TechSpot

Dell Dimension 3000 running XP has extremely slow internet

Resolved
By mrl1007
Mar 2, 2011
Topic Status:
Not open for further replies.
  1. Hello! First off just wanted to say I'm so glad I came across this forum! I am working on a Dell Dimension 3000 running Windows XP for my aunt and uncle because the internet on it is going so slow that it sometimes takes 2-3 minutes just to load Facebook's homepage. It goes so slow that when updates are ran, they always time out. I had to manually update the programs in the 6 steps to make sure everything was up to date. I did follow the 6 steps and I still haven't had any luck. Here are copies of my logs:

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5750

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    3/2/2011 7:01:09 AM
    mbam-log-2011-03-02 (07-01-09).txt

    Scan type: Quick scan
    Objects scanned: 163675
    Time elapsed: 5 minute(s), 30 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 3
    Files Infected: 5

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    c:\documents and settings\Brian\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com (PUP.PlaySushi) -> Quarantined and deleted successfully.
    c:\documents and settings\Brian\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\chrome (PUP.PlaySushi) -> Quarantined and deleted successfully.
    c:\documents and settings\Brian\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\components (PUP.PlaySushi) -> Quarantined and deleted successfully.

    Files Infected:
    c:\documents and settings\Brian\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\chrome.manifest (PUP.PlaySushi) -> Quarantined and deleted successfully.
    c:\documents and settings\Brian\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\install.rdf (PUP.PlaySushi) -> Quarantined and deleted successfully.
    c:\documents and settings\Brian\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\chrome\pstextlinks.jar (PUP.PlaySushi) -> Quarantined and deleted successfully.
    c:\documents and settings\Brian\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\components\playsushiff.dll (PUP.PlaySushi) -> Quarantined and deleted successfully.
    c:\documents and settings\Brian\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\components\pstextlinks.xpt (PUP.PlaySushi) -> Quarantined and deleted successfully.

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2011-03-02 07:09:11
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD1600JB-75GVA0 rev.08.02D08
    Running: 2uogm5ku.exe; Driver: C:\DOCUME~1\Brian\LOCALS~1\Temp\fxdoapob.sys


    ---- Devices - GMER 1.0.15 ----

    Device \Driver\PCIIde \Device\Ide\PciIde0Channel0-0 Achernar.sys (Achernar.sys/NewSoft Technology Corporation)
    Device \Driver\PCIIde \Device\Ide\PciIde0Channel1-1 Achernar.sys (Achernar.sys/NewSoft Technology Corporation)
    Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
    Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

    AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 11/3/2004 1:58:07 AM
    System Uptime: 3/2/2011 7:03:06 AM (0 hours ago)

    Motherboard: Dell Computer Corp. | | 0N6381
    Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 145 GiB total, 74.594 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    F: is FIXED (NTFS) - 932 GiB total, 322.383 GiB free.
    G: is Removable

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP318: 12/29/2010 9:20:34 PM - Installed TuneUp Utilities 2011
    RP319: 12/29/2010 10:54:48 PM - Removed Ad-Aware 2007
    RP320: 12/29/2010 10:56:15 PM - Removed Norton Security Scan
    RP321: 12/29/2010 11:02:06 PM - Removed TuneUp Utilities 2006
    RP322: 12/29/2010 11:03:18 PM - Removed TuneUp Utilities 2008
    RP323: 1/16/2011 4:23:52 PM - System Checkpoint
    RP324: 1/16/2011 6:13:29 PM - Software Distribution Service 3.0
    RP325: 3/1/2011 12:38:58 AM - System Checkpoint
    RP326: 3/2/2011 1:10:21 AM - System Checkpoint
    RP327: 3/2/2011 3:00:19 AM - Software Distribution Service 3.0
    RP328: 3/2/2011 6:04:28 AM - Software Distribution Service 3.0

