
  • Open the logfile from wherever you saved it
  • Copy and paste the contents in your next reply.



Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death


Note: Absence of issues does not mean that you're protected in the future.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13706
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Slow PC

Post by tack06 on Thu Jan 10, 2013 4:42 am

C:\System Volume Information\_restore{6F58C3A6-2690-4845-BF76-6242BD9523CE}\RP1123\A0256870.DLL Win32/Toolbar.MyWebSearch application unable to clean
C:\System Volume Information\_restore{6F58C3A6-2690-4845-BF76-6242BD9523CE}\RP1123\A0256884.scr Win32/Toolbar.MyWebSearch application unable to clean
C:\System Volume Information\_restore{6F58C3A6-2690-4845-BF76-6242BD9523CE}\RP1124\A0257046.dll Win32/Toolbar.SearchSuite application unable to clean
C:\System Volume Information\_restore{6F58C3A6-2690-4845-BF76-6242BD9523CE}\RP1124\A0257049.dll a variant of Win32/Toolbar.SearchSuite application unable to clean
C:\System Volume Information\_restore{6F58C3A6-2690-4845-BF76-6242BD9523CE}\RP1124\A0257052.dll a variant of Win32/Toolbar.SearchSuite application unable to clean
C:\System Volume Information\_restore{6F58C3A6-2690-4845-BF76-6242BD9523CE}\RP1124\A0257053.exe a variant of Win32/Toolbar.SearchSuite.A application unable to clean
C:\System Volume Information\_restore{6F58C3A6-2690-4845-BF76-6242BD9523CE}\RP1124\A0257054.dll a variant of Win32/Toolbar.SearchSuite application unable to clean
C:\System Volume Information\_restore{6F58C3A6-2690-4845-BF76-6242BD9523CE}\RP1124\A0257055.dll a variant of Win32/Toolbar.SearchSuite application unable to clean
C:\System Volume Information\_restore{6F58C3A6-2690-4845-BF76-6242BD9523CE}\RP1124\A0257079.exe a variant of Win32/Toolbar.SearchSuite.A application unable to clean
C:\Documents and Settings\Trecie\My Documents\Downloads\Bruno_Mars_-_Unorthodox_Jukebox_(Deluxe_Version)_[2012]_secure.exe Win32/TopMedia.B application cleaned by deleting - quarantined
C:\Documents and Settings\Trecie\My Documents\Downloads\cnet_ClassicPDFSetup_exe (1).exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Documents and Settings\Trecie\My Documents\Downloads\cnet_ClassicPDFSetup_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Documents and Settings\Trecie\My Documents\Downloads\cnet_InfixSetup_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Documents and Settings\Trecie\My Documents\Downloads\ffdshow_Setup (1).exe a variant of Win32/Adware.iBryte.C application cleaned by deleting - quarantined
C:\Documents and Settings\Trecie\My Documents\Downloads\ffdshow_Setup (2).exe a variant of Win32/Adware.iBryte.C application cleaned by deleting - quarantined
C:\Documents and Settings\Trecie\My Documents\Downloads\ffdshow_Setup.exe a variant of Win32/Adware.iBryte.C application cleaned by deleting - quarantined
C:\Documents and Settings\Trecie\My Documents\Downloads\Filebox Download Manager.exe Win32/InstallMate application cleaned by deleting - quarantined
C:\Documents and Settings\Trecie\My Documents\Downloads\iLividSetup.exe Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Documents and Settings\Trecie\My Documents\Downloads\mediaplayer_1573.exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined
C:\Documents and Settings\Trecie\My Documents\Downloads\movie_player_1280 (1).exe Win32/InstallIQ application cleaned by deleting - quarantined
C:\Documents and Settings\Trecie\My Documents\Downloads\movie_player_1280 (2).exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined
C:\Documents and Settings\Trecie\My Documents\Downloads\movie_player_1280 (3).exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined
C:\Documents and Settings\Trecie\My Documents\Downloads\movie_player_1280 (4).exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined
C:\Documents and Settings\Trecie\My Documents\Downloads\movie_player_1280 (5).exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined
C:\Documents and Settings\Trecie\My Documents\Downloads\movie_player_1280.exe Win32/InstallIQ application cleaned by deleting - quarantined
C:\Documents and Settings\Trecie\My Documents\Downloads\movie_player_d998173.exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined
C:\Documents and Settings\Trecie\My Documents\Downloads\Setup.exe Win32/Adware.Bundlore application cleaned by deleting - quarantined
C:\Documents and Settings\Trecie\My Documents\Downloads\video_downloader (1).exe Win32/Adware.Bundlore application cleaned by deleting - quarantined
C:\Documents and Settings\Trecie\My Documents\Downloads\video_downloader.exe Win32/Adware.Bundlore application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3CJPEG.DLL.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3DTACTL.DLL.vir Win32/FunWeb application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3HISTSW.DLL.vir Win32/FunWeb application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3HKSTUB.DLL.vir Win32/Toolbar.MyWebSearch.G application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3HTmlmu.dll.vir Win32/Toolbar.MyWebSearch.B application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3IMSTUB.DLL.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3POPSWT.DLL.vir Win32/FunWeb application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3REGHK.DLL.vir Win32/Toolbar.MyWebSearch.G application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3REPROX.DLL.vir Win32/Toolbar.MyWebSearch.D application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3RESTUB.DLL.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3SCHMON.EXE.vir Win32/FunWeb application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3SCrctr.dll.vir Win32/Toolbar.MyWebSearch.P application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL.vir Win32/FunWeb application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3AUXSTB.DLL.vir Win32/Toolbar.MyWebSearch.H application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3DLGHK.DLL.vir a variant of Win32/Toolbar.MyWebSearch.I application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3HTML.DLL.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3IDLE.DLL.vir Win32/Toolbar.MyWebSearch.P application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3MSg.dll.