Computer and internet run slow. Please help. New thread with link.

[jeromez48]

Here is the link to my previous thread. There is also one prior to this in the same thread.

http://forums.spybot.info/showthread...ow-Please-help

As per instructions, I ran:
ERUNT
dds - here is the text.doc
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.51.2
Run by Administrator at 14:37:08 on 2014-04-03
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.757 [GMT -4:00]
.
AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Enabled*
.
============== Running Processes ================
.
C:\Program Files\XFINITY Computer Performance Tool\SDCService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Documents and Settings\Administrator\Desktop\Defense & Stuff\Stuff\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\Common Files\Motive\pcCMService.exe
C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\XFINITY Computer Performance Tool\sdccont.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.23.9\GoogleCrashHandler.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Norton Security Suite\Engine\21.2.0.38\N360.exe
C:\Program Files\Norton Security Suite\Engine\21.2.0.38\N360.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k NetworkService
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton security suite\engine\21.2.0.38\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton security suite\engine\21.2.0.38\ips\ipsbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton security suite\engine\21.2.0.38\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton security suite\engine\21.2.0.38\coieplg.dll
uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [A24802D8E0033B87C7A71FBB6D39DEF74469BA10._service_run] "c:\documents and settings\administrator\local settings\application data\google\chrome\application\chrome.exe" --type=service
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Spybot-S&D Cleaning] "c:\program files\spybot - search & destroy 2\SDCleaner.exe" /autoclean
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [MakiwaraNotify] "c:\program files\xfinity computer performance tool\sdccont.exe" /dummy /cfg "c:\program files\xfinity computer performance tool\uiframework\common\PCPowerCare.xml" /notificationtoaster /mutexname notificationtoaster /hideWindow
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [Google Update] "c:\windows\system32\config\systemprofile\local settings\application data\google\update\GoogleUpdate.exe" /c
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\erunt autobackup.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\autorunsdisabled\yahoo! widgets.lnk - c:\program files\yahoo!\widgets\YahooWidgets.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\microsoft office.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\status monitor.lnk - c:\program files\brother\brmfcmon\BrMfcWnd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autorunsdisabled\brother bprsp.lnk - c:\windows\installer\{8040527f-dd74-4b45-8a06-c4bf145b6c76}\BrSupSsp.exe_44686FC076524EF5975EF92EE48E2958.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll/AcroIECapture.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.comcastsupport.com/sdccommon/download/tgctlsr.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1300239196265
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1351669012296
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{A3E4C69B-1693-4756-BE77-38F8EC366770} : DHCPNameServer = 192.168.1.1
Notify: igfxcui - igfxsrvc.dll
Notify: SDWinLogon - <no file>
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\1502000.026\symds.sys [2014-4-2 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\1502000.026\symefa.sys [2014-4-2 936152]
R1 BHDrvx86;BHDrvx86;c:\program files\norton security suite\nortondata\21.1.0.18\definitions\bashdefs\20140319.001\BHDrvx86.sys [2014-3-18 1098968]
R1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\n360\1502000.026\ccsetx86.sys [2014-4-2 127064]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\1502000.026\ironx86.sys [2014-4-2 206936]
R2 Garmin Core Update Service;Garmin Core Update Service;c:\documents and settings\administrator\desktop\defense & stuff\stuff\garmin\core update service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-9-19 250200]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-3-28 1809720]
R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-3-28 857912]
R2 Motorola Device Manager;Motorola Device Manager Service;c:\program files\motorola mobility\motorola device manager\MotoHelperService.exe [2013-11-15 137528]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\21.2.0.38\n360.exe [2014-4-2 265040]
R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2012-7-13 769432]
R2 pcCMService;pcCMService;c:\program files\common files\motive\pcCMService.exe [2012-6-1 369152]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2014-3-30 1042272]
R2 XFINITY Computer Performance Tool;XFINITY Computer Performance Tool;c:\program files\xfinity computer performance tool\sdcService.exe [2012-11-5 406976]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2014-3-31 108120]
R3 IDSxpx86;IDSxpx86;c:\program files\norton security suite\nortondata\21.1.0.18\definitions\ipsdefs\20140402.001\IDSXpx86.sys [2014-4-2 383120]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-3-28 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-3-28 107736]
R3 NAVENG;NAVENG;c:\program files\norton security suite\nortondata\21.1.0.18\definitions\virusdefs\20140403.002\NAVENG.SYS [2014-4-3 93272]
R3 NAVEX15;NAVEX15;c:\program files\norton security suite\nortondata\21.1.0.18\definitions\virusdefs\20140403.002\NAVEX15.SYS [2014-4-3 1612376]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2014-3-30 3921880]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2014-3-30 171416]
S3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2013-11-22 249856]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2013-11-26 6272]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2014-3-28 50648]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2013-11-26 21376]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys --> c:\windows\system32\drivers\motccgpfl.sys [?]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2013-11-26 23936]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2013-11-26 11264]
S3 PTHSBUS;PANTECH Handset USB Composite Device Driver (UDP);c:\windows\system32\drivers\pthsbus.sys --> c:\windows\system32\drivers\PTHSBUS.sys [?]
S3 PTHSMDM;PANTECH Handset Drivers (UDP);c:\windows\system32\drivers\pthsmdm.sys --> c:\windows\system32\drivers\PTHSMDM.sys [?]
S3 PTHSVSP;PANTECH Handset Diagnostic Serial Port (UDP);c:\windows\system32\drivers\pthsvsp.sys --> c:\windows\system32\drivers\PTHSVSP.sys [?]
S3 ssmirrdr;ssmirrdr;c:\windows\system32\drivers\ssmirrdr.sys [2012-10-8 10112]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S4 57935899;57935899; [x]
S4 RapportIaso;RapportIaso;\??\c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\39624\rapportiaso.sys --> c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\39624\rapportiaso.sys [?]
S4 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
.
=============== File Associations ===============
.
ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~3\office\FRONTPG.EXE
.
=============== Created Last 30 ================
.
2014-04-03 16:04:46 -------- d-----w- C:\FRST
2014-04-03 02:51:20 936152 ----a-w- c:\windows\system32\drivers\n360\1502000.026\symefa.sys
2014-04-03 02:51:20 447704 ----a-w- c:\windows\system32\drivers\n360\1502000.026\symnets.sys
2014-04-03 02:51:20 423256 ----a-w- c:\windows\system32\drivers\n360\1502000.026\symtdi.sys
2014-04-03 02:51:20 384728 ----a-w- c:\windows\system32\drivers\n360\1502000.026\symtdiv.sys
2014-04-03 02:51:20 367704 ----a-r- c:\windows\system32\drivers\n360\1502000.026\symds.sys
2014-04-03 02:51:20 32344 ----a-r- c:\windows\system32\drivers\n360\1502000.026\srtspx.sys
2014-04-03 02:51:20 21520 ----a-r- c:\windows\system32\drivers\n360\1502000.026\symelam.sys
2014-04-03 02:51:19 664280 ----a-w- c:\windows\system32\drivers\n360\1502000.026\srtsp.sys
2014-04-03 02:51:19 206936 ----a-r- c:\windows\system32\drivers\n360\1502000.026\ironx86.sys
2014-04-03 02:51:19 127064 ----a-r- c:\windows\system32\drivers\n360\1502000.026\ccsetx86.sys
2014-04-03 02:50:45 30068 ----a-w- c:\windows\system32\drivers\n360\1502000.026\symvtcer.dat
2014-04-03 02:50:45 -------- d-----w- c:\windows\system32\drivers\n360\1502000.026
2014-03-30 04:56:45 18968 ----a-w- c:\windows\system32\sdnclean.exe
2014-03-28 19:09:43 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-03-28 19:08:04 50648 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-03-28 19:08:04 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-28 19:08:03 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-03-28 16:50:08 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2014-03-18 16:15:18 13312 -c----w- c:\windows\system32\dllcache\xp_eos.exe
2014-03-18 16:15:18 13312 ------w- c:\windows\system32\xp_eos.exe
.
==================== Find3M ====================
.
2014-03-31 20:13:57 2526 ----a-w- c:\windows\system32\regHiveData.bin
2014-03-11 22:12:27 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-11 22:12:27 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-24 11:46:36 920064 ----a-w- c:\windows\system32\wininet.dll
2014-02-24 11:45:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2014-02-24 11:45:57 1469440 ------w- c:\windows\system32\inetcpl.cpl
2014-02-24 11:45:42 18944 ----a-w- c:\windows\system32\corpol.dll
2014-02-24 10:54:21 385024 ----a-w- c:\windows\system32\html.iec
2014-02-07 02:01:37 1879040 ----a-w- c:\windows\system32\win32k.sys
2014-02-05 08:55:04 562688 ----a-w- c:\windows\system32\qedit.dll
2014-01-06 19:23:36 4558848 ----a-w- c:\windows\system32\GPhotos.scr
2014-01-04 03:13:05 420864 ----a-w- c:\windows\system32\vbscript.dll
.
============= FINISH: 14:38:48.50 ===============

