PC started running extremely slow past few days... (logs attached)

Solved
By mcIrishgurl
Jun 28, 2011
Topic Status:
Not open for further replies.
  1. my pc for the last few days has suddenly started to run extremely slow including downloads ...more so when using IE (version 8), but firefox seems to be affected as well. not sure if something was picked up. attached are my logs. thanks in advance for taking a look...

    Malwarebytes' Anti-Malware 1.51.0.1200
    www.malwarebytes.org

    Database version: 6965

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    6/28/2011 12:12:47 AM
    mbam-log-2011-06-28 (00-12-47).txt

    Scan type: Quick scan
    Objects scanned: 194148
    Time elapsed: 33 minute(s), 40 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 2
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)






    GMER 1.0.15.15640 - http://www.gmer.net
    Rootkit quick scan 2011-06-28 00:57:55
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD400EB-11CPF0 rev.06.04G06
    Running: j6gw67uy.exe; Driver: C:\DOCUME~1\DAWNB~1\LOCALS~1\Temp\pxtdipow.sys


    ---- System - GMER 1.0.15 ----

    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF7464210]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF7464224]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF7464250]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF74642A6]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF74641FC]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF74641D4]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF74641E8]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF746423A]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF746427C]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xF7464266]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF74642D0]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF74642BC]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF7464290]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

    ---- EOF - GMER 1.0.15 ----
  2. mcIrishgurl

    mcIrishgurl TechSpot Enthusiast Topic Starter Posts: 134

    DDS (Ver_2011-06-23.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
    Run by Dawn B at 1:02:48 on 2011-06-28
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1271.652 [GMT -5:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Firewall *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxebserv.exe
    C:\WINDOWS\system32\lxebcoms.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    C:\WINDOWS\system32\mfevtps.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://att.my.yahoo.com
    uSearch Bar = hxxp://go.compaq.com/1Q00CDT/0409/bl8.asp
    mSearch Bar = hxxp://go.compaq.com/1Q00CDT/0409/bl8.asp
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110509214019.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    uPolicies-explorer: EditLevel = 0 (0x0)
    uPolicies-explorer: NoCommonGroups = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1301098716453
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1301103901046
    TCP: DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{5552D5E7-8E2B-4EFD-8EB1-1188DC6F16FF} : DhcpNameServer = 192.168.2.1
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\dawn b\application data\mozilla\firefox\profiles\9jqu77q9.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.att.net/
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-10-13 387480]
    R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-3-26 84200]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
    R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2011-3-26 54760]
    R2 lxeb_device;lxeb_device;c:\windows\system32\lxebcoms.exe -service --> c:\windows\system32\lxebcoms.exe -service [?]
    R2 lxebCATSCustConnectService;lxebCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxebserv.exe [2011-5-17 193192]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-27 366640]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-26 271480]
    R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-26 271480]
    R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-26 271480]
    R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-26 271480]
    R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-3-26 171168]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-3-26 188136]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-3-26 141792]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-3-26 56064]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-27 22712]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-3-26 153280]
    R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-3-26 52320]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-3-26 314088]
    R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-3-26 88736]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-27 39984]
    S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-3-26 88736]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-3-26 84488]
    .
    =============== Created Last 30 ================
    .
    2011-06-28 04:29:14 -------- d-----w- c:\documents and settings\dawn b\application data\Malwarebytes
    2011-06-28 04:28:54 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-06-28 04:28:52 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2011-06-28 04:28:41 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-28 04:28:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-06-21 21:00:27 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
    2011-06-21 21:00:26 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
    2011-06-18 15:35:41 -------- d-----w- C:\hegames
    2011-06-15 23:48:09 105472 ------w- c:\windows\system32\dllcache\mup.sys
    2011-06-10 20:45:16 -------- d-----w- c:\program files\iPod
    2011-06-10 20:45:08 -------- d-----w- c:\program files\iTunes
    2011-06-10 20:30:27 -------- d-----w- c:\program files\Bonjour
    2011-06-06 17:55:30 183696 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
    .
    ==================== Find3M ====================
    .
    2011-06-16 20:03:37 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec
    2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
    2011-04-14 19:01:38 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    2011-04-14 19:01:38 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
    2011-04-14 19:01:38 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys
    2011-04-14 19:01:38 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys
    2011-04-14 19:01:38 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
    2011-04-14 19:01:38 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys
    2011-04-14 19:01:38 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys
    2011-04-14 19:01:38 387480 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2011-04-14 19:01:38 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys
    2011-04-14 19:01:38 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2011-04-14 19:01:38 141792 ----a-w- c:\windows\system32\mfevtps.exe
    2011-04-06 21:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
    2011-04-06 21:20:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll
    2011-04-06 21:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
    2011-04-06 21:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
    .
    ============= FINISH: 1:05:15.60 ===============
  3. mcIrishgurl