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3OUtlcn.dll.vir Win32/Toolbar.MyWebSearch.J application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL.vir a variant of Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3SKIN.DLL.vir Win32/Toolbar.MyWebSearch.P application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE.vir Win32/Toolbar.MyWebSearch.J application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE.vir Win32/Toolbar.MyWebSearch.I application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3TPINST.DLL.vir a variant of Win32/Toolbar.MyWebSearch.I application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3UNPAT.DLL.vir a variant of Win32/Toolbar.MyWebSearch.I application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL.vir a variant of Win32/Toolbar.MyWebSearch.K application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSMLBTN.DLL.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL.vir Win32/Toolbar.MyWebSearch.J application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSSVC.EXE.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSUABTN.DLL.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\f3PSSavr.scr.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{6F58C3A6-2690-4845-BF76-6242BD9523CE}\RP1123\A0256823.EXE Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{6F58C3A6-2690-4845-BF76-6242BD9523CE}\RP1123\A0256830.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{6F58C3A6-2690-4845-BF76-6242BD9523CE}\RP1123\A0256831.DLL Win32/FunWeb application cleaned by deleting - quarantined
C:\System Volume Information\_restore{6F58C3A6-2690-4845-BF76-6242BD9523CE}\RP1123\A0256832.DLL Win32/FunWeb application cleaned by deleting - quarantined
C:\System Volume Information\_restore{6F58C3A6-2690-4845-BF76-6242BD9523CE}\RP1123\A0256833.DLL Win32/Toolbar.MyWebSearch.G application cleaned by deleting - quarantined
C:\System Volume Information\_restore{6F58C3A6-2690-4845-BF76-6242BD9523CE}\RP1123\A0256834.DLL Win32/Toolbar.MyWebSearch.B application cleaned by deleting - quarantined
C:\System Volume Information\_restore{6F58C3A6-2690-4845-BF76-6242BD9523CE}\RP1123\A0256835.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{6F58C3A6-2690-4845-BF76-6242BD9523CE}\RP1123\A0256836.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{6F58C3A6-2690-4845-BF76-6242BD9523CE}\RP1123\A0256837.DLL Win32/FunWeb application cleaned by deleting - quarantined
C:\System Volume Information\_restore{6F58C3A6-2690-4845-BF76-6242BD9523CE}\RP1123\A0256838.SCR Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{6F58C3A6-2690-4845-BF76-6242BD9523CE}\RP1123\A0256839.DLL Win32/Toolbar.MyWebSearch.G application cleaned by deleting - quarantined
C:\System Volume Information\_restore{6F58C3A6-2690-4845-BF76-6242BD9523CE}\RP1123\A0256840.DLL Win32/Toolbar.MyWebSearch.D application cleaned by deleting - quarantined
C:\System Volume Information\_restore{6F58C3A6-2690-4845-BF76-6242BD9523CE}\RP1123\A0256841.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{6F58C3A6-2690-4845-BF76-6242BD9523CE}\RP1123\A0256842.EXE Win32/FunWeb application cleaned by deleting - quarantined
C:\System Volume Information\_restore{6F58C3A6-2690-4845-BF76-6242BD9523CE}\RP1123\A0256843.DLL Win32/Toolbar.MyWebSearch.P application cleaned by deleting - quarantined
C:\System Volume Information\_restore{6F58C3A6-2690-4845-BF76-6242BD9523CE}\RP1123\A0256844.DLL Win32/FunWeb application cleaned by deleting - quarantined
C:\System Volume Information\_restore{6F58C3A6-2690-4845-BF76-6242BD9523CE}\RP1123\A0256845.DLL Win32/Toolbar.MyWebSearch.H application cleaned by deleting - quarantined
C:\System Volume Information\_restore{6F58C3A6-2690-4845-BF76-6242BD9523CE}\RP1123\A0256846.DLL a variant of Win32/Toolbar.MyWebSearch.I application cleaned by deleting - quarantined
C:\System Volume Information\_restore{6F58C3A6-2690-4845-BF76-6242BD9523CE}\RP1123\A0256849.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{6F58C3A6-2690-4845-BF76-6242BD9523CE}\RP1123\A0256850.DLL Win32/Toolbar.MyWebSearch.P application cleaned by deleting - quarantined
C:\System Volume Information\_restore{6F58C3A6-2690-4845-BF76-6242BD9523CE}\RP1123\A0256851.EXE Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{6F58C3A6-2690-4845-BF76-6242BD9523CE}\RP1123\A0256853.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{6F58C3A6-2690-4845-BF76-6242BD9523CE}\RP1123\A0256854.DLL Win32/Toolbar.MyWebSearch.J application cleaned by deleting - quarantined
C:\System Volume Information\_restore{6F58C3A6-2690-4845-BF76-6242BD9523CE}\RP1123\A0256856.DLL a variant of Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{6F58C3A6-2690-4845-BF76-6242BD9523CE}\RP1123\A0256857.DLL Win32/Toolbar.MyWebSearch.P application cleaned by deleting - quarantined
C:\System Volume Information\_restore{6F58C3A6-2690-4845-BF76-6242BD9523CE}\RP1123\A0256858.EXE Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{6F58C3A6-2690-4845-BF76-6242BD9523CE}\RP1123\A0256859.EXE Win32/Toolbar.MyWebSearch.J application cleaned by deleting - quarantined
C:\System Volume Information\_restore{6F58C3A6-2690-4845-BF76-6242BD9523CE}\RP1123\A0256860.EXE Win32/Toolbar.MyWebSearch.I application cleaned by deleting - quarantined
C:\System Volume Information\_restore{6F58C3A6-2690-4845-BF76-6242BD9523CE}\RP1123\A0256861.DLL a variant of Win32/Toolbar.MyWebSearch.I application cleaned by deleting - quarantined
C:\System Volume Information\_restore{6F58C3A6-2690-4845-BF76-6242BD9523CE}\RP1123\A0256862.DLL a variant of Win32/Toolbar.MyWebSearch.I application cleaned by deleting - quarantined
C:\System Volume Information\_restore{6F58C3A6-2690-4845-BF76-6242BD9523CE}\RP1123\A0256863.DLL a variant of Win32/Toolbar.MyWebSearch.K application cleaned by deleting - quarantined
C:\System Volume Information\_restore{6F58C3A6-2690-4845-BF76-6242BD9523CE}\RP1123\A0256864.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{6F58C3A6-2690-4845-BF76-6242BD9523CE}\RP1123\A0256865.DLL Win32/Toolbar.MyWebSearch.J application cleaned by deleting - quarantined
C:\System Volume Information\_restore{6F58C3A6-2690-4845-BF76-6242BD9523CE}\RP1123\A0256866.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{6F58C3A6-2690-4845-BF76-6242BD9523CE}\RP1123\A0256867.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{6F58C3A6-2690-4845-BF76-6242BD9523CE}\RP1123\A0256868.EXE Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{6F58C3A6-2690-4845-BF76-6242BD9523CE}\RP1123\A0256869.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

