# Help! Inconsistent internet speeds only on one device



## djw663

I had AT&T 3MB dsl for a very long time and it worked really well transfer rates at 250KBPS which is good for where I live. They forced migration me to their U-verse 3MB platform in November and the service kept taking out my moden so almost everyday we had to reboot the modem, and, just on my computer my data transfer rates dropped down to almost nothing 10KBPS approx, once in a while I would get 350KBPS and other times 5KBPS my computer was hard wired with this service, in December I changed out my HD to a Samsung 840 SSD just a FYI, all my other devices have great transfer rates and are wireless. I now have cable internet 15MB service and all my other devices work great my Iphone uploads at 3MBPS and downloads at 14.5MBPS as per speedtest.net I put the wireless card from one of my other computers in my main computer and the transfer rates are still poor, so I know the problem is in my main computer. I have taken my computer apart cleaned and put everything back together I have tried many different software programs that say they can fix issues to no avail. 
I built my computer for gaming about 7 years ago, I still have one I built from 15 years ago and it is still working great and speedtest approx. 10 down and 2up. WII streams video from Netflix no problem X-Box too same with phones and laptops.  I tested my Iphone side by side connected to the same wifi system in my house and my ping will be about 16, my download will be about 14MBPS and my upload will be 3MBPS and on my newer computer ping 159, download 1MBPS, upload about 1.5MBPS and my 15yr old computer using same wifi internet and same type wireless card ping 40, down 7MBPS, up 2MBPS. All tests run within seconds of each other. I have run Ccleaner, full deep scan with Trend Micro, defrag and error checking (Windows.) 4/22/2013 I did get a transfer rate of 550KBPS for one download after doing all the above then the rest about 80KBPS after that.

My main computer has a MSI MS-7125 V.1 motherboard, CPU AMD Opteron 185 dual core 2.61, MSI 6600gt video card, 2GB ram and a Samsung 250GB SSD HD, Raidmax modular power supply 630watts running Windows XP pro.
My CPU isn't working abnormally hard and I am using about 40% of my RAM.


----------



## johnb35

Go here and do a speedtest and post the results.

www.speedtest.net

When done click on share this result, click on forum tab, click on copy. Come here to your reply window and click on paste.  

Is this a wired or wireless connection?  Have you tried updating your driver?


----------



## djw663

All the speeds shown above were from speedtest.net
just did them again
Yes I updated all drivers, since the install of cable internet (last Friday) it is wireless before that it was wired  and I started having having issues when AT&T forced migration to U-verse. The new cable service is 15/3 max.
-----------ping---download---upload
Iphone-----16------13.16------1.78  4S
Ipad-------21------14.19-------1.76
15yr old PC-206------8.0-------1.77 AMD Athlon 1700+, 1GB RAM, 6600GT, 40GB HD, Windows XP pro
Newer PC--225------0.85-------1.78 AMD Opteron 185, 2GB RAM, 6600GT, 250 SSD HD, Windows XP pro


----------



## johnb35

So is it possible that you may have some software installed that could be causing the new pc to slow down?  Since you have already updated the drivers, lets run some scans.

Please download *Malwarebytes' Anti-Malware *from *here* or *here* and save it to your desktop.

Double-click *mbam-setup.exe* and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
*Update Malwarebytes' Anti-Malware*
and *Launch Malwarebytes' Anti-Malware*
 
then click *Finish*.
If an update is found, it will download and install the latest version.  *Please keep updating until it says you have the latest version.*
Once the program has loaded, select *Perform quick scan*, then click *Scan*.
When the scan is complete, click *OK*, then *Show Results* to view the results.
Be sure that everything is checked, and click *Remove Selected*.
A log will be saved automatically which you can access by clicking on the *Logs* tab within Malwarebytes' Anti-Malware

If for some reason Malwarebytes will not install or run please download and run *Rkill.scr*,  *Rkill.exe*, or *Rkill.com*.  If you are still having issues running rkill then try downloading these renamed versions of the same program.

*EXPLORER.EXE*
*IEXPLORE.EXE*
*USERINIT.EXE*
*WINLOGON.EXE*

But *DO NOT *reboot the system and then try installing or running Malwarebytes.  If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it.  Once a log appears on the screen, you can try running malwarebytes or downloading other programs.



Download the *HijackThis* installer from *here*.  
Run the installer and choose *Install*, indicating that you accept the licence agreement.  The installer will place a shortcut on your desktop and launch HijackThis.

*Vista and Windows 7 users must right click on the hijackthis icon and click on run as.  If the run as option doesn't appear then press and hold the shift key while right clicking on the icon to get it to appear.* 


Click *Do a system scan and save a logfile*

_Most of what HijackThis lists will be harmless or even essential, don't fix anything yet._

When the hijackthis log appears in a notepad file, click on the edit menu, click select all, then click on the edit menu again and click on copy.  Come back to your reply and right click on your mouse and click on paste.

Post the logfile that HijackThis produces along with the Malwarebytes Anti-Malware log


----------



## djw663

Here are the results of the malware scan nothing to report.
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.04.24.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.
User :: 
Protection: Enabled

4/23/2013 10:45:13 PM
mbam-log-2013-04-23 (22-45-13).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 237610
Time elapsed: 10 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:16:24 PM, on 4/23/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Trend Micro\AMSP\AMSP_LogServer.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft LifeChat\LifeChat.exe
C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Portrait Displays\Pivot Software\floater.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\******\****** Partition Master 9.2.1 Home Edition\bin\EpmNews.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSI\Live Update 5\LU5.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\User\Local Settings\Application Data\DIRECTV Player\PCShowServerPMWrapper.exe
C:\Documents and Settings\User\Local Settings\Application Data\DIRECTV Player\NDSPCShowServer.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll
O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1125\7.5.1125\TmBpIe32.dll
O3 - Toolbar: MediaBar - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - (no file)
O3 - Toolbar: Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O4 - HKLM\..\Run: [SW20] "C:\WINDOWS\system32\sw20.exe"
O4 - HKLM\..\Run: [SW24] "C:\WINDOWS\system32\sw24.exe"
O4 - HKLM\..\Run: [SoundMan] "C:\WINDOWS\SOUNDMAN.EXE"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\WINDOWS\system32\NeroCheck.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe"
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] "C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe"
O4 - HKLM\..\Run: [AcronisTimounterMonitor] "C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LifeChat] "C:\Program Files\Microsoft LifeChat\LifeChat.exe"
O4 - HKLM\..\Run: [DATAMNGR] "C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Norton Ghost 15.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [****** EPM tray] C:\Program Files\******\****** Partition Master 9.2.1 Home Edition\bin\EpmNews.exe
O4 - HKLM\..\Run: [Live Update 5] C:\Program Files\MSI\Live Update 5\BootStartLiveupdate.exe /reminder
O4 - HKLM\..\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
O4 - HKLM\..\Run: [Trend Micro Titanium] "C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" -set Silent "1" SplashURL ""
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [igndlm.exe] "C:\Program Files\Download Manager\dlm.exe" /windowsstart /startifwork
O4 - HKCU\..\Run: [PCShowServer] "C:\Documents and Settings\User\Local Settings\Application Data\DIRECTV Player\PCShowServerPMWrapper.exe"
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1125\7.5.1125\TmBpIe32.dll
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O18 - Protocol: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
O20 - AppInit_DLLs: c:\progra~1\imesha~1\mediabar\datamngr\datamngr.dll c:\progra~1\imesha~1\mediabar\datamngr\iebho.dll 
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: GenericMount Helper Service - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\GenericMountHelper.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 14067 bytes


----------



## johnb35

First off, I want to say that you have a lot of processes running at bootup, which is bad and is probably causing your slowness.  Lets start by doing some cleanup.

Please use hijackthis to post a uninstall list for me.  Open Hijackthis, click on open misc tools section, click on open uninstall manager, click on save list and save it.  Then copy and paste the contents back here.

Then rerun hijackthis, Do a system scan only and place checks next to these entries.

O3 - Toolbar: MediaBar - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\WINDOWS\system32\NeroCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DATAMNGR] "C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\DATAMN~1.E XE"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw

Then click on fix checked.  

Next.  

Please download* AdwCleaner* by Xplode onto your Desktop.

•Please close all open programs and internet browsers.
•Double click on adwcleaner.exe to run the tool.
•Click on Delete.
•Confirm each time with OK
•Your computer will be rebooted automatically. A text file will open after the restart.
•Please post the content of that logfile in your reply.
•You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

Next.  