    mcIrishgurl TechSpot Enthusiast Topic Starter Posts: 134

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-23.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 3/25/2011 6:25:39 PM
    System Uptime: 6/28/2011 12:16:41 AM (1 hours ago)
    .
    Motherboard: Lite-On Tech. | | 0888h
    Processor: Intel(R) Celeron(R) CPU 2.00GHz | mPGA-478 | 2000/100mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 37 GiB total, 18.966 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP92: 5/9/2011 3:02:50 PM - System Checkpoint
    RP93: 5/10/2011 3:48:26 PM - System Checkpoint
    RP94: 5/11/2011 3:01:05 AM - Software Distribution Service 3.0
    RP95: 5/12/2011 3:36:25 AM - System Checkpoint
    RP96: 5/13/2011 4:21:44 AM - System Checkpoint
    RP97: 5/14/2011 5:19:53 AM - System Checkpoint
    RP98: 5/15/2011 5:21:19 AM - System Checkpoint
    RP99: 5/16/2011 6:00:16 AM - System Checkpoint
    RP100: 5/17/2011 6:59:11 AM - System Checkpoint
    RP101: 5/17/2011 6:32:21 PM - Removed ABBYY FineReader 5.0 Sprint
    RP102: 5/17/2011 6:55:43 PM - Printer Driver Fax Lexmark Pro200-S500 Series Printer Installed
    RP103: 5/18/2011 9:41:13 PM - System Checkpoint
    RP104: 5/20/2011 2:17:33 AM - System Checkpoint
    RP105: 5/21/2011 3:25:07 AM - System Checkpoint
    RP106: 5/22/2011 4:07:24 AM - System Checkpoint
    RP107: 5/23/2011 4:47:24 AM - System Checkpoint
    RP108: 5/24/2011 4:53:05 AM - System Checkpoint
    RP109: 5/25/2011 5:47:06 AM - System Checkpoint
    RP110: 5/26/2011 6:05:00 AM - System Checkpoint
    RP111: 5/27/2011 6:33:57 AM - System Checkpoint
    RP112: 5/28/2011 6:50:56 AM - System Checkpoint
    RP113: 5/29/2011 7:50:56 AM - System Checkpoint
    RP114: 5/30/2011 8:04:13 AM - System Checkpoint
    RP115: 5/31/2011 1:38:35 PM - System Checkpoint
    RP116: 6/1/2011 1:42:18 PM - System Checkpoint
    RP117: 6/2/2011 4:44:30 PM - System Checkpoint
    RP118: 6/3/2011 4:49:43 PM - System Checkpoint
    RP119: 6/4/2011 5:04:45 PM - System Checkpoint
    RP120: 6/5/2011 5:31:26 PM - System Checkpoint
    RP121: 6/6/2011 7:49:07 PM - System Checkpoint
    RP122: 6/7/2011 8:05:19 PM - System Checkpoint
    RP123: 6/8/2011 10:37:42 PM - System Checkpoint
    RP124: 6/9/2011 11:01:45 PM - System Checkpoint
    RP125: 6/11/2011 2:44:52 AM - System Checkpoint
    RP126: 6/12/2011 3:10:20 AM - System Checkpoint
    RP127: 6/13/2011 3:12:38 AM - System Checkpoint
    RP128: 6/14/2011 4:50:17 AM - System Checkpoint
    RP129: 6/15/2011 4:50:58 AM - System Checkpoint
    RP130: 6/16/2011 1:25:58 AM - Software Distribution Service 3.0
    RP131: 6/16/2011 2:10:10 AM - Software Distribution Service 3.0
    RP132: 6/17/2011 2:26:19 AM - System Checkpoint
    RP133: 6/18/2011 3:00:06 AM - System Checkpoint
    RP134: 6/19/2011 3:03:52 AM - System Checkpoint
    RP135: 6/20/2011 4:15:11 AM - System Checkpoint
    RP136: 6/21/2011 5:17:28 AM - System Checkpoint
    RP137: 6/22/2011 5:55:38 AM - System Checkpoint
    RP138: 6/23/2011 7:10:31 AM - System Checkpoint
    RP139: 6/24/2011 7:46:05 AM - System Checkpoint
    RP140: 6/25/2011 9:05:50 AM - System Checkpoint
    RP141: 6/26/2011 9:19:16 AM - System Checkpoint
    RP142: 6/27/2011 10:32:17 AM - System Checkpoint
    RP143: 6/28/2011 12:34:33 AM - Software Distribution Service 3.0
    .
    ==== Installed Programs ======================
    .
    ABBYY FineReader 6.0 Sprint
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader X (10.1.0)
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Bonjour
    CCleaner
    Compatibility Pack for the 2007 Office system
    FaxTools
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB954708)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB981793)
    Intel(R) Extreme Graphics Driver
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 24
    Junk Mail filter update
    Learning Essentials for Microsoft Office
    Lexmark Pro200-S500 Series
    Lexmark Toolbar
    Lexmark Tools for Office
    Logitech Desktop Messenger
    Logitech Print Service
    Logitech QuickCam Software
    Logitech SetPoint
    Logitech® Camera Driver
    Malwarebytes' Anti-Malware version 1.51.0.1200
    McAfee SecurityCenter
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Office Professional Edition 2003
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Works 7.0
    Mozilla Firefox 5.0 (x86 en-US)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    PCI SoftV92 Modem
    Picture Package Music Transfer
    QuickTime
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 9 (KB917734)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982381)
    Security Update for Windows XP (KB982665)
    Segoe UI
    Sony Picture Utility
    Sony USB Driver
    SoundMAX
    SpywareBlaster 4.4
    SUPERAntiSpyware
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    WebFldrs XP
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    .
    ==== Event Viewer Messages From Past Week ========
    .
    6/25/2011 4:15:23 PM, error: Dhcp [1002] - The IP address lease 192.168.2.2 for the Network Card with network address 0002E3332CF2 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
    6/25/2011 11:21:10 AM, error: DCOM [10001] - Unable to start a DCOM Server: {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} as /. The error: "%233" Happened while starting this command: "c:\PROGRA~1\mcafee.com\agent\mcagent.exe" -Embedding
    6/24/2011 8:12:58 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the mcmscsvc service.
    6/23/2011 5:35:44 PM, error: DCOM [10001] - Unable to start a DCOM Server: {6DFC2D17-579D-4C1C-93B7-B05B7DCCD766} as /. The error: "%233" Happened while starting this command: "c:\PROGRA~1\mcafee.com\agent\mcagent.exe" -Embedding
    6/22/2011 4:37:46 AM, error: Dhcp [1002] - The IP address lease 192.168.2.3 for the Network Card with network address 0002E3332CF2 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
    .
    ==== End Of File ===========================
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Welcome back! Seems to me we cleaned your system up not too long ago! But you do have malware again and it's disabled the Security Center.