tack06
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2012-12-25
OS : Windows XP

View user profile

Back to top Go down

Re: Slow PC

Post by tack06 on Thu Jan 10, 2013 4:46 am

slow pc
especially when watching videos

tack06
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2012-12-25
OS : Windows XP

View user profile

Back to top Go down

Re: Slow PC

Post by Dr Jay on Thu Jan 10, 2013 9:35 am

Kaspersky GetSystemInfo Scan

Please download the latest version of Kaspersky GetSystemInfo (GSI) from [You must be registered and logged in to see this link.] and save it to your Desktop.

Note: please close all other applications running on your system.

Double click GetSystemInfo.exe to open it. It will display an agreement. Click on I Agree to continue.

Click the Settings button.



Set the slider to Maximum.



IMPORTANT! Then, click Customize - choose Driver / Ports tab and uncheck Scan Ports.




On the General tab, make sure all of the boxes are checked.




On the Misc tab, make sure all the checkboxes are checked.

Then, click OK on the windows that you launched.



Click Create Report to run it.


It will begin scanning.

It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop.

It should automatically upload it to [You must be registered and logged in to see this link.]. If it does not, then please submit it manually by going to the site and doing the upload process.

It will redirect to a page, where it will provide a sharing URL for specialists. Copy and paste the url of the GSI Parser report in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13706
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Slow PC

Post by tack06 on Thu Jan 10, 2013 6:10 pm

[You must be registered and logged in to see this link.]

tack06
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2012-12-25
OS : Windows XP

View user profile

Back to top Go down

Re: Slow PC

Post by Dr Jay on Fri Jan 11, 2013 1:50 am

CCleaner Temporary Files Cleaning

NOTE: If you already have this installed, you don't have to reinstall it.

Please download [You must be registered and logged in to see this link.] and save it to your Desktop - [You must be registered and logged in to see this link.]

When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
Follow the prompts to install the program.

  • Double-click the CCleaner shortcut on the desktop to start the program.
  • A prompt will ask you if you want CCleaner to do a check to see what cookies it needs to keep. Allow that operation.
  • On the Cleaner tab, click on Run Cleaner on the bottom-right to run the program.
  • Important: Make sure that ALL browser windows are closed before selecting Run Cleaner, or it will ask if you want the program to close them for you (when you do this, all unsaved data may be lost in the browser).


Caution: Only use the Registry feature if you are very familiar with the registry.
Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.


Please download [You must be registered and logged in to see this link.]

  • Save it to the desktop.
  • Run Silent Runner's by clicking on the "Silent Runners" icon on your desktop.
  • You will receive a prompt: Do you want to skip supplementary searches? click NO
  • If you receive an error just click OK and click it to run it again.
  • A text file will appear on your desktop - it may take a while to complete its run
  • Once you receive the prompt All Done!, open the text , copy that entire log, and paste it here.
*NOTE* If you receive any warning message about scripts, please choose to allow the script to run.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13706
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Slow PC

Post by tack06 on Fri Jan 11, 2013 4:46 am

"Silent Runners.vbs", revision 68, [You must be registered and logged in to see this link.]
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (32-bit)
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
Messenger (Yahoo!) = "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet [Yahoo! Inc.]
MoneyAgent = "c:\Program Files\Microsoft Money\System\Money Express.exe" [MS]
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
TkBellExe = "C:\program files\real\realplayer\update\realsched.exe" -osboot [RealNetworks, Inc.]
BbPrintMonitor = C:\Program Files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\BBPrint.exe [Bluebeam Software, Inc.]
PrintDisp = C:\WINDOWS\system32\PrintDisp.exe [ActMask Co.,Ltd - [You must be registered and logged in to see this link.]
APSDaemon = "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [Apple Inc.]
Monitor = "C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe" [LeapFrog Enterprises, Inc.]
MSC = "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [MS]
WCOLOREAL = "C:\Program Files\COMPAQ\Coloreal\coloreal.exe" [null data]
srmclean = C:\Cpqs\Scom\srmclean.exe [null data]
SAITEKAUTOCONFIGURE = C:\Program Files\Saitek\Saitek Gaming Extensions\saicnfig.exe /autorun [Saitek plc]
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime [Apple Inc.]
NvCplDaemon = RUNDLL32.EXE NvQTwk,NvCplDaemon initialize [MS]
Microsoft Works Update Detection = C:\Program Files\Microsoft Works\WkDetect.exe [Microsoft® Corporation]
Microsoft Works Portfolio = C:\Program Files\Microsoft Works\WksSb.exe /AllUsers [Microsoft® Corporation]
BbInstallUser = C:\Program Files\Bluebeam Software\Pushbutton PDF\Bluebeam Admin User.exe [null data]
ATIPTA = C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [ATI Technologies, Inc.]
SunJavaUpdateSched = "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [Sun Microsystems, Inc.]
DivXMediaServer = C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [null data]
DivXUpdate = "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [null data]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{3049C3E9-B461-4BC5-8870-4C09146192CA}\(Default) = (no title provided)
-> {HKLM…CLSID} = RealPlayer Download and Record Plugin for Internet Explorer
\InProcServer32\(Default) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [RealPlayer]

