Resolved Dell Dimension 3000 running XP has extremely slow internet

mrl1007 · Mar 2, 2011

Hello! First off just wanted to say I'm so glad I came across this forum! I am working on a Dell Dimension 3000 running Windows XP for my aunt and uncle because the internet on it is going so slow that it sometimes takes 2-3 minutes just to load Facebook's homepage. It goes so slow that when updates are ran, they always time out. I had to manually update the programs in the 6 steps to make sure everything was up to date. I did follow the 6 steps and I still haven't had any luck. Here are copies of my logs:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5750

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/2/2011 7:01:09 AM
mbam-log-2011-03-02 (07-01-09).txt

Scan type: Quick scan
Objects scanned: 163675
Time elapsed: 5 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\documents and settings\Brian\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com (PUP.PlaySushi) -> Quarantined and deleted successfully.
c:\documents and settings\Brian\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\chrome (PUP.PlaySushi) -> Quarantined and deleted successfully.
c:\documents and settings\Brian\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\components (PUP.PlaySushi) -> Quarantined and deleted successfully.

Files Infected:
c:\documents and settings\Brian\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\chrome.manifest (PUP.PlaySushi) -> Quarantined and deleted successfully.
c:\documents and settings\Brian\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\install.rdf (PUP.PlaySushi) -> Quarantined and deleted successfully.
c:\documents and settings\Brian\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\chrome\pstextlinks.jar (PUP.PlaySushi) -> Quarantined and deleted successfully.
c:\documents and settings\Brian\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\components\playsushiff.dll (PUP.PlaySushi) -> Quarantined and deleted successfully.
c:\documents and settings\Brian\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\components\pstextlinks.xpt (PUP.PlaySushi) -> Quarantined and deleted successfully.

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-03-02 07:09:11
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD1600JB-75GVA0 rev.08.02D08
Running: 2uogm5ku.exe; Driver: C:\DOCUME~1\Brian\LOCALS~1\Temp\fxdoapob.sys

---- Devices - GMER 1.0.15 ----

Device \Driver\PCIIde \Device\Ide\PciIde0Channel0-0 Achernar.sys (Achernar.sys/NewSoft Technology Corporation)
Device \Driver\PCIIde \Device\Ide\PciIde0Channel1-1 Achernar.sys (Achernar.sys/NewSoft Technology Corporation)
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 11/3/2004 1:58:07 AM
System Uptime: 3/2/2011 7:03:06 AM (0 hours ago)

Motherboard: Dell Computer Corp. | | 0N6381
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 145 GiB total, 74.594 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (NTFS) - 932 GiB total, 322.383 GiB free.
G: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP318: 12/29/2010 9:20:34 PM - Installed TuneUp Utilities 2011
RP319: 12/29/2010 10:54:48 PM - Removed Ad-Aware 2007
RP320: 12/29/2010 10:56:15 PM - Removed Norton Security Scan
RP321: 12/29/2010 11:02:06 PM - Removed TuneUp Utilities 2006
RP322: 12/29/2010 11:03:18 PM - Removed TuneUp Utilities 2008
RP323: 1/16/2011 4:23:52 PM - System Checkpoint
RP324: 1/16/2011 6:13:29 PM - Software Distribution Service 3.0
RP325: 3/1/2011 12:38:58 AM - System Checkpoint
RP326: 3/2/2011 1:10:21 AM - System Checkpoint
RP327: 3/2/2011 3:00:19 AM - Software Distribution Service 3.0
RP328: 3/2/2011 6:04:28 AM - Software Distribution Service 3.0