    Please go ahead with these 2 scans:
    Please note: If you have Combofix on the desktop already, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
    ========================================
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    ======================================
    You should already have the Recovery Console, so Combofix will not go through that query.

    Keep in mind: there are many reasons for 'slow' and they aren't always malware!
    =========================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.
    If I have not replied for 2 days, you can send me a PM reminder. Include the URL of your thread. Please do not send me a PM to tell me your logs are up.
    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================
  5. mcIrishgurl

    mcIrishgurl TechSpot Enthusiast Topic Starter Posts: 134

    hi bobbyeye...and yes it wan't too long ago you helped me, albeit for a different symptom...now this :( i tried completing the combofix however when it gets to completed stage 50 i get a pop up error that pev.cfxxe has encountered a problem and needs to close. no report was generated as a result. i didn't proceed to your eset step yet because i wasn't sure if the combofix had to be run in its entirety without error....
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Please run this and see if it will clear enough for Combofix to run:
    • Download the file TDSSKiller.zip and save to the desktop.
      (If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
    • Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
    • Double click on TDSSKiller.exe. to run the scan
    • When the scan is over, the utility outputs a list of detected objects with description.
      The utility automatically selects an action (Cure or Delete) for malicious objects.
      The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
    • Select the action Quarantine to quarantine detected objects.
      The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43
    • After clicking Next, the utility applies selected actions and outputs the result.
    • A reboot is required after disinfection.
    =======================================
    Try Combofix again. If it won't run in Normal Mode, try running the scan in Safe Mode. If it still won't run, let me know.
  7. mcIrishgurl

    mcIrishgurl TechSpot Enthusiast Topic Starter Posts: 134

    tdsskiller didn't find anything, but when i tried combofix again, combofix completed...so go figure...below is the combofix log....eset found no threats, so no log...