Attach file is zipped, below under attachments.

Here is aswMBR log:

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-04-03 15:16:05
-----------------------------
15:16:05.921 OS Version: Windows 5.1.2600 Service Pack 3
15:16:05.921 Number of processors: 1 586 0x207
15:16:05.921 ComputerName: HOME-88B26076E7 UserName: Administrator
15:16:09.390 Initialize success
15:29:11.750 AVAST engine defs: 14040301
15:29:47.453 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:29:47.453 Disk 0 Vendor: WDC_WD800BB-75CAA0 16.06V16 Size: 76293MB BusType: 3
15:29:47.640 Disk 0 MBR read successfully
15:29:47.640 Disk 0 MBR scan
15:29:47.671 Disk 0 Windows XP default MBR code
15:29:47.671 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76285 MB offset 63
15:29:47.687 Disk 0 scanning sectors +156232125
15:29:47.859 Disk 0 scanning C:\WINDOWS\system32\drivers
15:30:08.171 Service scanning
15:30:10.593 Service BHDrvx86 C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140319.001\BHDrvx86.sys **LOCKED** 5
15:30:12.265 Service ccSet_N360 C:\WINDOWS\system32\drivers\N360\1502000.026\ccSetx86.sys **LOCKED** 5
15:30:14.968 Service eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys **LOCKED** 5
15:30:15.625 Service EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys **LOCKED** 5
15:30:19.921 Service IDSxpx86 C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140402.001\IDSxpx86.sys **LOCKED** 5
15:30:25.765 Service NAVENG C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140403.002\NAVENG.SYS **LOCKED** 5
15:30:26.156 Service NAVEX15 C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140403.002\NAVEX15.SYS **LOCKED** 5
15:30:34.828 Service SRTSPX C:\WINDOWS\system32\drivers\N360\1502000.026\SRTSPX.SYS **LOCKED** 5
15:30:35.703 Service SymDS C:\WINDOWS\system32\drivers\N360\1502000.026\SYMDS.SYS **LOCKED** 5
15:30:36.171 Service SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS **LOCKED** 5
15:30:36.312 Service SymIRON C:\WINDOWS\system32\drivers\N360\1502000.026\Ironx86.SYS **LOCKED** 5
15:30:36.453 Service SYMTDI C:\WINDOWS\System32\Drivers\N360\1502000.026\SYMTDI.SYS **LOCKED** 5
15:30:42.703 Modules scanning
15:30:54.984 Disk 0 trace - called modules:
15:30:55.000 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
15:30:55.000 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a3bfab8]
15:30:55.015 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a3cad98]
15:30:55.484 AVAST engine scan C:\WINDOWS
15:31:14.906 AVAST engine scan C:\WINDOWS\system32
15:36:55.703 AVAST engine scan C:\WINDOWS\system32\drivers
15:37:24.531 AVAST engine scan C:\Documents and Settings\Administrator
16:12:58.468 AVAST engine scan C:\Documents and Settings\All Users
16:17:11.234 Scan finished successfully
16:19:30.703 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
16:19:30.750 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBRlog.txt"

[Juliet]

Hi and welcome.

Do you still have Farbar Recovery Scan Tool on your desktop?

If yes let's proceed.


Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

start
CHR HKLM\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files\Common Files\Motive\extensions\MotiveRequest.crx [2012-12-27]
CHR HKCU\...\Chrome\Extension: [afbcibndhffhhbokgpbpecjmejjcgcej] - C:\Documents and Settings\Administrator\Local Settings\Application Data\CRE\afbcibndhffhhbokgpbpecjmejjcgcej.crx [2013-01-20]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\DOCUME~1\ADMINI~1\LOCALS~1\APPLIC~1\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-06-20]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:829C9EE6
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
Reboot:
end

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system


~~~~~~~~~~~~~~~~~~~~~

AdwCleaner by Xplode

Click on this link to download : ADWCleaner
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Do not click on any links in the top Advertisment.


Close all open windows and browsers.

• Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  
  *****
  
  
  
• Click the Scan button and wait for the scan to finish.

• After the Scan has finished the window may or may not show what it found and above the progress bar you will see Pending. Please uncheck elements you don't want to remove. Please don't delete anything at this time.
• Click the Report button to get the log
• Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
• Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.
• NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

~~~~~~~~~~~~~~~~~~~~~~~~


Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Please post:
fixlist.txt
C:\AdwCleaner\AdwCleaner[R0].txt
JRT.txt

[jeromez48]

Hello Juliet and Tashi. Thanks so much for your hard work. The FRST tool worked so fast I thought it had failed!

Also, please be aware that my primary browser is Google Chrome. I only use IE occasionally.

Farbar Recovery Scan Tool (x86) Version: 13-03-2014 01
Ran by Administrator at 2014-04-04 02:13:32
Running from C:\Documents and Settings\Administrator\Desktop
Boot Mode: Normal

================== Search: "fixlist.txt" ===================

C:\Documents and Settings\Administrator\Desktop\fixlist.txt
[2014-04-04 02:12] - [2014-04-04 02:12] - 0000950 ____A () 1d72d921577a65942d5ca8c4fb377f10

=== End Of Search ===

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014 01
Ran by Administrator at 2014-04-04 02:17:35 Run:1
Running from C:\Documents and Settings\Administrator\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
CHR HKLM\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files\Common Files\Motive\extensions\MotiveRequest.crx [2012-12-27]
CHR HKCU\...\Chrome\Extension: [afbcibndhffhhbokgpbpecjmejjcgcej] - C:\Documents and Settings\Administrator\Local Settings\Application Data\CRE\afbcibndhffhhbokgpbpecjmejjcgcej.crx [2013-01-20]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\DOCUME~1\ADMINI~1\LOCALS~1\APPLIC~1\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-06-20]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:829C9EE6
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
Reboot:
end
*****************

HKLM\SOFTWARE\Google\Chrome\Extensions\edmgmpmklgfbohogafcfobonnkogchec => Key deleted successfully.
C:\Program Files\Common Files\Motive\extensions\MotiveRequest.crx => Moved successfully.
HKCU\SOFTWARE\Google\Chrome\Extensions\afbcibndhffhhbokgpbpecjmejjcgcej => Key deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\CRE\afbcibndhffhhbokgpbpecjmejjcgcej.crx => Moved successfully.
HKCU\SOFTWARE\Google\Chrome\Extensions\apdfllckaahabafndbhieahigkjlhalf => Key deleted successfully.
C:\DOCUME~1\ADMINI~1\LOCALS~1\APPLIC~1\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx => Moved successfully.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key deleted successfully.
HKCR\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found.
C:\Documents and Settings\All Users\Application Data\TEMP => ":5C321E34" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":829C9EE6" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":D1B5B4F1" ADS removed successfully.