Download and run Ccleaner if you don't already have the program.

http://www.filehippo.com/download_ccleaner/

Click up top right where it says download latest version.  Install and open the program, click on run cleaner bottom right corner.


----------



## djw663

32 Bit HP CIO Components Installer
Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.02)
Adobe Shockwave Player 11.6
Amazon Kindle
Apple Application Support
Apple Mobile Device Support
Apple Software Update
att.net Internet Mail
Battlefield 1942
Battlefield 2(TM)
Battlefield 2: Special Forces
Battlefield 2142
Bonjour
CCleaner
Compatibility Pack for the 2007 Office system
Costco Photo Organizer
DCXtended .9
DesertCombat  0.7
DIRECTV Player
DMI Browse
Download Manager 2.3.6
Drivers Install For Linksys Easylink Advisor
****** Partition Master 9.2.1 Home Edition
Extended Asian Language font pack for Adobe Reader XI
FrostWire 4.21.3
FrostWire 5.4.0
GameSpy Arcade
GemPcCCID
getPlus(R) for Adobe
HD Tune 2.53
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
HP My Display
HP Officejet 4500 G510n-z
HP Update
HPDiagnosticAlert
InfoView
iTunes
Java(TM) 6 Update 37
LimeWire 5.5.13
Linksys EasyLink Advisor 1.6 (0033)
Linksys Wireless-G PCI Adapter
Live Update 5
LiveUpdate 3.2 (Symantec Corporation)
Logitech GamePanel Software 2.00
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Download Manager
Microsoft LifeChat
Microsoft Office XP Media Content
Microsoft Office XP Professional
Microsoft Silverlight
Microsoft UI Engine
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
Nero Suite
neroxml
Norton Ghost
NVIDIA Drivers
OGA Notifier 2.0.0048.0
Photo Story 3 for Windows
Pivot Software
PunkBuster for Battlefield 1942
PunkBuster Services
QuickTime
Realtek AC'97 Audio
SDK
Seagate*DiscWizard
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Skype web features
Skype™ 5.10
SupportSoft Assisted Service
swMSM
System Requirements Lab
Trend Micro Titanium
Trend Micro Titanium Maximum Security
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
VCRedistSetup
WD Diagnostics
WHQL DCT II Suite
Windows Genuine Advantage v1.3.0254.0
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
WordPerfect Office 2002
Yahoo! Software Update


----------



## johnb35

Waiting on the log from adwcleaner.  How far away are you from the router?


----------



## djw663

# AdwCleaner v2.202 - Logfile created 04/24/2013 at 19:04:45
# Updated 23/04/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : User - USER-F238246EBE
# Boot Mode : Normal
# Running from : C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\EH3ZD68S\adwcleaner[1].exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~1\imesha~1\mediabar\datamngr\datamngr.dll
Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~1\imesha~1\mediabar\datamngr\iebho.dll
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2656B92B-0207-4AFB-BEBF-F5FD231ECD39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{34CB0620-E343-4772-BBA8-D3074BC47516}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{412CD209-DDA4-4275-8C79-55F1C93FBD47}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{59570C1F-B692-48C9-91B4-7809E6945287}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{63A0F7FA-2C95-4D7E-AF25-EFCC303D20A1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6559E502-6EE1-46B8-A83C-F3A45BDA23EE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A2858A72-758F-4486-B6A1-7F1DCC0924FA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C63CA8A4-AB4E-49E5-A6C0-33FC86D80205}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C6A7847E-8931-4A9A-B4EF-72A91E3CCF4D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD0F1D24-E250-4E93-966C-65615720AEFB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EC1277BB-1C71-4C0D-BA6D-BFEA16E773A6}
Key Deleted : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery
Key Deleted : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1
Key Deleted : HKLM\SOFTWARE\Classes\imweb.imwebcontrol
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{252C2315-CCE0-4446-8DA7-C00292A690BA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[S1].txt - [998 octets] - [24/04/2013 18:57:26]
AdwCleaner[S2].txt - [457 octets] - [24/04/2013 19:01:48]
AdwCleaner[S3].txt - [8681 octets] - [24/04/2013 19:04:45]

########## EOF - C:\AdwCleaner[S3].txt - [8741 octets] ##########


----------



## djw663

The router is mounted on a wall in a closet about 6 feet from my computer.

Just ran Ccleaner again.


----------



## djw663

Thank you for your time in trying to help me with this issue! I really appreciate it.


----------



## johnb35

Are you using Internet Explorer as your web browser?  Was any new software installed between the time it was working good and the time it wasn't?  You also might want to try using a different wifi adapter.  Try hooking up with ethernet cable to verify that the issue isn't just related to the wireless connection.


----------



## djw663

Yes I have always used IE as my browser, The only software that was installed was AT&T helpers when they forced migration to U-verse but I un-installed that software. My next step was to replace the wifi in this PC with the one in my old PC to see if the problem follows. If that doesn't work I'll need to get a 50' ethernet cable to go around the walls and into the closet. I have not tried a wired connection with the new cable modem yet.

It should take me about 15 minutes to switch the wifi cards between the two PC's.


----------



## djw663

I switched the wifi cards in the two PC's this is the result from my 15yr old PC. This one is about 15' away


----------



## djw663

This is the result from my newer PC. 




It does not make any sense. The newer PC is three times faster in everyway except for the internet connection.


----------



## djw663

http://www.speedtest.net/iphone/529242608.png

This is the results from my phone over the same wifi


----------



## johnb35

If you tried the same wifi adapter in both pc's then it seems its software related. 

Download and install firefox or chrome and do a speedtest and see if it is any better.  If so then we can assume its something with Internet Explorer.  If not, lets do another scan.  If this don't solve it, you may be forced to reinstall windows.

*Download and Run ComboFix*
*If you already have Combofix, please delete this copy and download it again as it's being updated regularly.*

*Download this file* here :

*Combofix*


When the page loads click on the blue combofix download link next to the BleepingComputer Mirror.
Save the file to your windows desktop.  The combofix icon will look like this when it has downloaded to your desktop.





We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:


Close all open Windows including this one. 

Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found *here*.
Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.

Please click on I agree on the disclaimer window.
ComboFix will now install itself on to your computer. When it is done, a blue screen will appear as shown below.





ComboFix is now preparing to run. When it has finished ComboFix will automatically attempt to create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry as shown in the image below.





Once the Windows Registry has finished being backed up, ComboFix will attempt to detect if you have the Windows Recovery Console installed. If you already have it installed, you can skip to this section and continue reading. Otherwise you will see the following message as shown below:





At the above message box, please click on the Yes button in order for ComboFix to continue. Please follow the steps and instructions given by ComboFix in order to finish the installation of the Recovery Console.

Please click on yes in the next window to continue scanning for malware.

ComboFix will now disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.

ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.

While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan. An example of this can be seen below.





When ComboFix has finished running, you will see a screen stating that it is preparing the log report.

This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.

When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically for you.  

Now you just click on the edit menu and click on select all, then click on the edit menu again and click on copy.  Then come to the forum in your reply and right click on your mouse and click on paste.  



In your next reply please post:

The ComboFix log
A fresh HiJackThis log
An update on how your computer is running