    ComboFix 11-06-29.06 - Dawn B 06/29/2011 14:18:55.5.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1271.800 [GMT -5:00]
    Running from: c:\documents and settings\Dawn B\My Documents\Downloads\ComboFix.exe
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-05-28 to 2011-06-29 )))))))))))))))))))))))))))))))
    .
    .
    2011-06-28 04:29 . 2011-06-28 04:29 -------- d-----w- c:\documents and settings\Dawn B\Application Data\Malwarebytes
    2011-06-28 04:28 . 2011-05-29 14:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-06-28 04:28 . 2011-06-28 04:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-06-28 04:28 . 2011-06-28 04:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-06-28 04:28 . 2011-05-29 14:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-21 21:00 . 2011-06-21 21:00 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
    2011-06-21 21:00 . 2011-06-21 21:00 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
    2011-06-18 15:35 . 2011-06-18 15:35 -------- d-----w- C:\hegames
    2011-06-17 04:10 . 2011-06-17 04:11 -------- d-----w- c:\program files\Common Files\Adobe
    2011-06-15 23:48 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
    2011-06-10 20:45 . 2011-06-10 20:45 -------- d-----w- c:\program files\iPod
    2011-06-10 20:45 . 2011-06-10 20:48 -------- d-----w- c:\program files\iTunes
    2011-06-10 20:30 . 2011-06-10 20:30 -------- d-----w- c:\program files\Bonjour
    2011-06-06 17:55 . 2011-06-06 17:55 183696 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-06-16 20:03 . 2011-05-14 14:41 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-05-02 15:31 . 2002-08-29 10:40 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-04-29 17:25 . 2002-08-29 10:41 151552 ----a-w- c:\windows\system32\schannel.dll
    2011-04-29 16:19 . 2002-08-29 08:59 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-04-25 16:11 . 2002-08-29 10:41 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-04-25 16:11 . 2002-08-29 10:41 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-04-25 16:11 . 2002-08-29 10:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-04-25 12:01 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
    2011-04-21 13:37 . 2002-08-29 09:12 105472 ----a-w- c:\windows\system32\drivers\mup.sys
    2011-04-14 19:01 . 2011-03-26 20:36 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
    2011-04-14 19:01 . 2011-03-26 20:35 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys
    2011-04-14 19:01 . 2011-03-26 20:35 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys
    2011-04-14 19:01 . 2011-03-26 20:35 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
    2011-04-14 19:01 . 2011-03-26 20:35 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys
    2011-04-14 19:01 . 2011-03-26 20:35 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys
    2011-04-14 19:01 . 2011-03-26 20:35 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys
    2011-04-14 19:01 . 2011-03-26 20:35 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2011-04-14 19:01 . 2011-03-26 20:19 141792 ----a-w- c:\windows\system32\mfevtps.exe
    2011-04-14 19:01 . 2010-10-14 03:28 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    2011-04-14 19:01 . 2010-10-14 03:28 387480 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2011-04-06 21:20 . 2011-04-06 21:20 91424 ----a-w- c:\windows\system32\dnssd.dll
    2011-04-06 21:20 . 2011-04-06 21:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll
    2011-04-06 21:20 . 2011-04-06 21:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
    2011-04-06 21:20 . 2011-04-06 21:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2011-06-21 21:00 . 2011-03-26 22:45 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2011-04-14 19:01 . 2011-03-27 01:01 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-04-05 1195408]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "EditLevel"= 0 (0x0)
    "NoCommonGroups"= 0 (0x0)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
    backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
    backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Dawn B^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
    path=c:\documents and settings\Dawn B\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
    backup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2011-06-06 17:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2011-06-06 17:55 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
    2011-01-24 01:00 148280 ----a-w- c:\program files\Lexmark Pro200-S500 Series\ezprint.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-06-07 22:51 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
    2011-03-25 23:58 32768 ----a-w- c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark Pro200-S500 Series Fax Server]
    2011-01-24 01:00 316072 ----a-w- c:\program files\Lexmark Pro200-S500 Series\fm3032.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
    2005-01-18 23:07 196608 ----a-w- c:\program files\Logitech\Video\ManifestEngine.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
    2005-01-18 23:47 458752 ----a-w- c:\program files\Logitech\Video\ISStart.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
    2005-01-18 23:37 217088 ----a-w- c:\program files\Logitech\Video\LogiTray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
    2004-10-08 17:52 221184 ----a-w- c:\windows\system32\LVCOMSX.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxebmon.exe]
    2011-01-24 01:00 770728 ----a-w- c:\program files\Lexmark Pro200-S500 Series\lxebmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcui_exe]
    2011-04-05 16:50 1195408 ----a-w- c:\program files\McAfee.com\Agent\mcagent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2010-04-17 03:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetFxUpdate_v1.1.4322]
    2004-08-10 21:20 106496 ----a-w- c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\srmclean]
    2001-07-24 21:34 36864 ----a-w- c:\cpqs\scom\srmclean.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-10-29 19:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
    2011-06-07 20:49 2424192 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
    "c:\\WINDOWS\\system32\\lxebcoms.exe"=
    "c:\\Program Files\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    .
    R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [3/26/2011 3:35 PM 84200]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
    R2 lxeb_device;lxeb_device;c:\windows\system32\lxebcoms.exe -service --> c:\windows\system32\lxebcoms.exe -service [?]
    R2 lxebCATSCustConnectService;lxebCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxebserv.exe [5/17/2011 6:58 PM 193192]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/27/2011 11:28 PM 366640]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/26/2011 3:35 PM 271480]
    R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/26/2011 3:35 PM 271480]
    R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/26/2011 3:35 PM 271480]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [3/26/2011 3:36 PM 188136]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [3/26/2011 3:19 PM 141792]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [3/26/2011 3:35 PM 56064]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/27/2011 11:28 PM 22712]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [3/26/2011 3:35 PM 314088]
    R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [3/26/2011 3:35 PM 88736]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [6/27/2011 11:28 PM 39984]
    S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [3/26/2011 3:35 PM 88736]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [3/26/2011 3:35 PM 84488]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - 92753423
    *Deregistered* - 92753423
    *Deregistered* - mfeavfk01
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-06-24 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://att.my.yahoo.com
    mSearch Bar = hxxp://go.compaq.com/1Q00CDT/0409/bl8.asp
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.2.1
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    FF - ProfilePath - c:\documents and settings\Joe\Application Data\Mozilla\Firefox\Profiles\wc40fgpi.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.att.net/
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    MSConfigStartUp-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil10o_ActiveX.exe
    MSConfigStartUp-Lexmark X1100 Series - c:\program files\Lexmark X1100 Series\lxbkbmgr.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-06-29 14:43
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1f,be,2f,41,19,e6,8e,4e,b4,bd,b8,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1f,be,2f,41,19,e6,8e,4e,b4,bd,b8,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(988)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    .
    - - - - - - - > 'explorer.exe'(2180)
    c:\windows\system32\WININET.dll
    c:\progra~1\mcafee\SITEAD~1\saHook.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2011-06-29 14:48:21
    ComboFix-quarantined-files.txt 2011-06-29 19:48
    .
    Pre-Run: 20,246,917,120 bytes free
    Post-Run: 20,513,636,352 bytes free
    .
    - - End Of File - - 9564BE890832CC8A7F1E3C92F62CE1C5
  8. mcIrishgurl