==== Installed Programs ======================

3DVIA player 5.0
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.6
Adobe Shockwave Player 11.5
Adobe® Photoshop® Album Starter Edition 3.2
AnswerWorks 4.0 Runtime - English
AnswerWorks 5.0 English Runtime
AnswerWorks Runtime
Apple Mobile Device Support
Apple Software Update
AT&T Self Support Tool
AT&T Toolbar
Atari Breakout
Atari Classics Evolved-Breakout
ATT-HSI
att.net Internet Mail
Autodesk Civil Design 2004
Autodesk Express Viewer
Autodesk Land Desktop 2004
Autodesk Land Desktop 3
Autodesk Survey 2004
Autodesk Survey 3
Avatar: Path of Zuko
Ben 10 Alien Force Bounty Hunters
Bing Maps 3D
Bonjour
CP2101 USB to UART Bridge Controller
Creative MediaSource
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Media Experience
Dell Support 5.0.0 (630)
Delta Flight Schedules
Disney's Toontown Online
Disney Pirates of the Caribbean Online
Disney Toontown Online
Doggie Dash(R)
DXG-565V
ELMO Knows Your Name
ESPN RunTime
Fairly OddParents Information Stupor Highway
Fetch It Again!
Free Realms
Free Realms Installer
Garmin City Navigator North America NT 2009 Update
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB952287)
iCarly - iDream in Toons
ImageMixer VCD2
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
InterActual Player
Internet Explorer Default Page
iPod for Windows 2006-01-10
iTunes
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java 2 Runtime Environment, SE v1.4.2_03
Learn2 Player (Uninstall Only)
Logitech Desktop Messenger
Logitech SetPoint
Malwarebytes' Anti-Malware
MediaLife
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Encarta Encyclopedia Standard 2004
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Professional
Microsoft Picture It! Photo Premium 9
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Security Client
Microsoft Security Essentials
Microsoft Streets and Trips 2004
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Word 2002
Microsoft Works
Microsoft Works 2004 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Miniclip Toolbar
mIRC
Mobile Phone Suite Easy Synchronization
Modem Event Monitor
Modem Helper
Modem On Hold
Move Media Player
Mozilla Firefox (3.5.4)
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Musicmatch® Jukebox
Nicktoons Slimeball Multiplayer
OTOY
Picture Package
Playsushi
Presto! Mr. Photo 4
Presto! VideoWorks 6
Qualxserve Service Agreement
QuickTime
RealPlayer
RealUpgrade 1.0
Registry Mechanic 9.0
Rhapsody Player Engine
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Shockwave
SkyCaddie Desktop
SmartGlobe
Sonic DLA
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
Sony USB Driver
Sound Blaster Live! 24-bit
Sponge Bob Collapse Free Trial
SpongeBob Diner Dash Free Trial
SVCD2DVD 2.1
Swarm Gold
The Weather Channel
TomTom HOME 2.7.3.1894
TomTom HOME Visual Studio Merge Modules
Trimble Data Transfer
Trimble Geomatics Office v1.60
Trimble Link 3.0 for LDD R3
TuneUp Utilities 2011
TuneUp Utilities Language Pack (en-US)
TurboTax 2008
TurboTax 2008 winiper
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax 2009
TurboTax 2009 winiper
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
TurboTax Deluxe 2007
TurboTax Deluxe Deduction Maximizer 2006
TurboTax ItsDeductible 2006
UltimateZip 2.7
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951978)
USB MassStorage CardReader
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Volo View Express
WebCyberCoach 3.2 Dell
WebFldrs XP
WexTech AnswerWorks
WIDCOMM Bluetooth Software
Windows Imaging Component
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10
Windows XP Service Pack 3
Yahoo! Install Manager
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

3/2/2011 7:05:07 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde
3/2/2011 5:55:01 AM, error: Service Control Manager [7034] - The TuneUp Utilities Service service terminated unexpectedly. It has done this 1 time(s).
3/2/2011 5:55:01 AM, error: Service Control Manager [7034] - The TomTomHOMEService service terminated unexpectedly. It has done this 1 time(s).
3/2/2011 5:55:01 AM, error: Service Control Manager [7034] - The PC Tools Startup and Shutdown Monitor service service terminated unexpectedly. It has done this 1 time(s).
3/2/2011 5:55:01 AM, error: Service Control Manager [7034] - The McciCMService service terminated unexpectedly. It has done this 1 time(s).
3/2/2011 5:55:01 AM, error: Service Control Manager [7034] - The Logitech Easy Synchronization service terminated unexpectedly. It has done this 1 time(s).
3/2/2011 5:55:01 AM, error: Service Control Manager [7034] - The Logitech Bluetooth Service service terminated unexpectedly. It has done this 1 time(s).
3/2/2011 5:55:01 AM, error: Service Control Manager [7034] - The Intuit Update Service service terminated unexpectedly. It has done this 1 time(s).
3/2/2011 5:55:01 AM, error: Service Control Manager [7034] - The Creative Service for CDROM Access service terminated unexpectedly. It has done this 1 time(s).
3/2/2011 5:55:01 AM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
3/2/2011 5:55:01 AM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
3/2/2011 5:55:01 AM, error: Service Control Manager [7031] - The Bluetooth Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 5:55:01 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 1:57:57 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.99.378.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6603.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
3/2/2011 1:57:57 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.99.378.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6603.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
3/1/2011 9:20:45 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Download Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: DGK2TY51\Brian Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
3/1/2011 9:20:45 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Download Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: DGK2TY51\Brian Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
3/1/2011 9:20:45 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Download Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: DGK2TY51\Brian Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
3/1/2011 9:20:45 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Download Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: DGK2TY51\Brian Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
3/1/2011 9:16:05 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Download Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: DGK2TY51\Brian Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee2 Error description: The operation timed out
3/1/2011 9:16:05 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Download Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: DGK2TY51\Brian Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee2 Error description: The operation timed out
3/1/2011 9:16:05 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Download Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: DGK2TY51\Brian Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee2 Error description: The operation timed out
3/1/2011 9:16:05 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Download Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: DGK2TY51\Brian Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee2 Error description: The operation timed out