The system needed a reboot.

==== End of Fixlog ====

# AdwCleaner v3.023 - Report created 04/04/2014 at 02:39:18
# Updated 01/04/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Administrator - HOME-88B26076E7
# Running from : C:\Documents and Settings\Administrator\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a3ulizkr.default\Extensions\torntv2@torntv.com.xpi
File Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage
File Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage-journal
File Found : C:\WINDOWS\system32\conduitEngine.tmp
File Found : C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
Folder Found C:\Documents and Settings\Administrator\Application Data\blekko
Folder Found C:\Documents and Settings\Administrator\Application Data\pccustubinstaller
Folder Found C:\Documents and Settings\Administrator\Application Data\registry mechanic
Folder Found C:\Documents and Settings\Administrator\Local Settings\Application Data\apn
Folder Found C:\Documents and Settings\Administrator\Local Settings\Application Data\visi_coupon
Folder Found C:\Documents and Settings\All Users\Application Data\~0
Folder Found C:\Documents and Settings\All Users\Application Data\boost_interprocess
Folder Found C:\Documents and Settings\All Users\Application Data\Systweak
Folder Found C:\Documents and Settings\NetworkService\Application Data\adawaretb

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\855da8cb368b846
Key Found : HKCU\Software\APN
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\driverscanner
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\claro
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Fast Free Converter
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\RegClean Pro_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Found : HKLM\Software\Uniblue

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v

[ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a3ulizkr.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [5441 octets] - [04/04/2014 02:39:18]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [5501 octets] ##########


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Microsoft Windows XP x86
Ran by Administrator on Fri 04/04/2014 at 2:59:56.06
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values