    ==== Installed Programs ======================


    3DVIA player 5.0
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 8.1.6
    Adobe Shockwave Player 11.5
    Adobe® Photoshop® Album Starter Edition 3.2
    AnswerWorks 4.0 Runtime - English
    AnswerWorks 5.0 English Runtime
    AnswerWorks Runtime
    Apple Mobile Device Support
    Apple Software Update
    AT&T Self Support Tool
    AT&T Toolbar
    Atari Breakout
    Atari Classics Evolved-Breakout
    ATT-HSI
    att.net Internet Mail
    Autodesk Civil Design 2004
    Autodesk Express Viewer
    Autodesk Land Desktop 2004
    Autodesk Land Desktop 3
    Autodesk Survey 2004
    Autodesk Survey 3
    Avatar: Path of Zuko
    Ben 10 Alien Force Bounty Hunters
    Bing Maps 3D
    Bonjour
    CP2101 USB to UART Bridge Controller
    Creative MediaSource
    Dell Digital Jukebox Driver
    Dell Driver Reset Tool
    Dell Media Experience
    Dell Support 5.0.0 (630)
    Delta Flight Schedules
    Disney's Toontown Online
    Disney Pirates of the Caribbean Online
    Disney Toontown Online
    Doggie Dash(R)
    DXG-565V
    ELMO Knows Your Name
    ESPN RunTime
    Fairly OddParents Information Stupor Highway
    Fetch It Again!
    Free Realms
    Free Realms Installer
    Garmin City Navigator North America NT 2009 Update
    Google Chrome
    Google Earth
    Google Toolbar for Internet Explorer
    Google Update Helper
    Google Updater
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows XP (KB952287)
    iCarly - iDream in Toons
    ImageMixer VCD2
    Intel(R) 537EP V9x DF PCI Modem
    Intel(R) Extreme Graphics 2 Driver
    Intel(R) PRO Network Adapters and Drivers
    Intel(R) PROSet for Wired Connections
    InterActual Player
    Internet Explorer Default Page
    iPod for Windows 2006-01-10
    iTunes
    J2SE Runtime Environment 5.0 Update 2
    J2SE Runtime Environment 5.0 Update 4
    Jasc Paint Shop Photo Album
    Jasc Paint Shop Pro 8 Dell Edition
    Java 2 Runtime Environment, SE v1.4.2_03
    Learn2 Player (Uninstall Only)
    Logitech Desktop Messenger
    Logitech SetPoint
    Malwarebytes' Anti-Malware
    MediaLife
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Antimalware
    Microsoft Application Error Reporting
    Microsoft Encarta Encyclopedia Standard 2004
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Money 2004
    Microsoft Money 2004 System Pack
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2000 Professional
    Microsoft Picture It! Photo Premium 9
    Microsoft Plus! Digital Media Edition Installer
    Microsoft Plus! Photo Story 2 LE
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Streets and Trips 2004
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Word 2002
    Microsoft Works
    Microsoft Works 2004 Setup Launcher
    Microsoft Works Suite Add-in for Microsoft Word
    Miniclip Toolbar
    mIRC
    Mobile Phone Suite Easy Synchronization
    Modem Event Monitor
    Modem Helper
    Modem On Hold
    Move Media Player
    Mozilla Firefox (3.5.4)
    MSN
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Musicmatch® Jukebox
    Nicktoons Slimeball Multiplayer
    OTOY
    Picture Package
    Playsushi
    Presto! Mr. Photo 4
    Presto! VideoWorks 6
    Qualxserve Service Agreement
    QuickTime
    RealPlayer
    RealUpgrade 1.0
    Registry Mechanic 9.0
    Rhapsody Player Engine
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Shockwave
    SkyCaddie Desktop
    SmartGlobe
    Sonic DLA
    Sonic MyDVD
    Sonic RecordNow!
    Sonic Update Manager
    Sony USB Driver
    Sound Blaster Live! 24-bit
    Sponge Bob Collapse Free Trial
    SpongeBob Diner Dash Free Trial
    SVCD2DVD 2.1
    Swarm Gold
    The Weather Channel
    TomTom HOME 2.7.3.1894
    TomTom HOME Visual Studio Merge Modules
    Trimble Data Transfer
    Trimble Geomatics Office v1.60
    Trimble Link 3.0 for LDD R3
    TuneUp Utilities 2011
    TuneUp Utilities Language Pack (en-US)
    TurboTax 2008
    TurboTax 2008 winiper
    TurboTax 2008 WinPerFedFormset
    TurboTax 2008 WinPerProgramHelp
    TurboTax 2008 WinPerReleaseEngine
    TurboTax 2008 WinPerTaxSupport
    TurboTax 2008 WinPerUserEducation
    TurboTax 2008 wrapper
    TurboTax 2009
    TurboTax 2009 winiper
    TurboTax 2009 WinPerFedFormset
    TurboTax 2009 WinPerReleaseEngine
    TurboTax 2009 WinPerTaxSupport
    TurboTax 2009 wrapper
    TurboTax Deluxe 2007
    TurboTax Deluxe Deduction Maximizer 2006
    TurboTax ItsDeductible 2006
    UltimateZip 2.7
    Unity Web Player
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB973874)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB951978)
    USB MassStorage CardReader
    Viewpoint Manager (Remove Only)
    Viewpoint Media Player
    Volo View Express
    WebCyberCoach 3.2 Dell
    WebFldrs XP
    WexTech AnswerWorks
    WIDCOMM Bluetooth Software
    Windows Imaging Component
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 10
    Windows XP Service Pack 3
    Yahoo! Install Manager
    Yahoo! Toolbar

    ==== Event Viewer Messages From Past Week ========

    3/2/2011 7:05:07 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde
    3/2/2011 5:55:01 AM, error: Service Control Manager [7034] - The TuneUp Utilities Service service terminated unexpectedly. It has done this 1 time(s).
    3/2/2011 5:55:01 AM, error: Service Control Manager [7034] - The TomTomHOMEService service terminated unexpectedly. It has done this 1 time(s).
    3/2/2011 5:55:01 AM, error: Service Control Manager [7034] - The PC Tools Startup and Shutdown Monitor service service terminated unexpectedly. It has done this 1 time(s).
    3/2/2011 5:55:01 AM, error: Service Control Manager [7034] - The McciCMService service terminated unexpectedly. It has done this 1 time(s).
    3/2/2011 5:55:01 AM, error: Service Control Manager [7034] - The Logitech Easy Synchronization service terminated unexpectedly. It has done this 1 time(s).
    3/2/2011 5:55:01 AM, error: Service Control Manager [7034] - The Logitech Bluetooth Service service terminated unexpectedly. It has done this 1 time(s).
    3/2/2011 5:55:01 AM, error: Service Control Manager [7034] - The Intuit Update Service service terminated unexpectedly. It has done this 1 time(s).
    3/2/2011 5:55:01 AM, error: Service Control Manager [7034] - The Creative Service for CDROM Access service terminated unexpectedly. It has done this 1 time(s).
    3/2/2011 5:55:01 AM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
    3/2/2011 5:55:01 AM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
    3/2/2011 5:55:01 AM, error: Service Control Manager [7031] - The Bluetooth Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    3/2/2011 5:55:01 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    3/2/2011 1:57:57 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.99.378.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6603.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
    3/2/2011 1:57:57 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.99.378.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6603.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
    3/1/2011 9:20:45 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Download Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: DGK2TY51\Brian Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
    3/1/2011 9:20:45 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Download Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: DGK2TY51\Brian Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
    3/1/2011 9:20:45 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Download Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: DGK2TY51\Brian Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
    3/1/2011 9:20:45 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Download Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: DGK2TY51\Brian Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
    3/1/2011 9:16:05 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Download Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: DGK2TY51\Brian Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee2 Error description: The operation timed out
    3/1/2011 9:16:05 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Download Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: DGK2TY51\Brian Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee2 Error description: The operation timed out
    3/1/2011 9:16:05 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Download Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: DGK2TY51\Brian Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee2 Error description: The operation timed out
    3/1/2011 9:16:05 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Download Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: DGK2TY51\Brian Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee2 Error description: The operation timed out

    ==== End Of File ===========================


    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Brian at 7:32:39.90 on Wed 03/02/2011
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.143 [GMT -5:00]

    AV: Antivirus Live *Enabled/Outdated* {B316C67E-09F1-44c7-85E0-94F6DA8A4AA1}
    AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\Rundll32.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
    C:\Program Files\Logitech\SetPoint\LBTWiz.exe
    C:\Program Files\ATT-SST\McciTrayApp.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    svchost.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
    C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
    C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
    C:\Documents and Settings\Brian\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.att.net
    mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
    uInternet Connection Wizard,ShellNext = iexplore
    mURLSearchHooks: H - No File
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: PlaySushi: {21608b66-026f-4dcb-9244-0daca328dced} - c:\program files\playsushi\PSText.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search
    BHO: AT&&T Toolbar: {4e7bd74f-2b8d-469e-94be-fd60bb9aae29} - c:\progra~1\atttoo~1\ATTTOO~1.DLL
    BHO: Updater For Miniclip Toolbar: {77a0bb60-2708-429b-b955-8509eac2708f} - c:\program files\minicliptb\auxi\MiniclipAu.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
    BHO: Miniclip Toolbar: {f55296c6-2e04-4fb2-9c6f-2ce07577f04e} - c:\program files\minicliptb\MiniclipDx.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    TB: &ESPN: {ae6f2894-af10-4c9c-b16e-1dfc6ff8c0c6} - c:\program files\espn\toolbar\DIGToolBar.dll
    TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
    TB: AT&&T Toolbar: {4e7bd74f-2b8d-469e-94be-fd60bb9aae29} - c:\progra~1\atttoo~1\ATTTOO~1.DLL
    TB: Miniclip Toolbar: {f55296c6-2e04-4fb2-9c6f-2ce07577f04e} - c:\program files\minicliptb\MiniclipDx.dll
    TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [P17Helper] Rundll32 P17.dll,P17Helper
    mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb11.exe
    mRun: [Logitech BT Wizard] LBTWiz.exe -silent
    mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe"
    mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    dRun: [Symantec NetDriver Warning] c:\progra~1\symnet~1\SNDWarn.exe
    IE: {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/
    IE: {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/
    IE: {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
    IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_04\bin\npjpi150_04.dll
    IE: {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - c:\program files\playsushi\PSText.dll
    Trusted Zone: intuit.com\ttlc
    Trusted Zone: motive.com\pattta.att
    Trusted Zone: motive.com\patttbc.att
    Trusted Zone: turbotax.com
    DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} - hxxp://download.microsoft.com/download/7/0/7/707a44ad-52ad-49af-b7ef-e21b6b0656e4/VirtualEarth3D.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
    DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - hxxp://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
    DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - hxxps://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
    DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} - hxxp://download.microsoft.com/download/3/B/E/3BE57995-8452-41F1-8297-DD75EF049853/VirtualEarth3D.cab
    DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
    DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1265989822281
    DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
    DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} - file://c:\program files\land desktop 3\AcDcToday.ocx
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
    DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} - hxxp://www.installengine.com/engine/isetup.cab
    DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab
    DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} - file://c:\program files\land desktop 3\InstBanr.ocx
    DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - hxxp://a.download.toontown.com/sv1.0.36.3/ttinst.cab
    DPF: {C6637286-300D-11D4-AE0A-0010830243BD} - file://c:\program files\land desktop 3\InstFred.ocx
    DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
    DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxp://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {F281A59C-7B65-11D3-8617-0010830243BD} - file://c:\program files\land desktop 3\AcPreview.ocx
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
    Notify: igfxcui - igfxdev.dll
    Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: ShellExecuteHook class: {fe24cd78-7c63-465d-8787-4edf7fc79895} - c:\program files\logitech\easy synchronization\shellexecutehook.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\brian\applic~1\mozilla\firefox\profiles\57t47ub1.default\
    FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
    FF - plugin: c:\documents and settings\brian\application data\move networks\plugins\npqmp071705000014.dll
    FF - plugin: c:\program files\common files\motive\npMotive.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava11.dll
    FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava12.dll
    FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava13.dll
    FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava14.dll
    FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava32.dll
    FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJPI150_04.dll
    FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPOJI610.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll
    FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
    FF - plugin: c:\program files\sony online entertainment\npsoe.dll
    FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll
    FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

    ---- FIREFOX POLICIES ----
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.switch.threshold - 600000
    FF - user.js: nglayout.initialpaint.delay - 600

    ============= SERVICES / DRIVERS ===============

    R0 Achernar;Achernar - SCSI Command Filter Drivers;c:\windows\system32\drivers\Achernar.sys [2008-12-25 18432]
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
    R1 MpKsl03bf40b4;MpKsl03bf40b4;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6276861d-b192-488e-ace3-e00baecae1bb}\MpKsl03bf40b4.sys [2011-3-2 28752]
    R1 MpKsl35ea88b5;MpKsl35ea88b5;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6276861d-b192-488e-ace3-e00baecae1bb}\MpKsl35ea88b5.sys [2011-3-2 28752]
    R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-5-25 632792]
    R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]
    R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2011\TuneUpUtilitiesService32.exe [2010-12-14 1517376]
    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2011\TuneUpUtilitiesDriver32.sys [2010-11-29 10064]
    S2 gupdate1ca33b07ae653fa;Google Update Service (gupdate1ca33b07ae653fa);c:\program files\google\update\GoogleUpdate.exe [2009-9-12 133104]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-12-30 38224]
    S3 SNL320XP;SmartGlobe II;c:\windows\system32\drivers\9kdUSBXP.sys [2006-12-27 16000]

    =============== Created Last 30 ================

    2011-03-02 12:04:20 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{6276861d-b192-488e-ace3-e00baecae1bb}\MpKsl35ea88b5.sys
    2011-03-02 11:09:47 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{6276861d-b192-488e-ace3-e00baecae1bb}\MpKsl03bf40b4.sys
    2011-03-02 02:28:40 5943120 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{6276861d-b192-488e-ace3-e00baecae1bb}\mpengine.dll
    2011-03-02 02:28:40 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-03-02 02:07:15 -------- d-----w- c:\program files\Microsoft Security Client
    2011-03-02 01:32:26 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData

    ==================== Find3M ====================

    2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
    2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
    2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
    2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
    2010-12-14 19:43:44 31552 ----a-w- c:\windows\system32\TURegOpt.exe
    2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll
    2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2010-12-09 13:42:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-12-09 13:07:07 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
    1997-06-23 17:06:50 287504 -csha-w- c:\windows\system32\Msxbse35.dll

    ============= FINISH: 7:34:05.15 ===============


    Thanks for taking the time to read this and at least attempt to help me out!
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Welcome to TechSpot! I'll try and help you with the malware. But understand, "slow" can be caused by lot of things!

    Looks like they have been using PlaySushi. Best to stop and go ahead and uninstall it. The games aren't worth it and are called 'potentially unwanted programs.

    Antivirus Live is or was on the system. This is a rogue program that gives fake alerts. I'll check for additional entries: Please uninstall if on Add/Remove Programs
    .AV: Antivirus Live *Enabled/Outdated*
    ======================================
    There are several outdated versions of Java on the system and no current version so I'm going to have you run a program that will remove all the entries and related files.

    Please download JavaRa and unzip it to your desktop.
    Important!
    ***Please close any instances of Internet Explorer before continuing!***
    • Double-click on JavaRa.exe to start the program.
    • From the drop-down menu, choose English and click on Select.
    • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
    • Click Yes when prompted. When JavaRa is done, a notice will appear that
      a logfile has been produced. Click OK.
    • A logfile will pop up. Please save it to a convenient location.

    Then download and install then most current version and update of Java Runtime
    Environment (JRE)
    HERE.
    =========================
    There are 21 add-ons running. This is too many and puts the system at risk. Open Internet Explorer: Tools> Manage Addons> there are 2 sections for the dialog box> 1. addons currently on the system and 2. addons previously on the system> Disable as many of these as you can. The use resources, they take time to load and unload.
    ========================
    I recommend that all of the following be removed from the Trusted Zone. Nothing needs to be in that zone and the security is lower:
    Trusted Zone: intuit.com\ttlc
    Trusted Zone: motive.com\pattta.att
    Trusted Zone: motive.com\patttbc.att
    Trusted Zone: turbotax.com

    =====================================
    I recommend taking the 17 entries for TurboTax 2007, 2008 and 2009 off the system> backup on a CD maybe? Why load and run all these!
    ====================================
    And for those things I can't see>>> Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Click on "Copy to Clipboard"> (you won't see the 'clipboard')
    10. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
    11. Re-enable your Antivirus software.
      NOTE: If you forget to copy to the clipboard, you can find the log here:
      C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
    ======================================
    Download Combofix to your desktop from one of these locations:
    Link 1
    Link 2
    • Double click combofix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Query- Recovery Console image
      [​IMG]
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes it will open a text window. Please paste that log in your next reply.
    Re-enable your Antivirus software.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
  3. mrl1007

    mrl1007 TS Rookie Topic Starter

    wow thanks for the quick reply! this site is awesome! i will definately go through everything you said and let you know how it goes later on tonight! i had previously searched for that other "anti virus" software though and couldn't find it in the add/remove programs...i will look around harder for it just in case though. hopefully we can figure this out because the copy of windows stored on the computer won't reinstall so for me to reinstall windows i would have to get ahold of dell smh. hope it doesn't come down to that! thanks again! =)
  4. mrl1007

    mrl1007 TS Rookie Topic Starter

    ok i went through and uninstalled the tax programs and playsushi, removed the trusted sites, removed old java programs, and downloaded the most recent java. it only showed that a few of the add ons were actually enabled when i checked those. i made sure all of them were disabled just in case. i wasnt able to run the online anti virus scan because the internet is practically unavailable on the machine. it shows i have a connection but i waited for 5-10 minutes for the eset webpage to load before giving up. i previously ran microsoft security essentials though just fyi. is there any program i can use without requiring internet access? any program that i have run i had to download and use my usb drive to install it onto the dell computer. also, i took the chance and didn't try to install the windows recovery console update because i didn't have a quick enough connection to download/update it. here is the log for combofix:

    ComboFix 11-03-02.01 - Brian 03/02/2011 19:42:54.1.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.178 [GMT -5:00]
    Running from: G:\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\Downloaded Program Files\f3initialsetup1.0.0.15-3.inf
    c:\windows\settings.reg
    c:\windows\system32\Data
    c:\windows\system32\Thumbs.db
    c:\windows\system32\uninstall.exe
    F:\Autorun.inf

    .
    ((((((((((((((((((((((((( Files Created from 2011-02-03 to 2011-03-03 )))))))))))))))))))))))))))))))
    .

    2011-03-02 23:54 . 2011-03-02 23:53 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
    2011-03-02 23:54 . 2011-03-02 23:53 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-03-02 23:54 . 2011-03-02 23:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-03-02 23:43 . 2011-03-02 23:43 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6276861D-B192-488E-ACE3-E00BAECAE1BB}\MpKsld7951274.sys
    2011-03-02 23:32 . 2011-03-02 23:32 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6276861D-B192-488E-ACE3-E00BAECAE1BB}\MpKslc3fe0fac.sys
    2011-03-02 02:28 . 2011-02-23 14:35 5943120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6276861D-B192-488E-ACE3-E00BAECAE1BB}\mpengine.dll
    2011-03-02 02:28 . 2011-02-02 22:11 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-03-02 02:07 . 2011-03-02 02:07 -------- d-----w- c:\program files\Microsoft Security Client
    2011-03-02 01:32 . 2011-03-02 01:32 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-01-21 14:44 . 2004-08-04 10:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
    2011-01-07 14:09 . 2004-08-04 10:00 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-12-31 13:10 . 2004-08-04 10:00 1854976 ----a-w- c:\windows\system32\win32k.sys
    2010-12-22 12:34 . 2004-08-04 10:00 301568 ----a-w- c:\windows\system32\kerberos.dll
    2010-12-20 23:09 . 2010-12-30 11:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-20 23:08 . 2010-12-30 11:54 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-20 17:26 . 2004-08-04 10:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
    2010-12-14 19:43 . 2010-12-30 02:21 31552 ----a-w- c:\windows\system32\TURegOpt.exe
    2010-12-09 15:15 . 2004-08-04 10:00 718336 ----a-w- c:\windows\system32\ntdll.dll
    2010-12-09 14:30 . 2004-08-04 10:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2010-12-09 13:42 . 1980-01-01 05:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-12-09 13:07 . 1980-01-01 05:00 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
    1997-06-23 17:06 287504 -csha-w- c:\windows\SYSTEM32\Msxbse35.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77A0BB60-2708-429b-B955-8509EAC2708F}]
    2010-01-29 19:22 257192 -c--a-w- c:\program files\minicliptb\auxi\MiniclipAu.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f55296c6-2e04-4fb2-9c6f-2ce07577f04e}]
    2010-01-29 19:22 86696 -c--a-w- c:\program files\minicliptb\MiniclipDx.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{f55296c6-2e04-4fb2-9c6f-2ce07577f04e}"= "c:\program files\minicliptb\MiniclipDx.dll" [2010-01-29 86696]

    [HKEY_CLASSES_ROOT\clsid\{f55296c6-2e04-4fb2-9c6f-2ce07577f04e}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Logitech BT Wizard"="LBTWiz.exe -silent" [X]
    "P17Helper"="P17.dll" [2004-06-10 60928]
    "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb11.exe" [2004-04-06 172032]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-11-03 28160]
    "ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2009-10-22 1577984]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{FE24CD78-7C63-465D-8787-4EDF7FC79895}"= "c:\program files\Logitech\Easy Synchronization\shellexecutehook.dll" [2005-09-05 69632]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2005-11-23 07:47 53248 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWlgn.DLL

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
    backup=c:\windows\pss\Bluetooth.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
    backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SmartGlobe.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SmartGlobe.lnk
    backup=c:\windows\pss\SmartGlobe.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy Synchronization]
    2005-09-05 14:16 53248 ----a-w- c:\program files\Logitech\Easy Synchronization\LogitechEasySync.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2008-07-10 14:51 289064 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
    2006-01-01 17:39 36864 -c--a-w- c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "DellSupport"="c:\progra~1\DELLSU~1\DSAgnt.exe" /startup
    "Desktop Weather 3"=c:\program files\The Weather Channel\The Weather Channel.exe
    "MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe"
    "Adobe Reader Speed Launcher"=c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    "ctfmon.exe"=c:\windows\system32\ctfmon.exe
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    "RegistryMechanic"=c:\program files\Registry Mechanic\RegMech.exe /H
    "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
    "CTSysVol"=c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
    "UpdReg"=c:\windows\UpdReg.EXE
    "ViewMgr"=c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
    "PCMService"="c:\program files\Dell\Media Experience\PCMService.exe"
    "IntelMeM"=c:\program files\Intel\Modem Event Monitor\IntelMEM.exe
    "MimBoot"=c:\progra~1\MUSICM~1\MUSICM~2\mimboot.exe
    "Microsoft Works Update Detection"=c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    "SunJavaUpdateSched"=c:\program files\Java\jre1.5.0_04\bin\jusched.exe
    "dla"=c:\windows\system32\dla\tfswctrl.exe
    "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    "igfxtray"=c:\windows\system32\igfxtray.exe
    "igfxpers"=c:\windows\system32\igfxpers.exe
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
    "igfxhkcmd"=c:\windows\system32\hkcmd.exe
    "DIGStream"=c:\program files\DIGStream\digstream.exe
    "DIGServices"=c:\program files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    "AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
    "KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
    "MediaLifeService"="c:\program files\Logitech\MediaLife\MediaLifeService.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    R0 Achernar;Achernar - SCSI Command Filter Drivers;c:\windows\SYSTEM32\DRIVERS\Achernar.sys [12/25/2008 2:46 PM 18432]
    R1 MpKslc3fe0fac;MpKslc3fe0fac;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6276861D-B192-488E-ACE3-E00BAECAE1BB}\MpKslc3fe0fac.sys [3/2/2011 6:32 PM 28752]
    R1 MpKsld7951274;MpKsld7951274;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6276861D-B192-488E-ACE3-E00BAECAE1BB}\MpKsld7951274.sys [3/2/2011 6:43 PM 28752]
    R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [5/25/2010 10:42 AM 632792]
    R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [11/13/2009 6:31 AM 92008]
    R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [12/14/2010 2:41 PM 1517376]
    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [11/29/2010 7:27 PM 10064]
    S1 MpKsl35ea88b5;MpKsl35ea88b5;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6276861D-B192-488E-ACE3-E00BAECAE1BB}\MpKsl35ea88b5.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6276861D-B192-488E-ACE3-E00BAECAE1BB}\MpKsl35ea88b5.sys [?]
    S2 gupdate1ca33b07ae653fa;Google Update Service (gupdate1ca33b07ae653fa);c:\program files\Google\Update\GoogleUpdate.exe [9/12/2009 8:53 AM 133104]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys [12/30/2010 6:54 AM 38224]
    S3 SNL320XP;SmartGlobe II;c:\windows\SYSTEM32\DRIVERS\9kdUSBXP.sys [12/27/2006 5:06 PM 16000]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - JAVAQUICKSTARTERSERVICE
    *NewlyCreated* - MPKSLD7951274
    .
    Contents of the 'Scheduled Tasks' folder

    2010-12-30 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 21:57]

    2011-03-02 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-04 23:43]

    2011-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-12 13:52]

    2011-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-12 13:52]

    2011-03-02 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 17:26]

    2011-03-02 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3976582335-634381009-2133012585-1006.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

    2011-03-02 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3976582335-634381009-2133012585-500.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

    2011-03-02 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3976582335-634381009-2133012585-1006.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

    2011-01-16 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3976582335-634381009-2133012585-500.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.att.net
    mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
    uInternet Connection Wizard,ShellNext = iexplore
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab
    FF - ProfilePath - c:\documents and settings\Brian\Application Data\Mozilla\Firefox\Profiles\57t47ub1.default\
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.switch.threshold - 600000
    FF - user.js: nglayout.initialpaint.delay - 600
    .
    - - - - ORPHANS REMOVED - - - -

    Toolbar-Locked - (no file)
    HKU-Default-Run-Symantec NetDriver Warning - c:\progra~1\SYMNET~1\SNDWarn.exe
    AddRemove-SLABCOMM - c:\windows\system32\uninstall.exe
    AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-03-02 19:52
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(788)
    c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
    c:\program files\common files\logitech\bluetooth\LBTServ.dll
    .
    Completion time: 2011-03-02 19:57:52
    ComboFix-quarantined-files.txt 2011-03-03 00:57

    Pre-Run: 79,669,903,360 bytes free
    Post-Run: 79,650,574,336 bytes free

    - - End Of File - - AD2F23D1097AE205893D6FB418D12CBB
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    First thing you have to know is that it appears you have an infected flash drive:

    You may have a flash drive infection. These worms travel through your portable drives. If they have been connected to other machines, they may now be infected.

    [*] Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
    1. Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
      Note: Some security programs will flag Flash_Disinfector as being some sort of malware, you can safely ignore these warnings
    2. The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
    3. Wait until it has finished scanning and then exit the program.
    4. Reboot your computer when done.

    Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.

    I'll be back in the morning to review the Combofix log. It's really been a long day and I need some sleep.
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Dell shows RAM for this model at 128 MB minimum, 2GB maximum. They were never one to load much RAM. I have 43ooDimension that came with 256MB of RAM-which I soon doubled. Please check the Control Panel> System Propterties and see how much RAM is installed.

    I would also like to know what type of connection there is for the internet. I see entries for AT&T and Comcast. This and the RAM could account for the slowness.

    There is also still some of the Dell preloads which, if loading on boot can slow things down:
    Dell Digital Jukebox Driver
    Dell Driver Reset Tool
    Dell Media Experience
    Dell Support 5.0.0 (630)

    ========================================
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
    Code:
    File::
    c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6276861D-B192-488E-ACE3-E00BAECAE1BB}\MpKsl35ea88b5.sys
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f55296c6-2e04-4fb2-9c6f-2ce07577f04e}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{f55296c6-2e04-4fb2-9c6f-2ce07577f04e}"=-
    [HKEY_CLASSES_ROOT\clsid\{f55296c6-2e04-4fb2-9c6f-2ce07577f04e}
    DDS::
    mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
    mURLSearchHooks: H - No File
    BHO: PlaySushi: {21608b66-026f-4dcb-9244-0daca328dced} - c:\program files\playsushi\PSText.dll
    BHO: Updater For Miniclip Toolbar: {77a0bb60-2708-429b-b955-8509eac2708f} - c:\program files\minicliptb\auxi\MiniclipAu.dll
    BHO: Miniclip Toolbar: {f55296c6-2e04-4fb2-9c6f-2ce07577f04e} - c:\program files\minicliptb\MiniclipDx.dll
    TB: Miniclip Toolbar: {f55296c6-2e04-4fb2-9c6f-2ce07577f04e} - c:\program files\minicliptb\MiniclipDx.dll
    TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
    dRun: [Symantec NetDriver Warning] c:\progra~1\symnet~1\SNDWarn.exe
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
    IE: {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - c:\program files\playsushi\PSText.dll
    DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - hxxp://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
    DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - hxxps://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
    DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
    
    Driver::
    MpKsl35ea88b5
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================
  7. mrl1007

    mrl1007 TS Rookie Topic Starter

    ok so i ran Flash_Disinfector and reset after. it has 256mb of ram in it. they have at&t but i have comcast at my house which is where i am working on it. it runs at the same slow speed at both houses. i made sure that the computer has the minimum amount of programs starting up with windows. still slow though =/. leaning towards a fresh install or a dual boot with jolicloud for now... here is the log though for the second combofix run:

    ComboFix 11-03-02.01 - Brian 03/05/2011 18:17:19.2.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.177 [GMT -5:00]
    Running from: c:\documents and settings\Brian\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Brian\Desktop\CFScript.txt
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    FILE ::
    "c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6276861D-B192-488E-ACE3-E00BAECAE1BB}\MpKsl35ea88b5.sys"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\minicliptb\auxi\MiniclipAu.dll
    c:\program files\minicliptb\MiniclipDx.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_MPKSL35EA88B5
    -------\Service_MpKsl35ea88b5


    ((((((((((((((((((((((((( Files Created from 2011-02-05 to 2011-03-05 )))))))))))))))))))))))))))))))
    .

    2011-03-05 22:52 . 2011-03-05 22:52 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
    2011-03-05 17:40 . 2011-03-05 17:40 -------- d--h--w- c:\documents and settings\Default User.WINDOWS.0
    2011-03-05 17:40 . 2011-03-05 17:40 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0
    2011-03-04 16:47 . 2011-03-04 16:53 -------- d-----w- C:\WINDOWS.0
    2011-03-03 02:41 . 2011-02-23 14:35 5943120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{32692C3F-ACB1-4428-B9D8-D9185616837D}\mpengine.dll
    2011-03-02 23:54 . 2011-03-02 23:53 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
    2011-03-02 23:54 . 2011-03-02 23:53 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-03-02 23:54 . 2011-03-02 23:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-03-02 02:28 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-03-02 02:07 . 2011-03-02 02:07 -------- d-----w- c:\program files\Microsoft Security Client
    2011-03-02 01:32 . 2011-03-02 01:32 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-01-21 14:44 . 2004-08-04 10:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
    2011-01-07 14:09 . 2004-08-04 10:00 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-12-31 13:10 . 2004-08-04 10:00 1854976 ----a-w- c:\windows\system32\win32k.sys
    2010-12-22 12:34 . 2004-08-04 10:00 301568 ----a-w- c:\windows\system32\kerberos.dll
    2010-12-20 23:59 . 2004-08-04 10:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-12-20 23:59 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-12-20 23:59 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-12-20 23:09 . 2010-12-30 11:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-20 23:08 . 2010-12-30 11:54 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-20 17:26 . 2004-08-04 10:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
    2010-12-20 12:55 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec
    2010-12-14 19:43 . 2010-12-30 02:21 31552 ----a-w- c:\windows\system32\TURegOpt.exe
    2010-12-09 15:15 . 2004-08-04 10:00 718336 ----a-w- c:\windows\system32\ntdll.dll
    2010-12-09 14:30 . 2004-08-04 10:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2010-12-09 13:42 . 1980-01-01 05:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-12-09 13:07 . 1980-01-01 05:00 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
    1997-06-23 17:06 287504 -csha-w- c:\windows\SYSTEM32\Msxbse35.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Logitech BT Wizard"="LBTWiz.exe -silent" [X]
    "P17Helper"="P17.dll" [2004-06-10 60928]
    "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb11.exe" [2004-04-06 172032]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-11-03 28160]
    "ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2009-10-22 1577984]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{FE24CD78-7C63-465D-8787-4EDF7FC79895}"= "c:\program files\Logitech\Easy Synchronization\shellexecutehook.dll" [2005-09-05 69632]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2005-11-23 07:47 53248 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWlgn.DLL

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
    backup=c:\windows\pss\Bluetooth.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
    backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SmartGlobe.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SmartGlobe.lnk
    backup=c:\windows\pss\SmartGlobe.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy Synchronization]
    2005-09-05 14:16 53248 ----a-w- c:\program files\Logitech\Easy Synchronization\LogitechEasySync.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2008-07-10 14:51 289064 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
    2006-01-01 17:39 36864 -c--a-w- c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "DellSupport"="c:\progra~1\DELLSU~1\DSAgnt.exe" /startup
    "Desktop Weather 3"=c:\program files\The Weather Channel\The Weather Channel.exe
    "MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe"
    "Adobe Reader Speed Launcher"=c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    "ctfmon.exe"=c:\windows\system32\ctfmon.exe
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    "RegistryMechanic"=c:\program files\Registry Mechanic\RegMech.exe /H
    "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
    "CTSysVol"=c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
    "UpdReg"=c:\windows\UpdReg.EXE
    "ViewMgr"=c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
    "PCMService"="c:\program files\Dell\Media Experience\PCMService.exe"
    "IntelMeM"=c:\program files\Intel\Modem Event Monitor\IntelMEM.exe
    "MimBoot"=c:\progra~1\MUSICM~1\MUSICM~2\mimboot.exe
    "Microsoft Works Update Detection"=c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    "SunJavaUpdateSched"=c:\program files\Java\jre1.5.0_04\bin\jusched.exe
    "dla"=c:\windows\system32\dla\tfswctrl.exe
    "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    "igfxtray"=c:\windows\system32\igfxtray.exe
    "igfxpers"=c:\windows\system32\igfxpers.exe
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
    "igfxhkcmd"=c:\windows\system32\hkcmd.exe
    "DIGStream"=c:\program files\DIGStream\digstream.exe
    "DIGServices"=c:\program files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    "AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
    "KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
    "MediaLifeService"="c:\program files\Logitech\MediaLife\MediaLifeService.exe"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    R0 Achernar;Achernar - SCSI Command Filter Drivers;c:\windows\SYSTEM32\DRIVERS\Achernar.sys [12/25/2008 2:46 PM 18432]
    R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [5/25/2010 10:42 AM 632792]
    R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [11/13/2009 6:31 AM 92008]
    R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [12/14/2010 2:41 PM 1517376]
    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [11/29/2010 7:27 PM 10064]
    S1 MpKsl2baa5b88;MpKsl2baa5b88;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{32692C3F-ACB1-4428-B9D8-D9185616837D}\MpKsl2baa5b88.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{32692C3F-ACB1-4428-B9D8-D9185616837D}\MpKsl2baa5b88.sys [?]
    S1 MpKsl422dee88;MpKsl422dee88;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{32692C3F-ACB1-4428-B9D8-D9185616837D}\MpKsl422dee88.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{32692C3F-ACB1-4428-B9D8-D9185616837D}\MpKsl422dee88.sys [?]
    S2 gupdate1ca33b07ae653fa;Google Update Service (gupdate1ca33b07ae653fa);c:\program files\Google\Update\GoogleUpdate.exe [9/12/2009 8:53 AM 133104]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys [12/30/2010 6:54 AM 38224]
    S3 SNL320XP;SmartGlobe II;c:\windows\SYSTEM32\DRIVERS\9kdUSBXP.sys [12/27/2006 5:06 PM 16000]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-12-30 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 21:57]

    2011-03-05 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-04 23:43]

    2011-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-12 13:52]

    2011-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-12 13:52]

    2011-03-05 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 17:26]

    2011-03-05 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3976582335-634381009-2133012585-1006.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

    2011-03-05 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3976582335-634381009-2133012585-500.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

    2011-03-05 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3976582335-634381009-2133012585-1006.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

    2011-01-16 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3976582335-634381009-2133012585-500.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.att.net
    uInternet Connection Wizard,ShellNext = iexplore
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab
    FF - ProfilePath - c:\documents and settings\Brian\Application Data\Mozilla\Firefox\Profiles\57t47ub1.default\
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\Brian\Application Data\Move Networks
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.switch.threshold - 600000
    FF - user.js: nglayout.initialpaint.delay - 600
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-03-05 18:33
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(720)
    c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
    c:\program files\common files\logitech\bluetooth\LBTServ.dll

    - - - - - - - > 'explorer.exe'(208)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\btncopy.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
    c:\program files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    c:\windows\system32\CTsvcCDA.EXE
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Logitech\Easy Synchronization\servicestub.exe
    c:\program files\Common Files\Motive\McciCMService.exe
    c:\windows\system32\MsPMSPSv.exe
    c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\system32\Rundll32.exe
    c:\program files\Logitech\SetPoint\LBTWiz.exe
    c:\windows\system32\rundll32.exe
    .
    **************************************************************************
    .
    Completion time: 2011-03-05 18:43:11 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-03-05 23:43
    ComboFix2.txt 2011-03-03 00:57

    Pre-Run: 78,951,043,072 bytes free
    Post-Run: 78,790,455,296 bytes free

    - - End Of File - - 501C98D489BDF7A0AD7C233D377890DA
  8. mrl1007

    mrl1007 TS Rookie Topic Starter

    dont worry about it i just clean installed it. thanks tho!
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Thank you for the update.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.