    mcIrishgurl TechSpot Enthusiast Topic Starter Posts: 134

    as you review the above, i thought i'd mention that my mcafee ran it's scheduled scan and came up with Tool-NirCmd...it was quarantined and gave me an option to remove....should i remove this or handle it some other way?
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    NirCmd is used by Combofix. It should not be deleted.
  10. mcIrishgurl

    mcIrishgurl TechSpot Enthusiast Topic Starter Posts: 134

    not sure if you reviewed the combofix log yet as you didn't mention it in last reply...that was the last thing you asked me to try and complete...it's above your last post to me...thanks!
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    On 6/18, you show a Directory for C:/hegames He Games are Games tagged he by Sploder members. Sploder is an online game creator. Create fun games that you can publish to the net and email to friends.

    The main site is here: http://www.sploder.com/games/tags/he/ and the games are tagged with -he

    Did the current problems begin after 6/18?

    I went back a reviewed your previous thread. You had problems with the links, scans and logs in that thread also. Additionally, you had to wrestle with the McAfee program constantly. I am thinking the OS may not be configured correctly.

    I am not sure what was done there, but since that date, with the exclusion of the security scans, it looks like you've added , updated or reinstalled the following:
    2011-06-07 20:49 2424192 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[/quote]

    Depending on whether they started on boot and are running in the background, they could make a significant difference in the system performance.
     
  12. mcIrishgurl

    mcIrishgurl TechSpot Enthusiast Topic Starter Posts: 134

    i checked out that sploder link you posted and i certainly didn't knowingly download that, so i would certainly like your help to get rid of that and not sure what that ie plug in on 6-6 is (do i need that plug in?? if not you can help me get rid of that as well...but as for the other entries you displayed, they seem to be updates i am thinking....also, is the combofix log showing anything because i did post that as i got it to run in it's entirety....
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Are there other users on this computer? This programs don't install themselves- the plugin I mentioned is most likely legitimate and also needs to be intentionally installed. Someone set up a Directory for the games.

    Let's see if we can round up the accounts on the system: You already have SuperantiSpyware on the system. Please update it and run a scan. Be sure to do this:
    Make sure everything found has a checkmark next to it, then press 'Next'.
    ==========================================
    Then run this- the programs will go through each account and we can get more information:

    Please download OTMovit by Old Timer and save to your desktop.
    • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy)
      Code:
      :Files  
      c:\program files\Internet Explorer\PLUGINS\nppdf32.dll 
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
    ================================================
    Please paste both of the logs in your next reply.
  14. mcIrishgurl

    mcIrishgurl TechSpot Enthusiast Topic Starter Posts: 134

    there are 3 users on the pc...so lets see who the culprit is! lol

    All processes killed
    ========== FILES ==========
    DllUnregisterServer procedure not found in c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
    c:\program files\Internet Explorer\PLUGINS\nppdf32.dll moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Dawn B
    ->Temp folder emptied: 11031072 bytes
    ->Temporary Internet Files folder emptied: 124683202 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 89075677 bytes
    ->Flash cache emptied: 1559 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Joe
    ->Temp folder emptied: 50710 bytes
    ->Temporary Internet Files folder emptied: 44873770 bytes
    ->FireFox cache emptied: 103868410 bytes
    ->Flash cache emptied: 849 bytes

    User: Jonathan
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->FireFox cache emptied: 57214353 bytes
    ->Flash cache emptied: 470 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 595955 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 2048 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 411.00 mb


    OTM by OldTimer - Version 3.1.18.0 log created on 07022011_213032

    Files moved on Reboot...

    Registry entries deleted on Reboot...




    this is the scan for superAntiSpyware....doesn't look like much here...so i also included the scan before today's from 6-7-11....

