TechSpot

Infected Computer

By gbm608
Jan 21, 2011
  1. I really can describe my problem other than I think my computer is infected. It loads really slow, it runs really slow, it hangs while running programs. I have defraged my computer, cleaned out temp files and ran antivirus and malware programs with no luck.

    I tried the best I could to follow the 8 step removal instructions but had issues even getting that done.

    TFC would not run. It hung up.

    Malwarebytes would not update latest virus defintions. I get the following error when trying to update - PROGRAM_ERROR_UPDATING_(404, 0, HTTPStatusCode). I ran the program with definitions 31 days old. I have attached the log

    GMER would not run. It hung up. I tried to run in safe mode and it hung there also.

    DDS ran fine. DDS is attached here. Attach.txt is in second post as this post is too long.

    Thanks for the help.

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5363

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    1/21/2011 12:37:13 PM
    mbam-log-2011-01-21 (12-37-13).txt

    Scan type: Quick scan
    Objects scanned: 210304
    Time elapsed: 16 minute(s), 53 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 1
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FIREWALLDISABLENOTIFY (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    DDS (Ver_10-12-12.02) - NTFSx86
    Run by gary at 15:37:57.62 on Fri 01/21/2011
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2981 [GMT -8:00]


    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\StacSV.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Apoint\Apoint.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Apoint\ApMsgFwd.exe
    C:\Program Files\Apoint\HidFind.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\TEMP\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://seattletimes.nwsource.com/html/home/index.html
    uInternet Connection Wizard,ShellNext = iexplore
    BHO: AutorunsDisabled - No File
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL
    TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [RegistryBooster] "c:\program files\uniblue\registrybooster\launcher.exe" delay 20000
    mRun: [Apoint] c:\program files\apoint\Apoint.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
    mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    uPolicies-explorer: SpecifyDefaultButtons = 0 (0x0)
    mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
    IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office 2007\office14\ONBttnIE.dll
    IE: {3437D640-C91A-458f-89F5-B9095EA4C28B} - {04F93351-81D2-4484-9982-0D55DEFFFAE6}
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office 2007\office14\ONBttnIELinkedNotes.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/E/3/9/E39C664F-A8E3-4F69-A109-1AE9849204EE/OGAControl.cab
    DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/download/ipixx.cab
    DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} - hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab
    DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
    DPF: {4BECECDE-E494-4F69-A3DE-DA0B77726307} - hxxps://www.lanepowell.com/Extranet/includes/iManFile.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://wadismonthly.webex.com/client/T27L10NSP11EP13-wadis/webex/ieatgpc.cab
    DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} - hxxp://www.cooliris.com/shared/plinstll.cab
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
    Notify: AutorunsDisabled - c:\program files\superantispyware\SASWINLO.DLL
    Notify: gemsafe - c:\program files\gemplus\gemsafe libraries\bin\WLEventNotify.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

    ============= SERVICES / DRIVERS ===============

    R0 ZetSFD;ZetSFD;c:\windows\system32\drivers\ZetSFD.sys [2009-5-26 12800]
    R1 Ext2fs;Ext2fs;c:\windows\system32\drivers\ext2fs.sys [2009-2-13 181120]
    R1 IfsMount;IfsMount;c:\windows\system32\drivers\ifsmount.sys [2009-2-13 51072]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
    R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432]
    R2 SFSZ;DataPlow SFS for Zetera Storage Devices;c:\windows\system32\drivers\sfsz.sys [2009-5-26 345984]
    R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2004-8-11 5120]
    R2 Z-SANService;Z-SAN Service;c:\program files\netgear\netgear storage central manager utility\Z-SANService.exe [2009-5-26 376891]
    R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536]
    R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    R3 ZetBus;Zetera Virtual Bus;c:\windows\system32\drivers\ZetBus.sys [2009-5-26 15488]
    R3 ZetMPD;ZetMPD;c:\windows\system32\drivers\ZetMPD.sys [2009-5-26 5120]
    S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]