----------



## djw663

ComboFix 13-04-27.04 - User 04/27/2013  17:54:42.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2047.1331 [GMT -7:00]
Running from: c:\documents and settings\User\Desktop\combofix.exe
AV: Trend Micro Titanium Maximum Security *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\ZeoBIT
c:\documents and settings\All Users\Application Data\ZeoBIT\PCKeeper\installer0.exe0.llog
c:\documents and settings\All Users\Application Data\ZeoBIT\PCKeeper\installer0.exe1.llog
c:\documents and settings\All Users\Application Data\ZeoBIT\PCKeeper\PCKeeper Installer[1].exe0.llog
c:\documents and settings\All Users\Application Data\ZeoBIT\PCKeeper\PCKeeper Installer[1].exe1.llog
c:\documents and settings\User\My Documents\~WRL2286.tmp
c:\documents and settings\User\My Documents\~WRL3502.tmp
c:\documents and settings\User\WINDOWS
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\SET91.tmp
c:\windows\system32\SET93.tmp
c:\windows\system32\SET9F.tmp
c:\windows\system32\SETA1.tmp
c:\windows\system32\SETA8.tmp
c:\windows\system32\SETAA.tmp
c:\windows\system32\SETAD.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-03-28 to 2013-04-28  )))))))))))))))))))))))))))))))
.
.
2013-04-26 06:27 . 2013-04-26 06:29	--------	d-----w-	c:\documents and settings\User\Local Settings\Application Data\Google
2013-04-26 06:27 . 2013-04-26 06:28	--------	d-----w-	c:\program files\Google
2013-04-26 06:27 . 2013-04-26 06:27	--------	d-----w-	c:\documents and settings\User\Local Settings\Application Data\Deployment
2013-04-24 06:15 . 2013-04-24 06:15	388096	----a-r-	c:\documents and settings\User\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-04-24 05:42 . 2013-04-24 05:42	--------	d-----w-	c:\documents and settings\User\Application Data\Malwarebytes
2013-04-24 05:42 . 2013-04-24 05:42	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2013-04-24 05:42 . 2013-04-04 21:50	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-04-24 05:42 . 2013-04-24 05:42	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2013-04-23 05:33 . 2013-04-23 05:33	--------	d-----w-	c:\program files\CCleaner
2013-04-22 00:23 . 2013-04-22 00:33	--------	d-----w-	c:\program files\PCPitstop
2013-04-21 10:05 . 2013-04-21 10:05	--------	d-----w-	C:\TMRescueDisk
2013-04-21 10:00 . 2012-07-11 08:35	90808	----a-w-	c:\windows\system32\drivers\tmeext.sys
2013-04-21 10:00 . 2012-07-06 03:33	171064	----a-w-	c:\windows\system32\drivers\tmnciesc.sys
2013-04-21 10:00 . 2012-05-02 19:27	92304	----a-w-	c:\windows\system32\drivers\tmtdi.sys
2013-04-21 10:00 . 2012-08-24 13:06	38328	----a-w-	c:\windows\system32\drivers\TMEBC32.sys
2013-04-21 10:00 . 2012-07-12 10:30	94200	----a-w-	c:\windows\system32\drivers\tmactmon.sys
2013-04-21 10:00 . 2012-07-12 10:29	75624	----a-w-	c:\windows\system32\drivers\tmevtmgr.sys
2013-04-21 10:00 . 2012-07-12 10:29	257928	----a-w-	c:\windows\system32\drivers\tmcomm.sys
2013-04-21 09:59 . 2013-04-21 09:59	59	----a-w-	c:\windows\system32\SupportTool.exe.bat
2013-04-20 06:23 . 2013-03-12 08:10	237088	------w-	c:\windows\system32\MpSigStub.exe
2013-04-20 06:03 . 2013-04-20 06:03	--------	d-----w-	c:\program files\Microsoft Download Manager
2013-04-20 05:56 . 2000-01-04 14:39	212992	------w-	c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll
2013-04-20 05:56 . 2013-04-20 05:56	--------	d-----w-	C:\DCT53
2013-04-19 23:50 . 2013-04-19 23:50	20747	----a-w-	c:\windows\system32\drivers\AegisP.sys
2013-04-19 23:50 . 2005-10-27 22:06	356096	----a-w-	c:\windows\system32\rt61.sys
2013-04-19 23:50 . 2005-10-27 22:06	356096	----a-w-	c:\windows\system32\drivers\rt61.sys
2013-04-19 23:50 . 2005-10-20 22:00	243328	----a-w-	c:\windows\system32\rt2500.sys
2013-04-19 23:50 . 2003-10-13 22:30	94208	----a-w-	c:\windows\system32\GTW32N50.dll
2013-04-19 23:50 . 2003-09-26 06:28	31930	----a-w-	c:\windows\system32\GTNDIS3.VXD
2013-04-19 23:50 . 2003-09-26 05:15	15872	----a-w-	c:\windows\system32\GTNDIS5.sys
2013-04-19 23:50 . 2005-02-02 01:18	17992	----a-w-	c:\windows\system32\drivers\bcm42rly.sys
2013-04-19 23:50 . 2005-02-02 01:18	17992	----a-w-	c:\windows\system32\bcm42rly.sys
2013-04-19 23:50 . 2005-02-02 01:18	17992	----a-w-	c:\windows\bcm42rly.sys
2013-04-19 23:50 . 2013-04-19 23:50	--------	d-----w-	c:\program files\Linksys Wireless-G PCI Wireless Network Monitor
2013-04-19 03:41 . 2012-08-22 17:19	11832	----a-w-	c:\windows\acpimof.dll
2013-04-06 06:22 . 2013-04-06 06:22	--------	d-----w-	c:\documents and settings\User\Application Data\AVG2013
2013-04-06 06:22 . 2013-04-06 06:22	--------	d-----w-	c:\documents and settings\User\Application Data\TuneUp Software
2013-04-06 06:17 . 2013-04-21 09:55	--------	d-----w-	c:\documents and settings\User\Local Settings\Application Data\Avg2013
2013-04-06 06:17 . 2013-04-21 09:55	--------	d-----w-	c:\documents and settings\All Users\Application Data\MFAData
2013-04-06 06:17 . 2013-04-06 06:17	--------	d-----w-	c:\documents and settings\User\Local Settings\Application Data\MFAData
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-14 23:37 . 2012-03-31 23:20	691592	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-04-14 23:37 . 2011-05-18 03:40	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-23 08:22 . 2012-02-10 06:40	1869600	----a-w-	c:\windows\system32\nvcuvenc.dll
2013-03-23 08:22 . 2007-12-19 03:55	7536640	----a-w-	c:\windows\system32\nvcuda.dll
2013-03-23 08:22 . 2005-06-15 09:20	19189760	----a-w-	c:\windows\system32\nvoglnt.dll
2013-03-23 08:22 . 2005-06-15 09:20	12653120	----a-w-	c:\windows\system32\drivers\nv4_mini.sys
2013-03-23 08:22 . 2013-03-23 08:22	5967872	----a-w-	c:\windows\system32\nvopencl.dll
2013-03-23 08:22 . 2013-03-23 08:22	1010464	----a-w-	c:\windows\system32\nvdispco3230790.dll
2013-03-23 08:22 . 2012-02-10 06:40	17551360	----a-w-	c:\windows\system32\nvcompiler.dll
2013-03-23 08:22 . 2005-06-15 09:20	4494720	----a-w-	c:\windows\system32\nv4_disp.dll
2013-03-23 08:22 . 2013-03-23 08:22	893728	----a-w-	c:\windows\system32\nvdispgenco3230790.dll
2013-03-23 08:22 . 2007-12-29 22:46	2392064	----a-w-	c:\windows\system32\nvapi.dll
2013-03-23 08:22 . 2012-02-10 06:40	2582816	----a-w-	c:\windows\system32\nvcuvid.dll
2013-03-08 08:36 . 2004-08-04 12:00	293376	----a-w-	c:\windows\system32\winsrv.dll
2013-03-07 03:17 . 2013-02-25 00:48	9842040	----a-w-	c:\program files\Common Files\wruninstall.exe
2013-03-07 01:32 . 2004-08-04 12:00	2149888	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50 . 2004-08-03 22:59	2028544	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-03-02 02:06 . 2004-08-04 12:00	916480	----a-w-	c:\windows\system32\wininet.dll
2013-03-02 02:06 . 2004-08-04 12:00	43520	----a-w-	c:\windows\system32\licmgr10.dll
2013-03-02 02:06 . 2004-08-04 12:00	1469440	------w-	c:\windows\system32\inetcpl.cpl
2013-03-02 01:25 . 2004-08-04 12:00	1867264	----a-w-	c:\windows\system32\win32k.sys
2013-03-02 01:08 . 2004-08-04 12:00	385024	----a-w-	c:\windows\system32\html.iec
2013-02-27 07:56 . 2006-01-07 17:03	2067456	----a-w-	c:\windows\system32\mstscax.dll
2013-02-12 00:32 . 2008-08-23 03:34	12928	------w-	c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2004-08-04 12:00	12928	----a-w-	c:\windows\system32\drivers\usb8023.sys
2013-02-03 07:46 . 2012-07-11 04:16	861088	----a-w-	c:\windows\system32\npdeployJava1.dll
2013-02-03 07:46 . 2010-04-22 03:45	782240	----a-w-	c:\windows\system32\deployJava1.dll
2004-08-04 12:00	94784	--sh--w-	c:\windows\twain.dll
2008-04-14 00:12	50688	--sh--w-	c:\windows\twain_32.dll
2011-02-08 13:33	978944	--sha-w-	c:\windows\system32\mfc42.dll
2008-04-14 00:12	57344	--sh--w-	c:\windows\system32\msvcirt.dll
2008-04-14 00:12	413696	--sha-w-	c:\windows\system32\msvcp60.dll
