Jump to content


Photo

Not responding and Takes forever to load


  • This topic is locked This topic is locked
28 replies to this topic

#1 Claudiams

Claudiams

    Advanced Member

  • Full Member
  • PipPipPip
  • 109 posts

Posted 22 July 2013 - 07:07 PM

When I try to open Firefox or IE it takes at least 20-30 min. to open. Then it freezes if I have 2-3 tabs open.  I did run eset scanner but I didn't get a log opened, however it showed no threats found. Just really moves very slow or stops running.
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.22.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Claudia :: STILL [administrator]

7/22/2013 3:33:25 PM
mbam-log-2013-07-22 (15-33-25).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 288405
Time elapsed: 27 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
Results of screen317's Security Check version 0.99.70  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled!  
 ESET Online Scanner v3   
 Norton 360     
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 CCleaner     
 Java 7 Update 25  
 Adobe Flash Player     11.8.800.94  
 Adobe Reader XI  
 Mozilla Firefox (22.0)
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe
 Malwarebytes Anti-Malware mbam.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 6%
````````````````````End of Log``````````````````````
 
 
Edit: Please read the Instructions and post the requested DDS log (DDS.txt). We need the information in order to help you.


Edited by cnm, 22 July 2013 - 07:33 PM.


#2 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 23 July 2013 - 03:25 PM

Please read the Instructions and post the requested DDS log (DDS.txt).


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#3 Claudiams

Claudiams

    Advanced Member

  • Full Member
  • PipPipPip
  • 109 posts

Posted 24 July 2013 - 11:56 AM

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.25.2
Run by Claudia at 13:49:33 on 2013-07-24
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2046.1161 [GMT -4:00]
.
AV: Norton 360 Premier Edition *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 Premier Edition *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\ccSvcHst.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://search.coupons.com/
dURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - <orphaned>
BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360 premier edition\engine\20.4.0.40\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton 360 premier edition\engine\20.4.0.40\ips\ipsbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360 premier edition\engine\20.4.0.40\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360 premier edition\engine\20.4.0.40\coieplg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [KSS] "c:\program files\kaspersky lab\kaspersky security scan 2.0\kss.exe" /autorun
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
Trusted Zone: mcafee.com
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{C6B47D3E-13E4-4EE2-98E9-FF1A7FD6B5DD} : DHCPNameServer = 192.168.1.1
Notify: GoToAssist - <no file>
Notify: WgaLogon - <no file>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\claudia\application data\mozilla\firefox\profiles\pad52oh4.default-1095230664656\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1202122.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_94.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npplg80n.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\1404000.028\symds.sys [2013-6-19 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\1404000.028\symefa.sys [2013-6-19 934488]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.1.2\definitions\bashdefs\20130715.001\BHDrvx86.sys [2013-7-22 1002072]
R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\1404000.028\ccsetx86.sys [2013-6-19 134744]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\1404000.028\ironx86.sys [2013-6-19 175264]
R2 KSS;Kaspersky Security Scan Service;c:\program files\kaspersky lab\kaspersky security scan 2.0\kss.exe [2012-12-7 202328]
R2 N360;Norton 360;c:\program files\norton 360 premier edition\engine\20.4.0.40\ccsvchst.exe [2013-6-19 144368]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-10-8 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.1.2\definitions\ipsdefs\20130723.001\IDSXpx86.sys [2013-7-24 373728]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.1.2\definitions\virusdefs\20130724.003\NAVENG.SYS [2013-7-24 93272]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.1.2\definitions\virusdefs\20130724.003\NAVEX15.SYS [2013-7-24 1611992]
S2 NEC Usb3;NEC USB3 Service;c:\windows\system32\svchost.exe -k NECUsb3s [2004-8-4 14336]
S2 Wmipsd;Wmipsd;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-12-31 35144]
S3 PCD5SRVC{FBEA8B78-1B22F121-05040000};PCD5SRVC{FBEA8B78-1B22F121-05040000} - PCDR Kernel Mode Service Helper Driver;\??\c:\progra~1\dellsu~2\hwdiag\bin\pcd5srvc.pkms --> c:\progra~1\dellsu~2\hwdiag\bin\PCD5SRVC.pkms [?]
.
=============== Created Last 30 ================
.