    =============== Created Last 30 ================

    2011-01-21 18:18:35 -------- d-----w- c:\docume~1\temp\locals~1\applic~1\Microsoft Help
    2011-01-21 17:40:46 -------- d-----w- c:\docume~1\temp\locals~1\applic~1\Citrix
    2011-01-21 17:40:45 110456 ----a-w- c:\documents and settings\temp\g2ax_customer_downloadhelper_win32_x86.exe
    2011-01-21 16:50:47 -------- d-----w- c:\docume~1\temp\locals~1\applic~1\Zimbra
    2011-01-21 16:44:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-01-21 16:44:53 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-01-21 16:44:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-01-21 16:31:39 -------- d-----w- c:\docume~1\temp\locals~1\applic~1\Lookout Software
    2011-01-21 16:21:29 -------- d-----w- c:\docume~1\temp\locals~1\applic~1\Adobe
    2011-01-21 16:12:05 483401 -c--a-w- c:\documents and settings\temp\gotomypc.exe
    2011-01-21 16:12:04 563712 -c--a-w- c:\documents and settings\temp\gotomypc_370.exe
    2011-01-20 23:55:57 -------- d-----w- c:\documents and settings\all users\Microsoft
    2011-01-20 23:41:54 -------- d-----w- c:\program files\Microsoft Analysis Services
    2011-01-20 17:21:36 -------- d-----w- c:\program files\Zimbra
    2011-01-19 20:33:53 -------- d-----w- c:\program files\Cbeyond Secure Desktop
    2011-01-19 20:32:31 -------- d-----w- c:\docume~1\alluse~1\applic~1\fssg
    2011-01-19 20:31:29 -------- d-----w- c:\docume~1\alluse~1\applic~1\f-secure
    2011-01-17 20:15:39 -------- d-----w- c:\program files\common files\HP
    2011-01-17 20:15:23 -------- d-----w- c:\program files\common files\Hewlett-Packard
    2011-01-17 20:13:35 278016 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpzpp5mu.dll
    2011-01-17 20:13:33 118272 ----a-w- c:\windows\system32\hpz3l5mu.dll
    2011-01-17 20:12:08 729088 ----a-w- c:\windows\system32\hpowiax7.dll
    2011-01-17 20:12:08 581632 ----a-w- c:\windows\system32\hpotscl6.dll
    2011-01-17 20:12:08 303104 ----a-w- c:\windows\system32\hpovst15.dll
    2011-01-17 20:11:54 -------- d-----w- c:\program files\HP
    2011-01-13 23:32:43 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
    2011-01-13 23:32:40 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
    2011-01-13 23:32:40 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
    2011-01-13 23:32:37 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
    2011-01-13 23:32:32 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
    2011-01-13 23:28:39 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
    2011-01-13 23:28:35 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
    2011-01-13 23:28:34 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys
    2011-01-13 23:28:09 19200 ----a-w- c:\windows\system32\dllcache\wstcodec.sys
    2011-01-13 23:28:08 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys
    2011-01-13 23:28:06 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll
    2011-01-13 23:25:51 154624 ----a-w- c:\windows\system32\dllcache\wlluc48.sys
    2011-01-13 23:25:48 34890 ----a-w- c:\windows\system32\dllcache\wlandrv2.sys
    2011-01-13 23:25:16 771581 ----a-w- c:\windows\system32\dllcache\winacisa.sys
    2011-01-13 23:25:06 53760 ----a-w- c:\windows\system32\dllcache\wiamsmud.dll
    2011-01-13 23:25:03 87040 ----a-w- c:\windows\system32\dllcache\wiafbdrv.dll
    2011-01-13 23:23:58 604253 ----a-w- c:\windows\system32\dllcache\vmodem.sys
    2011-01-13 23:23:54 249402 ----a-w- c:\windows\system32\dllcache\vinwm.sys
    2011-01-13 23:23:49 24576 ----a-w- c:\windows\system32\dllcache\viairda.sys
    2011-01-13 23:23:44 53760 ----a-w- c:\windows\system32\dllcache\vfwwdm32.dll
    2011-01-13 23:23:35 687999 ----a-w- c:\windows\system32\dllcache\usrwdxjs.sys
    2011-01-13 23:23:28 765884 ----a-w- c:\windows\system32\dllcache\usrti.sys
    2011-01-13 23:23:22 113762 ----a-w- c:\windows\system32\dllcache\usrpda.sys
    2011-01-13 23:23:19 7556 ----a-w- c:\windows\system32\dllcache\usroslba.sys
    2011-01-13 23:23:07 224802 ----a-w- c:\windows\system32\dllcache\usr1807a.sys
    2011-01-13 23:23:04 794399 ----a-w- c:\windows\system32\dllcache\usr1806v.sys
    2011-01-13 23:23:01 793598 ----a-w- c:\windows\system32\dllcache\usr1806.sys
    2011-01-13 23:21:48 166784 ----a-w- c:\windows\system32\dllcache\tridxpm.sys
    2011-01-13 23:21:45 525568 ----a-w- c:\windows\system32\dllcache\tridxp.dll
    2011-01-13 23:21:42 159232 ----a-w- c:\windows\system32\dllcache\tridkbm.sys
    2011-01-13 23:21:39 440576 ----a-w- c:\windows\system32\dllcache\tridkb.dll
    2011-01-13 23:21:36 222336 ----a-w- c:\windows\system32\dllcache\trid3dm.sys
    2011-01-13 23:21:33 315520 ----a-w- c:\windows\system32\dllcache\trid3d.dll
    2011-01-13 23:21:25 34375 ----a-w- c:\windows\system32\dllcache\tpro4.sys
    2011-01-13 23:21:22 82944 ----a-w- c:\windows\system32\dllcache\tp4mon.exe
    2011-01-13 23:21:22 42496 ----a-w- c:\windows\system32\dllcache\tp4res.dll
    2011-01-13 23:21:19 31744 ----a-w- c:\windows\system32\dllcache\tp4.dll
    2011-01-13 23:20:11 230912 ----a-w- c:\windows\system32\dllcache\tosdvd03.sys
    2011-01-13 23:20:09 241664 ----a-w- c:\windows\system32\dllcache\tosdvd02.sys
    2011-01-13 23:20:04 28232 ----a-w- c:\windows\system32\dllcache\tos4mo.sys
    2011-01-13 23:18:44 94293 ----a-w- c:\windows\system32\dllcache\sxports.dll
    2011-01-13 23:18:41 103936 ----a-w- c:\windows\system32\dllcache\sx.sys
    2011-01-13 23:18:39 3968 ----a-w- c:\windows\system32\dllcache\swusbflt.sys
    2011-01-13 23:18:35 10240 ----a-w- c:\windows\system32\dllcache\swpidflt.dll
    2011-01-13 23:18:32 10240 ----a-w- c:\windows\system32\dllcache\swpdflt2.dll
    2011-01-13 23:18:30 53760 ----a-w- c:\windows\system32\dllcache\sw_wheel.dll
    2011-01-13 23:18:27 41472 ----a-w- c:\windows\system32\dllcache\sw_effct.dll
    2011-01-13 23:18:24 15232 ----a-w- c:\windows\system32\dllcache\streamip.sys
    2011-01-13 23:18:20 155648 ----a-w- c:\windows\system32\dllcache\stlnprop.dll
    2011-01-13 23:18:17 53248 ----a-w- c:\windows\system32\dllcache\stlncoin.dll
    2011-01-13 23:18:14 285760 ----a-w- c:\windows\system32\dllcache\stlnata.sys