2008-04-14 00:12	343040	--sha-w-	c:\windows\system32\msvcrt.dll
2013-01-26 03:55	552448	--sh--w-	c:\windows\system32\oleaut32.dll
2008-04-14 00:12	84992	--sha-w-	c:\windows\system32\olepro32.dll
2008-04-14 00:12	11776	--sh--w-	c:\windows\system32\regsvr32.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
.
c:\windows\System32\drivers\atapi.sys ... is missing !!
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-16 454784]
"igndlm.exe"="c:\program files\Download Manager\dlm.exe" [2009-05-15 1103216]
"PCShowServer"="c:\documents and settings\User\Local Settings\Application Data\DIRECTV Player\PCShowServerPMWrapper.exe" [2012-07-20 524976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SW20"="c:\windows\system32\sw20.exe" [2005-06-29 212992]
"SW24"="c:\windows\system32\sw24.exe" [2005-07-04 69632]
"SoundMan"="c:\windows\SOUNDMAN.EXE" [2006-11-17 577536]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-07-17 1687824]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-07-18 2094352]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"PivotSoftware"="c:\program files\Portrait Displays\Pivot Software\wpctrl.exe" [2007-02-09 694008]
"DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2007-04-20 1169744]
"AcronisTimounterMonitor"="c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2007-04-20 1945688]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2007-04-20 149024]
"LifeChat"="c:\program files\Microsoft LifeChat\LifeChat.exe" [2008-08-21 267296]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Norton Ghost 15.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2010-03-04 2598760]
"****** EPM tray"="c:\program files\******\****** Partition Master 9.2.1 Home Edition\bin\EpmNews.exe" [2012-11-29 2086984]
"Live Update 5"="c:\program files\MSI\Live Update 5\BootStartLiveupdate.exe" [2012-01-30 315392]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-07-25 133456]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-07-25 1374864]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-06 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2007-09-13 492912]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Uninstall Webroot RunOnce.lnk - c:\program files\Common Files\wruninstall.exe [2013-2-24 9842040]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Corel\\WordPerfect Office 2002\\Register\\NAVBrowser.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"e:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Frostwire\\FrostWire 5\\FrostWire.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Motive\\pcServiceHost.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*isabled:Windows Remote Management 
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/10/2007 11:21 PM 685816]
R0 TMEBC;TMEBC;c:\windows\system32\drivers\TMEBC32.sys [4/21/2013 3:00 AM 38328]
R1 tmeext;tmeext;c:\windows\system32\drivers\tmeext.sys [4/21/2013 3:00 AM 90808]
R1 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [4/21/2013 3:00 AM 75624]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [4/23/2013 10:42 PM 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/23/2013 10:42 PM 701512]
R3 GenericMount;Generic Mount Driver;c:\windows\system32\drivers\GenericMount.sys [2/12/2010 8:10 AM 57840]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/23/2013 10:42 PM 22856]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files\MSI\Live Update 5\NTIOLib.sys [4/18/2013 8:41 PM 7680]
R3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [2/11/2010 3:34 AM 1964528]
R3 tmnciesc;tmnciesc;c:\windows\system32\drivers\tmnciesc.sys [4/21/2013 3:00 AM 171064]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe [4/21/2013 2:59 AM 221264]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 1:28 PM 160944]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [1/1/2013 12:25 AM 13896]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [1/1/2013 12:25 AM 9160]
S3 GenericMount Helper Service;GenericMount Helper Service;c:\program files\Norton Ghost\Shared\Drivers\GenericMountHelper.exe [2/12/2010 8:09 AM 1574408]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/4/2004 5:00 AM 14336]
S3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [8/4/2004 5:00 AM 5120]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - GTNDIS5
*NewlyCreated* - NTIOLIB_1_0_4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
nosGetPlusHelper	REG_MULTI_SZ   	nosGetPlusHelper
HPService	REG_MULTI_SZ   	HPSLPSVC
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-26 06:28	1642448	----a-w-	c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 23:37]
.
2013-03-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 19:34]
.
2013-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-26 06:27]
.
2013-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-26 06:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.my.yahoo.com
uInternet Settings,ProxyOverride = *.local
Trusted Zone: $talisma_url$
TCP: DhcpNameServer = 76.14.96.13 76.14.96.14 76.14.0.9
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-27 18:00
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,34,ca,76,38,f0,e7,9f,42,b0,7f,92,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,34,ca,76,38,f0,e7,9f,42,b0,7f,92,\
.
[HKEY_USERS\S-1-5-21-73586283-1972579041-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(1000)
c:\windows\system32\relog_ap.dll
.
Completion time: 2013-04-27  18:02:27
ComboFix-quarantined-files.txt  2013-04-28 01:02
.
Pre-Run: 183,063,797,760 bytes free
Post-Run: 183,499,460,608 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Windows XP/2003"
.
- - End Of File - - 39935C2190BC9553EF1B970742EAD4BB
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:10:05 PM, on 4/27/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Portrait Displays\Pivot Software\floater.exe
C:\Program Files\Microsoft LifeChat\LifeChat.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll
O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1125\7.5.1125\TmBpIe32.dll
O3 - Toolbar: Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O4 - HKLM\..\Run: [SW20] "C:\WINDOWS\system32\sw20.exe"
O4 - HKLM\..\Run: [SW24] "C:\WINDOWS\system32\sw24.exe"
O4 - HKLM\..\Run: [SoundMan] "C:\WINDOWS\SOUNDMAN.EXE"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe"
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] "C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe"
O4 - HKLM\..\Run: [AcronisTimounterMonitor] "C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [LifeChat] "C:\Program Files\Microsoft LifeChat\LifeChat.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Norton Ghost 15.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [****** EPM tray] C:\Program Files\******\****** Partition Master 9.2.1 Home Edition\bin\EpmNews.exe
O4 - HKLM\..\Run: [Live Update 5] C:\Program Files\MSI\Live Update 5\BootStartLiveupdate.exe /reminder
O4 - HKLM\..\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
O4 - HKLM\..\Run: [Trend Micro Titanium] "C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" -set Silent "1" SplashURL ""
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [igndlm.exe] "C:\Program Files\Download Manager\dlm.exe" /windowsstart /startifwork
O4 - HKCU\..\Run: [PCShowServer] "C:\Documents and Settings\User\Local Settings\Application Data\DIRECTV Player\PCShowServerPMWrapper.exe"
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1125\7.5.1125\TmBpIe32.dll
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O18 - Protocol: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: GenericMount Helper Service - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\GenericMountHelper.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 11804 bytes