==== End Of File ===========================

DDS (Ver_10-12-12.02) - NTFSx86
Run by Brian at 7:32:39.90 on Wed 03/02/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.143 [GMT -5:00]

AV: Antivirus Live *Enabled/Outdated* {B316C67E-09F1-44c7-85E0-94F6DA8A4AA1}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\ATT-SST\McciTrayApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\Documents and Settings\Brian\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.att.net
mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
uInternet Connection Wizard,ShellNext = iexplore
mURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: PlaySushi: {21608b66-026f-4dcb-9244-0daca328dced} - c:\program files\playsushi\PSText.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search
BHO: AT&&T Toolbar: {4e7bd74f-2b8d-469e-94be-fd60bb9aae29} - c:\progra~1\atttoo~1\ATTTOO~1.DLL
BHO: Updater For Miniclip Toolbar: {77a0bb60-2708-429b-b955-8509eac2708f} - c:\program files\minicliptb\auxi\MiniclipAu.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Miniclip Toolbar: {f55296c6-2e04-4fb2-9c6f-2ce07577f04e} - c:\program files\minicliptb\MiniclipDx.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: &ESPN: {ae6f2894-af10-4c9c-b16e-1dfc6ff8c0c6} - c:\program files\espn\toolbar\DIGToolBar.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: AT&&T Toolbar: {4e7bd74f-2b8d-469e-94be-fd60bb9aae29} - c:\progra~1\atttoo~1\ATTTOO~1.DLL
TB: Miniclip Toolbar: {f55296c6-2e04-4fb2-9c6f-2ce07577f04e} - c:\program files\minicliptb\MiniclipDx.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [P17Helper] Rundll32 P17.dll,P17Helper
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb11.exe
mRun: [Logitech BT Wizard] LBTWiz.exe -silent
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
dRun: [Symantec NetDriver Warning] c:\progra~1\symnet~1\SNDWarn.exe
IE: {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/
IE: {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/
IE: {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_04\bin\npjpi150_04.dll
IE: {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - c:\program files\playsushi\PSText.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: motive.com\pattta.att
Trusted Zone: motive.com\patttbc.att
Trusted Zone: turbotax.com
DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} - hxxp://download.microsoft.com/download/7/0/7/707a44ad-52ad-49af-b7ef-e21b6b0656e4/VirtualEarth3D.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - hxxp://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - hxxps://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} - hxxp://download.microsoft.com/download/3/B/E/3BE57995-8452-41F1-8297-DD75EF049853/VirtualEarth3D.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1265989822281
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} - file://c:\program files\land desktop 3\AcDcToday.ocx
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} - hxxp://www.installengine.com/engine/isetup.cab
DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab
DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} - file://c:\program files\land desktop 3\InstBanr.ocx
DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - hxxp://a.download.toontown.com/sv1.0.36.3/ttinst.cab
DPF: {C6637286-300D-11D4-AE0A-0010830243BD} - file://c:\program files\land desktop 3\InstFred.ocx
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxp://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F281A59C-7B65-11D3-8617-0010830243BD} - file://c:\program files\land desktop 3\AcPreview.ocx
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: ShellExecuteHook class: {fe24cd78-7c63-465d-8787-4edf7fc79895} - c:\program files\logitech\easy synchronization\shellexecutehook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\brian\applic~1\mozilla\firefox\profiles\57t47ub1.default\
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\brian\application data\move networks\plugins\npqmp071705000014.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJPI150_04.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\sony online entertainment\npsoe.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600

============= SERVICES / DRIVERS ===============

R0 Achernar;Achernar - SCSI Command Filter Drivers;c:\windows\system32\drivers\Achernar.sys [2008-12-25 18432]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKsl03bf40b4;MpKsl03bf40b4;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6276861d-b192-488e-ace3-e00baecae1bb}\MpKsl03bf40b4.sys [2011-3-2 28752]
R1 MpKsl35ea88b5;MpKsl35ea88b5;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6276861d-b192-488e-ace3-e00baecae1bb}\MpKsl35ea88b5.sys [2011-3-2 28752]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-5-25 632792]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2011\TuneUpUtilitiesService32.exe [2010-12-14 1517376]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2011\TuneUpUtilitiesDriver32.sys [2010-11-29 10064]
S2 gupdate1ca33b07ae653fa;Google Update Service (gupdate1ca33b07ae653fa);c:\program files\google\update\GoogleUpdate.exe [2009-9-12 133104]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-12-30 38224]
S3 SNL320XP;SmartGlobe II;c:\windows\system32\drivers\9kdUSBXP.sys [2006-12-27 16000]