    2011-01-13 23:18:08 16896 ----a-w- c:\windows\system32\dllcache\stcusb.sys
    2011-01-13 23:18:07 16896 ----a-w- c:\windows\system32\dllcache\status.dll
    2011-01-13 23:17:47 48736 ----a-w- c:\windows\system32\dllcache\srwlnd5.sys
    2011-01-13 23:17:43 99328 ----a-w- c:\windows\system32\dllcache\srusd.dll
    2011-01-13 23:17:43 101376 ----a-w- c:\windows\system32\dllcache\srusbusd.dll
    2011-01-13 23:17:23 24660 ----a-w- c:\windows\system32\dllcache\spxupchk.dll
    2011-01-13 23:17:11 61824 ----a-w- c:\windows\system32\dllcache\speed.sys
    2011-01-13 23:17:08 106584 ----a-w- c:\windows\system32\dllcache\spdports.dll
    2011-01-13 23:17:02 7552 ----a-w- c:\windows\system32\dllcache\sonypvu1.sys
    2011-01-13 23:15:59 28160 ----a-w- c:\windows\system32\dllcache\sm91w.dll
    2011-01-13 23:14:29 161568 ----a-w- c:\windows\system32\dllcache\sgsmusb.sys
    2011-01-13 23:14:27 18400 ----a-w- c:\windows\system32\dllcache\sgsmld.sys
    2011-01-13 23:14:25 98080 ----a-w- c:\windows\system32\dllcache\sgiulnt5.sys
    2011-01-13 23:14:22 386560 ----a-w- c:\windows\system32\dllcache\sgiul50.dll
    2011-01-13 23:14:19 36480 ----a-w- c:\windows\system32\dllcache\sfmanm.sys
    2011-01-13 23:14:06 6784 ----a-w- c:\windows\system32\dllcache\serscan.sys
    2011-01-13 23:14:03 17664 ----a-w- c:\windows\system32\dllcache\sermouse.sys
    2011-01-13 23:14:02 26112 ----a-w- c:\windows\system32\dllcache\EXCH_seos.dll
    2011-01-13 23:13:57 6912 ----a-w- c:\windows\system32\dllcache\seaddsmc.sys
    2011-01-13 23:13:53 11520 ----a-w- c:\windows\system32\dllcache\scsiscan.sys
    2011-01-13 23:13:50 57856 ----a-w- c:\windows\system32\dllcache\EXCH_scripto.dll
    2011-01-13 23:13:50 11648 ----a-w- c:\windows\system32\dllcache\scsiprnt.sys
    2011-01-13 23:13:45 17280 ----a-w- c:\windows\system32\dllcache\scr111.sys
    2011-01-13 23:13:42 16640 ----a-w- c:\windows\system32\dllcache\scmstcs.sys
    2011-01-13 23:13:35 23936 ----a-w- c:\windows\system32\dllcache\sccmusbm.sys
    2011-01-13 23:13:33 23936 ----a-w- c:\windows\system32\dllcache\sccmn50m.sys
    2011-01-13 23:13:28 43904 ----a-w- c:\windows\system32\dllcache\sbp2port.sys
    2011-01-13 23:13:25 495616 ----a-w- c:\windows\system32\dllcache\sblfx.dll
    2011-01-13 23:13:03 75392 ----a-w- c:\windows\system32\dllcache\s3savmxm.sys
    2011-01-13 23:13:01 245632 ----a-w- c:\windows\system32\dllcache\s3savmx.dll
    2011-01-13 23:11:50 3840 ----a-w- c:\windows\system32\dllcache\rpfun.sys
    2011-01-13 23:11:43 79104 ----a-w- c:\windows\system32\dllcache\rocket.sys
    2011-01-13 23:11:38 37563 ----a-w- c:\windows\system32\dllcache\rlnet5.sys
    2011-01-13 23:11:32 86097 ----a-w- c:\windows\system32\dllcache\reslog32.dll
    2011-01-13 23:11:25 23040 ----a-w- c:\windows\system32\dllcache\EXCH_regtrace.exe
    2011-01-13 23:11:25 14848 ----a-w- c:\windows\system32\dllcache\register.exe
    2011-01-13 23:11:07 19584 ----a-w- c:\windows\system32\dllcache\rasirda.sys
    2011-01-13 23:11:02 714762 ----a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
    2011-01-13 23:09:55 17664 ----a-w- c:\windows\system32\dllcache\ppa3.sys
    2011-01-13 23:08:59 30495 ----a-w- c:\windows\system32\dllcache\pc100nds.sys
    2011-01-13 23:07:02 198144 ----a-w- c:\windows\system32\dllcache\nv3.sys
    2011-01-13 23:07:00 123776 ----a-w- c:\windows\system32\dllcache\nv3.dll
    2011-01-13 23:06:32 51552 ----a-w- c:\windows\system32\dllcache\ntgrip.sys
    2011-01-13 23:06:32 38912 ----a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
    2011-01-13 23:06:24 9344 ----a-w- c:\windows\system32\dllcache\ntapm.sys
    2011-01-13 23:06:22 7552 ----a-w- c:\windows\system32\dllcache\nsmmc.sys
    2011-01-13 23:06:19 28672 ----a-w- c:\windows\system32\dllcache\nscirda.sys
    2011-01-13 23:06:03 87040 ----a-w- c:\windows\system32\dllcache\nm6wdm.sys
    2011-01-13 23:06:01 126080 ----a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
    2011-01-13 23:04:58 35392 ----a-w- c:\windows\system32\dllcache\n9i128.dll
    2011-01-13 23:04:55 128000 ----a-w- c:\windows\system32\dllcache\n100325.sys
    2011-01-13 23:04:53 52255 ----a-w- c:\windows\system32\dllcache\n1000nt5.sys
    2011-01-13 23:04:50 75520 ----a-w- c:\windows\system32\dllcache\mxport.sys
    2011-01-13 23:04:48 7168 ----a-w- c:\windows\system32\dllcache\mxport.dll
    2011-01-13 23:04:46 19968 ----a-w- c:\windows\system32\dllcache\mxnic.sys
    2011-01-13 23:04:44 19968 ----a-w- c:\windows\system32\dllcache\mxicfg.dll
    2011-01-13 23:04:42 21888 ----a-w- c:\windows\system32\dllcache\mxcard.sys
    2011-01-13 23:04:41 229439 ----a-w- c:\windows\system32\dllcache\multibox.dll
    2011-01-13 23:04:37 103296 ----a-w- c:\windows\system32\dllcache\mtxvideo.sys
    2011-01-13 23:03:35 5504 ----a-w- c:\windows\system32\dllcache\mstee.sys
    2011-01-13 23:03:35 49024 ----a-w- c:\windows\system32\dllcache\mstape.sys
    2011-01-13 23:03:17 12416 ----a-w- c:\windows\system32\dllcache\msriffwv.sys
    2011-01-13 23:02:51 2944 ----a-w- c:\windows\system32\dllcache\msmpu401.sys
    2011-01-13 23:02:45 22016 ----a-w- c:\windows\system32\dllcache\msircomm.sys
    2011-01-13 23:02:43 98304 ----a-w- c:\windows\system32\dllcache\msir3jp.dll
    2011-01-13 23:01:55 35200 ----a-w- c:\windows\system32\dllcache\msgame.sys
    2011-01-13 23:01:52 6016 ----a-w- c:\windows\system32\dllcache\msfsio.sys
    2011-01-13 23:01:51 51200 ----a-w- c:\windows\system32\dllcache\msdv.sys
    2011-01-13 23:00:49 15232 ----a-w- c:\windows\system32\dllcache\mpe.sys
    2011-01-13 23:00:33 16128 ----a-w- c:\windows\system32\dllcache\modemcsa.sys
    2011-01-13 23:00:06 6528 ----a-w- c:\windows\system32\dllcache\miniqic.sys
    2011-01-13 22:58:58 4992 ----a-w- c:\windows\system32\dllcache\loop.sys
    2011-01-13 22:57:51 6144 ----a-w- c:\windows\system32\dllcache\kbd106.dll
    2011-01-13 22:56:59 45632 ----a-w- c:\windows\system32\dllcache\ip5515.sys
    2011-01-13 22:56:57 90200 ----a-w- c:\windows\system32\dllcache\io8ports.dll
    2011-01-13 22:56:55 38784 ----a-w- c:\windows\system32\dllcache\io8.sys
    2011-01-13 22:56:48 13056 ----a-w- c:\windows\system32\dllcache\inport.sys