----------



## djw663

Even though I dont get good results from speedtest.net I have achieved dtat transfer rates of 600+KBPS which is way faster than what it was, with AT&T U-verse when it worked I'd get 350KBPS otherwise it would be 25 or less. I did go get a Cat6e. cable and my PC is wired now My computer always ran very fast the only issue I had was the data transfer rates once we had to switch to U-verse. Here is the test from speedtest.net I just ran with a wired connection and again my ISP is Wave cable 15meg service.


----------



## johnb35

Ok, we need to replace a missing file.  But first I need you to upload this file to www.virustotal.com and let me know what the results screen show.

c:\windows\ServicePackFiles\i386\atapi.sys  

Just upload that file and when you get the results page, just copy and paste the url in your next reply.  Then we will have some other work to do.


----------



## djw663

I'll replace that file and do the other things you suggest later today, right now I have a 6 hour softball clinic I'm running today. 
P.S. as soon as I disabled my wireless nic card and wired my connection my speed went crazy. This is what it is wired with the wireless disabled.


----------



## johnb35

If you enable  the wireless card but still use the wired connection does the speed stay the same or slow back down?  If slows down might have a bad wireless driver or adapter.


----------



## djw663

It slowed down. I plan on removing the wireless card and running a shorter wire through the attack directly to my computer.


----------



## djw663

I enabled it but the wired is still hooked up. Here are the results.




Now I disconnected the hardwire and here are the results.




My conclusion is that my Mobo has a bad PCIe slot. I'm not going to move the wifi nic card I will just run with a hard wired connections, as far as the device drivers I did a new install with the disc I'll check for an update but I used the same equipment in my old computer and get 10 times the speed with an AMD 1700+ CPU, half the RAM and a HD that is 10+ times slower so I wouldn't thinnk that was the issue but I have seen stranger things happen. I'll let you know the results of the driver update.


----------



## djw663

Enabled wireless card and plugged back in wired connection.




Disabled wireless card and ran another test within one minute.


----------



## djw663

× Cookies are disabled! This site requires cookies to be enabled to work properly 
Community
 Statistics
 Documentation
 FAQ
 About
 Join our community Sign in  

 Analysis completed. 
SHA256: b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9 
SHA1: a719156e8ad67456556a02c34e762944234e7a44 
MD5: 9f3a2f5aa6875c72bf062c712cfa2674 
File size: 94.3 KB ( 96512 bytes )  
File name: atapi.sys 
File type: Win32 EXE 
Detection ratio: 0 / 46  
Analysis date: 2013-04-29 05:14:46 UTC ( 0 minutes ago )  

 10 12 Less detailsAnalysis File detail 
Additional information Comments Votes 
Antivirus  Result  Update  
Agnitum   20130427  
AhnLab-V3   20130428  
AntiVir   20130429  
Antiy-AVL   20130428  
Avast   20130429  
AVG   20130428  
BitDefender   20130429  
ByteHero   20130424  
CAT-QuickHeal   20130429  
ClamAV   20130429  
Commtouch   20130429  
Comodo   20130428  
DrWeb   20130429  
Emsisoft   20130429  
eSafe   20130423  
ESET-NOD32   20130428  
F-Prot   20130429  
F-Secure   20130429  
Fortinet   20130429  
GData   20130429  
Ikarus   20130429  
Jiangmin   20130429  
K7AntiVirus   20130426  
K7GW   20130426  
Kaspersky   20130429  
Kingsoft   20130422  
Malwarebytes   20130429  
McAfee   20130429  
McAfee-GW-Edition   20130428  
Microsoft   20130429  
MicroWorld-eScan   20130429  
NANO-Antivirus   20130429  
Norman   20130426  
nProtect   20130429  
Panda   20130428  
PCTools   20130429  
Sophos   20130429  
SUPERAntiSpyware   20130428  
Symantec   20130429  
TheHacker   20130426  
TotalDefense   20130428  
TrendMicro   20130429  
TrendMicro-HouseCall   20130429  
VBA32   20130427  
VIPRE   20130429  
ViRobot   20130429  

 An error occurred 
 An error occurred 
 An error occurred 
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so! 
  Filename: atapi.sys. PE32 from Windows XP SP3 #goodware #whitelist  
Posted 2 months, 3 weeks ago by Bernardo.Quintero   #goodware  
Posted 1 year, 1 month ago by thisisu   Tagged automatically
#goodware  
Posted 1 year, 2 months ago by tigzy   #goodware  
Posted 1 year, 3 months ago by angel1973   #goodware  
Posted 1 year, 5 months ago by angel1973  More comments Leave your comment...?           Rich Text AreaToolbar Bold (Ctrl+B) Italic (Ctrl+I) Underline (Ctrl+U) Undo (Ctrl+Z) Redo (Ctrl+Y)  StylesStyles ▼ 
  Remove Formatting  


 Post comment You have not signed in. Only registered users can leave comments, sign in and have a voice! 
Sign in Join the community 
No votes. No one has voted on this item yet, be the first one to do so!  More votes Blog | Twitter | contact@virustotal.com| Google groups | ToS | Privacy policy × Recover your passwordEnter the email address associated to your VirusTotal Community account and we'll send you a message so you can setup a new password. 
Email:    Recover password Cancel 
× Join VirusTotal CommunityInteract with other VirusTotal users and have an active voice when fighting today's Internet threats. Find out more about VirusTotal Community. 
First name  Last name  Username  * Email  * Password  * Confirm password  * * Required field   Cancel Sign up 
× Sign inUsername or email  Password  Forgot your password?   Cancel Sign in


----------



## djw663

If you remember from a previous post I switched adapters with the identicle one from my other computer.


----------



## johnb35

So this same adapter works great in a different computer?  

Lets get that file replaced.  

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box



		Code:
	

Killall::

fcopy::

c:\windows\ServicePackFiles\i386\atapi.sys | c:\windows\System32\drivers\atapi.sys


3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!







ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Then I would like for you to do the following.

Please download and run the ESET Online Scanner
Disable any antivirus/security programs.
IMPORTANT! UN-check Remove found threats 
Accept any security warnings from your browser. 
Check Scan archives 
Click Start 
ESET will then download updates, install and then start scanning your system. 
When the scan is done, push list of found threats 
Click on Export to text file , and save the file to your desktop using a file name, such as ESETlog. Include the contents of this report in your next reply. 
If no threats are found then it won't produce a log.


----------



## djw663

Combofix has been scanning for three hours now after dragging the file from the notepad to Combofix. I'll let it continue to run and check in a few more hours. I'll post as soon as possible.


----------



## djw663

My wife had shut down my computer during a ComboFix scan and when I went to turn it back on the operating system would not reload. I started it in safe mode and restored to 4/26 so I reinstalled ComboFix and did another scan here are the results; do you want me to continue with the suggestions above or do you see something different now?
ComboFix 13-05-01.03 - User 05/02/2013  20:51:07.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2047.1327 [GMT -7:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: Trend Micro Titanium Maximum Security *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\ZeoBIT
c:\documents and settings\User\WINDOWS
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-04-03 to 2013-05-03  )))))))))))))))))))))))))))))))
.
.
2013-05-03 03:11 . 2013-05-03 03:11	--------	d-----w-	c:\windows\system32\wbem\Repository
2013-05-03 03:07 . 2013-05-03 03:07	--------	d-----w-	c:\documents and settings\Administrator\IETldCache
2013-05-01 09:55 . 2013-05-01 09:55	8782	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\BUTTON.JS
2013-05-01 09:55 . 2013-05-01 09:55	7271	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\CHECKBOX.JS
2013-04-29 05:01 . 2013-04-29 05:01	--------	d-----w-	C:\Linksys Driver
2013-04-26 06:27 . 2013-05-03 03:29	--------	d-----w-	c:\program files\Google
2013-04-26 06:27 . 2013-04-26 06:29	--------	d-----w-	c:\documents and settings\User\Local Settings\Application Data\Google
2013-04-26 06:27 . 2013-04-26 06:27	--------	d-----w-	c:\documents and settings\User\Local Settings\Application Data\Deployment
2013-04-24 06:15 . 2013-04-24 06:15	388096	----a-r-	c:\documents and settings\User\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-04-24 05:42 . 2013-04-24 05:42	--------	d-----w-	c:\documents and settings\User\Application Data\Malwarebytes
2013-04-24 05:42 . 2013-04-24 05:42	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2013-04-24 05:42 . 2013-04-04 21:50	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-04-24 05:42 . 2013-04-24 05:42	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2013-04-23 05:33 . 2013-04-23 05:33	--------	d-----w-	c:\program files\CCleaner
2013-04-22 00:23 . 2013-04-22 00:33	--------	d-----w-	c:\program files\PCPitstop
2013-04-21 10:05 . 2013-04-21 10:05	--------	d-----w-	C:\TMRescueDisk
2013-04-21 10:00 . 2012-07-11 08:35	90808	----a-w-	c:\windows\system32\drivers\tmeext.sys
2013-04-21 10:00 . 2012-07-06 03:33	171064	----a-w-	c:\windows\system32\drivers\tmnciesc.sys
2013-04-21 10:00 . 2012-05-02 19:27	92304	----a-w-	c:\windows\system32\drivers\tmtdi.sys
2013-04-21 10:00 . 2012-08-24 13:06	38328	----a-w-	c:\windows\system32\drivers\TMEBC32.sys
2013-04-21 10:00 . 2012-07-12 10:30	94200	----a-w-	c:\windows\system32\drivers\tmactmon.sys
2013-04-21 10:00 . 2012-07-12 10:29	75624	----a-w-	c:\windows\system32\drivers\tmevtmgr.sys
2013-04-21 10:00 . 2012-07-12 10:29	257928	----a-w-	c:\windows\system32\drivers\tmcomm.sys
2013-04-21 09:59 . 2013-04-21 09:59	59	----a-w-	c:\windows\system32\SupportTool.exe.bat
2013-04-20 06:23 . 2013-03-12 08:10	237088	------w-	c:\windows\system32\MpSigStub.exe
2013-04-20 06:03 . 2013-04-20 06:03	--------	d-----w-	c:\program files\Microsoft Download Manager
2013-04-20 05:56 . 2000-01-04 14:39	212992	------w-	c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll
2013-04-20 05:56 . 2013-04-20 05:56	--------	d-----w-	C:\DCT53
2013-04-19 23:50 . 2013-04-19 23:50	20747	----a-w-	c:\windows\system32\drivers\AegisP.sys
2013-04-19 23:50 . 2005-10-27 22:06	356096	----a-w-	c:\windows\system32\rt61.sys
2013-04-19 23:50 . 2005-10-27 22:06	356096	----a-w-	c:\windows\system32\drivers\rt61.sys
2013-04-19 23:50 . 2005-10-20 22:00	243328	----a-w-	c:\windows\system32\rt2500.sys
2013-04-19 23:50 . 2003-10-13 22:30	94208	----a-w-	c:\windows\system32\GTW32N50.dll
2013-04-19 23:50 . 2003-09-26 06:28	31930	----a-w-	c:\windows\system32\GTNDIS3.VXD
2013-04-19 23:50 . 2003-09-26 05:15	15872	----a-w-	c:\windows\system32\GTNDIS5.sys
2013-04-19 23:50 . 2005-02-02 01:18	17992	----a-w-	c:\windows\system32\drivers\bcm42rly.sys
2013-04-19 23:50 . 2005-02-02 01:18	17992	----a-w-	c:\windows\system32\bcm42rly.sys
2013-04-19 23:50 . 2005-02-02 01:18	17992	----a-w-	c:\windows\bcm42rly.sys
2013-04-19 23:50 . 2013-04-19 23:50	--------	d-----w-	c:\program files\Linksys Wireless-G PCI Wireless Network Monitor
2013-04-19 03:41 . 2012-08-22 17:19	11832	----a-w-	c:\windows\acpimof.dll
2013-04-06 06:22 . 2013-04-06 06:22	--------	d-----w-	c:\documents and settings\User\Application Data\AVG2013
2013-04-06 06:22 . 2013-04-06 06:22	--------	d-----w-	c:\documents and settings\User\Application Data\TuneUp Software
2013-04-06 06:17 . 2013-04-21 09:55	--------	d-----w-	c:\documents and settings\User\Local Settings\Application Data\Avg2013
2013-04-06 06:17 . 2013-04-21 09:55	--------	d-----w-	c:\documents and settings\All Users\Application Data\MFAData
2013-04-06 06:17 . 2013-04-06 06:17	--------	d-----w-	c:\documents and settings\User\Local Settings\Application Data\MFAData
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-14 23:37 . 2012-03-31 23:20	691592	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-04-14 23:37 . 2011-05-18 03:40	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-23 08:22 . 2012-02-10 06:40	1869600	----a-w-	c:\windows\system32\nvcuvenc.dll
2013-03-23 08:22 . 2007-12-19 03:55	7536640	----a-w-	c:\windows\system32\nvcuda.dll
2013-03-23 08:22 . 2005-06-15 09:20	19189760	----a-w-	c:\windows\system32\nvoglnt.dll
2013-03-23 08:22 . 2005-06-15 09:20	12653120	----a-w-	c:\windows\system32\drivers\nv4_mini.sys
2013-03-23 08:22 . 2013-03-23 08:22	5967872	----a-w-	c:\windows\system32\nvopencl.dll
2013-03-23 08:22 . 2013-03-23 08:22	1010464	----a-w-	c:\windows\system32\nvdispco3230790.dll
2013-03-23 08:22 . 2012-02-10 06:40	17551360	----a-w-	c:\windows\system32\nvcompiler.dll
2013-03-23 08:22 . 2005-06-15 09:20	4494720	----a-w-	c:\windows\system32\nv4_disp.dll
2013-03-23 08:22 . 2013-03-23 08:22	893728	----a-w-	c:\windows\system32\nvdispgenco3230790.dll
2013-03-23 08:22 . 2007-12-29 22:46	2392064	----a-w-	c:\windows\system32\nvapi.dll
2013-03-23 08:22 . 2012-02-10 06:40	2582816	----a-w-	c:\windows\system32\nvcuvid.dll
2013-03-08 08:36 . 2004-08-04 12:00	293376	----a-w-	c:\windows\system32\winsrv.dll
2013-03-07 03:17 . 2013-02-25 00:48	9842040	----a-w-	c:\program files\Common Files\wruninstall.exe
2013-03-07 01:32 . 2004-08-04 12:00	2149888	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50 . 2004-08-03 22:59	2028544	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-03-02 02:06 . 2004-08-04 12:00	916480	----a-w-	c:\windows\system32\wininet.dll
2013-03-02 02:06 . 2004-08-04 12:00	43520	----a-w-	c:\windows\system32\licmgr10.dll
2013-03-02 02:06 . 2004-08-04 12:00	1469440	------w-	c:\windows\system32\inetcpl.cpl
2013-03-02 01:25 . 2004-08-04 12:00	1867264	----a-w-	c:\windows\system32\win32k.sys
2013-03-02 01:08 . 2004-08-04 12:00	385024	----a-w-	c:\windows\system32\html.iec
2013-02-27 07:56 . 2006-01-07 17:03	2067456	----a-w-	c:\windows\system32\mstscax.dll
2013-02-12 00:32 . 2008-08-23 03:34	12928	------w-	c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2004-08-04 12:00	12928	----a-w-	c:\windows\system32\drivers\usb8023.sys
2013-02-03 07:46 . 2012-07-11 04:16	861088	----a-w-	c:\windows\system32\npdeployJava1.dll
2013-02-03 07:46 . 2010-04-22 03:45	782240	----a-w-	c:\windows\system32\deployJava1.dll
2004-08-04 12:00	94784	--sh--w-	c:\windows\twain.dll
2008-04-14 00:12	50688	--sh--w-	c:\windows\twain_32.dll
2011-02-08 13:33	978944	--sha-w-	c:\windows\system32\mfc42.dll
2008-04-14 00:12	57344	--sh--w-	c:\windows\system32\msvcirt.dll
2008-04-14 00:12	413696	--sha-w-	c:\windows\system32\msvcp60.dll
2008-04-14 00:12	343040	--sha-w-	c:\windows\system32\msvcrt.dll
2013-01-26 03:55	552448	--sh--w-	c:\windows\system32\oleaut32.dll
2008-04-14 00:12	84992	--sha-w-	c:\windows\system32\olepro32.dll
2008-04-14 00:12	11776	--sh--w-	c:\windows\system32\regsvr32.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
.
c:\windows\System32\drivers\atapi.sys ... is missing !!
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-16 454784]
"igndlm.exe"="c:\program files\Download Manager\dlm.exe" [2009-05-15 1103216]
"PCShowServer"="c:\documents and settings\User\Local Settings\Application Data\DIRECTV Player\PCShowServerPMWrapper.exe" [2012-07-20 524976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SW20"="c:\windows\system32\sw20.exe" [2005-06-29 212992]
"SW24"="c:\windows\system32\sw24.exe" [2005-07-04 69632]
"SoundMan"="c:\windows\SOUNDMAN.EXE" [2006-11-17 577536]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-07-17 1687824]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-07-18 2094352]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"PivotSoftware"="c:\program files\Portrait Displays\Pivot Software\wpctrl.exe" [2007-02-09 694008]
"DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2007-04-20 1169744]
"AcronisTimounterMonitor"="c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2007-04-20 1945688]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2007-04-20 149024]
"LifeChat"="c:\program files\Microsoft LifeChat\LifeChat.exe" [2008-08-21 267296]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Norton Ghost 15.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2010-03-04 2598760]
"****** EPM tray"="c:\program files\******\****** Partition Master 9.2.1 Home Edition\bin\EpmNews.exe" [2012-11-29 2086984]
"Live Update 5"="c:\program files\MSI\Live Update 5\BootStartLiveupdate.exe" [2012-01-30 315392]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-07-25 133456]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-07-25 1374864]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2007-09-13 492912]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Uninstall Webroot RunOnce.lnk - c:\program files\Common Files\wruninstall.exe [2013-2-24 9842040]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Corel\\WordPerfect Office 2002\\Register\\NAVBrowser.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"e:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Frostwire\\FrostWire 5\\FrostWire.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Motive\\pcServiceHost.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*isabled:Windows Remote Management 
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/10/2007 11:21 PM 685816]
R0 TMEBC;TMEBC;c:\windows\system32\drivers\TMEBC32.sys [4/21/2013 3:00 AM 38328]
R1 tmeext;tmeext;c:\windows\system32\drivers\tmeext.sys [4/21/2013 3:00 AM 90808]
R1 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [4/21/2013 3:00 AM 75624]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [4/23/2013 10:42 PM 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/23/2013 10:42 PM 701512]
R3 GenericMount;Generic Mount Driver;c:\windows\system32\drivers\GenericMount.sys [2/12/2010 8:10 AM 57840]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/23/2013 10:42 PM 22856]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files\MSI\Live Update 5\NTIOLib.sys [4/18/2013 8:41 PM 7680]
R3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [2/11/2010 3:34 AM 1964528]
R3 tmnciesc;tmnciesc;c:\windows\system32\drivers\tmnciesc.sys [4/21/2013 3:00 AM 171064]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe [4/21/2013 2:59 AM 221264]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 1:28 PM 160944]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [1/1/2013 12:25 AM 13896]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [1/1/2013 12:25 AM 9160]
S3 GenericMount Helper Service;GenericMount Helper Service;c:\program files\Norton Ghost\Shared\Drivers\GenericMountHelper.exe [2/12/2010 8:09 AM 1574408]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/4/2004 5:00 AM 14336]
S3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [8/4/2004 5:00 AM 5120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
nosGetPlusHelper	REG_MULTI_SZ   	nosGetPlusHelper
HPService	REG_MULTI_SZ   	HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 23:37]
.
2013-04-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 19:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.my.yahoo.com
uInternet Settings,ProxyOverride = *.local
Trusted Zone: $talisma_url$
TCP: DhcpNameServer = 76.14.96.13 76.14.96.14 76.14.0.9
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-05-02 20:57
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,34,ca,76,38,f0,e7,9f,42,b0,7f,92,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,34,ca,76,38,f0,e7,9f,42,b0,7f,92,\
.
[HKEY_USERS\S-1-5-21-73586283-1972579041-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(940)
c:\windows\system32\relog_ap.dll
.
Completion time: 2013-05-02  20:59:23
ComboFix-quarantined-files.txt  2013-05-03 03:59
ComboFix2.txt  2013-05-01 10:13
ComboFix3.txt  2013-04-28 01:02
.
Pre-Run: 182,753,644,544 bytes free
Post-Run: 182,685,552,640 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Windows XP/2003"
.
- - End Of File - - 1B368396E7C3BE8D84F9CF264C678BBD


----------



## djw663

I saw where it said I was missing the file you had me put back in here is the current scan.
ComboFix 13-05-01.03 - User 05/02/2013  22:25:03.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2047.1352 [GMT -7:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: Trend Micro Titanium Maximum Security *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
.
.
(((((((((((((((((((((((((   Files Created from 2013-04-03 to 2013-05-03  )))))))))))))))))))))))))))))))
.
.
2013-05-03 03:11 . 2013-05-03 03:11	--------	d-----w-	c:\windows\system32\wbem\Repository
2013-05-03 03:07 . 2013-05-03 03:07	--------	d-----w-	c:\documents and settings\Administrator\IETldCache
2013-05-01 09:55 . 2013-05-01 09:55	8782	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\BUTTON.JS
2013-05-01 09:55 . 2013-05-01 09:55	7271	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\CHECKBOX.JS
2013-04-29 05:01 . 2013-04-29 05:01	--------	d-----w-	C:\Linksys Driver
2013-04-26 06:27 . 2013-05-03 03:29	--------	d-----w-	c:\program files\Google
2013-04-26 06:27 . 2013-04-26 06:29	--------	d-----w-	c:\documents and settings\User\Local Settings\Application Data\Google
2013-04-26 06:27 . 2013-04-26 06:27	--------	d-----w-	c:\documents and settings\User\Local Settings\Application Data\Deployment
2013-04-24 06:15 . 2013-04-24 06:15	388096	----a-r-	c:\documents and settings\User\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-04-24 05:42 . 2013-04-24 05:42	--------	d-----w-	c:\documents and settings\User\Application Data\Malwarebytes
2013-04-24 05:42 . 2013-04-24 05:42	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2013-04-24 05:42 . 2013-04-04 21:50	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-04-24 05:42 . 2013-04-24 05:42	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2013-04-23 05:33 . 2013-04-23 05:33	--------	d-----w-	c:\program files\CCleaner
2013-04-22 00:23 . 2013-04-22 00:33	--------	d-----w-	c:\program files\PCPitstop
2013-04-21 10:05 . 2013-04-21 10:05	--------	d-----w-	C:\TMRescueDisk
2013-04-21 10:00 . 2012-07-11 08:35	90808	----a-w-	c:\windows\system32\drivers\tmeext.sys
2013-04-21 10:00 . 2012-07-06 03:33	171064	----a-w-	c:\windows\system32\drivers\tmnciesc.sys
2013-04-21 10:00 . 2012-05-02 19:27	92304	----a-w-	c:\windows\system32\drivers\tmtdi.sys
2013-04-21 10:00 . 2012-08-24 13:06	38328	----a-w-	c:\windows\system32\drivers\TMEBC32.sys
2013-04-21 10:00 . 2012-07-12 10:30	94200	----a-w-	c:\windows\system32\drivers\tmactmon.sys
2013-04-21 10:00 . 2012-07-12 10:29	75624	----a-w-	c:\windows\system32\drivers\tmevtmgr.sys
2013-04-21 10:00 . 2012-07-12 10:29	257928	----a-w-	c:\windows\system32\drivers\tmcomm.sys
2013-04-21 09:59 . 2013-04-21 09:59	59	----a-w-	c:\windows\system32\SupportTool.exe.bat
2013-04-20 06:23 . 2013-03-12 08:10	237088	------w-	c:\windows\system32\MpSigStub.exe
2013-04-20 06:03 . 2013-04-20 06:03	--------	d-----w-	c:\program files\Microsoft Download Manager
2013-04-20 05:56 . 2000-01-04 14:39	212992	------w-	c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll
2013-04-20 05:56 . 2013-04-20 05:56	--------	d-----w-	C:\DCT53
2013-04-19 23:50 . 2013-04-19 23:50	20747	----a-w-	c:\windows\system32\drivers\AegisP.sys
2013-04-19 23:50 . 2005-10-27 22:06	356096	----a-w-	c:\windows\system32\rt61.sys
2013-04-19 23:50 . 2005-10-27 22:06	356096	----a-w-	c:\windows\system32\drivers\rt61.sys
2013-04-19 23:50 . 2005-10-20 22:00	243328	----a-w-	c:\windows\system32\rt2500.sys
2013-04-19 23:50 . 2003-10-13 22:30	94208	----a-w-	c:\windows\system32\GTW32N50.dll
2013-04-19 23:50 . 2003-09-26 06:28	31930	----a-w-	c:\windows\system32\GTNDIS3.VXD
2013-04-19 23:50 . 2003-09-26 05:15	15872	----a-w-	c:\windows\system32\GTNDIS5.sys
2013-04-19 23:50 . 2005-02-02 01:18	17992	----a-w-	c:\windows\system32\drivers\bcm42rly.sys
2013-04-19 23:50 . 2005-02-02 01:18	17992	----a-w-	c:\windows\system32\bcm42rly.sys
2013-04-19 23:50 . 2005-02-02 01:18	17992	----a-w-	c:\windows\bcm42rly.sys
2013-04-19 23:50 . 2013-04-19 23:50	--------	d-----w-	c:\program files\Linksys Wireless-G PCI Wireless Network Monitor
2013-04-19 03:41 . 2012-08-22 17:19	11832	----a-w-	c:\windows\acpimof.dll
2013-04-06 06:22 . 2013-04-06 06:22	--------	d-----w-	c:\documents and settings\User\Application Data\AVG2013
2013-04-06 06:22 . 2013-04-06 06:22	--------	d-----w-	c:\documents and settings\User\Application Data\TuneUp Software
2013-04-06 06:17 . 2013-04-21 09:55	--------	d-----w-	c:\documents and settings\User\Local Settings\Application Data\Avg2013
2013-04-06 06:17 . 2013-04-21 09:55	--------	d-----w-	c:\documents and settings\All Users\Application Data\MFAData
2013-04-06 06:17 . 2013-04-06 06:17	--------	d-----w-	c:\documents and settings\User\Local Settings\Application Data\MFAData
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-14 23:37 . 2012-03-31 23:20	691592	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-04-14 23:37 . 2011-05-18 03:40	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-23 08:22 . 2012-02-10 06:40	1869600	----a-w-	c:\windows\system32\nvcuvenc.dll
2013-03-23 08:22 . 2007-12-19 03:55	7536640	----a-w-	c:\windows\system32\nvcuda.dll
2013-03-23 08:22 . 2005-06-15 09:20	19189760	----a-w-	c:\windows\system32\nvoglnt.dll
2013-03-23 08:22 . 2005-06-15 09:20	12653120	----a-w-	c:\windows\system32\drivers\nv4_mini.sys
2013-03-23 08:22 . 2013-03-23 08:22	5967872	----a-w-	c:\windows\system32\nvopencl.dll
2013-03-23 08:22 . 2013-03-23 08:22	1010464	----a-w-	c:\windows\system32\nvdispco3230790.dll
2013-03-23 08:22 . 2012-02-10 06:40	17551360	----a-w-	c:\windows\system32\nvcompiler.dll
2013-03-23 08:22 . 2005-06-15 09:20	4494720	----a-w-	c:\windows\system32\nv4_disp.dll
2013-03-23 08:22 . 2013-03-23 08:22	893728	----a-w-	c:\windows\system32\nvdispgenco3230790.dll
2013-03-23 08:22 . 2007-12-29 22:46	2392064	----a-w-	c:\windows\system32\nvapi.dll
2013-03-23 08:22 . 2012-02-10 06:40	2582816	----a-w-	c:\windows\system32\nvcuvid.dll
2013-03-08 08:36 . 2004-08-04 12:00	293376	----a-w-	c:\windows\system32\winsrv.dll
2013-03-07 03:17 . 2013-02-25 00:48	9842040	----a-w-	c:\program files\Common Files\wruninstall.exe
2013-03-07 01:32 . 2004-08-04 12:00	2149888	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50 . 2004-08-03 22:59	2028544	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-03-02 02:06 . 2004-08-04 12:00	916480	----a-w-	c:\windows\system32\wininet.dll
2013-03-02 02:06 . 2004-08-04 12:00	43520	----a-w-	c:\windows\system32\licmgr10.dll
2013-03-02 02:06 . 2004-08-04 12:00	1469440	------w-	c:\windows\system32\inetcpl.cpl
2013-03-02 01:25 . 2004-08-04 12:00	1867264	----a-w-	c:\windows\system32\win32k.sys
2013-03-02 01:08 . 2004-08-04 12:00	385024	----a-w-	c:\windows\system32\html.iec
2013-02-27 07:56 . 2006-01-07 17:03	2067456	----a-w-	c:\windows\system32\mstscax.dll
2013-02-12 00:32 . 2008-08-23 03:34	12928	------w-	c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2004-08-04 12:00	12928	----a-w-	c:\windows\system32\drivers\usb8023.sys
2013-02-03 07:46 . 2012-07-11 04:16	861088	----a-w-	c:\windows\system32\npdeployJava1.dll
2013-02-03 07:46 . 2010-04-22 03:45	782240	----a-w-	c:\windows\system32\deployJava1.dll
2004-08-04 12:00	94784	--sh--w-	c:\windows\twain.dll
2008-04-14 00:12	50688	--sh--w-	c:\windows\twain_32.dll
2011-02-08 13:33	978944	--sha-w-	c:\windows\system32\mfc42.dll
2008-04-14 00:12	57344	--sh--w-	c:\windows\system32\msvcirt.dll
2008-04-14 00:12	413696	--sha-w-	c:\windows\system32\msvcp60.dll
2008-04-14 00:12	343040	--sha-w-	c:\windows\system32\msvcrt.dll
2013-01-26 03:55	552448	--sh--w-	c:\windows\system32\oleaut32.dll
2008-04-14 00:12	84992	--sha-w-	c:\windows\system32\olepro32.dll
2008-04-14 00:12	11776	--sh--w-	c:\windows\system32\regsvr32.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-16 454784]
"igndlm.exe"="c:\program files\Download Manager\dlm.exe" [2009-05-15 1103216]
"PCShowServer"="c:\documents and settings\User\Local Settings\Application Data\DIRECTV Player\PCShowServerPMWrapper.exe" [2012-07-20 524976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SW20"="c:\windows\system32\sw20.exe" [2005-06-29 212992]
"SW24"="c:\windows\system32\sw24.exe" [2005-07-04 69632]
"SoundMan"="c:\windows\SOUNDMAN.EXE" [2006-11-17 577536]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-07-17 1687824]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-07-18 2094352]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"PivotSoftware"="c:\program files\Portrait Displays\Pivot Software\wpctrl.exe" [2007-02-09 694008]
"DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2007-04-20 1169744]
"AcronisTimounterMonitor"="c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2007-04-20 1945688]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2007-04-20 149024]
"LifeChat"="c:\program files\Microsoft LifeChat\LifeChat.exe" [2008-08-21 267296]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Norton Ghost 15.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2010-03-04 2598760]
"****** EPM tray"="c:\program files\******\****** Partition Master 9.2.1 Home Edition\bin\EpmNews.exe" [2012-11-29 2086984]
"Live Update 5"="c:\program files\MSI\Live Update 5\BootStartLiveupdate.exe" [2012-01-30 315392]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-07-25 133456]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-07-25 1374864]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2007-09-13 492912]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Uninstall Webroot RunOnce.lnk - c:\program files\Common Files\wruninstall.exe [2013-2-24 9842040]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Corel\\WordPerfect Office 2002\\Register\\NAVBrowser.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"e:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Frostwire\\FrostWire 5\\FrostWire.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Motive\\pcServiceHost.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*isabled:Windows Remote Management 
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/10/2007 11:21 PM 685816]
R0 TMEBC;TMEBC;c:\windows\system32\drivers\TMEBC32.sys [4/21/2013 3:00 AM 38328]
R1 tmeext;tmeext;c:\windows\system32\drivers\tmeext.sys [4/21/2013 3:00 AM 90808]
R1 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [4/21/2013 3:00 AM 75624]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [4/23/2013 10:42 PM 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/23/2013 10:42 PM 701512]
R3 GenericMount;Generic Mount Driver;c:\windows\system32\drivers\GenericMount.sys [2/12/2010 8:10 AM 57840]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/23/2013 10:42 PM 22856]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files\MSI\Live Update 5\NTIOLib.sys [4/18/2013 8:41 PM 7680]
R3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [2/11/2010 3:34 AM 1964528]
R3 tmnciesc;tmnciesc;c:\windows\system32\drivers\tmnciesc.sys [4/21/2013 3:00 AM 171064]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe [4/21/2013 2:59 AM 221264]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 1:28 PM 160944]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [1/1/2013 12:25 AM 13896]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [1/1/2013 12:25 AM 9160]
S3 GenericMount Helper Service;GenericMount Helper Service;c:\program files\Norton Ghost\Shared\Drivers\GenericMountHelper.exe [2/12/2010 8:09 AM 1574408]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/4/2004 5:00 AM 14336]
S3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [8/4/2004 5:00 AM 5120]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - NTIOLIB_1_0_4
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
nosGetPlusHelper	REG_MULTI_SZ   	nosGetPlusHelper
HPService	REG_MULTI_SZ   	HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 23:37]
.
2013-04-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 19:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.my.yahoo.com
uInternet Settings,ProxyOverride = *.local
Trusted Zone: $talisma_url$
TCP: DhcpNameServer = 76.14.96.13 76.14.96.14 76.14.0.9
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-05-02 22:29
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,34,ca,76,38,f0,e7,9f,42,b0,7f,92,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,34,ca,76,38,f0,e7,9f,42,b0,7f,92,\
.
[HKEY_USERS\S-1-5-21-73586283-1972579041-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(940)
c:\windows\system32\relog_ap.dll
.
- - - - - - - > 'explorer.exe'(4080)
c:\windows\system32\WININET.dll
c:\program files\Windows Media Player\wmpband.dll
c:\program files\Portrait Displays\Pivot Software\winphook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-05-02  22:30:36
ComboFix-quarantined-files.txt  2013-05-03 05:30
ComboFix2.txt  2013-05-03 03:59
ComboFix3.txt  2013-05-01 10:13
ComboFix4.txt  2013-04-28 01:02
.
Pre-Run: 182,686,896,128 bytes free
Post-Run: 182,666,076,160 bytes free
.
- - End Of File - - F2982342F1DF5F19127E48D479255750
Now I will download the next item you recommended.


----------



## djw663

I saw where and what file was missing and completed the steps to replace the file and I downloaded Eset online scanner and there were no threats found.
Is there anything else you think I need to do?

This is my internet connection after the things you had me do. My service is 15/3!


----------



## johnb35

Things look good now.  I see remnants of AVG being installed so I would recommend you to run their removal tool.

http://download.avg.com/filedir/util/avgrem/avg_remover_stf_x86_2013_2706.exe


----------



## djw663

Thank you "johnb35" I just ran the AVG removal tool, it downloaded at 1.35MB per second a far cry from what it was before. You made it very easy to correct the problems in my computer from the detailed explanations to the links and suggested sites to view the issues. Thanks again.


----------



## johnb35

You are quite welcome.  Glad to know everything is working good now.


----------