2013-07-23 00:18:30    --------    d-----w-    c:\program files\Kaspersky Lab
2013-07-23 00:18:30    --------    d-----w-    c:\documents and settings\all users\application data\Kaspersky Lab
2013-07-09 22:03:50    144896    ----a-w-    c:\windows\system32\javacpl.cpl
2013-07-09 22:03:43    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
.
==================== Find3M  ====================
.
2013-07-13 09:31:59    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-07-13 09:31:57    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-09 22:03:10    867240    ----a-w-    c:\windows\system32\npdeployJava1.dll
2013-07-09 22:03:10    789416    ----a-w-    c:\windows\system32\deployJava1.dll
2013-07-09 21:54:53    465280    ----a-r-    c:\windows\system32\cpnprt2win32.cid
2013-06-19 21:19:11    142496    ----a-w-    c:\windows\system32\drivers\SYMEVENT.SYS
2013-06-08 03:55:44    385024    ----a-w-    c:\windows\system32\html.iec
2013-06-07 21:56:06    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-06-07 21:56:06    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2013-06-07 21:56:05    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2013-06-04 07:23:02    562688    ----a-w-    c:\windows\system32\qedit.dll
2013-06-04 01:40:45    1876736    ----a-w-    c:\windows\system32\win32k.sys
2013-05-23 05:25:28    934488    ----a-w-    c:\windows\system32\drivers\n360\1404000.028\symefa.sys
2013-05-21 05:02:00    367704    ----a-w-    c:\windows\system32\drivers\n360\1404000.028\symds.sys
2013-05-16 05:02:14    603224    ----a-w-    c:\windows\system32\drivers\n360\1404000.028\srtsp.sys
2013-05-09 04:28:02    1543680    ------w-    c:\windows\system32\wmvdecod.dll
2013-05-03 01:26:26    2193536    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38:18    2070144    ----a-w-    c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 13:51:54.31 ===============



#4 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 24 July 2013 - 12:18 PM

How  long has this slowness been happening?  Did it just start recently or was it after you installed Norton?
 
Please create a Restore point. Give it a description like "Before AdwCleaner". How to create Restore Point.
 
Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Follow the prompts to reboot the computer. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

After that:
Please download ComboFix.exe to your Desktop. Visit this webpage for download links, and instructions for running the tool:
how-to-use-combofix.  Be sure to read the whole page and note the graphics so you know what to expect.
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
 
Please go here to see a list of programs that should be disabled.
 
**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**
 
Please include the C:\ComboFix.txt in your next reply for further review, and let me know what problems remain.  

If ComboFix causes an error message about "scheduled for deletion", reboot again should fix it.


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#5 Claudiams

Claudiams

    Advanced Member

  • Full Member
  • PipPipPip
  • 109 posts

Posted 26 July 2013 - 08:50 AM

It just started happening recently, not after installing Norton.

 

# AdwCleaner v2.306 - Logfile created 07/25/2013 at 20:33:25
# Updated 19/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Claudia - STILL
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Claudia\My Documents\Downloads\adwcleaner(2).exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\Claudia\Application Data\OpenCandy

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Documents and Settings\Claudia\Application Data\Mozilla\Firefox\Profiles\pad52oh4.default-1095230664656\prefs.js

C:\Documents and Settings\Claudia\Application Data\Mozilla\Firefox\Profiles\pad52oh4.default-1095230664656\user.js ... Deleted !

[OK] File is clean.

File : C:\Documents and Settings\Savanah\Application Data\Mozilla\Firefox\Profiles\iz8tr2ac.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vaoptoqa.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\x4m6cj3f.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R3].txt - [6084 octets] - [03/04/2013 17:22:18]
AdwCleaner[S1].txt - [6054 octets] - [03/04/2013 17:23:46]
AdwCleaner[S2].txt - [1667 octets] - [16/05/2013 19:08:20]
AdwCleaner[S3].txt - [1480 octets] - [27/06/2013 18:54:54]
AdwCleaner[S4].txt - [2353 octets] - [25/07/2013 20:33:25]

########## EOF - C:\AdwCleaner[S4].txt - [2413 octets] ##########

 

ComboFix 13-07-25.02 - Claudia 07/26/2013   8:11.14.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2046.1287 [GMT -4:00]
Running from: c:\documents and settings\Claudia\Desktop\ComboFix.exe
AV: Norton 360 Premier Edition *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 Premier Edition *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
    /wow section - STAGE 4
Access is denied.
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\ime\shared\imepadsv.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-26 to 2013-07-26  )))))))))))))))))))))))))))))))
.