    2011-01-13 22:56:43 8704 ----a-w- c:\windows\system32\dllcache\infoctrs.dll
    2011-01-13 22:56:28 471102 ----a-w- c:\windows\system32\dllcache\imskdic.dll
    2011-01-13 22:56:26 59904 ----a-w- c:\windows\system32\dllcache\imkrinst.exe
    2011-01-13 22:56:20 45109 ----a-w- c:\windows\system32\dllcache\imjpuex.exe
    2011-01-13 22:56:12 57398 ----a-w- c:\windows\system32\dllcache\imjpdadm.exe
    2011-01-13 22:56:04 311359 ----a-w- c:\windows\system32\dllcache\imepadsv.exe
    2011-01-13 22:56:03 44032 ----a-w- c:\windows\system32\dllcache\imekrmig.exe
    2011-01-13 22:56:03 102463 ----a-w- c:\windows\system32\dllcache\imepadsm.dll
    2011-01-13 22:54:47 702845 ----a-w- c:\windows\system32\dllcache\i81xdnt5.dll
    2011-01-13 22:54:47 161020 ----a-w- c:\windows\system32\dllcache\i81xnt5.sys
    2011-01-13 22:54:45 58592 ----a-w- c:\windows\system32\dllcache\i740nt5.sys
    2011-01-13 22:54:43 353184 ----a-w- c:\windows\system32\dllcache\i740dnt5.dll
    2011-01-13 22:54:25 10129408 ----a-w- c:\windows\system32\dllcache\hwxkor.dll
    2011-01-13 22:52:59 93696 ----a-w- c:\windows\system32\dllcache\hpgt42.dll
    2011-01-13 22:51:37 59136 ----a-w- c:\windows\system32\dllcache\gckernel.sys
    2011-01-13 22:51:35 10624 ----a-w- c:\windows\system32\dllcache\gameenum.sys
    2011-01-13 22:51:32 322432 ----a-w- c:\windows\system32\dllcache\g400m.sys
    2011-01-13 22:51:30 1733120 ----a-w- c:\windows\system32\dllcache\g400d.dll
    2011-01-13 22:51:29 320384 ----a-w- c:\windows\system32\dllcache\g200m.sys
    2011-01-13 22:51:27 470144 ----a-w- c:\windows\system32\dllcache\g200d.dll
    2011-01-13 22:51:26 454912 ----a-w- c:\windows\system32\dllcache\fxusbase.sys
    2011-01-13 22:51:06 92160 ----a-w- c:\windows\system32\dllcache\fuusd.dll
    2011-01-13 22:51:05 455296 ----a-w- c:\windows\system32\dllcache\fusbbase.sys
    2011-01-13 22:51:03 455680 ----a-w- c:\windows\system32\dllcache\fus2base.sys
    2011-01-13 22:51:00 7680 ----a-w- c:\windows\system32\dllcache\ftpctrs2.dll
    2011-01-13 22:49:57 45056 ----a-w- c:\windows\system32\dllcache\esunid.dll
    2011-01-13 22:48:59 69194 ----a-w- c:\windows\system32\dllcache\el656cd5.sys
    2011-01-13 22:48:58 26141 ----a-w- c:\windows\system32\dllcache\el589nd5.sys
    2011-01-13 22:48:57 69692 ----a-w- c:\windows\system32\dllcache\el575nd5.sys
    2011-01-13 22:48:56 24653 ----a-w- c:\windows\system32\dllcache\el574nd4.sys
    2011-01-13 22:48:55 55999 ----a-w- c:\windows\system32\dllcache\el556nd5.sys
    2011-01-13 22:48:55 44103 ----a-w- c:\windows\system32\dllcache\el515.sys
    2011-01-13 22:48:53 514587 ----a-w- c:\windows\system32\dllcache\edb500.dll
    2011-01-13 22:48:46 19594 ----a-w- c:\windows\system32\dllcache\e100isa4.sys
    2011-01-13 22:48:45 50719 ----a-w- c:\windows\system32\dllcache\e1000nt5.sys
    2011-01-13 22:47:56 334208 ----a-w- c:\windows\system32\dllcache\ds1wdm.sys
    2011-01-13 22:47:32 28062 ----a-w- c:\windows\system32\dllcache\dp83820.sys
    2011-01-13 22:47:31 23808 ----a-w- c:\windows\system32\dllcache\dot4usb.sys
    2011-01-13 22:47:30 8704 ----a-w- c:\windows\system32\dllcache\dot4scan.sys
    2011-01-13 22:47:29 206976 ----a-w- c:\windows\system32\dllcache\dot4.sys
    2011-01-13 22:47:29 12928 ----a-w- c:\windows\system32\dllcache\dot4prt.sys
    2011-01-13 22:45:59 7424 ----a-w- c:\windows\system32\dllcache\ddsmc.sys
    2011-01-13 22:44:59 3072 ----a-w- c:\windows\system32\dllcache\cwbmidi.sys
    2011-01-13 22:43:45 20736 ----a-w- c:\windows\system32\dllcache\cmbp0wdm.sys
    2011-01-13 22:42:58 49182 ----a-w- c:\windows\system32\dllcache\cem56n5.sys
    2011-01-13 22:41:57 171264 ----a-w- c:\windows\system32\dllcache\camdrv30.sys
    2011-01-13 22:40:59 15360 ----a-w- c:\windows\system32\dllcache\brmfbidi.dll
    2011-01-13 22:39:52 281600 ----a-w- c:\windows\system32\dllcache\atimtai.sys
    2011-01-13 22:38:59 36224 ----a-w- c:\windows\system32\dllcache\an983.sys
    2011-01-13 22:37:59 462848 ----a-w- c:\windows\system32\dllcache\a3dapi.dll
    2011-01-13 22:37:58 98304 ----a-w- c:\windows\system32\dllcache\a3d.dll
    2011-01-13 22:37:58 38400 ----a-w- c:\windows\system32\dllcache\8514a.dll
    2011-01-13 22:37:56 48128 ----a-w- c:\windows\system32\dllcache\61883.sys
    2011-01-13 22:37:47 12288 ----a-w- c:\windows\system32\dllcache\4mmdat.sys
    2011-01-13 22:37:46 689216 ----a-w- c:\windows\system32\dllcache\3dfxvs.dll
    2011-01-13 22:37:46 148352 ----a-w- c:\windows\system32\dllcache\3dfxvsm.sys
    2011-01-13 22:37:45 762780 ----a-w- c:\windows\system32\dllcache\3cwmcru.sys
    2011-01-13 22:37:45 11264 ----a-w- c:\windows\system32\dllcache\1394vdbg.sys
    2011-01-13 22:37:38 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
    2011-01-13 22:36:03 7168 ----a-w- c:\windows\system32\dllcache\wamregps.dll
    2011-01-13 22:34:59 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
    2011-01-13 22:33:36 7680 ----a-w- c:\windows\system32\dllcache\inetmgr.exe
    2011-01-13 22:33:36 19968 ----a-w- c:\windows\system32\dllcache\inetsloc.dll
    2011-01-13 22:33:33 169984 ----a-w- c:\windows\system32\dllcache\iisui.dll
    2011-01-13 22:33:31 5632 ----a-w- c:\windows\system32\dllcache\iisrstap.dll
    2011-01-13 22:33:31 14336 ----a-w- c:\windows\system32\dllcache\iisreset.exe
    2011-01-13 22:33:29 6144 ----a-w- c:\windows\system32\dllcache\ftpsapi2.dll
    2011-01-13 22:08:34 -------- d-----w- c:\program files\IObit
    2011-01-02 21:41:02 475648 ----a-w- c:\windows\system32\MyDefragScreenSaver_v4.3.1.scr
    2011-01-02 21:41:02 1061888 ----a-w- c:\windows\system32\MyDefragScreenSaver_v4.3.1.exe
    2011-01-02 21:41:01 -------- d-----w- c:\program files\MyDefrag v4.3.1
    2010-12-29 18:11:52 -------- d-----w- c:\program files\ESET
    2010-12-24 16:19:14 4224 ----a-w- c:\windows\system32\drivers\beep.sys
    2010-12-24 16:19:14 4224 ----a-w- c:\windows\system32\dllcache\beep.sys
    2010-12-24 00:32:28 -------- d-sha-r- C:\cmdcons
    2010-12-24 00:25:43 98816 ----a-w- c:\windows\sed.exe
    2010-12-24 00:25:43 89088 ----a-w- c:\windows\MBR.exe
    2010-12-24 00:25:43 256512 ----a-w- c:\windows\PEV.exe
    2010-12-24 00:25:43 161792 ----a-w- c:\windows\SWREG.exe

