Jump to content


Photo

slow internet start up and programs not responding


  • This topic is locked This topic is locked
17 replies to this topic

#1 sutra

sutra

    Member

  • Full Member
  • Pip
  • 23 posts

Posted 08 November 2012 - 08:46 AM

Hi,

My laptop has suddenly developed an extremely slow internet start up although it boots up as normal.
Once on the net,opening programs or websites is very slow with many not responding.
My o/s is xp pro and my default browser is Firefox although I have tried IE8 but it is still the same.
I have recently upgraded from sp2 to sp3. Hope this info helps. Any help would be much appreciated. Thank You.

Sorry, I forgot to include scans.

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.07.03

Windows XP Service Pack 3 x86 FAT32
Internet Explorer 8.0.6001.18702
Administrator :: HOME-X7EX4WXUZ0 [administrator]

07/11/2012 21:14:22
mbam-log-2012-11-07 (09-15-43).txt

Scan type: Full scan (C:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 292243
Time elapsed: 2 hour(s), 33 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 41
C:\Documents and Settings\Administrator\My Documents\Downloads\EZArticleCreator\EZArticleCreator\Software\EZ Article Creator.exe (Trojan.Passwords) -> No action taken.
C:\System Volume Information\_restore{D31C8A4A-A60E-4289-93EB-43E77D1210E8}\RP35\A0005713.exe (PUP.AdBundle) -> No action taken.
E:\GraphicsWiz\GraphicsWiz.exe (Trojan.Passwords) -> No action taken.
E:\My Websites\website folder\AtoZWebsiteCreation.exe (Trojan.Passwords) -> No action taken.
E:\My Websites\website folder\Louis Alport\5TrafficTactics.exe (Trojan.Passwords) -> No action taken.
E:\My Websites\website folder\Louis Alport\7FastWays.exe (Trojan.Passwords) -> No action taken.
E:\My Websites\website folder\Louis Alport\10GoogleSteps.exe (Trojan.Passwords) -> No action taken.
E:\My Websites\website folder\Louis Alport\10ProgrammingTricks.exe (Trojan.Passwords) -> No action taken.
E:\My Websites\website folder\Louis Alport\29WebsiteTricks.exe (Trojan.Passwords) -> No action taken.
E:\My Websites\website folder\Louis Alport\30MinuteMinisite.exe (Trojan.Passwords) -> No action taken.
E:\My Websites\website folder\Louis Alport\AdSenseCash.exe (Trojan.Passwords) -> No action taken.
E:\My Websites\website folder\Louis Alport\AudioMastery.exe (Trojan.Passwords) -> No action taken.
E:\My Websites\website folder\Louis Alport\AutomaticContent.exe (Trojan.Passwords) -> No action taken.
E:\My Websites\website folder\Louis Alport\BlogTraffic.exe (Trojan.Passwords) -> No action taken.
E:\My Websites\website folder\Louis Alport\CreateFreePDF.exe (Trojan.Passwords) -> No action taken.
E:\My Websites\website folder\Louis Alport\FreeGoogleTraffic.exe (Trojan.Passwords) -> No action taken.
E:\My Websites\website folder\Louis Alport\FreeToolbars.exe (Trojan.Passwords) -> No action taken.
E:\My Websites\website folder\Louis Alport\HugeKeywordLists.exe (Trojan.Passwords) -> No action taken.
E:\My Websites\website folder\Louis Alport\InstantSoftware.exe (Trojan.Passwords) -> No action taken.
E:\My Websites\website folder\Louis Alport\MasterWebGraphics.exe (Trojan.Passwords) -> No action taken.
E:\My Websites\website folder\Louis Alport\MaximizeAdSense.exe (Trojan.Passwords) -> No action taken.
E:\My Websites\website folder\Louis Alport\MembershipSite.exe (Trojan.Passwords) -> No action taken.
E:\My Websites\website folder\Louis Alport\WebsiteSpy.exe (Trojan.Passwords) -> No action taken.
E:\System Volume Information\_restore{D31C8A4A-A60E-4289-93EB-43E77D1210E8}\RP35\A0005742.exe (Spyware.Passwords.Gen) -> No action taken.
E:\System Volume Information\_restore{D31C8A4A-A60E-4289-93EB-43E77D1210E8}\RP35\A0005744.exe (Spyware.Passwords.Gen) -> No action taken.
E:\System Volume Information\_restore{D31C8A4A-A60E-4289-93EB-43E77D1210E8}\RP35\A0005745.exe (Spyware.Passwords.Gen) -> No action taken.
E:\My Ebooks\My eBooks\cardtricks\output\cardtricks.exe (Trojan.Passwords) -> No action taken.
E:\My Ebooks\My eBooks\Ebook reseller\zero2hero.exe (Trojan.Passwords) -> No action taken.
E:\Course Folder\Dropshippers-List-UK.exe (Trojan.Passwords) -> No action taken.
E:\Article and Book Folder\Dog Folder\Dog Breed Encyclopedia.exe (Trojan.Passwords) -> No action taken.
E:\SqueezePageMastery\SqueezePageMastery.exe (Trojan.Passwords) -> No action taken.
E:\Tools Folder\pdftoolkit\easy_pdf_toolkit.exe (Trojan.Passwords) -> No action taken.
E:\Tools Folder\ofbarticleadvantagepro\ArticleAdvantagePro-BonusProducts\ArticleWiz.exe (Trojan.Passwords) -> No action taken.
E:\Tools Folder\VAULT_GraphicsWizard_CoolTool_RR2476\GraphicsWizard_CoolTool\GraphicsWizard_CoolTool.exe (Trojan.Passwords) -> No action taken.
E:\Traffic Folder\5TrafficTactics\5TrafficTactics.exe (Trojan.Passwords) -> No action taken.
E:\PLR Folder\instantebooks_plr207\Instant eBooks\video-tutorial\CreateFreePDF.exe (Trojan.Passwords) -> No action taken.
E:\Time Saving Folder\TimeSavingScriptsPack3\GraphicsWizardCoolToolMRR\GraphicsWizardCoolToolMRR\GraphicsWizard_CoolTool\GraphicsWizard_CoolTool.exe (Trojan.Passwords) -> No action taken.
E:\Time Saving Folder\TimeSavingScriptsPack4\WeblinkerProLiteMRR\WeblinkerProLiteMRR\WeblinkerPro\weblinker-pro-lite.exe (Trojan.Passwords) -> No action taken.
E:\James_Jordan-Supercharged_Traffic_Software_Package\Ultimate Backlink Builder Software\UltimateBacklinkBuilder.exe (Trojan.Passwords) -> No action taken.
E:\Kindle Folder\KindleeBookGenerator\KindleeBookGenerator\Software\Kindle eBook Generator.exe (Spyware.Passwords.Gen) -> No action taken.
E:\Clickbank Folder\Clickbank-offer\Email Followup.exe (Trojan.Passwords) -> No action taken.

(end)

DDS (Ver_2012-11-07.01) - FAT32_x86
Internet Explorer: 8.0.6001.18702
Run by Administrator at 13:09:25 on 2012-11-07
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.511.107 [GMT 0:00]
.
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Documents and Settings\Administrator\Application Data\DefaultTab\DefaultTab\DTUpdate.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\CPXBGSTA.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, optimized for Bing and MSN
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\documents and settings\administrator\application data\defaulttab\defaulttab\DefaultTabBHO.dll
BHO: Avira SearchFree Toolbar plus Web Protection: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Avira SearchFree Toolbar plus Web Protection: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
EB: Encarta &Researcher: {9455301C-CF6B-11D3-A266-00C04F689C50} - c:\program files\common files\microsoft shared\reference 2001\EROProj.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
mRun: [nwiz] nwiz.exe /installquiet
mRun: [00THotkey] c:\windows\system32\00THotkey.exe
mRun: [000StTHK] 000StTHK.exe
mRun: [Tpwrtray] TPWRTRAY.EXE
mRun: [TFncKy] TFncKy.exe /Type 20
mRun: [TosHKCW.exe] "c:\program files\toshiba\wireless hotkey\TosHKCW.exe"
mRun: [TFNF5] TFNF5.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [TouchED] c:\program files\toshiba\touched\TouchED.Exe
mRun: [WorksFUD] c:\program files\microsoft works\wkfud.exe
mRun: [Microsoft Works Portfolio] c:\program files\microsoft works\WksSb.exe /AllUsers
mRun: [Microsoft Works Update Detection] c:\program files\microsoft works\WkDetect.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [CPXBGSTA.EXE] CPXBGSTA.EXE START
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\FirstStart.exe" /OM
mRun: [MPFExe] c:\progra~1\mcafee.com\person~1\MPFTRAY.EXE
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~2.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\common files\microsoft shared\works shared\wkcalrem.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {9455301C-CF6B-11D3-A266-00C04F689C50} - {9455301C-CF6B-11D3-A266-00C04F689C50}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\program files\avira\antivir desktop\avsda.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1351490167452
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1351497295629
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{6DE3B4F1-49F9-4B91-A90C-C231E26ADBEB} : DHCPNameServer = 192.168.1.254
Handler: msencarta - {74D92DF3-6D9D-11D1-8B38-006097DBED7A} - c:\program files\common files\microsoft shared\reference 2001\MSREF.DLL
Handler: msero - {B0D92A71-886B-453B-A649-1B91F93801E7} - c:\program files\common files\microsoft shared\reference 2001\msero.dll
Handler: msref - {74D92DF3-6D9D-11D1-8B38-006097DBED7A} - c:\program files\common files\microsoft shared\reference 2001\MSREF.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\pjh77026.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://home.bt.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10267&locale=en_DF&apn_uid=EFB457FC-A8C7-43C5-9C35-8E6ED25D9FBA&apn_ptnrs=^AGY&apn_sauid=7F7BF147-9255-4138-8571-A215BD14941D&apn_dtid=^YYYYYY^YY^GB&&q=
FF - plugin: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\pjh77026.default\extensions\toolbar@ask.com\plugins\npAviraCallingID.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - ExtSQL: 2012-11-05 09:41; addon@defaulttab.com; c:\documents and settings\administrator\application data\mozilla\firefox\profiles\pjh77026.default\extensions\addon@defaulttab.com.xpi
FF - ExtSQL: 2012-11-05 10:15; toolbar@ask.com; c:\documents and settings\administrator\application data\mozilla\firefox\profiles\pjh77026.default\extensions\toolbar@ask.com
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-11-5 36552]
R1 MPFIREWL;MPFIREWL;c:\windows\system32\drivers\MpFirewall.sys [2012-3-16 55936]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-11-5 84256]
R2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-11-5 108320]
R2 AntiVirWebService;Avira Web Protection;c:\program files\avira\antivir desktop\avwebgrd.exe [2012-11-5 560416]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-11-5 83792]
R2 DefaultTabUpdate;DefaultTabUpdate;c:\documents and settings\administrator\application data\defaulttab\defaulttab\DTUpdate.exe [2012-11-5 107520]
R3 CPXBG_ICB;CPX Wireless LAN 802.11g Driver;c:\windows\system32\drivers\CPXBGICB.sys [2012-10-28 57024]
.
=============== Created Last 30 ================
.
2012-11-07 10:01:27 -------- d-----w- c:\program files\Trend Micro
2012-11-07 09:14:06 -------- d-----w- c:\windows\ie8updates
2012-11-07 08:07:11 3072 ------w- c:\windows\system32\iacenc.dll
2012-11-07 08:07:11 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
2012-11-07 08:02:28 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2012-11-07 08:02:14 630272 ------w- c:\windows\system32\dllcache\msfeeds.dll
2012-11-07 08:02:14 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-11-07 08:02:12 2000384 ------w- c:\windows\system32\dllcache\iertutil.dll
2012-11-07 08:02:12 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2012-11-07 08:02:11 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2012-11-07 08:02:11 521728 ------w- c:\windows\system32\dllcache\jsdbgui.dll
2012-11-07 08:02:09 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2012-11-07 08:00:19 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2012-11-07 07:59:37 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2012-11-07 07:59:37 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2012-11-07 07:59:36 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2012-11-07 07:59:36 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2012-11-07 07:59:36 110592 ------w- c:\windows\system32\dllcache\services.exe
2012-11-07 07:59:35 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2012-11-07 07:59:34 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2012-11-07 07:58:19 105472 ------w- c:\windows\system32\dllcache\mup.sys
2012-11-07 07:54:48 139784 ------w- c:\windows\system32\dllcache\rdpwd.sys
2012-11-07 07:54:32 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2012-11-07 07:53:48 293376 ------w- c:\windows\system32\browserchoice.exe
2012-11-07 07:53:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2012-11-07 07:48:35 718336 ------w- c:\windows\system32\dllcache\ntdll.dll
2012-11-07 07:48:29 2148352 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2012-11-07 07:48:28 2192640 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2012-11-07 07:48:28 2026496 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2012-11-07 07:48:27 2069120 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2012-11-07 07:48:20 45568 ------w- c:\windows\system32\dllcache\wab.exe
2012-11-07 07:46:21 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2012-11-07 07:46:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2012-11-07 07:43:43 218112 ------w- c:\windows\system32\dllcache\wordpad.exe
2012-11-07 07:27:59 536576 ------w- c:\windows\system32\dllcache\msado15.dll
2012-11-06 21:38:30 -------- d-----w- c:\windows\system32\PreInstall
2012-11-06 17:56:52 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2012-11-06 17:12:41 74703 ----a-w- c:\windows\system32\mfc45.dll
2012-11-06 17:11:53 -------- d-----w- c:\program files\iolo
2012-11-06 17:11:53 -------- d-----w- c:\documents and settings\all users\application data\iolo
2012-11-06 11:13:12 -------- d-----w- c:\windows\system32\SoftwareDistribution
2012-11-06 08:55:42 -------- d-----w- c:\program files\VideoLAN
2012-11-06 08:17:53 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Adobe
2012-11-05 17:13:04 -------- d-----w- c:\documents and settings\administrator\application data\CallingID
2012-11-05 16:54:07 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-11-05 16:54:07 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-11-05 10:22:10 -------- d-----w- c:\documents and settings\administrator\application data\Avira
2012-11-05 10:15:31 -------- d-----w- c:\program files\Ask.com
2012-11-05 10:15:27 -------- d-----w- c:\documents and settings\administrator\local settings\application data\AskToolbar
2012-11-05 10:14:53 83792 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-11-05 10:14:53 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-11-05 10:14:47 -------- d-----w- c:\program files\Avira
2012-11-05 10:14:47 -------- d-----w- c:\documents and settings\all users\application data\Avira
2012-11-05 08:44:00 -------- d-----w- c:\documents and settings\administrator\application data\DefaultTab
2012-11-05 08:41:28 -------- d-----w- c:\windows\system32\CatRoot_bak
2012-10-29 07:39:36 -------- d-----w- C:\81cadeae6267b182ee9f
2012-10-29 07:33:22 -------- d-sh--w- c:\documents and settings\administrator\PrivacIE
2012-10-29 07:30:11 -------- d-sh--w- c:\documents and settings\administrator\IETldCache
2012-10-29 07:09:45 -------- d--h--w- c:\windows\ie8
2012-10-29 07:09:30 -------- d--h--w- c:\windows\msdownld.tmp
2012-10-29 05:54:28 -------- d-sh--w- c:\documents and settings\administrator\UserData
2012-10-28 17:38:46 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-28 17:30:17 -------- d--h--w- c:\windows\$hf_mig$
2012-10-28 17:30:10 294912 ------w- c:\windows\system32\dllcache\msctf.dll
2012-10-28 09:04:08 -------- d-----w- c:\windows\system32\wbem\AutoRecover
2012-10-28 08:27:09 -------- d-----w- c:\windows\ServicePackFiles
2012-10-28 08:22:52 2897920 ------w- c:\windows\system32\xpsp2res.dll
2012-10-28 08:20:41 19528 ----a-w- c:\windows\002308_.tmp
2012-10-28 08:20:16 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2012-10-28 08:16:40 -------- d-----w- c:\windows\EHome
2012-10-28 06:53:02 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-28 05:06:57 57024 ----a-w- c:\windows\system32\drivers\CPXBGICB.sys
2012-10-28 05:06:57 337995 ----a-w- c:\windows\system32\CPXBGCFG.cpl
2012-10-28 05:06:47 215040 ----a-w- c:\windows\system32\CPXBGSTA.exe
2012-10-28 05:06:39 106496 ----a-w- c:\windows\system32\CPXBGRES.dll
2012-10-28 05:05:50 79360 ----a-w- c:\windows\system32\CPXBGIOC.dll
2012-10-28 05:05:50 -------- d-----w- c:\windows\system32\SUtemp
.
==================== Find3M ====================
.
2012-09-29 19:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-28 15:14:54 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07:16 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll
.
============= FINISH: 13:10:19.73 ===============

Results of screen317's Security Check version 0.99.54
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Out of date HijackThis installed!
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.65.1.1000
HijackThis 2.0.2
CCleaner
Eusing Free Registry Cleaner
Java version out of Date!
Adobe Flash Player 11.4.402.287
Mozilla Firefox (16.0.2)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbam.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 10%
````````````````````End of Log``````````````````````

Edited by sutra, 09 November 2012 - 03:21 AM.


#2 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,057 posts

Posted 09 November 2012 - 04:21 PM

Hello sutra.

Please have Malwarebytes Anti-Malware (MBAM) delete everything it found. When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.

Post the new MBAM log and let me know whether the PC has speeded up at all.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#3 sutra

sutra

    Member

  • Full Member
  • Pip
  • 23 posts

Posted 12 November 2012 - 12:04 PM

Thanks for the reply, have followed your instructions.

Still slow when on the net but is ok when working offline.
Have checked internet connections and configuration and
result indicate they're ok. Results of latest mbam scan
below. Thanks.

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.07.03

Windows XP Service Pack 3 x86 FAT32
Internet Explorer 8.0.6001.18702
Administrator :: HOME-X7EX4WXUZ0 [administrator]

11/11/2012 09:23:48
mbam-log-2012-11-11 (09-23-48).txt

Scan type: Full scan (C:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 297041
Time elapsed: 3 hour(s), 54 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\System Volume Information\_restore{D31C8A4A-A60E-4289-93EB-43E77D1210E8}\RP35\A0005713.exe (PUP.AdBundle) -> Quarantined and deleted successfully.

(end)

#4 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,057 posts

Posted 12 November 2012 - 12:41 PM

It's odd that this MBAM log does not include the dangerous Trojan.Passwords listed in the previous log on E: drive. Was it removed by Avira? What do you know about the contents of E:\?
Possibly false positives, but still I strongly suggest that you change your passwords, especially those for financial sites.

Scan for adware and other nuisances:
Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

After that:
Please scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Let me know if internet is still slow and unresponsive.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#5 sutra

sutra

    Member

  • Full Member
  • Pip
  • 23 posts

Posted 13 November 2012 - 12:12 PM

Once again,thanks for your reply.

I reran mbam as you instructed and removed the Trojan passwords.
On the second scan it showed one file (PUP.AdBundle) which I also removed.
I check for viruses with Avira before downloading anything before copying
it onto E, which is an external HD.
I do periodically change my passwords where they are required.
Internet connection is still slow although program not responding messages
have improved.
Below are scans as requested. Thanks.

# AdwCleaner v2.007 - Logfile created 11/12/2012 at 10:10:35
# Updated 06/11/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Administrator - HOME-X7EX4WXUZ0
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Administrator\My Documents\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****

Found : DefaultTabUpdate

***** [Files / Folders] *****

File Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pjh77026.default\extensions\addon@defaulttab.com.xpi
File Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pjh77026.default\searchplugins\Askcom.xml
File Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pjh77026.default\searchplugins\search-here.xml
File Found : C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
Folder Found : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\AskSearch
Folder Found : C:\Documents and Settings\Administrator\Application Data\DefaultTab
Folder Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pjh77026.default\extensions\toolbar@ask.com
Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\AskToolbar
Folder Found : C:\Program Files\Ask.com
Folder Found : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Found : HKCU\Software\APN
Key Found : HKCU\Software\AppDataLow\Software\DefaultTab
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\AskToolbar
Key Found : HKCU\Software\Default Tab
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Softonic
Key Found : HKLM\Software\APN
Key Found : HKLM\Software\AskToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\Software\Default Tab
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pjh77026.default\prefs.js

Found : user_pref("browser.search.defaultengine", "Ask.com");
Found : user_pref("browser.search.defaultenginename", "Ask.com");
Found : user_pref("browser.search.order.1", "Ask.com");
Found : user_pref("extensions.asktb.FeaturePageVersion", "1");
Found : user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");
Found : user_pref("extensions.asktb.OOBEVersion", "1");
Found : user_pref("extensions.asktb.apn_dbr", "ff_11.0");
Found : user_pref("extensions.asktb.autofill-text-highlight-enabled", true);
Found : user_pref("extensions.asktb.cbid", "^AGY");
Found : user_pref("extensions.asktb.config-updated", false);
Found : user_pref("extensions.asktb.crumb", "2012.11.06+03.14.44-toolbar018iad-GB-TWFuY2hlc3RlcixVbml0ZWQgS2[...]
Found : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://avira.ask.com/web?q={query}&o={o}&l={[...]
Found : user_pref("extensions.asktb.domain", "avira-int.ask.com");
Found : user_pref("extensions.asktb.domainName", "avira-int.ask.com");
Found : user_pref("extensions.asktb.dtid", "^YYYYYY^YY^GB");
Found : user_pref("extensions.asktb.en_DF", "");
Found : user_pref("extensions.asktb.en_US", "");
Found : user_pref("extensions.asktb.ff-original-keyword-url", "");
Found : user_pref("extensions.asktb.first-launch-url", "hxxp://www.pdf995.com/download.html");
Found : user_pref("extensions.asktb.first-restart-after-config-update", true);
Found : user_pref("extensions.asktb.fresh-install", false);
Found : user_pref("extensions.asktb.guid", "EFB457FC-A8C7-43C5-9C35-8E6ED25D9FBA");
Found : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Found : user_pref("extensions.asktb.if", "first");
Found : user_pref("extensions.asktb.l", "dis");
Found : user_pref("extensions.asktb.last-config-req", "1352704530612");
Found : user_pref("extensions.asktb.last-search-timestamp", "1352529835155");
Found : user_pref("extensions.asktb.locale", "en_US");
Found : user_pref("extensions.asktb.localePref", true);
Found : user_pref("extensions.asktb.location", "Manchester,United Kingdom");
Found : user_pref("extensions.asktb.o", "APN10267");
Found : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Found : user_pref("extensions.asktb.qsrc", "2871");
Found : user_pref("extensions.asktb.r", "3");
Found : user_pref("extensions.asktb.sa", "YES");
Found : user_pref("extensions.asktb.saguid", "7F7BF147-9255-4138-8571-A215BD14941D");
Found : user_pref("extensions.asktb.search-history-queries", "601af0647bdc62aefe1b845a6");
Found : user_pref("extensions.asktb.search-plugin-suggestions-url", "hxxp://ss.websearch.ask.com/query?qsrc=[...]
Found : user_pref("extensions.asktb.search-suggestions-enabled", true);
Found : user_pref("extensions.asktb.silent-upgrade", true);
Found : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
Found : user_pref("extensions.asktb.socialmini-first", true);
Found : user_pref("extensions.asktb.socialmini-interval", "1200000");
Found : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
Found : user_pref("extensions.asktb.socialmini-max-items", "30");
Found : user_pref("extensions.asktb.socialmini-native-on", true);
Found : user_pref("extensions.asktb.socialmini-speed", "5000");
Found : user_pref("extensions.asktb.themeid", "");
Found : user_pref("extensions.asktb.timeinstalled", "05/11/2012 10:15:41");
Found : user_pref("extensions.asktb.to", "");
Found : user_pref("extensions.asktb.v", "3.15.10.100015");
Found : user_pref("extensions.asktb.version", "5.15.10.29781");
Found : user_pref("extensions.defaulttab.config", "{\"status\": \"ok\", \"config\": {\"dns_error_handling\":[...]
Found : user_pref("extensions.enabledAddons", "toolbar@ask.com:3.15.10.100015,{972ce4c6-7e08-4474-a285-32081[...]
Found : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10267&loc[...]

*************************

AdwCleaner[R1].txt - [8918 octets] - [12/11/2012 10:10:35]

########## EOF - C:\AdwCleaner[R1].txt - [8978 octets] ##########

C:\System Volume Information\_restore{D31C8A4A-A60E-4289-93EB-43E77D1210E8}\RP35\A0005714.exe a variant of Win32/SoftonicDownloader.E application cleaned by deleting - quarantined
E:\InternationalPrimoPDF.exe Win32/OpenCandy application cleaned by deleting - quarantined
E:\Set Up Folder\InternationalPrimoPDF.exe Win32/OpenCandy application cleaned by deleting - quarantined
E:\System Volume Information\_restore{D31C8A4A-A60E-4289-93EB-43E77D1210E8}\RP97\A0024128.exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
E:\System Volume Information\_restore{D31C8A4A-A60E-4289-93EB-43E77D1210E8}\RP35\A0005750.exe Win32/OpenCandy application cleaned by deleting - quarantined
E:\System Volume Information\_restore{D31C8A4A-A60E-4289-93EB-43E77D1210E8}\RP45\A0007192.exe Win32/OpenCandy application cleaned by deleting - quarantined
E:\System Volume Information\_restore{D31C8A4A-A60E-4289-93EB-43E77D1210E8}\RP45\A0007267.exe Win32/OpenCandy application cleaned by deleting - quarantined
E:\System Volume Information\_restore{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP368\A0051215.exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined
E:\System Volume Information\_restore{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP386\A0054669.exe Win32/OpenCandy application cleaned by deleting - quarantined

#6 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,057 posts

Posted 13 November 2012 - 12:31 PM

Good. ESET mostly found things within Restore Points and indicates no malware, just nuisances.

Now please have AdwCleaner remove everything it found. This may well speed up your browsing.
DELETE
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#7 sutra

sutra

    Member

  • Full Member
  • Pip
  • 23 posts

Posted 14 November 2012 - 02:44 AM

Thanks. Latest scan below as requested.

# AdwCleaner v2.007 - Logfile created 11/13/2012 at 05:58:05
# Updated 06/11/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Administrator - HOME-X7EX4WXUZ0
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Administrator\My Documents\Downloads\adwcleaner(1).exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : DefaultTabUpdate

***** [Files / Folders] *****

File Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pjh77026.default\extensions\addon@defaulttab.com.xpi
File Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pjh77026.default\searchplugins\Askcom.xml
File Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pjh77026.default\searchplugins\search-here.xml
File Deleted : C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
Folder Deleted : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\AskSearch
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\AskToolbar
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\DefaultTab
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pjh77026.default\extensions\toolbar@ask.com
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\AskToolbar
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pjh77026.default\prefs.js

Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("extensions.asktb.FeaturePageVersion", "1");
Deleted : user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");
Deleted : user_pref("extensions.asktb.OOBEVersion", "1");
Deleted : user_pref("extensions.asktb.apn_dbr", "ff_11.0");
Deleted : user_pref("extensions.asktb.autofill-text-highlight-enabled", true);
Deleted : user_pref("extensions.asktb.cbid", "^AGY");
Deleted : user_pref("extensions.asktb.config-updated", false);
Deleted : user_pref("extensions.asktb.crumb", "2012.11.06+03.14.44-toolbar018iad-GB-TWFuY2hlc3RlcixVbml0ZWQgS2[...]
Deleted : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://avira.ask.com/web?q={query}&o={o}&l={[...]
Deleted : user_pref("extensions.asktb.domain", "avira-int.ask.com");
Deleted : user_pref("extensions.asktb.domainName", "avira-int.ask.com");
Deleted : user_pref("extensions.asktb.dtid", "^YYYYYY^YY^GB");
Deleted : user_pref("extensions.asktb.en_DF", "");
Deleted : user_pref("extensions.asktb.en_US", "");
Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");
Deleted : user_pref("extensions.asktb.first-launch-url", "hxxp://www.pdf995.com/download.html");
Deleted : user_pref("extensions.asktb.fresh-install", false);
Deleted : user_pref("extensions.asktb.guid", "EFB457FC-A8C7-43C5-9C35-8E6ED25D9FBA");
Deleted : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Deleted : user_pref("extensions.asktb.if", "first");
Deleted : user_pref("extensions.asktb.l", "dis");
Deleted : user_pref("extensions.asktb.last-config-req", "1352704530612");
Deleted : user_pref("extensions.asktb.last-search-timestamp", "1352529835155");
Deleted : user_pref("extensions.asktb.locale", "en_US");
Deleted : user_pref("extensions.asktb.localePref", true);
Deleted : user_pref("extensions.asktb.location", "Manchester,United Kingdom");
Deleted : user_pref("extensions.asktb.o", "APN10267");
Deleted : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Deleted : user_pref("extensions.asktb.qsrc", "2871");
Deleted : user_pref("extensions.asktb.r", "3");
Deleted : user_pref("extensions.asktb.sa", "YES");
Deleted : user_pref("extensions.asktb.saguid", "7F7BF147-9255-4138-8571-A215BD14941D");
Deleted : user_pref("extensions.asktb.search-history-queries", "601af0647bdc62aefe1b845a6");
Deleted : user_pref("extensions.asktb.search-plugin-suggestions-url", "hxxp://ss.websearch.ask.com/query?qsrc=[...]
Deleted : user_pref("extensions.asktb.search-suggestions-enabled", true);
Deleted : user_pref("extensions.asktb.silent-upgrade", true);
Deleted : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
Deleted : user_pref("extensions.asktb.socialmini-first", true);
Deleted : user_pref("extensions.asktb.socialmini-interval", "1200000");
Deleted : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
Deleted : user_pref("extensions.asktb.socialmini-max-items", "30");
Deleted : user_pref("extensions.asktb.socialmini-native-on", true);
Deleted : user_pref("extensions.asktb.socialmini-speed", "5000");
Deleted : user_pref("extensions.asktb.themeid", "");
Deleted : user_pref("extensions.asktb.timeinstalled", "05/11/2012 10:15:41");
Deleted : user_pref("extensions.asktb.to", "");
Deleted : user_pref("extensions.asktb.v", "3.15.10.100015");
Deleted : user_pref("extensions.asktb.version", "5.15.10.29781");
Deleted : user_pref("extensions.defaulttab.config", "{\"status\": \"ok\", \"config\": {\"dns_error_handling\":[...]
Deleted : user_pref("extensions.enabledAddons", "toolbar@ask.com:3.15.10.100015,{972ce4c6-7e08-4474-a285-32081[...]
Deleted : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10267&loc[...]

*************************

AdwCleaner[R1].txt - [9047 octets] - [12/11/2012 10:10:35]
AdwCleaner[S1].txt - [9587 octets] - [13/11/2012 05:58:05]

########## EOF - C:\AdwCleaner[S1].txt - [9647 octets] ##########

#8 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,057 posts

Posted 14 November 2012 - 12:04 PM

Good. How is your browsing now? Incidentally I personally find Chrome is by far the fastest browser. You might want to give it a try..

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#9 sutra

sutra

    Member

  • Full Member
  • Pip
  • 23 posts

Posted 20 November 2012 - 05:55 AM

Hi, Sorry about the delay in replying,
I went on a short break with my wife.

Internet start up has improved but still have occasional
problems when trying to access websites. Whether this is
the websites themselves or my computer I'm not sure as it's
random and not one particular site or sites.

I installed Chrome and tried it but had difficulty importing
from Firefox, particularly bookmarks. When I tried to install
the Firefox toolbar I was told it was incompatible with Chrome.

Thanks for your help, much appreciated.

sutra

#10 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,057 posts

Posted 20 November 2012 - 04:12 PM

Please do these important security updates:
Update Firefox.
Updating Java:
  • Go here and download the latest version of Java:
  • Go to Start -> Control Panel -> Add or Remove Programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
    They should have this icon next to any that are there: Posted Image
    Select any found and choose Uninstall.
  • Then install the version you downloaded earlier.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#11 sutra

sutra

    Member

  • Full Member
  • Pip
  • 23 posts

Posted 22 November 2012 - 05:45 AM

Hi again, have updated Firefox and Java as instructed.

Things have improved a lot regarding internet and programs
not responding but start up seems to have slowed down quite
a lot. Any hints on speeding it up? Thanks once again.

sutra

#12 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,057 posts

Posted 22 November 2012 - 01:50 PM

No guarantees, but try these. Do them in order, i.e. clean up the disk before defragmenting.

1. Update your CCleaner and run it. Note: although the Registry cleaner in CCleaner is safer than most, we don't recommend any Registry cleaner. Dangerous, and the increase in speed is negligible.

2. Disable, delete, or uninstall any unnecessary startups. Run the free Autoruns. Extract the zip file to its own folder, then double-click autoruns.exe. It has good help (click Help). You may need to disable Avira in order to run it.

3. Check the file system. Start > Run, enter 'Chkdsk'. If errors are found, then do Start > Run > enter 'chkdsk.exe /f'. This will require a reboot and may take a very long time. You might choose to run it overnight. For info: http://www.microsoft...k.mspx?mfr=true

4. Defragment. I suggest the free Defraggler by Piriform.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#13 sutra

sutra

    Member

  • Full Member
  • Pip
  • 23 posts

Posted 29 November 2012 - 04:25 AM

Thanks for your reply and have followed instructions
as listed. Apologies for the delay in replying,but I
have been running various malware and anti-virus
programs to see if any of them could detect any problems
but everything seems to be ok, unless there are problems
they cannot detect.
On start up everything runs normally until it starts loading
my security programs: Avira, MBAM, McAfee Firewall and my
internet wireless connection then it takes an eternity before
start up is completed. I have disabled then reinstalled the
various security programs but it makes no difference. I have also
tried to restore my laptop to a point before the problems started
but after going through the motions it tells me that the restore
to a previous point has failed and no alteration has been made to
my pc. On trying to go further back all restore points have
suddenly been deleted apart from the ones after the problems started.
Is this the end of the line or is there anything else I can try?

Thanks,

sutra

#14 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,057 posts

Posted 29 November 2012 - 01:50 PM

You shouldn't be running McAfee Firewall if you have XP Firewall enabled. Disable the Windows Firewall and see if that helps. Never run more than one software firewall.

However McAfee Firewall may not be your best choice.
Does McAfee slow down internet
Does McAfee Firewall slow down startup

We usually recommend Comodo Firewall Free or Emsisoft Online Armor Free

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#15 sutra

sutra

    Member

  • Full Member
  • Pip
  • 23 posts

Posted 29 November 2012 - 04:14 PM

Hello again, a bit better news this time!

I uninstalled McAfee and Microsoft Security Firewalls
and installed Comodo as recommended. I didn't see a
great improvement on rebooting but noticed that the
Avira umbrella on the task bar, although it came up
quickly, was closed and that real time and web
protection had been stopped. It then took quite a long
time before the umbrella opened and real time and web
protection had been activated and my wireless internet
connection activated. Although I have never had any
problems with Avira previously, I uninstalled it and,
bingo, at the moment, on reboot the start up was much improved.
Can you recommend an anti-virus program to replace Avira
as at the moment I am running without one?

Thanks again for your help.

sutra

#16 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,057 posts

Posted 29 November 2012 - 04:21 PM

I highly recommend free version of Avast. The free version is all you need. I have been very pleased with it.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#17 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,057 posts

Posted 04 December 2012 - 05:54 PM

Are you having any remaining problems or questions, sutra?

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#18 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,057 posts

Posted 15 December 2012 - 03:24 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button