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 07/02/2011 at 09:13 PM

    Application Version : 4.55.1000

    Core Rules Database Version : 7367
    Trace Rules Database Version: 5179

    Scan type : Complete Scan
    Total Scan Time : 01:14:24

    Memory items scanned : 530
    Memory threats detected : 0
    Registry items scanned : 7206
    Registry threats detected : 0
    File items scanned : 21186
    File threats detected : 8

    Adware.Tracking Cookie
    C:\Documents and Settings\Dawn B\Cookies\dawn_b@bizrate[1].txt
    C:\Documents and Settings\Joe\Cookies\joe@atdmt[2].txt
    C:\Documents and Settings\Joe\Cookies\joe@wt.xxxmatch[1].txt
    C:\Documents and Settings\Joe\Cookies\joe@sexlog[1].txt
    C:\Documents and Settings\Joe\Cookies\joe@www.fpctraffic2[1].txt
    C:\Documents and Settings\Joe\Cookies\joe@www.xxxmatch[2].txt
    C:\Documents and Settings\Joe\Cookies\joe@xxxmatch[1].txt
    C:\Documents and Settings\Jonathan\Cookies\jonathan@atdmt.combing[2].txt



    http://www.superantispyware.com

    Generated 06/07/2011 at 04:12 PM

    Application Version : 4.53.1000

    Core Rules Database Version : 7079
    Trace Rules Database Version: 5037

    Scan type : Quick Scan
    Total Scan Time : 00:16:47

    Memory items scanned : 500
    Memory threats detected : 0
    Registry items scanned : 1972
    Registry threats detected : 2
    File items scanned : 5000
    File threats detected : 9

    Adware.Tracking Cookie
    C:\Documents and Settings\Dawn B\Cookies\dawn_b@atdmt[2].txt
    C:\Documents and Settings\Dawn B\Cookies\dawn_b@atdmt.combing[2].txt
    cdn1.static1.pornrabbit.com [ C:\Documents and Settings\Joe\Application Data\Macromedia\Flash Player\#SharedObjects\UQ7KEXQ4 ]
    C:\Documents and Settings\Joe\Cookies\joe@0ec85edc.hornywood[1].txt
    C:\Documents and Settings\Joe\Cookies\joe@a8e9f4b7.hornywood[2].txt
    C:\Documents and Settings\Joe\Cookies\joe@atdmt.combing[2].txt
    C:\Documents and Settings\Joe\Cookies\joe@db0263fd.hornywood[1].txt
    C:\Documents and Settings\Joe\Cookies\joe@f66d08d5.hornywood[1].txt
    C:\Documents and Settings\Joe\Cookies\joe@pornhost[2].txt

    Disabled.SecurityCenterOption
    HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#ANTIVIRUSDISABLENOTIFY
    HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#FIREWALLDISABLENOTIFY
  15. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Suggest you have a talk with User Joe. The sites he is visiting pose a threat to the security of the system.

    All 3 of you need to set a maintenance plan for each account:
    Delete temporary internet files and Cookies
    Dis Clean up
    Error Check
    Defrag.
    Frequency depends on usage

    Suggest all 3 accounts reset Cookies as follows:
    Reset Cookies

    For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'accept first party Cookies'> CHECK 'Block third party Cookies'> CHECK 'allow per session Cookies'> Apply> OK.

    For Firefox: Tools> Options> Privacy> Cookies> CHECK ‘accept Cookies from Sites’> UNCHECK 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')

    I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
    AdBlock Plus
    Easy List

    For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
    (First-party and third-party cookies can be set by the website you're visiting and websites that have items embedded in the website you're visiting. But when you next visit the website, only first-party cookie information is sent to the website. Third-party cookie information isn't sent back to the websites that originally set the third-party cookies.)
  16. mcIrishgurl

    mcIrishgurl TechSpot Enthusiast Topic Starter Posts: 134

    i do cleanups for all 3 users regularly and already have those firefox add ons....so now what do i do to get rid of that one directory entry for games that you saw and who of the users inadvertently downloaded?
  17. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    I am somewhat puzzled over these numbers:
    User: Dawn B
    ->Temp folder emptied: 11031072 bytes
    ->Temporary Internet Files folder emptied: 124683202 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 89075677 bytes
    ->Flash cache emptied: 1559 bytes

    User: Joe
    ->Temp folder emptied: 50710 bytes
    ->Temporary Internet Files folder emptied: 44873770 bytes
    ->FireFox cache emptied: 103868410 bytes
    ->Flash cache emptied: 849 bytes

    User: Jonathan
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->FireFox cache emptied: 57214353 bytes
    ->Flash cache emptied: 470 bytes