    ==================== Find3M ====================

    2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
    2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll
    2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
    2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys

    ============= FINISH: 15:39:43.53 ===============
     
  2. gbm608

    gbm608 TS Rookie Topic Starter

    Here is the Attach.text file -

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 6/27/2008 7:40:46 AM
    System Uptime: 1/21/2011 3:25:50 PM (0 hours ago)

    Motherboard: Dell Inc. | | 0UY141
    Processor: Intel Pentium III Xeon processor | Microprocessor | 2493/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 149 GiB total, 111.102 GiB free.
    D: is CDROM ()
    F: is FIXED (DataPlowSFSZ) - 463 GiB total, 305.283 GiB free.
    N: is NetworkDisk (*NT5CSC) - 149 GiB total, 111.102 GiB free.
    P: is NetworkDisk (*NT5CSC) - 149 GiB total, 111.102 GiB free.
    U: is NetworkDisk (*NT5CSC) - 149 GiB total, 111.102 GiB free.

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP1: 12/23/2010 4:26:47 PM - System Checkpoint
    RP2: 12/25/2010 10:54:14 AM - System Checkpoint
    RP3: 12/26/2010 12:37:05 PM - System Checkpoint
    RP4: 12/27/2010 1:38:24 PM - Installed HiJackThis
    RP5: 12/28/2010 4:51:24 PM - System Checkpoint
    RP6: 12/29/2010 9:40:16 PM - System Checkpoint
    RP7: 1/1/2011 8:24:30 AM - System Checkpoint
    RP8: 1/3/2011 8:19:26 AM - Removed TiVo Desktop 2.8
    RP9: 1/4/2011 12:27:44 PM - System Checkpoint
    RP10: 1/6/2011 7:57:35 AM - System Checkpoint
    RP11: 1/7/2011 1:04:29 PM - System Checkpoint
    RP12: 1/8/2011 7:29:10 PM - System Checkpoint
    RP13: 1/10/2011 8:28:49 AM - System Checkpoint
    RP14: 1/12/2011 1:18:44 PM - System Checkpoint
    RP15: 1/12/2011 3:00:27 PM - Software Distribution Service 3.0
    RP16: 1/13/2011 2:10:35 PM - Advanced SystemCare RestorePoint
    RP17: 1/15/2011 4:49:20 PM - System Checkpoint
    RP18: 1/16/2011 7:38:08 PM - System Checkpoint
    RP19: 1/18/2011 1:21:25 PM - System Checkpoint
    RP20: 1/19/2011 12:22:34 PM - Removed Symantec Client Security
    RP21: 1/19/2011 12:33:48 PM - psb 9.00 build 149 Installation
    RP22: 1/20/2011 9:21:26 AM - Installed Zimbra Desktop
    RP23: 1/20/2011 3:32:32 PM - Installed Microsoft Office Professional 2010
    RP24: 1/20/2011 3:34:20 PM - Installed Microsoft Office Professional 2010
    RP25: 1/20/2011 4:07:01 PM - Printer Driver Send To Microsoft OneNote 2010 Driver Installed
    RP26: 1/20/2011 4:34:11 PM - Software Distribution Service 3.0