{326E768D-4182-46FD-9C16-1449A49795F4}\(Default) = Increase performance and video formats for your HTML5

tack06
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2012-12-25
OS : Windows XP

View user profile

Back to top Go down

Re: Slow PC

Post by Dr Jay on Fri Jan 11, 2013 9:47 am

Next:

GMER

Note about this tool:
  • This program may freeze. Do not reboot the computer, unless it has been frozen for over 30 minutes.
  • This program may cause a blue screen of death. If it does, do not scan, and then reply to let me know.
  • No matter what is in the log, please post all the information/contents of the log.
  • These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT"


Please download the [You must be registered and logged in to see this link.]. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13706
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Slow PC

Post by tack06 on Tue Aug 06, 2013 1:22 am

GMER 2.1.19163 - [You must be registered and logged in to see this link.]
Rootkit scan 2013-08-05 20:20:10
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST380020A rev.3.34 74.53GB
Running: gmer.exe; Driver: C:\DOCUME~1\Trecie\LOCALS~1\Temp\uxtdqpoc.sys


---- Kernel code sections - GMER 2.1 ----

init C:\WINDOWS\System32\Drivers\gcr432.sys entry point in "init" section [0xF6B2BEA0]

---- User code sections - GMER 2.1 ----

.text C:\Program Files\Bonjour\mDNSResponder.exe[156] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 10004760 c:\docume~1\alluse~1\applic~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 6F06FFC0 C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 6F06EC96 C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 6F06B6DC C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 6F06EAB3 C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ntdll.dll!NtDeleteKey 7C90D24E 5 Bytes JMP 6F06AF5D C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ntdll.dll!NtDeleteValueKey 7C90D26E 5 Bytes JMP 6F06B220 C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ntdll.dll!NtDuplicateObject 7C90D29E 5 Bytes JMP 6F070096 C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ntdll.dll!NtEnumerateKey 7C90D2CE 5 Bytes JMP 6F06B001 C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 6F06B17A C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ntdll.dll!NtFlushKey 7C90D34E 5 Bytes JMP 6F06AFAF C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ntdll.dll!NtNotifyChangeKey 7C90D54E 5 Bytes JMP 6F06B2CE C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ntdll.dll!NtNotifyChangeMultipleKeys 7C90D55E 5 Bytes JMP 6F06B35C C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 6F06EE21 C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 6F06B5ED C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ntdll.dll!NtQueryAttributesFile 7C90D70E 5 Bytes JMP 6F06EB1E C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ntdll.dll!NtQueryDirectoryFile 7C90D76E 2 Bytes JMP 6F06D81E C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ntdll.dll!NtQueryDirectoryFile + 3 7C90D771 2 Bytes [76, F2] {JBE 0xfffffff4}
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ntdll.dll!NtQueryFullAttributesFile 7C90D7AE 5 Bytes JMP 6F06EB8E C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ntdll.dll!NtQueryKey 7C90D85E 5 Bytes JMP 6F06B054 C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ntdll.dll!NtQueryMultipleValueKey 7C90D86E 5 Bytes JMP 6F06B27B C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ntdll.dll!NtQueryObject 7C90D88E 5 Bytes JMP 6F0700EC C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ntdll.dll!NtQuerySecurityObject 7C90D8DE 5 Bytes JMP 6F070030 C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ntdll.dll!NtQueryValueKey 7C90D96E 5 Bytes JMP 6F06B127 C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ntdll.dll!NtRenameKey 7C90DA5E 5 Bytes JMP 6F06B751 C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ntdll.dll!NtSetInformationFile 7C90DC5E 5 Bytes JMP 6F06EBFE C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ntdll.dll!NtSetInformationKey 7C90DC7E 5 Bytes JMP 6F06B0BA C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ntdll.dll!NtSetSecurityObject 7C90DD2E 5 Bytes JMP 6F070149 C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 6F06B1CD C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 6F049CBA C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 6F048C27 C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 6F048D65 C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] kernel32.dll!SetDllDirectoryW 7C85FD91 5 Bytes JMP 6F04977C C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] kernel32.dll!SetDllDirectoryA 7C85FE27 5 Bytes JMP 6F049AAF C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] kernel32.dll!WinExec 7C862585 5 Bytes JMP 6F04931E C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] GDI32.dll!AddFontResourceA 77F29415 5 Bytes JMP 6F0567E4 C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] GDI32.dll!AddFontResourceW 77F3FFAB 5 Bytes JMP 6F056800 C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 7 Bytes JMP 6F0596DA C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ADVAPI32.dll!QueryServiceStatus 77DE6D50 7 Bytes JMP 6F05943D C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ADVAPI32.dll!OpenSCManagerW 77DE6F55 7 Bytes JMP 6F058C36 C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 6F058DAB C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 6F048F9B C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ADVAPI32.dll!StartServiceA 77DEFB58 7 Bytes JMP 6F0592C2 C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ADVAPI32.dll!QueryServiceStatusEx 77DF120A 7 Bytes JMP 6F0594D0 C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ADVAPI32.dll!QueryServiceConfigA 77DF1596 7 Bytes JMP 6F05A00E C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ADVAPI32.dll!StartServiceW 77DF3E94 7 Bytes JMP 6F05922C C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ADVAPI32.dll!ControlService 77DF4A09 7 Bytes JMP 6F0593B1 C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 6F058E37 C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ADVAPI32.dll!OpenSCManagerA 77DF69AE 7 Bytes JMP 6F058CC2 C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ADVAPI32.dll!EnumServicesStatusA 77DF6B47 7 Bytes JMP 6F05A3CF C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ADVAPI32.dll!QueryServiceConfigW 77DF6F92 7 Bytes JMP 6F059F75 C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 6F0490DD C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ADVAPI32.dll!EnumServicesStatusExW 77E369B8 7 Bytes JMP 6F05A48D C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ADVAPI32.dll!EnumServicesStatusExA 77E36C2F 7 Bytes JMP 6F05A553 C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ADVAPI32.dll!QueryServiceObjectSecurity 77E36D01 7 Bytes JMP 6F05A1DF C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 7 Bytes JMP 6F05A27B C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 7 Bytes JMP 6F0598DB C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ADVAPI32.dll!ChangeServiceConfigW 77E37001 7 Bytes JMP 6F0597F6 C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 7 Bytes JMP 6F059B7D C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 