    Total Files Cleaned = 411.00 mb was unusually high for regular cleaning.
    The only Tracking Cookies of any significant are from the sites being visited by Joe.
    ===================================
    Since you did a reinstall somewhere during this thread, I'd like you to run a new Combofix scan. I will set up some scrit to remove the remaining unsuitable entries and also check the status of the Security Center.
    Please note: If you have Combofix on the desktop already, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
  18. mcIrishgurl

    mcIrishgurl TechSpot Enthusiast Topic Starter Posts: 134

    i guess "regular cleaning" is a relative term...lol....i usually do it either once a week or once every 2 weeks with ccleaner and then either once or twice a month with sas and defrag usually once a month....and the reinstall of the system was a different thread, i want to say about 1 or 2 months ago...i haven't done it within this issue, just to clarify that for you... :)


    ComboFix 11-07-03.04 - Dawn B 07/04/2011 12:35:08.6.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1271.864 [GMT -5:00]
    Running from: c:\documents and settings\Dawn B\My Documents\Downloads\ComboFix.exe
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-06-04 to 2011-07-04 )))))))))))))))))))))))))))))))
    .
    .
    2011-07-03 02:30 . 2011-07-03 02:30 -------- d-----w- C:\_OTM
    2011-07-02 04:24 . 2011-07-02 04:31 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-07-01 06:39 . 2011-07-01 06:39 -------- d-----w- c:\program files\Common Files\Java
    2011-07-01 06:39 . 2011-07-01 06:38 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-06-28 04:29 . 2011-06-28 04:29 -------- d-----w- c:\documents and settings\Dawn B\Application Data\Malwarebytes
    2011-06-28 04:28 . 2011-05-29 14:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-06-28 04:28 . 2011-06-28 04:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-06-28 04:28 . 2011-06-28 04:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-06-28 04:28 . 2011-05-29 14:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-21 21:00 . 2011-06-21 21:00 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
    2011-06-21 21:00 . 2011-06-21 21:00 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
    2011-06-18 15:35 . 2011-06-18 15:35 -------- d-----w- C:\hegames
    2011-06-17 04:10 . 2011-06-17 04:11 -------- d-----w- c:\program files\Common Files\Adobe
    2011-06-15 23:48 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
    2011-06-10 20:45 . 2011-06-10 20:45 -------- d-----w- c:\program files\iPod
    2011-06-10 20:45 . 2011-06-10 20:48 -------- d-----w- c:\program files\iTunes
    2011-06-10 20:30 . 2011-06-10 20:30 -------- d-----w- c:\program files\Bonjour
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-07-01 06:38 . 2011-03-26 23:01 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-05-02 15:31 . 2002-08-29 10:40 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-04-29 17:25 . 2002-08-29 10:41 151552 ----a-w- c:\windows\system32\schannel.dll
    2011-04-29 16:19 . 2002-08-29 08:59 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-04-25 16:11 . 2002-08-29 10:41 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-04-25 16:11 . 2002-08-29 10:41 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-04-25 16:11 . 2002-08-29 10:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-04-25 12:01 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
    2011-04-21 13:37 . 2002-08-29 09:12 105472 ----a-w- c:\windows\system32\drivers\mup.sys
    2011-04-14 19:01 . 2011-03-26 20:36 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
    2011-04-14 19:01 . 2011-03-26 20:35 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys
    2011-04-14 19:01 . 2011-03-26 20:35 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys
    2011-04-14 19:01 . 2011-03-26 20:35 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
    2011-04-14 19:01 . 2011-03-26 20:35 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys
    2011-04-14 19:01 . 2011-03-26 20:35 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys
    2011-04-14 19:01 . 2011-03-26 20:35 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys
    2011-04-14 19:01 . 2011-03-26 20:35 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2011-04-14 19:01 . 2011-03-26 20:19 141792 ----a-w- c:\windows\system32\mfevtps.exe
    2011-04-14 19:01 . 2010-10-14 03:28 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    2011-04-14 19:01 . 2010-10-14 03:28 387480 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2011-04-06 21:20 . 2011-04-06 21:20 91424 ----a-w- c:\windows\system32\dnssd.dll
    2011-04-06 21:20 . 2011-04-06 21:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll
    2011-04-06 21:20 . 2011-04-06 21:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
    2011-04-06 21:20 . 2011-04-06 21:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2011-06-21 21:00 . 2011-03-26 22:45 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2011-04-14 19:01 . 2011-03-27 01:01 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-06-29_19.43.28 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-07-03 02:50 . 2011-07-03 02:50 16384 c:\windows\Temp\Perflib_Perfdata_274.dat
    - 2003-05-20 01:08 . 2011-06-29 13:56 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2003-05-20 01:08 . 2011-07-04 14:08 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    - 2003-05-20 01:08 . 2011-06-29 13:56 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
    + 2011-06-30 00:57 . 2011-07-04 14:08 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
    + 2011-07-02 04:31 . 2011-07-02 04:31 243360 c:\windows\system32\Macromed\Flash\FlashUtil10u_Plugin.exe
    + 2011-07-02 04:24 . 2011-07-02 04:24 243360 c:\windows\system32\Macromed\Flash\FlashUtil10u_ActiveX.exe
    + 2011-07-02 04:24 . 2011-07-02 04:24 328864 c:\windows\system32\Macromed\Flash\FlashUtil10u_ActiveX.dll