=============== Created Last 30 ================

2011-03-02 12:04:20 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{6276861d-b192-488e-ace3-e00baecae1bb}\MpKsl35ea88b5.sys
2011-03-02 11:09:47 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{6276861d-b192-488e-ace3-e00baecae1bb}\MpKsl03bf40b4.sys
2011-03-02 02:28:40 5943120 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{6276861d-b192-488e-ace3-e00baecae1bb}\mpengine.dll
2011-03-02 02:28:40 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-03-02 02:07:15 -------- d-----w- c:\program files\Microsoft Security Client
2011-03-02 01:32:26 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData

==================== Find3M ====================

2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-14 19:43:44 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:42:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07:07 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
1997-06-23 17:06:50 287504 -csha-w- c:\windows\system32\Msxbse35.dll

============= FINISH: 7:34:05.15 ===============

Thanks for taking the time to read this and at least attempt to help me out!

Bobbye · Mar 2, 2011

Welcome to TechSpot! I'll try and help you with the malware. But understand, "slow" can be caused by lot of things!

Looks like they have been using PlaySushi. Best to stop and go ahead and uninstall it. The games aren't worth it and are called 'potentially unwanted programs.

Antivirus Live is or was on the system. This is a rogue program that gives fake alerts. I'll check for additional entries: Please uninstall if on Add/Remove Programs
.AV: Antivirus Live *Enabled/Outdated*
======================================
There are several outdated versions of Java on the system and no current version so I'm going to have you run a program that will remove all the entries and related files.

Please download JavaRa and unzip it to your desktop.
Important!
***Please close any instances of Internet Explorer before continuing!***

Double-click on JavaRa.exe to start the program.
From the drop-down menu, choose English and click on Select.
JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
Click Yes when prompted. When JavaRa is done, a notice will appear that
a logfile has been produced. Click OK.
A logfile will pop up. Please save it to a convenient location.

Then download and install then most current version and update of Java Runtime
Environment (JRE) HERE.
=========================
There are 21 add-ons running. This is too many and puts the system at risk. Open Internet Explorer: Tools> Manage Addons> there are 2 sections for the dialog box> 1. addons currently on the system and 2. addons previously on the system> Disable as many of these as you can. The use resources, they take time to load and unload.
========================
I recommend that all of the following be removed from the Trusted Zone. Nothing needs to be in that zone and the security is lower:
Trusted Zone: intuit.com\ttlc
Trusted Zone: motive.com\pattta.att
Trusted Zone: motive.com\patttbc.att
Trusted Zone: turbotax.com
=====================================
I recommend taking the 17 entries for TurboTax 2007, 2008 and 2009 off the system> backup on a CD maybe? Why load and run all these!
====================================
And for those things I can't see>>> Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner

Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the Active X control to install
Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
Click Start
Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
Click Scan
Wait for the scan to finish
Click on "Copy to Clipboard"> (you won't see the 'clipboard')
Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
Re-enable your Antivirus software.
NOTE: If you forget to copy to the clipboard, you can find the log here:
C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

======================================
Download Combofix to your desktop from one of these locations:
Link 1
Link 2http://www.forospyware.com/sUBs/ComboFix.exe

Double click combofix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
Query- Recovery Console image

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

Click to expand...
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
.Click on Yes, to continue scanning for malware
.If Combofix asks you to update the program, allow
.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
.Close any open browsers.
.Double click combofix.exe

& follow the prompts to run.
When the scan completes it will open a text window. Please paste that log in your next reply.