7 Bytes JMP 6F059AE7 C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 6F05900E C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 6F058F38 C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ADVAPI32.dll!DeleteService 77E374B1 7 Bytes JMP 6F059768 C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ADVAPI32.dll!EnumDependentServicesA 77E37529 7 Bytes JMP 6F059623 C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ADVAPI32.dll!EnumDependentServicesW 77E375E1 7 Bytes JMP 6F05956C C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ADVAPI32.dll!GetServiceDisplayNameA 77E37699 7 Bytes JMP 6F059E7C C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ADVAPI32.dll!GetServiceDisplayNameW 77E37739 7 Bytes JMP 6F059DC4 C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ADVAPI32.dll!GetServiceKeyNameA 77E377D9 7 Bytes JMP 6F059CCB C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ADVAPI32.dll!GetServiceKeyNameW 77E37879 7 Bytes JMP 6F059C13 C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ADVAPI32.dll!QueryServiceConfig2A 77E37999 7 Bytes JMP 6F05A143 C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ADVAPI32.dll!QueryServiceConfig2W 77E37AB1 7 Bytes JMP 6F05A0A7 C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ADVAPI32.dll!EnumServicesStatusW 77E37D61 5 Bytes JMP 6F05A311 C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 6F060A8D C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 6F062952 C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ole32.dll!CoUninitialize 7750134C 5 Bytes JMP 6F060262 C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ole32.dll!CoInitializeEx 77501483 5 Bytes JMP 6F0601E0 C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ole32.dll!OleInitialize 77501BF2 5 Bytes JMP 6F060330 C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 6F061684 C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ole32.dll!CoRegisterClassObject 775179D0 5 Bytes JMP 6F0610F6 C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ole32.dll!CoGetPSClsid 77519330 5 Bytes JMP 6F06016D C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ole32.dll!CoResumeClassObjects + 7 775268A7 7 Bytes JMP 6F0605C6 C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ole32.dll!CoSuspendClassObjects + 7 77526932 7 Bytes JMP 6F0604F1 C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ole32.dll!CoRevokeClassObject 77529E58 5 Bytes JMP 6F05FA52 C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ole32.dll!OleUninitialize 7753322F 6 Bytes JMP 6F0603A0 C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ole32.dll!CoGetInstanceFromFile 77540232 5 Bytes JMP 6F061B44 C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ole32.dll!OleRun 77556229 5 Bytes JMP 6F060481 C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ole32.dll!CoRegisterPSClsid 7758CD69 5 Bytes JMP 6F05FFF5 C:\WINDOWS\system32\sftldr.dll
.text Q:\140062.enu\Office14\ONENOTEM.EXE[196] ole32.dll!OleRegEnumFormatEtc 775D46EA 5 Bytes JMP 6F06040B C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\DefaultTab\DefaultTabSearch.exe[228] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 10004760 c:\docume~1\alluse~1\applic~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[264] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 007F4760 c:\docume~1\alluse~1\applic~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll
.text C:\WINDOWS\system32\wuauclt.exe[460] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 10004760 c:\docume~1\alluse~1\applic~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll
.text C:\Program Files\Java\jre7\bin\jqs.exe[596] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 10004760 c:\docume~1\alluse~1\applic~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[640] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 10004760 c:\docume~1\alluse~1\applic~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll
.text ...
.text C:\program files\real\realplayer\update\realsched.exe[1876] kernel32.dll!SetUnhandledExceptionFilter 7C8449CD 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\program files\real\realplayer\update\realsched.exe[1876] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 10004760 c:\docume~1\alluse~1\applic~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[1908] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 10004760 c:\docume~1\alluse~1\applic~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[1956] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 10004760 c:\docume~1\alluse~1\applic~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll
.text C:\WINDOWS\System32\svchost.exe[1960] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 10004760 c:\docume~1\alluse~1\applic~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2004] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 10004760 c:\docume~1\alluse~1\applic~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll
.text ...
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 6F06FFC0 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 6F06EC96 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 6F06B6DC C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 6F06EAB3 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ntdll.dll!NtDeleteKey 7C90D24E 5 Bytes JMP 6F06AF5D C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ntdll.dll!NtDeleteValueKey 7C90D26E 5 Bytes JMP 6F06B220 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ntdll.dll!NtDuplicateObject 7C90D29E 5 Bytes JMP 6F070096 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ntdll.dll!NtEnumerateKey 7C90D2CE 5 Bytes JMP 6F06B001 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 6F06B17A C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ntdll.dll!NtFlushKey 7C90D34E 5 Bytes JMP 6F06AFAF C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ntdll.dll!NtNotifyChangeKey 7C90D54E 5 Bytes JMP 6F06B2CE C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ntdll.dll!NtNotifyChangeMultipleKeys 7C90D55E 5 Bytes JMP 6F06B35C C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 6F06EE21 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 6F06B5ED C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ntdll.dll!NtQueryAttributesFile 7C90D70E 5 Bytes JMP 6F06EB1E C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ntdll.dll!NtQueryDirectoryFile 7C90D76E 2 Bytes JMP 6F06D81E C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ntdll.dll!NtQueryDirectoryFile + 3 7C90D771 2 Bytes [76, F2] {JBE 0xfffffff4}