.
2013-07-25 20:52 . 2013-07-25 20:52    --------    d-----w-    c:\documents and settings\Claudia\Local Settings\Application Data\doubleTwist_Corporation
2013-07-25 20:52 . 2013-07-25 20:52    --------    d-----w-    c:\documents and settings\Claudia\Local Settings\Application Data\doubleTwist Corporation
2013-07-25 20:51 . 2013-07-25 20:51    --------    d-----w-    c:\program files\Common Files\doubleTwist
2013-07-25 20:50 . 2008-12-17 23:22    57344    ----a-w-    c:\windows\system32\ff_vfw.dll
2013-07-25 20:50 . 2008-12-11 17:26    60273    ----a-w-    c:\windows\system32\pthreadGC2.dll
2013-07-25 20:50 . 2013-07-25 20:51    --------    d-----w-    c:\program files\ffdshow
2013-07-25 20:49 . 2013-07-25 20:51    --------    d-----w-    c:\program files\doubleTwist 2.0
2013-07-25 20:47 . 2013-07-25 20:47    --------    d-----w-    c:\windows\system32\XPSViewer
2013-07-25 20:47 . 2013-07-25 20:47    --------    d-----w-    c:\program files\MSBuild
2013-07-25 20:47 . 2013-07-25 20:47    --------    d-----w-    c:\program files\Reference Assemblies
2013-07-25 20:36 . 2013-07-25 20:36    --------    d-----w-    c:\documents and settings\All Users\Application Data\Yahoo!
2013-07-25 20:36 . 2013-07-25 20:36    --------    d-----w-    c:\documents and settings\All Users\Application Data\Yahoo! Companion
2013-07-23 00:18 . 2013-07-23 00:18    --------    d-----w-    c:\program files\Kaspersky Lab
2013-07-23 00:18 . 2013-07-23 00:18    --------    d-----w-    c:\documents and settings\All Users\Application Data\Kaspersky Lab
2013-07-09 22:03 . 2013-07-09 22:03    144896    ----a-w-    c:\windows\system32\javacpl.cpl
2013-07-09 22:03 . 2013-07-09 22:03    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-25 20:46 . 2011-10-13 20:12    4504    ----a-w-    c:\windows\system32\PerfStringBackup.TMP
2013-07-13 09:31 . 2012-05-02 22:16    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-07-13 09:31 . 2011-06-23 18:48    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-09 22:03 . 2012-09-24 23:21    867240    ----a-w-    c:\windows\system32\npdeployJava1.dll
2013-07-09 22:03 . 2010-12-19 20:00    789416    ----a-w-    c:\windows\system32\deployJava1.dll
2013-07-09 21:54 . 2013-01-05 14:58    465280    ----a-r-    c:\windows\system32\cpnprt2win32.cid
2013-06-19 21:19 . 2012-05-03 21:02    142496    ----a-w-    c:\windows\system32\drivers\SYMEVENT.SYS
2013-06-08 03:55 . 2004-08-04 11:00    385024    ----a-w-    c:\windows\system32\html.iec
2013-06-07 21:56 . 2004-08-04 11:00    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-06-07 21:56 . 2004-08-04 11:00    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2013-06-07 21:56 . 2004-08-04 11:00    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2013-06-04 07:23 . 2004-08-04 11:00    562688    ----a-w-    c:\windows\system32\qedit.dll
2013-06-04 01:40 . 2004-08-04 11:00    1876736    ----a-w-    c:\windows\system32\win32k.sys
2013-05-23 05:25 . 2013-06-19 21:19    934488    ----a-w-    c:\windows\system32\drivers\N360\1404000.028\symefa.sys
2013-05-21 05:02 . 2013-06-19 21:19    367704    ----a-w-    c:\windows\system32\drivers\N360\1404000.028\symds.sys
2013-05-16 05:02 . 2013-06-19 21:19    603224    ----a-w-    c:\windows\system32\drivers\N360\1404000.028\srtsp.sys
2013-05-09 04:28 . 2006-10-19 02:47    1543680    ------w-    c:\windows\system32\wmvdecod.dll
2013-05-03 01:26 . 2004-08-04 11:00    2193536    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38 . 2004-08-04 11:00    2070144    ----a-w-    c:\windows\system32\ntkrnlpa.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KSS"="c:\program files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" [2012-12-07 202328]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-10-25 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Claudia^Start Menu^Programs^Startup^PandaUSBVaccine.lnk]
path=c:\documents and settings\Claudia\Start Menu\Programs\Startup\PandaUSBVaccine.lnk
backup=c:\windows\pss\PandaUSBVaccine.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-04-20 16:48    58656    ----a-w-    c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12    15360    ----a-w-    c:\windows\SYSTEM32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 15:09    460784    ----a-w-    c:\program files\DellSupport\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2005-11-07 09:20    122940    ----a-w-    c:\windows\SYSTEM32\dla\DLACTRLW.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2008-07-10 03:05    46368    ----a-w-    c:\program files\ScanSoft\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-08-19 05:07    421736    ----a-w-    c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2006-01-17 17:03    135168    ----a-w-    c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2011-08-23 21:17    211296    ----a-w-    c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyGarminAgent]
2010-03-16 13:36    337256    ----a-w-    c:\program files\Garmin\MyGarminAgent\myGarminAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2008-07-10 03:07    29984    ----a-w-    c:\program files\ScanSoft\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort11reminder]
2007-08-31 13:01    328992    ----a-w-    c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07    2260480    ------w-    c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 13:03    210472    ----a-w-    c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MSK80Service"=2 (0x2)
"McSysmon"=3 (0x3)
"McShield"=2 (0x2)
"McProxy"=2 (0x2)
"McODS"=3 (0x3)
"McNASvc"=2 (0x2)
"mcmscsvc"=2 (0x2)
"McAfee SiteAdvisor Service"=2 (0x2)
"MBackMonitor"=3 (0x3)
"MPS9"=2 (0x2)
"McRedirector"=2 (0x2)
"mcpromgr"=2 (0x2)
"mcmispupdmgr"=2 (0x2)
"McAfee HackerWatch Service"=2 (0x2)
"Emproxy"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1105010324\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
R0 SymDS;Symantec Data Store;c:\windows\SYSTEM32\DRIVERS\N360\1404000.028\symds.sys [6/19/2013 5:19 PM 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\SYSTEM32\DRIVERS\N360\1404000.028\symefa.sys [6/19/2013 5:19 PM 934488]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\BASHDefs\20130715.001\BHDrvx86.sys [7/22/2013 3:22 PM 1002072]
R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\SYSTEM32\DRIVERS\N360\1404000.028\ccsetx86.sys [6/19/2013 5:19 PM 134744]
R1 SymIRON;Symantec Iron Driver;c:\windows\SYSTEM32\DRIVERS\N360\1404000.028\ironx86.sys [6/19/2013 5:19 PM 175264]
R2 iPodDrv;iPodDrv;c:\windows\SYSTEM32\DRIVERS\iPodDrv.sys [12/20/2012 11:23 AM 6656]
R2 KSS;Kaspersky Security Scan Service;c:\program files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [12/7/2012 3:16 PM 202328]
R2 N360;Norton 360;c:\program files\Norton 360 Premier Edition\Engine\20.4.0.40\ccsvchst.exe [6/19/2013 5:15 PM 144368]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/8/2012 7:30 AM 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\IPSDefs\20130725.001\IDSXpx86.sys [7/25/2013 6:45 PM 373728]
S2 NEC Usb3;NEC USB3 Service;c:\windows\System32\svchost.exe -k NECUsb3s [8/4/2004 7:00 AM 14336]
S2 Wmipsd;Wmipsd;c:\windows\System32\svchost.exe -k netsvcs [8/4/2004 7:00 AM 14336]
S3 mbamchameleon;mbamchameleon;c:\windows\SYSTEM32\DRIVERS\mbamchameleon.sys [12/31/2012 3:06 PM 35144]
S3 PCD5SRVC{FBEA8B78-1B22F121-05040000};PCD5SRVC{FBEA8B78-1B22F121-05040000} - PCDR Kernel Mode Service Helper Driver;\??\c:\progra~1\DELLSU~2\HWDiag\bin\PCD5SRVC.pkms --> c:\progra~1\DELLSU~2\HWDiag\bin\PCD5SRVC.pkms [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
NECUsb3s    REG_MULTI_SZ       NEC Usb3
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
mpfservice
sagefserver
AVCamUSB20
usbcm
tvicport
LPCFilter
iwebmsg
hibernation
trioservice
s117mdm
hsf_dpv
ZDPNDIS5
bwsvc
ssm_mdfl
acrsch2svc
AsIO
winvnc4
NAL
richvideo
M2500
acnusvc
IPSECSHM
w800mdm
Wmipsd
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-02 09:32]
.
2013-06-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2013-07-26 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-08-24 17:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://search.coupons.com/
uInternet Settings,ProxyOverride = *.local
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.1.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
FF - ProfilePath - c:\documents and settings\Claudia\Application Data\Mozilla\Firefox\Profiles\pad52oh4.default-1095230664656\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - ExtSQL: 2013-07-25 16:36; {635abd67-4fe9-1b23-4f01-e679fa7484c1}; c:\documents and settings\Claudia\Application Data\Mozilla\Firefox\Profiles\pad52oh4.default-1095230664656\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - ExtSQL: 2013-07-25 16:48; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-07-26 10:28
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360 Premier Edition\Engine\20.4.0.40\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360 Premier Edition\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCD5SRVC{FBEA8B78-1B22F121-05040000}]
"ImagePath"="\??\c:\progra~1\DELLSU~2\HWDiag\bin\PCD5SRVC.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]
@DACL=(02 0000)
"DLLName"="c:\\Program Files\\Citrix\\GoToAssist\\514\\G2AWinLogon.dll"
"Logoff"="G2ALogoff"
"Asynchronous"=dword:00000000
"Logon"="G2ALogon"
"Startup"="G2AStartup"
"Impersonate"=dword:00000000
"Shutdown"="G2AShutdown"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]
@DACL=(02 0000)
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
"ASPNET"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2200)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\wanmpsvc.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2013-07-26  10:36:32 - machine was rebooted
ComboFix-quarantined-files.txt  2013-07-26 14:36
ComboFix2.txt  2013-04-03 01:57
ComboFix3.txt  2012-12-29 22:31
.
Pre-Run: 14,324,690,944 bytes free
Post-Run: 14,235,373,568 bytes free
.
- - End Of File - - 54BE5EA2F0F4909B3BE586A71864E2CA
B16A2359F4962B0C622D81A1C1F4B703



#6 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 26 July 2013 - 01:49 PM

Is the PC any faster now?

 

Unnecessary processes running at startup can cause a system slowdown. Please download to your Desktop MBAM' StartUpLite from here.
Run StartUpLite.exe. This will display all unnecessary startup entries.
Select all options you would like executed, then click ContinueI recommend you disable them all..


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#7 Claudiams

Claudiams

    Advanced Member

  • Full Member
  • PipPipPip
  • 109 posts

Posted 29 July 2013 - 10:16 AM

Yes, it loads a lot quicker now. Thanks again! Was the computer infected?



#8 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 29 July 2013 - 11:02 AM

No malware was found, but AdwCleaner removed some nuisance files that probably cam bundled with other software.
When you download or install something, watch for boxes that need to be unchecked.
 
If you are satisfied with the way your PC is running, please remove our tools.

Start > Run and enter 'combofix /uninstall'. Note the space after 'combofix'.  
 
Delete the DDS files and Security Check folder from your Desktop.

 

Run AdwCleaner and click Uninstall.


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#9 Claudiams

Claudiams

    Advanced Member

  • Full Member
  • PipPipPip
  • 109 posts

Posted 30 July 2013 - 12:46 PM

It was working much better yesterday and now it continues to freeze up. It took me again half hour until I just logged in safe mode today to save time.



#10 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 30 July 2013 - 01:17 PM

I assume you haven't downloaded anything new..

Click on Start > Run > cmd
In the command window enter this: chkdsk C: /f
This will check the file system and require a reboot.
If you want to also check for bad disk sectors, enter chkdsk /r instead.  That will take a really long time and is best done overnight.

After you have successfully run chkdsk, it would be a good idea to defragment.  I like Defraggler.
 

Then post a status report.  Is it still freezing?


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#11 Claudiams

Claudiams

    Advanced Member

  • Full Member
  • PipPipPip
  • 109 posts

Posted 04 August 2013 - 12:26 PM

The newest I downloaded was Double Twist and I heard its safe. I ran everything listed but no log posted. It freezes for 10 min when first opening the internet then it works fine afterwards. Should I uninstall it?



#12 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 04 August 2013 - 12:38 PM

There are some bad reviews of Double Twist at http://download.cnet...4-10825270.html (scroll down).

In any case it couldn't hurt to uninstall it temporarily.

 

Have you run chkdsk and Defraggler as I advised above?


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#13 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 08 August 2013 - 09:49 AM

Are you still with me?


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#14 Claudiams

Claudiams

    Advanced Member

  • Full Member
  • PipPipPip
  • 109 posts

Posted 11 August 2013 - 07:35 PM

Yes, I ran all. There was no log posted. Defraggler listed my computer in good condition. Where can I find the logs?



#15 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 11 August 2013 - 07:58 PM

Finding the chkdsk record involves looking in the event viewer.  Directions with screenshots but those are for Win 7.  In XP you can do Start > Run > and enter eventvwr.msc.  When you find the event you can copy and paste it for me to see.

 

Is PC still freezing?


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#16 Claudiams

Claudiams

    Advanced Member

  • Full Member
  • PipPipPip
  • 109 posts

Posted 12 August 2013 - 08:52 AM

I uninstalled Double Twist too. Just when I first access firefox it stays frozen for 10 min then it does fine.

I think this is it?

 

Event Type:    Information
Event Source:    Winlogon
Event Category:    None
Event ID:    1001
Date:        8/1/2013
Time:        9:56:54 AM
User:        N/A
Computer:    STILL
Description:
Checking file system on C:
The type of the file system is NTFS.

Cleaning up minor inconsistencies on the drive.
Cleaning up 1275 unused index entries from index $SII of file 0x9.
Cleaning up 1275 unused index entries from index $SDH of file 0x9.
Cleaning up 1275 unused security descriptors.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
CHKDSK discovered free space marked as allocated in the volume bitmap.
Windows has made corrections to the file system.

  74557664 KB total disk space.
  60782768 KB in 119257 files.
     48248 KB in 19029 indexes.
         0 KB in bad sectors.
    244284 KB in use by the system.
     65536 KB occupied by the log file.
  13482364 KB available on disk.

      4096 bytes in each allocation unit.
  18639416 total allocation units on disk.
   3370591 allocation units available on disk.

Internal Info:
60 9e 02 00 3a 1c 02 00 cc 06 03 00 00 00 00 00  `...:...........
f3 11 00 00 04 00 00 00 ba 0a 00 00 00 00 00 00  ................
74 b4 10 08 00 00 00 00 0c e9 b1 94 00 00 00 00  t...............
90 1e 6d 16 00 00 00 00 00 00 00 00 00 00 00 00  ..m.............
00 00 00 00 00 00 00 00 22 7e 18 b5 00 00 00 00  ........"~......
99 9e 36 00 00 00 00 00 98 38 07 00 d9 d1 01 00  ..6......8......
00 00 00 00 00 c0 e2 7d 0e 00 00 00 55 4a 00 00  .......}....UJ..

Windows has finished checking your disk.
Please wait while your computer restarts.


For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

 

 

This was another maybe too?

 

Event Type:    Error
Event Source:    Application Hang
Event Category:    (101)
Event ID:    1002
Date:        8/1/2013
Time:        7:59:57 AM
User:        N/A
Computer:    STILL
Description:
Hanging application WINWORD.EXE, version 10.0.6866.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74   Applicat
0008: 69 6f 6e 20 48 61 6e 67   ion Hang
0010: 20 20 57 49 4e 57 4f 52     WINWOR
0018: 44 2e 45 58 45 20 31 30   D.EXE 10
0020: 2e 30 2e 36 38 36 36 2e   .0.6866.
0028: 30 20 69 6e 20 68 75 6e   0 in hun
0030: 67 61 70 70 20 30 2e 30   gapp 0.0
0038: 2e 30 2e 30 20 61 74 20   .0.0 at
0040: 6f 66 66 73 65 74 20 30   offset 0
0048: 30 30 30 30 30 30 30      0000000
 



#17 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 12 August 2013 - 09:15 AM

Good.  Yes, the event shows your Word hanging.  It would be a good idea to repair Office, and reinstall it if necessary.

 

First find your Office Product Key in case you need to reinstall.  How to find the key.
Before you try uninstalling and reinstalling, try repairing your Office installation.  Repair Office programs


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#18 Claudiams

Claudiams

    Advanced Member

  • Full Member
  • PipPipPip
  • 109 posts

Posted 15 August 2013 - 09:07 AM

I was able to get the product key but my drives don't work. I couldn't find how to download from online. The word installed is from 2002. Will upgrading help?