Re-enable your Antivirus software.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

mrl1007 · Mar 2, 2011

wow thanks for the quick reply! this site is awesome! i will definately go through everything you said and let you know how it goes later on tonight! i had previously searched for that other "anti virus" software though and couldn't find it in the add/remove programs...i will look around harder for it just in case though. hopefully we can figure this out because the copy of windows stored on the computer won't reinstall so for me to reinstall windows i would have to get ahold of dell smh. hope it doesn't come down to that! thanks again! =)

mrl1007 · Mar 2, 2011

ok i went through and uninstalled the tax programs and playsushi, removed the trusted sites, removed old java programs, and downloaded the most recent java. it only showed that a few of the add ons were actually enabled when i checked those. i made sure all of them were disabled just in case. i wasnt able to run the online anti virus scan because the internet is practically unavailable on the machine. it shows i have a connection but i waited for 5-10 minutes for the eset webpage to load before giving up. i previously ran microsoft security essentials though just fyi. is there any program i can use without requiring internet access? any program that i have run i had to download and use my usb drive to install it onto the dell computer. also, i took the chance and didn't try to install the windows recovery console update because i didn't have a quick enough connection to download/update it. here is the log for combofix:

ComboFix 11-03-02.01 - Brian 03/02/2011 19:42:54.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.178 [GMT -5:00]
Running from: G:\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\f3initialsetup1.0.0.15-3.inf
c:\windows\settings.reg
c:\windows\system32\Data
c:\windows\system32\Thumbs.db
c:\windows\system32\uninstall.exe
F:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2011-02-03 to 2011-03-03 )))))))))))))))))))))))))))))))
.

2011-03-02 23:54 . 2011-03-02 23:53 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-03-02 23:54 . 2011-03-02 23:53 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-03-02 23:54 . 2011-03-02 23:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-02 23:43 . 2011-03-02 23:43 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6276861D-B192-488E-ACE3-E00BAECAE1BB}\MpKsld7951274.sys
2011-03-02 23:32 . 2011-03-02 23:32 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6276861D-B192-488E-ACE3-E00BAECAE1BB}\MpKslc3fe0fac.sys
2011-03-02 02:28 . 2011-02-23 14:35 5943120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6276861D-B192-488E-ACE3-E00BAECAE1BB}\mpengine.dll
2011-03-02 02:28 . 2011-02-02 22:11 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-03-02 02:07 . 2011-03-02 02:07 -------- d-----w- c:\program files\Microsoft Security Client
2011-03-02 01:32 . 2011-03-02 01:32 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2004-08-04 10:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-04 10:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2004-08-04 10:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-08-04 10:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:09 . 2010-12-30 11:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2010-12-30 11:54 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 17:26 . 2004-08-04 10:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-14 19:43 . 2010-12-30 02:21 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2010-12-09 15:15 . 2004-08-04 10:00 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2004-08-04 10:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:42 . 1980-01-01 05:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07 . 1980-01-01 05:00 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
1997-06-23 17:06 287504 -csha-w- c:\windows\SYSTEM32\Msxbse35.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77A0BB60-2708-429b-B955-8509EAC2708F}]
2010-01-29 19:22 257192 -c--a-w- c:\program files\minicliptb\auxi\MiniclipAu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f55296c6-2e04-4fb2-9c6f-2ce07577f04e}]
2010-01-29 19:22 86696 -c--a-w- c:\program files\minicliptb\MiniclipDx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{f55296c6-2e04-4fb2-9c6f-2ce07577f04e}"= "c:\program files\minicliptb\MiniclipDx.dll" [2010-01-29 86696]