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ntdll.dll!NtQueryFullAttributesFile 7C90D7AE 5 Bytes JMP 6F06EB8E C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ntdll.dll!NtQueryKey 7C90D85E 5 Bytes JMP 6F06B054 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ntdll.dll!NtQueryMultipleValueKey 7C90D86E 5 Bytes JMP 6F06B27B C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ntdll.dll!NtQueryObject 7C90D88E 5 Bytes JMP 6F0700EC C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ntdll.dll!NtQuerySecurityObject 7C90D8DE 5 Bytes JMP 6F070030 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ntdll.dll!NtQueryValueKey 7C90D96E 5 Bytes JMP 6F06B127 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ntdll.dll!NtRenameKey 7C90DA5E 5 Bytes JMP 6F06B751 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ntdll.dll!NtSetInformationFile 7C90DC5E 5 Bytes JMP 6F06EBFE C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ntdll.dll!NtSetInformationKey 7C90DC7E 5 Bytes JMP 6F06B0BA C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ntdll.dll!NtSetSecurityObject 7C90DD2E 5 Bytes JMP 6F070149 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 6F06B1CD C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 6F049CBA C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 6F048C27 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 6F048D65 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] kernel32.dll!SetDllDirectoryW 7C85FD91 5 Bytes JMP 6F04977C C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] kernel32.dll!SetDllDirectoryA 7C85FE27 5 Bytes JMP 6F049AAF C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] kernel32.dll!WinExec 7C862585 5 Bytes JMP 6F04931E C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] GDI32.dll!AddFontResourceA 77F29415 5 Bytes JMP 6F0567E4 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] GDI32.dll!AddFontResourceW 77F3FFAB 5 Bytes JMP 6F056800 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 7 Bytes JMP 6F0596DA C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ADVAPI32.dll!QueryServiceStatus 77DE6D50 7 Bytes JMP 6F05943D C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ADVAPI32.dll!OpenSCManagerW 77DE6F55 7 Bytes JMP 6F058C36 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 6F058DAB C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 6F048F9B C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ADVAPI32.dll!StartServiceA 77DEFB58 7 Bytes JMP 6F0592C2 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ADVAPI32.dll!QueryServiceStatusEx 77DF120A 7 Bytes JMP 6F0594D0 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ADVAPI32.dll!QueryServiceConfigA 77DF1596 7 Bytes JMP 6F05A00E C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ADVAPI32.dll!StartServiceW 77DF3E94 7 Bytes JMP 6F05922C C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ADVAPI32.dll!ControlService 77DF4A09 7 Bytes JMP 6F0593B1 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 6F058E37 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ADVAPI32.dll!OpenSCManagerA 77DF69AE 7 Bytes JMP 6F058CC2 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ADVAPI32.dll!EnumServicesStatusA 77DF6B47 7 Bytes JMP 6F05A3CF C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ADVAPI32.dll!QueryServiceConfigW 77DF6F92 7 Bytes JMP 6F059F75 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 6F0490DD C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ADVAPI32.dll!EnumServicesStatusExW 77E369B8 7 Bytes JMP 6F05A48D C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ADVAPI32.dll!EnumServicesStatusExA 77E36C2F 7 Bytes JMP 6F05A553 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ADVAPI32.dll!QueryServiceObjectSecurity 77E36D01 7 Bytes JMP 6F05A1DF C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 7 Bytes JMP 6F05A27B C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 7 Bytes JMP 6F0598DB C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ADVAPI32.dll!ChangeServiceConfigW 77E37001 7 Bytes JMP 6F0597F6 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 7 Bytes JMP 6F059B7D C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 7 Bytes JMP 6F059AE7 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 6F05900E C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 6F058F38 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ADVAPI32.dll!DeleteService 77E374B1 7 Bytes JMP 6F059768 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ADVAPI32.dll!EnumDependentServicesA 77E37529 7 Bytes JMP 6F059623 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ADVAPI32.dll!EnumDependentServicesW 77E375E1 7 Bytes JMP 6F05956C C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ADVAPI32.dll!GetServiceDisplayNameA 77E37699 7 Bytes JMP 6F059E7C C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ADVAPI32.dll!GetServiceDisplayNameW 77E37739 7 Bytes JMP 6F059DC4 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ADVAPI32.dll!GetServiceKeyNameA 77E377D9 7 Bytes JMP 6F059CCB C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ADVAPI32.dll!GetServiceKeyNameW 77E37879 7 Bytes JMP 6F059C13 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ADVAPI32.dll!QueryServiceConfig2A 77E37999 7 Bytes JMP 6F05A143 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ADVAPI32.dll!QueryServiceConfig2W 77E37AB1 7 Bytes JMP 6F05A0A7 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ADVAPI32.dll!EnumServicesStatusW 77E37D61 5 Bytes JMP 6F05A311 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 6F060A8D C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 6F062952 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ole32.dll!CoUninitialize 7750134C 5 Bytes JMP 6F060262 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ole32.dll!CoInitializeEx 77501483 5 Bytes JMP 6F0601E0 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ole32.dll!OleInitialize 77501BF2 5 Bytes JMP 6F060330 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 6F061684 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ole32.dll!CoRegisterClassObject 775179D0 5 Bytes JMP 6F0610F6 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ole32.dll!CoGetPSClsid 77519330 5 Bytes JMP 6F06016D C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ole32.dll!CoResumeClassObjects + 7 775268A7 7 Bytes JMP 6F0605C6 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ole32.dll!CoSuspendClassObjects + 7 77526932 7 Bytes JMP 6F0604F1 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ole32.dll!CoRevokeClassObject 77529E58 5 Bytes JMP 6F05FA52 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ole32.dll!OleUninitialize 7753322F 6 Bytes JMP 6F0603A0 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ole32.dll!CoGetInstanceFromFile 77540232 5 Bytes JMP 6F061B44 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ole32.dll!OleRun 77556229 5 Bytes JMP 6F060481 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ole32.dll!CoRegisterPSClsid 7758CD69 5 Bytes JMP 6F05FFF5 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2536] ole32.dll!OleRegEnumFormatEtc 775D46EA 5 Bytes JMP 6F06040B C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Microsoft Security Client\msseces.exe[2780] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 10004760 c:\docume~1\alluse~1\applic~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2872] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 10004760 c:\docume~1\alluse~1\applic~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll
.text C:\WINDOWS\system32\svchost.exe[3036] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 10004760 c:\docume~1\alluse~1\applic~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3412] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 10004760 c:\docume~1\alluse~1\applic~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3516] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 10004760 c:\docume~1\alluse~1\applic~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll
.text ...