#19 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 15 August 2013 - 09:30 AM

I can't help with Office as I don't use it and don't know much about it.  I would think that upgrading might be a good idea, but with a Word that old it is likely that your old files wouldn't be compatible.  Also I think it would cost money.  If you can reinstall it from the original Microsoft disk that would be best.

 

I do not understand "my drives don't work".  What drives are those?


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#20 Claudiams

Claudiams

    Advanced Member

  • Full Member
  • PipPipPip
  • 109 posts

Posted 16 August 2013 - 06:23 PM

Is the Office from Microsoft Office XP? Just to be sure. Of all disks, I couldn't find that one. I was hoping to download from online since I found the product key . I meant my optical disc drives don't work.



#21 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 16 August 2013 - 07:15 PM

Oh, I see.  

 

I don't know if Office 2002 is Office XP.  (Download the Office XP SP 3)

 

Your Word 2002 has a Security update

 

Even Office 2003 has support expiring next year.  I can't find any info about whether you would be able to open your old files with Office 2010.


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#22 Claudiams

Claudiams

    Advanced Member

  • Full Member
  • PipPipPip
  • 109 posts

Posted 17 August 2013 - 04:19 PM

I do have the recommended updates checked off.  It is working much better than before as well.

It seems as though I should be considering for an updated computer perhaps.



#23 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 17 August 2013 - 04:52 PM

Yes, looks like you've had the computer since 2004 or earlier and it's getting very old.

  • Nine years is a fairly long time for a hard drive to last, although some do last much longer.
  • XP SP 3 support ends April 8, 2014 and Windows 7 (or 8) is a huge improvement
  • Your Office 2002 became obsolete long ago
  • When you buy a new PC you get much more for your money than you did in 2004.  Your hard drive is 71 GB - a new one would have at least 1 TB (1000 GB).

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#24 Claudiams

Claudiams

    Advanced Member

  • Full Member
  • PipPipPip
  • 109 posts

Posted 17 August 2013 - 05:18 PM

So much has changed. For now, I'll be purchasing an external hard drive this week to prepare for the unexpected.

Thanks for the tips!



#25 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 17 August 2013 - 06:23 PM

Time to clean up.
Start > Run and enter 'combofix /uninstall'. Note the space after 'combofix'.  Among other things your Restore Points will be purged and a new clean one created.
 
Delete the DDS files and Security Check folder from your Desktop.

Run AdwCleaner and click Uninstall.


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#26 Claudiams

Claudiams

    Advanced Member

  • Full Member
  • PipPipPip
  • 109 posts

Posted 18 August 2013 - 11:24 AM

I've uninstalled and deleted the files.



#27 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 18 August 2013 - 11:31 AM

Advice for malware prevention:
 
Configure Windows to do automatic updates or get into the habit of checking Windows Update regularly.  They usually have security updates every month.  You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed.   This is a crucial security measure.
 
Keep MalwareBytes Anti-Malware updated and run it whenever you suspect a problem.
 
The free FileHippo Update Checker makes it easy to keep all your programs up to date - run it every few weeks.
 

Chrome is a faster browser than Firefox.
Chrome is available here:  http://www.google.co...e/features.html
 
Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs.  If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately.  It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information.  Ask in a security forum that you trust if you are not sure.  If you are unsure and looking for anti-spyware programs, you may be able to find out if it is a rogue here:
 
http://www.systemloo...p?type=filename
 
A similar category of programs is now called "scareware."  Scareware programs are active infections that will pop-up on your computer and tell you that you are infected.  If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed.  It tells you to click and install it right away.  If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further.  Keeping protection updated and running resident protection can help prevent these infections.  If it happens anyway, get offline as quickly as you can.  Pull the internet connection cable or shut down the computer if you have to.  Contact someone to help by using another computer if possible.  These programs are also sometimes called 'rogues', but they are different from the rogues mentioned above.
 
For much more old but still useful information, read Tony Klein's excellent article: How did I get infected in the first place


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#28 Claudiams

Claudiams

    Advanced Member

  • Full Member
  • PipPipPip
  • 109 posts

Posted 19 August 2013 - 01:49 PM

Thank you



#29 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 19 August 2013 - 01:50 PM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE




Member of UNITE
Support SpywareInfo Forum - click the button