[HKEY_CLASSES_ROOT\clsid\{f55296c6-2e04-4fb2-9c6f-2ce07577f04e}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech BT Wizard"="LBTWiz.exe -silent" [X]
"P17Helper"="P17.dll" [2004-06-10 60928]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb11.exe" [2004-04-06 172032]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-11-03 28160]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2009-10-22 1577984]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{FE24CD78-7C63-465D-8787-4EDF7FC79895}"= "c:\program files\Logitech\Easy Synchronization\shellexecutehook.dll" [2005-09-05 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2005-11-23 07:47 53248 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWlgn.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SmartGlobe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SmartGlobe.lnk
backup=c:\windows\pss\SmartGlobe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy Synchronization]
2005-09-05 14:16 53248 ----a-w- c:\program files\Logitech\Easy Synchronization\LogitechEasySync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-07-10 14:51 289064 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
2006-01-01 17:39 36864 -c--a-w- c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DellSupport"="c:\progra~1\DELLSU~1\DSAgnt.exe" /startup
"Desktop Weather 3"=c:\program files\The Weather Channel\The Weather Channel.exe
"MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe"
"Adobe Reader Speed Launcher"=c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"RegistryMechanic"=c:\program files\Registry Mechanic\RegMech.exe /H
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"CTSysVol"=c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
"UpdReg"=c:\windows\UpdReg.EXE
"ViewMgr"=c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe"
"IntelMeM"=c:\program files\Intel\Modem Event Monitor\IntelMEM.exe
"MimBoot"=c:\progra~1\MUSICM~1\MUSICM~2\mimboot.exe
"Microsoft Works Update Detection"=c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
"SunJavaUpdateSched"=c:\program files\Java\jre1.5.0_04\bin\jusched.exe
"dla"=c:\windows\system32\dla\tfswctrl.exe
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" /r
"igfxtray"=c:\windows\system32\igfxtray.exe
"igfxpers"=c:\windows\system32\igfxpers.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"igfxhkcmd"=c:\windows\system32\hkcmd.exe
"DIGStream"=c:\program files\DIGStream\digstream.exe
"DIGServices"=c:\program files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"MediaLifeService"="c:\program files\Logitech\MediaLife\MediaLifeService.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Achernar;Achernar - SCSI Command Filter Drivers;c:\windows\SYSTEM32\DRIVERS\Achernar.sys [12/25/2008 2:46 PM 18432]
R1 MpKslc3fe0fac;MpKslc3fe0fac;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6276861D-B192-488E-ACE3-E00BAECAE1BB}\MpKslc3fe0fac.sys [3/2/2011 6:32 PM 28752]
R1 MpKsld7951274;MpKsld7951274;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6276861D-B192-488E-ACE3-E00BAECAE1BB}\MpKsld7951274.sys [3/2/2011 6:43 PM 28752]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [5/25/2010 10:42 AM 632792]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [11/13/2009 6:31 AM 92008]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [12/14/2010 2:41 PM 1517376]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [11/29/2010 7:27 PM 10064]
S1 MpKsl35ea88b5;MpKsl35ea88b5;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6276861D-B192-488E-ACE3-E00BAECAE1BB}\MpKsl35ea88b5.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6276861D-B192-488E-ACE3-E00BAECAE1BB}\MpKsl35ea88b5.sys [?]
S2 gupdate1ca33b07ae653fa;Google Update Service (gupdate1ca33b07ae653fa);c:\program files\Google\Update\GoogleUpdate.exe [9/12/2009 8:53 AM 133104]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys [12/30/2010 6:54 AM 38224]
S3 SNL320XP;SmartGlobe II;c:\windows\SYSTEM32\DRIVERS\9kdUSBXP.sys [12/27/2006 5:06 PM 16000]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - JAVAQUICKSTARTERSERVICE
*NewlyCreated* - MPKSLD7951274
.
Contents of the 'Scheduled Tasks' folder

2010-12-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 21:57]

2011-03-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-04 23:43]

2011-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-12 13:52]

2011-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-12 13:52]

2011-03-02 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 17:26]

2011-03-02 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3976582335-634381009-2133012585-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2011-03-02 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3976582335-634381009-2133012585-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2011-03-02 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3976582335-634381009-2133012585-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2011-01-16 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3976582335-634381009-2133012585-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.att.net
mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
uInternet Connection Wizard,ShellNext = iexplore
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab
FF - ProfilePath - c:\documents and settings\Brian\Application Data\Mozilla\Firefox\Profiles\57t47ub1.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
HKU-Default-Run-Symantec NetDriver Warning - c:\progra~1\SYMNET~1\SNDWarn.exe
AddRemove-SLABCOMM - c:\windows\system32\uninstall.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-02 19:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(788)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
Completion time: 2011-03-02 19:57:52
ComboFix-quarantined-files.txt 2011-03-03 00:57

Pre-Run: 79,669,903,360 bytes free
Post-Run: 79,650,574,336 bytes free

- - End Of File - - AD2F23D1097AE205893D6FB418D12CBB

Bobbye · Mar 4, 2011

First thing you have to know is that it appears you have an infected flash drive:

You may have a flash drive infection. These worms travel through your portable drives. If they have been connected to other machines, they may now be infected.

[*] Please download Flash_Disinfector.exe by sUBs and save it to your desktop.

Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
Note: Some security programs will flag Flash_Disinfector as being some sort of malware, you can safely ignore these warnings
The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
Wait until it has finished scanning and then exit the program.
Reboot your computer when done.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.

I'll be back in the morning to review the Combofix log. It's really been a long day and I need some sleep.

Bobbye · Mar 5, 2011

Dell Dimension 3000 running Windows XP

Dell shows RAM for this model at 128 MB minimum, 2GB maximum. They were never one to load much RAM. I have 43ooDimension that came with 256MB of RAM-which I soon doubled. Please check the Control Panel> System Propterties and see how much RAM is installed.

I would also like to know what type of connection there is for the internet. I see entries for AT&T and Comcast. This and the RAM could account for the slowness.