---- User IAT/EAT - GMER 2.1 ----

IAT C:\WINDOWS\system32\winlogon.exe[684] @ C:\WINDOWS\system32\winlogon.exe [KERNEL32.dll!LoadLibraryW] [1000A240] c:\docume~1\alluse~1\applic~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll
IAT C:\WINDOWS\system32\winlogon.exe[684] @ C:\WINDOWS\system32\winlogon.exe [KERNEL32.dll!LoadLibraryExW] [1000A190] c:\docume~1\alluse~1\applic~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll
IAT C:\WINDOWS\system32\winlogon.exe[684] @ C:\WINDOWS\system32\winlogon.exe [KERNEL32.dll!LoadLibraryA] [1000A1F0] c:\docume~1\alluse~1\applic~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll
IAT C:\WINDOWS\system32\winlogon.exe[684] @ C:\WINDOWS\system32\winlogon.exe [KERNEL32.dll!LoadLibraryExA] [1000A130] c:\docume~1\alluse~1\applic~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll
IAT C:\WINDOWS\system32\winlogon.exe[684] @ C:\WINDOWS\system32\winlogon.exe [ntdll.dll!NtOpenFile] [1000A3B0] c:\docume~1\alluse~1\applic~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll
IAT C:\WINDOWS\system32\winlogon.exe[684] @ C:\WINDOWS\system32\winlogon.exe [ntdll.dll!NtOpenKey] [1000E1D0] c:\docume~1\alluse~1\applic~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll
IAT C:\WINDOWS\system32\winlogon.exe[684] @ C:\WINDOWS\system32\winlogon.exe [ntdll.dll!NtQueryValueKey] [1000E080] c:\docume~1\alluse~1\applic~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll
IAT C:\WINDOWS\system32\winlogon.exe[684] @ C:\WINDOWS\system32\winlogon.exe [ntdll.dll!NtClose] [1000E290] c:\docume~1\alluse~1\applic~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll
IAT C:\WINDOWS\system32\winlogon.exe[684] @ C:\WINDOWS\system32\winlogon.exe [ntdll.dll!NtSetValueKey] [1000E0F0] c:\docume~1\alluse~1\applic~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll
IAT C:\WINDOWS\system32\winlogon.exe[684] @ C:\WINDOWS\system32\winlogon.exe [ntdll.dll!NtCreateKey] [1000E160] c:\docume~1\alluse~1\applic~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll
IAT C:\WINDOWS\system32\services.exe[732] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!LoadLibraryA] [1000A1F0] c:\docume~1\alluse~1\applic~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll
IAT C:\WINDOWS\system32\services.exe[732] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!LoadLibraryW] [1000A240] c:\docume~1\alluse~1\applic~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll
IAT C:\WINDOWS\system32\services.exe[732] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtCreateKey] [1000E160] c:\docume~1\alluse~1\applic~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll
IAT C:\WINDOWS\system32\services.exe[732] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtQueryValueKey] [1000E080] c:\docume~1\alluse~1\applic~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll
IAT C:\WINDOWS\system32\services.exe[732] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtSetValueKey] [1000E0F0] c:\docume~1\alluse~1\applic~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll
IAT C:\WINDOWS\system32\services.exe[732] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtDeleteValueKey] [1000E360] c:\docume~1\alluse~1\applic~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll
IAT C:\WINDOWS\system32\services.exe[732] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtEnumerateKey] [1000DFA0] c:\docume~1\alluse~1\applic~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll
IAT C:\WINDOWS\system32\services.exe[732] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtOpenKey] [1000E1D0] c:\docume~1\alluse~1\applic~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll
IAT C:\WINDOWS\system32\services.exe[732] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtDeleteKey] [1000E310] c:\docume~1\alluse~1\applic~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll
IAT C:\WINDOWS\system32\services.exe[732] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtSetInformationFile] [1000A560] c:\docume~1\alluse~1\applic~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll
IAT C:\WINDOWS\system32\services.exe[732] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtQueryInformationFile] [10009AB0] c:\docume~1\alluse~1\applic~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll
IAT C:\WINDOWS\system32\services.exe[732] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtDeleteFile] [1000A510] c:\docume~1\alluse~1\applic~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll
IAT C:\WINDOWS\system32\services.exe[732] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtOpenFile] [1000A3B0] c:\docume~1\alluse~1\applic~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll
IAT C:\WINDOWS\system32\services.exe[732] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtQueryKey] [10009A70] c:\docume~1\alluse~1\applic~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll
IAT C:\WINDOWS\system32\services.exe[732] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtClose] [1000E290] c:\docume~1\alluse~1\applic~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll
IAT C:\WINDOWS\system32\svchost.exe[920] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [1000A190] c:\docume~1\alluse~1\applic~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll
IAT C:\WINDOWS\system32\svchost.exe[920] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [1000A1F0] c:\docume~1\alluse~1\applic~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll
IAT C:\WINDOWS\system32\svchost.exe[920] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtOpenKey] [1000E1D0] c:\docume~1\alluse~1\applic~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll
IAT C:\WINDOWS\system32\svchost.exe[920] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtClose] [1000E290] c:\docume~1\alluse~1\applic~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll
IAT C:\WINDOWS\system32\svchost.exe[1024] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [1000A190] c:\docume~1\alluse~1\applic~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll
IAT C:\WINDOWS\system32\svchost.exe[1024] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [1000A1F0] c:\docume~1\alluse~1\applic~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll
IAT C:\WINDOWS\system32\svchost.exe[1024] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtOpenKey] [1000E1D0] c:\docume~1\alluse~1\applic~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll
IAT C:\WINDOWS\system32\svchost.exe[1024] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtClose] [1000E290] c:\docume~1\alluse~1\applic~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll
IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [1000A190] c:\docume~1\alluse~1\applic~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll
IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [1000A1F0] c:\docume~1\alluse~1\applic~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll
IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] [1000E1D0] c:\docume~1\alluse~1\applic~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll
IAT C:\WINDOWS\System32\svchost.exe[1172] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] [1000E290] c:\docume~1\alluse~1\applic~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll
IAT C:\WINDOWS\System32\svchost.exe[1296] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [1000A190] c:\docume~1\alluse~1\applic~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll
IAT C:\WINDOWS\System32\svchost.exe[1296] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [1000A1F0] c:\docume~1\alluse~1\applic~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll
IAT C:\WINDOWS\System32\svchost.exe[1296] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] [1000E1D0] c:\docume~1\alluse~1\applic~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll
IAT C:\WINDOWS\System32\svchost.exe[1296] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] [1000E290] c:\docume~1\alluse~1\applic~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll
IAT C:\WINDOWS\system32\svchost.exe[1444] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [1000A190] c:\docume~1\alluse~1\applic~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll
IAT C:\WINDOWS\system32\svchost.exe[1444] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [1000A1F0] c:\docume~1\alluse~1\applic~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll
IAT C:\WINDOWS\system32\svchost.exe[1444] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtOpenKey] [1000E1D0] c:\docume~1\alluse~1\applic~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll
IAT C:\WINDOWS\system32\svchost.exe[1444] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtClose] [1000E290] c:\docume~1\alluse~1\applic~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll
IAT C:\WINDOWS\System32\svchost.exe[1960] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [1000A190] c:\docume~1\alluse~1\applic~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll
IAT C:\WINDOWS\System32\svchost.exe[1960] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [1000A1F0] c:\docume~1\alluse~1\applic~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll
IAT C:\WINDOWS\System32\svchost.exe[1960] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] [1000E1D0] c:\docume~1\alluse~1\applic~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll
IAT C:\WINDOWS\System32\svchost.exe[1960] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] [1000E290] c:\docume~1\alluse~1\applic~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll
IAT C:\WINDOWS\system32\svchost.exe[3036] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [1000A190] c:\docume~1\alluse~1\applic~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll
IAT C:\WINDOWS\system32\svchost.exe[3036] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [1000A1F0] c:\docume~1\alluse~1\applic~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll
IAT C:\WINDOWS\system32\svchost.exe[3036] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtOpenKey] [1000E1D0] c:\docume~1\alluse~1\applic~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll
IAT C:\WINDOWS\system32\svchost.exe[3036] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtClose] [1000E290] c:\docume~1\alluse~1\applic~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll
IAT C:\WINDOWS\Explorer.EXE[3852] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryExA] [1000A130] c:\docume~1\alluse~1\applic~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll
IAT C:\WINDOWS\Explorer.EXE[3852] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryExW] [1000A190] c:\docume~1\alluse~1\applic~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll
IAT C:\WINDOWS\Explorer.EXE[3852] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryA] [1000A1F0] c:\docume~1\alluse~1\applic~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll
IAT C:\WINDOWS\Explorer.EXE[3852] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryW] [1000A240] c:\docume~1\alluse~1\applic~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll

---- Devices - GMER 2.1 ----

Device Ntfs.sys
Device Fastfat.SYS
Device Sftfsxp.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 sfsync02.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sfsync02.sys
Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys
Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f sfsync02.sys

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys

Device \FileSystem\Cdfs \Cdfs B5A35400
---- Processes - GMER 2.1 ----

Library Q:\140062.enu\Office14\ONENOTEM.EXE (*** hidden *** ) @ Q:\140062.enu\Office14\ONENOTEM.EXE [196] 0x2E000000
Library Q:\140062.ENU\OFFICE14\1033\ONINTL.DLL (*** hidden *** ) @ Q:\140062.enu\Office14\ONENOTEM.EXE [196] 0x3A700000

---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- EOF - GMER 2.1 ----

tack06
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2012-12-25
OS : Windows XP

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum