GeekPolice Tech TutorialsLog in

 

SLOW computer after running scans

Share

descriptionRe: SLOW computer after running scans

more_horiz
Well, I am back in safe mode. I tried in normal, but it took 10 pages for IE to open, Chrome never did. Once IE opened it was another 22 minutes before it loaded google. It never did load anything after that. I tried closing, but it took forever. I pulled up the task manager and even that took 5 minutes to bring up and another 7 before it recognized my click. In safe mode, everything seems to be running fine. I can open all the programs it allows me to and they seem to be just fine. I am not sure what else to do, other than to leave it in your hands again. I did backup their photos, which took ALL day, no joke.

descriptionRe: SLOW computer after running scans

more_horiz
Any change it the operation of your computer?

descriptionRe: SLOW computer after running scans

more_horiz
Nope. As stated above, only really able to oepn and run anything in safe mode again. Everything else is S.L.O.W. I tried again today. I tried opening IE, I literally made dinner, came back, and it wasn't open yet. When it came up I tried to go to a site, but it took forever, so I gave up. Normal mode is TOO SLOW! Something is still not right

descriptionRe: SLOW computer after running scans

more_horiz
Could you please run the MiniTool box scan again and post the log. You keep stating that it takes a long time to open a page on the internet. Is it just there that it's slow or does it also happen when opening other programs?
On Oct. 31/14 you said it was running better. Do you know what has transpired since then to slow it down?

descriptionRe: SLOW computer after running scans

more_horiz
Sure. I can run it again. ALL programs are slow to open, not just browsers. Also, would you like me to try the scan in normal mode or just run it in safe mode? Nothing is different...I've done everything only on here. I don't even turn it on but to check it and run scans.

descriptionRe: SLOW computer after running scans

more_horiz
Please run it in Normal Mode. I would also like to try one more scan.

Download Combofix from any of the links below, and save it to your DESKTOP.
If your version of Windows defaults to you download folder you will need to copy it to your desktop.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click ComboFix.exe to run it.

    You will see the following image:



Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

descriptionRe: SLOW computer after running scans

more_horiz
ok, I tried doing all this in normal, the computer never loaded all the page. I waited for over 24 hours. I even tried again. I gave up and I am just going to do it in safe mode. Maybe we'll finally get to do something in normal mode again.

descriptionRe: SLOW computer after running scans

more_horiz
Minitool box log:

MiniToolBox by Farbar Version: 21-07-2014
Ran by Administrator (administrator) on 07-11-2014 at 17:42:33
Running from "C:\Documents and Settings\Administrator\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Network
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Intel(R) PRO/Wireless 2200BG Network Connection = Wireless Network Connection (Connected)
Broadcom 440x 10/100 Integrated Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : ExpensiveToy

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : wi.rr.com



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller

Physical Address. . . . . . . . . : 00-15-C5-6B-A5-AF



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . : wi.rr.com

Description . . . . . . . . . . . : Intel(R) PRO/Wireless 2200BG Network Connection

Physical Address. . . . . . . . . : 00-16-6F-AE-91-5D

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.107

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 209.18.47.61

209.18.47.62

Lease Obtained. . . . . . . . . . : Friday, November 07, 2014 5:31:47 PM

Lease Expires . . . . . . . . . . : Saturday, November 08, 2014 5:31:47 PM

Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: google.com
Addresses: 74.125.225.1, 74.125.225.2, 74.125.225.3, 74.125.225.6
74.125.225.4, 74.125.225.14, 74.125.225.9, 74.125.225.8, 74.125.225.7
74.125.225.0, 74.125.225.5



Pinging google.com [74.125.225.7] with 32 bytes of data:



Reply from 74.125.225.7: bytes=32 time=17ms TTL=54

Reply from 74.125.225.7: bytes=32 time=28ms TTL=54



Ping statistics for 74.125.225.7:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 17ms, Maximum = 28ms, Average = 22ms

Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: yahoo.com
Addresses: 98.138.253.109, 206.190.36.45, 98.139.183.24



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Reply from 98.139.183.24: bytes=32 time=58ms TTL=45

Reply from 98.139.183.24: bytes=32 time=54ms TTL=45



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 54ms, Maximum = 58ms, Average = 56ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Reply from 127.0.0.1: bytes=32 time<1ms TTL=64



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 15 c5 6b a5 af ...... Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
0x3 ...00 16 6f ae 91 5d ...... Intel(R) PRO/Wireless 2200BG Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.107 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.107 192.168.1.107 25
192.168.1.107 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.107 192.168.1.107 25
224.0.0.0 240.0.0.0 192.168.1.107 192.168.1.107 25
255.255.255.255 255.255.255.255 192.168.1.107 2 1
255.255.255.255 255.255.255.255 192.168.1.107 192.168.1.107 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/02/2014 09:48:44 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: with error: This operation returned because the timeout period expired.

Error: (11/02/2014 09:48:44 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: with error: This operation returned because the timeout period expired.

Error: (10/26/2014 10:03:37 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: with error: This operation returned because the timeout period expired.

Error: (10/26/2014 10:03:37 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: with error: This operation returned because the timeout period expired.

Error: (10/25/2014 01:09:05 PM) (Source: Windows Search Service) (User: )
Description: The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again.

Context: Application, SystemIndex Catalog

Error: (10/25/2014 01:08:45 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: with error: This operation returned because the timeout period expired.

Error: (10/25/2014 01:07:12 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: with error: This operation returned because the timeout period expired.

Error: (10/25/2014 01:07:12 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: with error: This operation returned because the timeout period expired.

Error: (10/25/2014 08:55:37 AM) (Source: Windows Search Service) (User: )
Description: Unable to initialize the filter host process. Terminating.


Details:
This operation returned because the timeout period expired. (0x800705b4)

Error: (10/25/2014 08:20:59 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: with error: This operation returned because the timeout period expired.


System errors:
=============
Error: (11/07/2014 05:33:19 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
APPDRV
aswRvrt
aswSnx
aswSP
aswTdi
aswVmm
Fips
intelppm

Error: (11/07/2014 05:32:04 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (11/07/2014 05:10:15 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMScheduler service.

Error: (11/07/2014 05:09:46 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMScheduler service.

Error: (11/07/2014 05:09:15 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMScheduler service.

Error: (11/07/2014 05:09:11 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMScheduler service.

Error: (11/06/2014 10:18:38 PM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume2

Error: (11/06/2014 10:17:45 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (11/06/2014 10:09:32 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (11/06/2014 09:44:01 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
APPDRV
aswRvrt
aswSnx
aswSP
aswTdi
aswVmm
Fips
intelppm


Microsoft Office Sessions:
=========================
Error: (11/02/2014 09:48:44 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.

Error: (11/02/2014 09:48:44 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.

Error: (10/26/2014 10:03:37 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.

Error: (10/26/2014 10:03:37 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.

Error: (10/25/2014 01:09:05 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Error: (10/25/2014 01:08:45 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.

Error: (10/25/2014 01:07:12 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.

Error: (10/25/2014 01:07:12 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.

Error: (10/25/2014 08:55:37 AM) (Source: Windows Search Service)(User: )
Description:
Details:
This operation returned because the timeout period expired. (0x800705b4)

Error: (10/25/2014 08:20:59 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.


========================= Memory info: ===================================

Percentage of memory in use: 30%
Total physical RAM: 503.37 MB
Available physical RAM: 348.36 MB
Total Pagefile: 1229.43 MB
Available Pagefile: 1147.45 MB
Total Virtual: 2047.88 MB
Available Virtual: 1978.89 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:33.65 GB) (Free:14.61 GB) NTFS

========================= Users: ========================================

User accounts for \\EXPENSIVETOY

Administrator Guest HelpAssistant
Leslie and Charlie SUPPORT_388945a0


**** End of log ****

descriptionRe: SLOW computer after running scans

more_horiz
Ok, please try running CF in Safe Mode.

descriptionRe: SLOW computer after running scans

more_horiz
combofix log:

ComboFix 14-11-03.01 - Administrator 11/07/2014 19:50:12.1.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.181 [GMT -6:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\_000005_.tmp.dll
.
.
((((((((((((((((((((((((( Files Created from 2014-10-08 to 2014-11-08 )))))))))))))))))))))))))))))))
.
.
2014-10-25 19:11 . 2014-10-25 19:11 -------- d-----w- c:\windows\jumpshot.com
2014-10-25 15:31 . 2014-10-25 15:27 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-10-25 15:29 . 2014-10-25 15:26 291352 ----a-w- c:\windows\system32\aswBoot.exe
2014-10-25 15:26 . 2014-10-25 15:26 43152 ----a-w- c:\windows\avastSS.scr
2014-10-25 14:28 . 2014-02-26 01:59 13312 ------w- c:\windows\system32\xp_eos.exe
2014-10-25 14:28 . 2014-02-26 01:59 13312 ------w- c:\windows\system32\dllcache\xp_eos.exe
2014-10-24 02:58 . 2014-10-26 00:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-10-24 02:26 . 2014-10-24 02:26 -------- d-----w- c:\windows\ERUNT
2014-10-24 01:52 . 2014-10-26 15:59 -------- d-----w- C:\AdwCleaner
2014-10-24 01:35 . 2014-10-24 01:38 -------- d-----w- C:\FRST
2014-10-23 21:16 . 2014-10-23 21:16 -------- d-----w- c:\program files\ESET
2014-10-23 20:43 . 2014-11-07 04:20 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-23 20:42 . 2014-10-25 22:43 54232 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-23 20:42 . 2014-10-23 20:44 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-10-23 20:25 . 2014-10-23 20:26 -------- d-----w- c:\documents and settings\Administrator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-03 03:58 . 2013-04-30 02:02 70384 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2014-11-03 03:58 . 2013-04-30 02:03 787800 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-10-25 15:27 . 2010-06-25 23:50 57928 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-10-25 15:27 . 2013-04-30 02:02 206248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-10-25 15:27 . 2010-06-25 23:50 422760 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-10-25 15:27 . 2013-04-30 02:02 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-10-25 15:27 . 2010-06-25 23:50 55240 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-10-01 16:11 . 2014-03-16 00:51 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-10-25 15:19 723976 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2005-05-15 332800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-06-18 647216]
"Linksys Wireless Manager"="c:\program files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" [2009-06-24 1366064]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-06-19 472112]
"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2014-11-03 5223016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-9-1 24576]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe /n [2005-5-3 81920]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe /startup [2008-5-26 123904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 21:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2005-05-15 07:04 332800 ----a-w- c:\program files\Dell Support\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 15:44 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
2003-09-10 07:24 20480 ------w- c:\program files\NetWaiting\netwaiting.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
2005-07-13 00:05 1117184 ----a-w- c:\program files\McAfee\SpamKiller\MSKDetct.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 02:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Leslie and Charlie\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
.
S0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [4/29/2013 8:02 PM 49944]
S0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [4/29/2013 8:02 PM 206248]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [4/29/2013 8:03 PM 787800]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/25/2010 5:50 PM 422760]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [4/29/2013 8:02 PM 70384]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [10/23/2014 2:42 PM 1871160]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [10/23/2014 2:42 PM 968504]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;"c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" --> c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [?]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/15/2014 6:51 PM 23256]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [10/23/2014 2:43 PM 114904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2010-09-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2014-11-07 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2014-10-25 15:17]
.
2014-10-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2592937098-3000039096-119158199-1007Core.job
- c:\documents and settings\Leslie and Charlie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-24 14:24]
.
2014-11-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2592937098-3000039096-119158199-1007UA.job
- c:\documents and settings\Leslie and Charlie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-24 14:24]
.
2014-10-30 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-10-25 01:59]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
Trusted Zone: musicmatch.com\online
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-mbamchameleon
MSConfigStartUp-CTFMON - (no file)
AddRemove-Google Desktop - c:\program files\Google\Google Desktop Search\GoogleDesktopSetup.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-11-07 19:58
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2592937098-3000039096-119158199-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,73,d9,aa,a9,39,3a,e4,45,b0,ee,02,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,73,d9,aa,a9,39,3a,e4,45,b0,ee,02,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(952)
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
Completion time: 2014-11-07 20:01:43
ComboFix-quarantined-files.txt 2014-11-08 02:01
.
Pre-Run: 15,594,893,312 bytes free
Post-Run: 15,675,863,040 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 3CCE78C85833923BD5B3EE1093AAA60E
91722E6BC3A2B40FF00222DCA4A3DB3E

descriptionRe: SLOW computer after running scans

more_horiz
Please do this even though you don't have the OS disk. Please tell me if the scan asks for the OS disk

•Click on Start > Run and type sfc /scannow then press Enter (note the space between scf and /scannow)
*Let this run undisturbed until the window with the blue progress bar goes away
SFC - Which stands for System File Checker, retrieves the correct version of the file from %Systemroot%\System32\Dllcache or the Windows installation source files, and then replaces the incorrect file.

descriptionRe: SLOW computer after running scans

more_horiz
OK. Also, since CF I am now able to be in normal mode....at least for the time being. Would you like me to stay there for as long as the computer lets me?

descriptionRe: SLOW computer after running scans

more_horiz
OK. Also, since CF I am now able to be in normal mode....at least for the time being. Would you like me to stay there for as long as the computer lets me?.

Does Ok mean that the SFC ran without incident? Please keep your computer in Normal and tell me how it's working.

descriptionRe: SLOW computer after running scans

more_horiz
It did., at least I think. I am not quqite sure what's supposed to happen. Here's what happened after, though. Everything ran great! I could cruise around the internet, open Word docs, other files, pictures. UNTIL (dun, dun, dun) I shut down and turned it back on today. In normal mode, again, we're back to everything (not just internet) being S.L.O.W again. Safe mode has no issues whatsoever. I am at a loss. Grrr. I feel like we get somewhere, but then on startup, something happens again.

descriptionRe: SLOW computer after running scans

more_horiz
Something is slowing down the computer in Normal Mode. We have to find what it is.

Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
Click on View > Select Colunms.
In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
Go File>Save As, and save the report as Procexp.txt.
Attach the file to your next reply.
Permissions in this forum:
You cannot reply to topics in this forum