There is also still some of the Dell preloads which, if loading on boot can slow things down:
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Media Experience
Dell Support 5.0.0 (630)
========================================
Please run this Custom CFScript:

[1]. Close any open browsers.
[2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
[3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.

Code:

File::
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6276861D-B192-488E-ACE3-E00BAECAE1BB}\MpKsl35ea88b5.sys
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f55296c6-2e04-4fb2-9c6f-2ce07577f04e}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{f55296c6-2e04-4fb2-9c6f-2ce07577f04e}"=-
[HKEY_CLASSES_ROOT\clsid\{f55296c6-2e04-4fb2-9c6f-2ce07577f04e}
DDS::
mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
mURLSearchHooks: H - No File
BHO: PlaySushi: {21608b66-026f-4dcb-9244-0daca328dced} - c:\program files\playsushi\PSText.dll
BHO: Updater For Miniclip Toolbar: {77a0bb60-2708-429b-b955-8509eac2708f} - c:\program files\minicliptb\auxi\MiniclipAu.dll
BHO: Miniclip Toolbar: {f55296c6-2e04-4fb2-9c6f-2ce07577f04e} - c:\program files\minicliptb\MiniclipDx.dll
TB: Miniclip Toolbar: {f55296c6-2e04-4fb2-9c6f-2ce07577f04e} - c:\program files\minicliptb\MiniclipDx.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
dRun: [Symantec NetDriver Warning] c:\progra~1\symnet~1\SNDWarn.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - c:\program files\playsushi\PSText.dll
DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - hxxp://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - hxxps://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab

Driver::
MpKsl35ea88b5

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================

mrl1007 · Mar 5, 2011

ok so i ran Flash_Disinfector and reset after. it has 256mb of ram in it. they have at&t but i have comcast at my house which is where i am working on it. it runs at the same slow speed at both houses. i made sure that the computer has the minimum amount of programs starting up with windows. still slow though =/. leaning towards a fresh install or a dual boot with jolicloud for now... here is the log though for the second combofix run:

ComboFix 11-03-02.01 - Brian 03/05/2011 18:17:19.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.177 [GMT -5:00]
Running from: c:\documents and settings\Brian\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Brian\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6276861D-B192-488E-ACE3-E00BAECAE1BB}\MpKsl35ea88b5.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\minicliptb\auxi\MiniclipAu.dll
c:\program files\minicliptb\MiniclipDx.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MPKSL35EA88B5
-------\Service_MpKsl35ea88b5

((((((((((((((((((((((((( Files Created from 2011-02-05 to 2011-03-05 )))))))))))))))))))))))))))))))
.

2011-03-05 22:52 . 2011-03-05 22:52 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2011-03-05 17:40 . 2011-03-05 17:40 -------- d--h--w- c:\documents and settings\Default User.WINDOWS.0
2011-03-05 17:40 . 2011-03-05 17:40 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0
2011-03-04 16:47 . 2011-03-04 16:53 -------- d-----w- C:\WINDOWS.0
2011-03-03 02:41 . 2011-02-23 14:35 5943120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{32692C3F-ACB1-4428-B9D8-D9185616837D}\mpengine.dll
2011-03-02 23:54 . 2011-03-02 23:53 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-03-02 23:54 . 2011-03-02 23:53 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-03-02 23:54 . 2011-03-02 23:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-02 02:28 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-03-02 02:07 . 2011-03-02 02:07 -------- d-----w- c:\program files\Microsoft Security Client
2011-03-02 01:32 . 2011-03-02 01:32 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2004-08-04 10:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-04 10:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2004-08-04 10:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-08-04 10:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59 . 2004-08-04 10:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 23:09 . 2010-12-30 11:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2010-12-30 11:54 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 17:26 . 2004-08-04 10:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec
2010-12-14 19:43 . 2010-12-30 02:21 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2010-12-09 15:15 . 2004-08-04 10:00 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2004-08-04 10:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:42 . 1980-01-01 05:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07 . 1980-01-01 05:00 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
1997-06-23 17:06 287504 -csha-w- c:\windows\SYSTEM32\Msxbse35.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech BT Wizard"="LBTWiz.exe -silent" [X]
"P17Helper"="P17.dll" [2004-06-10 60928]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb11.exe" [2004-04-06 172032]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-11-03 28160]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2009-10-22 1577984]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{FE24CD78-7C63-465D-8787-4EDF7FC79895}"= "c:\program files\Logitech\Easy Synchronization\shellexecutehook.dll" [2005-09-05 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2005-11-23 07:47 53248 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWlgn.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SmartGlobe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SmartGlobe.lnk
backup=c:\windows\pss\SmartGlobe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy Synchronization]
2005-09-05 14:16 53248 ----a-w- c:\program files\Logitech\Easy Synchronization\LogitechEasySync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-07-10 14:51 289064 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
2006-01-01 17:39 36864 -c--a-w- c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DellSupport"="c:\progra~1\DELLSU~1\DSAgnt.exe" /startup
"Desktop Weather 3"=c:\program files\The Weather Channel\The Weather Channel.exe
"MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe"
"Adobe Reader Speed Launcher"=c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"RegistryMechanic"=c:\program files\Registry Mechanic\RegMech.exe /H
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"CTSysVol"=c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
"UpdReg"=c:\windows\UpdReg.EXE
"ViewMgr"=c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe"
"IntelMeM"=c:\program files\Intel\Modem Event Monitor\IntelMEM.exe
"MimBoot"=c:\progra~1\MUSICM~1\MUSICM~2\mimboot.exe
"Microsoft Works Update Detection"=c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
"SunJavaUpdateSched"=c:\program files\Java\jre1.5.0_04\bin\jusched.exe
"dla"=c:\windows\system32\dla\tfswctrl.exe
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" /r
"igfxtray"=c:\windows\system32\igfxtray.exe
"igfxpers"=c:\windows\system32\igfxpers.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"igfxhkcmd"=c:\windows\system32\hkcmd.exe
"DIGStream"=c:\program files\DIGStream\digstream.exe
"DIGServices"=c:\program files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"MediaLifeService"="c:\program files\Logitech\MediaLife\MediaLifeService.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Achernar;Achernar - SCSI Command Filter Drivers;c:\windows\SYSTEM32\DRIVERS\Achernar.sys [12/25/2008 2:46 PM 18432]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [5/25/2010 10:42 AM 632792]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [11/13/2009 6:31 AM 92008]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [12/14/2010 2:41 PM 1517376]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [11/29/2010 7:27 PM 10064]
S1 MpKsl2baa5b88;MpKsl2baa5b88;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{32692C3F-ACB1-4428-B9D8-D9185616837D}\MpKsl2baa5b88.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{32692C3F-ACB1-4428-B9D8-D9185616837D}\MpKsl2baa5b88.sys [?]
S1 MpKsl422dee88;MpKsl422dee88;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{32692C3F-ACB1-4428-B9D8-D9185616837D}\MpKsl422dee88.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{32692C3F-ACB1-4428-B9D8-D9185616837D}\MpKsl422dee88.sys [?]
S2 gupdate1ca33b07ae653fa;Google Update Service (gupdate1ca33b07ae653fa);c:\program files\Google\Update\GoogleUpdate.exe [9/12/2009 8:53 AM 133104]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys [12/30/2010 6:54 AM 38224]
S3 SNL320XP;SmartGlobe II;c:\windows\SYSTEM32\DRIVERS\9kdUSBXP.sys [12/27/2006 5:06 PM 16000]
.
Contents of the 'Scheduled Tasks' folder

2010-12-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 21:57]

2011-03-05 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-04 23:43]

2011-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-12 13:52]

2011-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-12 13:52]

2011-03-05 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 17:26]

2011-03-05 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3976582335-634381009-2133012585-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2011-03-05 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3976582335-634381009-2133012585-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2011-03-05 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3976582335-634381009-2133012585-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2011-01-16 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3976582335-634381009-2133012585-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.att.net
uInternet Connection Wizard,ShellNext = iexplore
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab
FF - ProfilePath - c:\documents and settings\Brian\Application Data\Mozilla\Firefox\Profiles\57t47ub1.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\Brian\Application Data\Move Networks
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-05 18:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(720)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(208)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\CTsvcCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Logitech\Easy Synchronization\servicestub.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\Rundll32.exe
c:\program files\Logitech\SetPoint\LBTWiz.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2011-03-05 18:43:11 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-05 23:43
ComboFix2.txt 2011-03-03 00:57

Pre-Run: 78,951,043,072 bytes free
Post-Run: 78,790,455,296 bytes free

- - End Of File - - 501C98D489BDF7A0AD7C233D377890DA

mrl1007 · Mar 6, 2011

dont worry about it i just clean installed it. thanks tho!

Bobbye · Mar 7, 2011

Thank you for the update.

Resolved Dell Dimension 3000 running XP has extremely slow internet

mrl1007

Bobbye

Posts: 16,313 +36

mrl1007

mrl1007

Bobbye

Posts: 16,313 +36

Bobbye

Posts: 16,313 +36

mrl1007

mrl1007

Bobbye

Posts: 16,313 +36

Similar threads

Latest posts