    ==== Installed Programs ======================

    32 Bit HP CIO Components Installer
    7-Zip 4.65
    Acrobat.com
    Adobe Acrobat 8 Standard - English, Français, Deutsch
    Adobe Acrobat 8.2.5 - CPSID_83708
    Adobe Acrobat 8.2.5 Standard
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Reader 9.1.2
    Amazon MP3 Downloader 1.0.10
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AuthenTec Fingerprint Sensor Minimum Install
    AxCrypt 1.7.1878.0
    biolsp patch
    BitZipper 5.0.6
    BlackBerry Desktop Software 6.0.1
    BlackBerry Device Software Updater
    Bonjour
    Broadcom ASF Management Applications
    Broadcom Management Programs
    Browser Address Error Redirector
    Canon PIXMA iP4000
    CCleaner
    Conexant HDA D330 MDC V.92 Modem
    Cooliris for Internet Explorer
    CrossLoop 2.20
    Definition update for Microsoft Office 2010 (KB982726)
    Dell Drivers MSI
    Dell Embassy Trust Suite by Wave Systems
    Dell Touchpad
    Digital Line Detect
    DirectShow Dump
    DJ_AIO_03_F4200_Software_Min
    Document Manager Lite
    eFax Messenger
    EMBASSY Security Center
    EMBASSY Security Setup
    EMBASSY Trust Suite by Wave Systems
    ESC Home Page Plugin
    ESET Online Scanner v3
    ESPN Java Check
    Ext2 IFS 1.11a for Windows XP
    F-Secure PSC Prerequisites
    Forefront Crystal Reports 10 Runtime
    Gemalto
    GemSafe Standard Edition 5.1
    getPlus(R)_ocx
    GoToMeeting 4.5.0.457
    High Definition Audio Driver Package - KB835221
    HiJackThis
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Deskjet F4200 All-In-One Driver 11.0 03
    Intel(R) PROSet/Wireless Software
    IntelliSonic Speech Enhancement
    iTunes
    Java(TM) 6 Update 11
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    K-Lite Codec Pack 4.0.0 (Full)
    LiveUpdate 3.1 (Symantec Corporation)
    Logitech Desktop Messenger
    Logitech Harmony Remote Software 7
    Lookout
    Malwarebytes' Anti-Malware
    mCore
    mDrWiFi
    MediaMonkey 3.2
    mHlpDell
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional 2010
    Microsoft Office Project 2007 Service Pack 2 (SP2)
    Microsoft Office Project MUI (English) 2007
    Microsoft Office Project Standard 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing (English) 2010
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Single Image 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft Software Update for Web Folders (English) 14
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Windows Theme Nunavut
    mIWA
    mLogView
    mMHouse
    Modem Diagnostic Tool
    mPfMgr
    mPfWiz
    mProSafe
    mSCfg
    mSSO
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6.0 Parser (KB933579)
    mWlsSafe
    mWMI
    MyDefrag v4.3.1
    mZConfig
    NETGEAR Storage Central Manager Utility
    NetWaiting
    NTRU TCG Software Stack
    NVIDIA Drivers
    ODIR
    OGA Notifier 2.0.0048.0
    PowerDVD
    Preboot Manager
    Private Information Manager
    QuickSet
    QuickTime
    RealLegal E-Transcript Viewer
    Remote Control USB Driver
    Roxio Activation Module
    Roxio Creator Audio
    Roxio Creator BDAV Plugin
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Drag-to-Disc
    Roxio Express Labeler 3
    Roxio Update Manager
    Scan
    SearchAssist
    Secure Update
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2289158)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Office 2010 (KB2289078)
    Security Update for Microsoft Office 2010 (KB2289161)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Publisher 2010 (KB2409055)
    Security Update for Microsoft Word 2010 (KB2345000)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB936782)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Security Wizards
    Shadow Copy Client
    Snapshot Viewer
    Sonic CinePlayer Decoder Pack
    Spectrum Crystal XI Runtime
    SUPERAntiSpyware
    Toolbox
    Trusted Drive Manager
    tsp patch
    Tweak UI
    Understanding the Audio Mixer
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2010 (KB2202188)
    Update for Microsoft Office 2010 (KB2413186)
    Update for Microsoft OneNote 2010 (KB2433299)
    Update for Microsoft Outlook Social Connector (KB2289116)
    Update for Windows Internet Explorer 8 (KB971930)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    upekmsi
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    Wave Infrastructure Installer
    Wave Support Software
    WebEx
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Format Runtime
    Windows XP Service Pack 3
    WinZip
    Wisdom-soft ScreenHunter 5.0 Free
    XML Paper Specification Shared Components Pack 1.0
    Zimbra Desktop

    ==== Event Viewer Messages From Past Week ========

    1/21/2011 2:37:15 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: APPDRV Fips intelppm Lbd SASDIFSV SASKUTIL
    1/21/2011 10:46:02 AM, error: Service Control Manager [7034] - The Z-SAN Service service terminated unexpectedly. It has done this 1 time(s).
    1/21/2011 10:46:02 AM, error: Service Control Manager [7034] - The TdmService service terminated unexpectedly. It has done this 1 time(s).
    1/21/2011 10:46:02 AM, error: Service Control Manager [7034] - The SigmaTel Audio Service service terminated unexpectedly. It has done this 1 time(s).
    1/21/2011 10:46:02 AM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
    1/21/2011 10:46:02 AM, error: Service Control Manager [7034] - The NICCONFIGSVC service terminated unexpectedly. It has done this 1 time(s).
    1/21/2011 10:46:02 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    1/21/2011 10:46:02 AM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless SSO Service service terminated unexpectedly. It has done this 1 time(s).
    1/21/2011 10:46:02 AM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Service service terminated unexpectedly. It has done this 1 time(s).
    1/21/2011 10:46:02 AM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s).
    1/21/2011 10:46:02 AM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
    1/21/2011 10:46:02 AM, error: Service Control Manager [7034] - The FLEXnet Licensing Service service terminated unexpectedly. It has done this 1 time(s).
    1/21/2011 10:46:02 AM, error: Service Control Manager [7034] - The Broadcom ASF IP and SMBIOS Mailbox Monitor service terminated unexpectedly. It has done this 1 time(s).
    1/21/2011 10:46:02 AM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
    1/21/2011 10:46:02 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/21/2011 1:52:29 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the TdmService service to connect.
    1/21/2011 1:52:29 PM, error: Service Control Manager [7000] - The TdmService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/20/2011 5:59:57 PM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
    1/20/2011 3:03:50 PM, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
    1/19/2011 7:58:35 AM, error: Service Control Manager [7034] - The LiveUpdate service terminated unexpectedly. It has done this 1 time(s).
    1/19/2011 7:58:18 AM, error: Service Control Manager [7023] - The IMAPI CD-Burning COM Service service terminated with the following error: The class is configured to run as a security id different from the caller
    1/19/2011 12:45:08 PM, error: NetBT [4321] - The name "SG :1d" could not be registered on the Interface with IP address 192.168.102.101. The machine with the IP address 192.168.102.109 did not allow the name to be claimed by this machine.
    1/19/2011 1:58:53 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    1/19/2011 1:56:27 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    1/19/2011 1:55:12 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD APPDRV Fips intelppm IPSec Lbd MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip
    1/19/2011 1:55:12 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    1/19/2011 1:55:12 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    1/19/2011 1:55:12 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    1/19/2011 1:55:12 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    1/19/2011 1:55:12 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    1/19/2011 1:55:12 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    1/19/2011 1:54:51 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    1/19/2011 1:54:50 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    1/19/2011 1:06:03 PM, error: BROWSER [8009] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is JEAN_XP.
    1/18/2011 9:29:53 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time-a.timefreq.bldrdoc.gov,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    1/18/2011 6:00:12 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the LiveUpdate service to connect.
    1/18/2011 6:00:12 PM, error: Service Control Manager [7000] - The LiveUpdate service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/18/2011 6:00:12 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service LiveUpdate with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}
    1/17/2011 12:14:21 PM, error: Print [22] - Failed to ugrade printer settings for printer \\email\HP CLJ 4700 PCL 6,LocalOnly driver C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\UNIDRVUI.DLL error 1722.
    1/17/2011 12:14:20 PM, error: Print [22] - Failed to ugrade printer settings for printer \\email\HPLaserJet4200_backoffice,LocalOnly driver C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\UNIDRVUI.DLL error 1722.
    1/17/2011 11:51:56 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd
    1/17/2011 11:49:59 AM, error: NETLOGON [5719] - No Domain Controller is available for domain SG due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.

    ==== End Of File ===========================
     
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot! I need to get more information from you. First of all, 'slow' or sluggish' does not automatically mean malware. It can be too many processes running, not enough RAM or numerous other things.

    Just telling me you can run a scan isn't enough. I need to know what happens when you try. Please run the following to see if Mbam will run correctly:

    Please download and run the tool below named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
    • Rkill.com
    • Rkill.scr
    • Rkill.pif
    • Rkill.exe
    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run then try to immediately run the following>>>>.

    Please download exeHelper by Raktor and save it to your desktop.
    • Double-click on exeHelper.com or exeHelper.scr to run the fix tool.
    • A black window should pop up, press any key to close once the fix is completed.
    • A log file called exehelperlog.txt will be created and should open at the end of the scan)
    • A copy of that log will also be saved in the directory where you ran exeHelper.com
    • Copy and paste the contents of exehelperlog.txt in your next reply.

    Note: If the window shows a message that says "Error deleting file", please re-run the tool again before posting a log and then post the two logs together (they both will be in the one file).
    ========================================
    Download Security Check by screen317 from HERE or HERE .
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    Please uninstall or disable the Registry Booster.
    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

    I note numerous entries that should be removed. I'll know more when I get all the logs.
     
  4. gbm608

    gbm608 TS Rookie Topic Starter

    Thank you for the help.

    You said to uninstall or disable the Registry Booster. Not sure where to do this at. I did not see it listed in add or remove programs.

    Here are the logs requested.

    exeHelper by Raktor
    Build 20100414
    Run at 17:14:15 on 01/21/11
    Now searching...
    Checking for numerical processes...
    Checking for sysguard processes...
    Checking for bad processes...
    Checking for bad files...
    Checking for bad registry entries...
    Resetting filetype association for .exe
    Resetting filetype association for .com
    Resetting userinit and shell values...
    Resetting policies...
    --Finished--

    Results of screen317's Security Check version 0.99.8
    Windows XP Service Pack 3
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    ESET Online Scanner v3
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    HijackThis 2.0.2
    CCleaner
    Java(TM) 6 Update 11
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Out of date Java installed!
    Adobe Flash Player
    Adobe Reader 9.1.2
    Out of date Adobe Reader installed!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    ``````````End of Log````````````
     
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Guess I didn't make this clear: the purpose of rkill/exe was to help run Malwarebytes with any current update. Please see if you can do that now:

    (Note: regarding the following removals, it is best to remove them in Safe Mode)

    Boot into Safe Mode
    • Restart your computer and start pressing the F8 key on your keyboard.
    • Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

    Regarding Security and system "help" programs::
    1. F-Secure:
    If your ISP is Charter, they offer a security program named Charter High-Speed Security Suite This uses F-Security products for antivirus and antimalware- possibly firewall also. If you are using this, then you should remove any other AV program and disable the firewall is one is included in the Suite. You have several F-Secure entries:
    2011-01-19 20:32:31 -------- d-----w- c:\docume~1\alluse~1\applic~1\fssg
    2011-01-19 20:31:29 -------- d-----w- c:\docume~1\alluse~1\applic~1\f-secure

    I also see this rogram installed:
    F-Secure PSC Requirements> PSC> Protection Service for Consumers (PSC)

    2.Cbeyond Secure Desktop
    This is also running and may possibly conflict with the other security, particularly the AV:
    2011-01-19 20:33:53 -------- d-----w- c:\program files\Cbeyond Secure Desktop
    Stop viruses and spyware before they infect your PC with Secure Desktop’s real-time detection. Prevent attacks that could potentially damage or erase your critical business files.
    http://www.cbeyond.net/small-business-solutions/data-backup-security/secure-desktop/

    3. Advanced SystemCare: this is not a recommended program to be on your system. Even the download site is not recommended.
    2011-01-13 22:08:34 -------- d-----w- c:\program files\IObit
    RP16: 1/13/2011 2:10:35 PM - Advanced SystemCare RestorePoint


    4. HijackThis v2.0.2 is our t dated and should be uninstalled. We will run it later and I will give you a link to the current version.