~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\adawarebp
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-790525478-2025429265-725345543-500\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\driverscanner
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211141126}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn"
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\typelib\{2996f0e7-292b-4cae-893f-47b8b1c05b56}"



~~~ Files

Successfully deleted: [File] "C:\WINDOWS\system32\conduitengine.tmp"
Successfully deleted: [File] "C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job"



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\boost_interprocess"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\systweak"
Successfully deleted: [Folder] "C:\Documents and Settings\Administrator\Application Data\blekko"
Successfully deleted: [Folder] "C:\Documents and Settings\Administrator\Application Data\pccustubinstaller"
Successfully deleted: [Folder] "C:\Documents and Settings\Administrator\Application Data\registry mechanic"
Successfully deleted: [Folder] "C:\Documents and Settings\Administrator\Local Settings\Application Data\adawarebp"
Successfully deleted: [Folder] "C:\Documents and Settings\Administrator\Local Settings\Application Data\apn"
Successfully deleted: [Folder] "C:\Documents and Settings\Administrator\Local Settings\Application Data\cre"
Successfully deleted: [Folder] "C:\Documents and Settings\Administrator\Local Settings\Application Data\visi_coupon"
Successfully deleted: [Folder] "C:\Program Files\coupons"



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\afbcibndhffhhbokgpbpecjmejjcgcej
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 04/04/2014 at 3:15:54.98
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Thanks again!

[Juliet]

your welcome!

Let's open AdwCleaner-by Xplode

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Scan.
• After the scan is complete click on "Clean"
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner.txt as well.

Please post this log when done. Also, update me on how the computer is at the moment.

[jeromez48]

Good morning Juliet,

Computer boots up and shuts down much more quickly. Outlook displays mail much faster. Internet is still slow loading 1st page of the day, then speeds up. Page loading is MUCH faster. Got a message on Google Chrome/cnn.com "Shockwave isn't responding" with a checkbox to shut it off. MOST Important, though, is that audio and video are FINALLY synced. Youtube worked beautifully!!!

Thanks a million!

Jerry


# AdwCleaner v3.023 - Report created 04/04/2014 at 09:40:21
# Updated 01/04/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Administrator - HOME-88B26076E7
# Running from : C:\Documents and Settings\Administrator\Desktop\Defense\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

[x] Not Deleted : C:\Documents and Settings\All Users\Application Data\~0
Folder Deleted : C:\Documents and Settings\NetworkService\Application Data\adawaretb
File Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a3ulizkr.default\Extensions\torntv2@torntv.com.xpi
File Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage
File Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage-journal

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKCU\Software\855da8cb368b846
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\claro
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Fast Free Converter
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\RegClean Pro_is1
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v

[ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a3ulizkr.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [5581 octets] - [04/04/2014 02:39:18]
AdwCleaner[R1].txt - [3399 octets] - [04/04/2014 09:36:55]
AdwCleaner[S0].txt - [3371 octets] - [04/04/2014 09:40:21]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3431 octets] ##########

[Juliet]

Sounds like good news to me!

Let's try this for ShockWave

https://support.google.com/chrome/answer/2445333?hl=en
Adobe Shockwave plug-in

[x] Not Deleted : C:\Documents and Settings\All Users\Application Data\~0
See if you can locate this file, just see whats in it.??


Important information regarding Windows XP
http://forums.whatthetech.com/index....owtopic=127901


We need to check for remnants.


Please Run TFC by OldTimer to clear temporary files:

Download TFC from here http://oldtimer.geekstogo.com/TFC.exe
and save it to your desktop.

Close any open programs and Internet browsers.
Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
Please be patient as clearing out temp files may take a while.
Once it completes you may be prompted to restart your computer, please do so.
Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The scanner below is very thorough, don't be alarmed if you see it finding things beccause I actually expect to see it find files in quarantine.

Go here to run an online scanner from ESET.

• Turn off the real time scanner of any existing antivirus program while performing the online scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activeX control to install
• Click Start
• Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
• Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
• Click Scan
• Wait for the scan to finish
• When the scan completes, press the LIST OF THREATS FOUND button
• Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
• Include the contents of this report in your next reply.
• Press the BACK button.
• Press Finish

[jeromez48]

Hello Juliet,

I hope you are enjoying this beautiful day.

I tried the Shockwave suggestion you made. When I looked at the plugin on the Chrome list, I found it was enabled, so I disabled and then re-enabled it. There were also enabled plugins for Firefox, mozilla, and other browsers. Should I disable them?

Unfortunately, when I then tried my browser, I got a message saying Shockwave crashed. I also noticed that on my add or remove program list, Shockwave is listed there under Adobe. Do I need to do something with it there?

I assume Shockwave has something to do with audio and video sync because they are out of sync again.

As per your request, I located: C:\Documents and Settings\All Users\Application Data\~0. It is an empty folder. The reason it wasn't deleted is because I thought it was important and unchecked it when cleaning the system. Should I delete the folder?

I ran OldTimer and it seemed to remove a lot of temp files.

When it came to ESET, I mistakenly downloaded the trial version instead of the online version. When I used the online version, it found no threats. However, before going to the Spybot forum, I had used Malwarebytes and purged a number of threats from its quarantine. Maybe that is why no threats were found, in addition to the thorough cleanings you have already had me do. Eset took over 2 hours to run.

A thumbnail named Thumbs.db has appeared on my desktop. ???

Please advise.

Thanks,
Jerry

[Juliet]

Hello Juliet,

I hope you are enjoying this beautiful day.

I tried the Shockwave suggestion you made. When I looked at the plugin on the Chrome list, I found it was enabled, so I disabled and then re-enabled it. There were also enabled plugins for Firefox, mozilla, and other browsers. Should I disable them?

Unfortunately, when I then tried my browser, I got a message saying Shockwave crashed. I also noticed that on my add or remove program list, Shockwave is listed there under Adobe. Do I need to do something with it there?

I assume Shockwave has something to do with audio and video sync because they are out of sync again.

As per your request, I located: C:\Documents and Settings\All Users\Application Data\~0. It is an empty folder. The reason it wasn't deleted is because I thought it was important and unchecked it when cleaning the system. Should I delete the folder?

I ran OldTimer and it seemed to remove a lot of temp files.

When it came to ESET, I mistakenly downloaded the trial version instead of the online version. When I used the online version, it found no threats. However, before going to the Spybot forum, I had used Malwarebytes and purged a number of threats from its quarantine. Maybe that is why no threats were found, in addition to the thorough cleanings you have already had me do. Eset took over 2 hours to run.

A thumbnail named Thumbs.db has appeared on my desktop. ???

Please advise.

Thanks,
Jerry

I am so sorry it took me so long to get back, my 4 year old has run a fever most of the day and I just couldn't let him out of my sight.

plugins enabled or disabled is up to you, if your troubleshooting, turn 1 on at a time to see if one is the cause of the issue.

Let's try this and see if the Shockwave issue can be resolved:

Please download and install the latest version from the links below:

Adobe Flash Player 12.0.0.77 Final for (Internet Explorer)
Adobe Flash Player 12.0.0.77 Final for (Firefox, Safari, Opera)
Note: Your browsers should be closed before proceeding with the installation process.

************************

C:\Documents and Settings\All Users\Application Data\~0 if it's empty it's not hurting anything one way or another, generally for space people empty out the un-needed.

I've heard Eset taking up to 8 hours before.....ran it on mine once and sat for 4 hours.

Thumb.db is a index of the thumbnails that are displayed in image folders and or any folder that has an image in it.

If you turn off Show All Files and or turn off Show System files and or check Hide system files (don't remember what the option is called) you won't see them.

You can delete the Thumbs.db files and it won't be recreated unless you go back to that folder and View the files as Thumbnails. DT.ini will be recreated by the system no matter what you do.

***************
How's the computer now?

Please run this security check for my review.

Download Security Check by screen317 from here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

[jeromez48]

An oreo for your little one! I hope he/she feels better soon. (Been there, done that)

I tried to use the shockwave link you suggested, but I got a 404 message. I went to Adobe directly and it said I needed an update so I did that. Then I went to the chrome plugins list and disabled anything that didn't say IE or Chrome.

The page loaded somewhat faster but the audio and video are way out of sync.

I ran security check 317. Here are the results:

Results of screen317's Security Check version 0.99.81
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Norton Security Suite
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
JavaFX 2.1.1
Java 7 Update 51
Adobe Flash Player 12.0.0.77
Adobe Reader XI
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 2%
````````````````````End of Log``````````````````````

When I looked through the program files, I noticed a few anti-virus or adware folders with tiny bits of data (kB's).
Should I delete them?

Thanks again for all your help!!!
Jerry

[Juliet]

https://support.google.com/youtube/answer/58134?hl=en
Read over that link and see if it helps.

Let's check a setting
Open Firefox:
"Options> Advanced> General> Use hardware acceleration when available"

May also need to check driver updates for the computer.



We can remove quarantine folders and tools now we used.

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

Run FRST/FRST64 and press the Fix button just once and wait.
no needed to post the log this time.

start
DeleteQuarantine:
end

~~~~~~~~~~~~~~`

1. Download Delfix from here
2. Ensure Remove disinfection tools is ticked
   Also tick:
   
   • Create registry backup
   • Purge system restore
   
   
   
3. Click Run

Any other tools and files found can simply be deleted or uninstall via Add/Remove Programs in the Control Panel etc.