    5. [RegistryBooster]. The entry below is what's is showing in DDS.
    uRun: [RegistryBooster] "c:\program files\uniblue\registrybooster\launcher.exe" delay 20000

    To remove the programs:
    1. See if the program itself has an uninstaller- if it does, use that.
    2. If it doesn't, go to add/Remove Programs in the Control Panel and uninstall.
    3. After the removal: use Windows Explorer (Windows key + E)> My Computer> Double click on Local Drive (C)> Programs> find the program folder for each> right click> Delete
    Exit Explorer> Reboot.
    (If there are any 'scraps' left, I can remove them later with script.
    ====================================================
    When you have finished housekeeping, go on to the following:
    Download Combofix to your desktop from one of these locations:
    Link 1
    Link 2
    • Double click combofix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Query- Recovery Console image
      [​IMG]
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes it will open a text window. Please paste that log in your next reply.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
     
  6. gbm608

    gbm608 TS Rookie Topic Starter

    Not successful on any of the steps.

    Still receiving same error updating malwarebytes.

    Had to boot in safe mode with networking. Standard safe mode would not let me log in.

    My ISP is Cbeyond. They are new to us. We will be using their antivirus software which is F-secure. I can remove any thing from them at this point and reinstall clean after all is done. Just let me know. We were using symantec for virus protection as of last week.

    Once in safe mode I could not see F-secure, Cbeyond Secure Desktop, Advance system Care or RegistryBooster. I could not find these programs in the start/programs list or in the add programs in control panel. So I have not done anything with these programs yet. I need more instructions on how to deal with these programs.

    Regarding hijackthis. When I tried to remove the program from the add programs/control panel. I got the following error "The windows installer service could not be accessed. THis can occur if you are running windows in safe mode, or if the windows installer is not correctly installted". Therefore, i have not removed hijack this yet.

    I did not proceed to combofix steps since the housekeeping steps are not completed.

    Please advise. Thanks.
     
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    All of the 'can't do' problems were caused by being in Safe Mode. Security programs don't load in Safe Mode with Networking and usually the Windows Installer does't run. The following is a good indication that the problem is most likyly system based and not malware:
    The only thing showing in Mbam indicated there was-or is- an application that caused the firewall to be disabled and is a potentially unwanted.

    Is there some particular reason why you booted into Safe Mode? None of thee scans direct you to Safe Mode.
     
  8. gbm608

    gbm608 TS Rookie Topic Starter

    Regarding booting in safe mode. I may have mis understood you. You said -

    "(Note: regarding the following removals, it is best to remove them in Safe Mode)
    Boot into Safe Mode"

    So I booted in safe mode. I tried to house clean not in safemode.

    I was able to removed Hijack this.

    Same issue as posted before, I could not see F-secure, Cbeyond Secure Desktop, Advance system Care or RegistryBooster. I could not find these programs in the start/programs list or in the add programs in control panel. So I have not done anything with these programs yet. I need more instructions on how to deal with these programs.

    I have not moved on to combofix until housecleaning is done or until you tell me to move on to combofix.

    I did mean "I can't" your question.

    Thank you.
     
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay, I need for you to move on with the scans.

    That detection is a potentially unwanted modification,its a registry change, your security center notifications have been turned off- note: that sometimes AV & Firewall software will turn these off to avoid double notifications but many infections also change these settings that's why Malwarebytes detects it. The finding in Mbam is most likely a False Positive. Your antivirus and firewall software probably modified those Registry Values. You can have MBAM ignore those entries. The UpdatesDisableNotify as you said, was set by you. If I see this entry in Combofix, I can remove it.

    You might want to look into this mapping- this is not my area:
    Disk Partitians:
    C: is FIXED (NTFS) - 149 GiB total, 111.102 GiB free.
    D: is CDROM ()
    F: is FIXED (DataPlowSFSZ) - 463 GiB total, 305.283 GiB free.
    N: is NetworkDisk (*NT5CSC) - 149 GiB total, 111.102 GiB free.
    P: is NetworkDisk (*NT5CSC) - 149 GiB total, 111.102 GiB free.
    U: is NetworkDisk (*NT5CSC) - 149 GiB total, 111.102 GiB free.

    CSC stands for Client Side Caching and is a hidden directory which stores the offline copy of the file on the local machine. Encryption is not preserved by the CSC directory but file permissions are. However, anyone who has administrative rights on the local machine can view the files in the CSC directory. Check the local to permissions and groups to see what is going on.

    Intermittent slowdown can be caused by insufficient RAM> if you reboot after it slows down, then movement seems normal for a while, then slows down again, either there isn't enough RAM, too many programs and apps are running and the available RAM can handle them all at the same time. Also, high volume of internet traffic can cause a slow down at certain times of the day. . Once I see the other logs, I will have a better idea. At his point, I don't see malware.
     
  10. gbm608

    gbm608 TS Rookie Topic Starter

    Since my last reply I had an IT guy look at my machine. He agreed that no malware was present. He did some tweeks and adjustments and everything appears fine now. Thanks for your help. I am going to pass on the scans.

    Again thanks for your help. We can now consider this thread closed.
     
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Thanks for the update. You should remove all of the tools we used and the files and folders they created
    • Uninstall ComboFix and all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      [​IMG]
    • Download OTCleanIt by OldTimer and save it to your Desktop.
    • Double click OTCleanIt.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.

    Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
    • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
    • Go to Start > All Programs > Accessories > System Tools
    • Click "System Restore".
    • Choose "Create a Restore Point" on the first screen then click "Next".
    • Give the Restore Point a name> click "Create".
    • Go back and follow the path to > System Tools.
      [*]Choose Disc Cleanup
      [*]Click "OK" to select the partition or drive you want.
      [*]Click the "More Options" Tab.
      [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


    Empty the Recycle Bin
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...