    + 2011-07-01 06:39 . 2011-07-01 06:38 157472 c:\windows\system32\javaws.exe
    - 2011-03-26 23:01 . 2011-03-26 23:00 157472 c:\windows\system32\javaws.exe
    - 2011-03-26 23:01 . 2011-03-26 23:00 145184 c:\windows\system32\javaw.exe
    + 2011-07-01 06:39 . 2011-07-01 06:38 145184 c:\windows\system32\javaw.exe
    - 2011-03-26 23:01 . 2011-03-26 23:00 145184 c:\windows\system32\java.exe
    + 2011-07-01 06:39 . 2011-07-01 06:38 145184 c:\windows\system32\java.exe
    + 2011-07-01 06:39 . 2011-07-01 06:39 203776 c:\windows\Installer\2659a9.msi
    + 2011-07-01 06:38 . 2011-07-01 06:38 675840 c:\windows\Installer\2659a4.msi
    + 2011-07-02 04:31 . 2011-07-02 04:31 6271648 c:\windows\system32\Macromed\Flash\NPSWF32.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-04-05 1195408]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "EditLevel"= 0 (0x0)
    "NoCommonGroups"= 0 (0x0)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
    backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
    backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Dawn B^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
    path=c:\documents and settings\Dawn B\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
    backup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2011-06-06 17:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2011-06-06 17:55 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
    2011-01-24 01:00 148280 ----a-w- c:\program files\Lexmark Pro200-S500 Series\ezprint.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-06-07 22:51 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
    2011-03-25 23:58 32768 ----a-w- c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark Pro200-S500 Series Fax Server]
    2011-01-24 01:00 316072 ----a-w- c:\program files\Lexmark Pro200-S500 Series\fm3032.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
    2005-01-18 23:07 196608 ----a-w- c:\program files\Logitech\Video\ManifestEngine.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
    2005-01-18 23:47 458752 ----a-w- c:\program files\Logitech\Video\ISStart.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
    2005-01-18 23:37 217088 ----a-w- c:\program files\Logitech\Video\LogiTray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
    2004-10-08 17:52 221184 ----a-w- c:\windows\system32\LVCOMSX.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxebmon.exe]
    2011-01-24 01:00 770728 ----a-w- c:\program files\Lexmark Pro200-S500 Series\lxebmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcui_exe]
    2011-04-05 16:50 1195408 ----a-w- c:\program files\McAfee.com\Agent\mcagent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2010-04-17 03:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetFxUpdate_v1.1.4322]
    2004-08-10 21:20 106496 ----a-w- c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\srmclean]
    2001-07-24 21:34 36864 ----a-w- c:\cpqs\scom\srmclean.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2011-04-08 17:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
    2011-07-03 00:45 2424192 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
    "c:\\WINDOWS\\system32\\lxebcoms.exe"=
    "c:\\Program Files\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    .
    R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [3/26/2011 3:35 PM 84200]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
    R2 lxeb_device;lxeb_device;c:\windows\system32\lxebcoms.exe -service --> c:\windows\system32\lxebcoms.exe -service [?]
    R2 lxebCATSCustConnectService;lxebCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxebserv.exe [5/17/2011 6:58 PM 193192]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/27/2011 11:28 PM 366640]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/26/2011 3:35 PM 271480]
    R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/26/2011 3:35 PM 271480]
    R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/26/2011 3:35 PM 271480]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [3/26/2011 3:36 PM 188136]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [3/26/2011 3:19 PM 141792]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [3/26/2011 3:35 PM 56064]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/27/2011 11:28 PM 22712]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [3/26/2011 3:35 PM 314088]
    R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [3/26/2011 3:35 PM 88736]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [6/27/2011 11:28 PM 39984]
    S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [3/26/2011 3:35 PM 88736]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [3/26/2011 3:35 PM 84488]
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - mfeavfk01
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-07-01 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://att.my.yahoo.com
    mSearch Bar = hxxp://go.compaq.com/1Q00CDT/0409/bl8.asp
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.2.1
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    FF - ProfilePath - c:\documents and settings\Joe\Application Data\Mozilla\Firefox\Profiles\wc40fgpi.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.att.net/
    FF - prefs.js: network.proxy.type - 0
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-07-04 12:51
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1f,be,2f,41,19,e6,8e,4e,b4,bd,b8,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1f,be,2f,41,19,e6,8e,4e,b4,bd,b8,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(976)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    .
    - - - - - - - > 'explorer.exe'(1308)
    c:\windows\system32\WININET.dll
    c:\progra~1\mcafee\SITEAD~1\saHook.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2011-07-04 12:56:35
    ComboFix-quarantined-files.txt 2011-07-04 17:56
    ComboFix2.txt 2011-06-29 19:48
    .
    Pre-Run: 20,558,659,584 bytes free
    Post-Run: 20,595,404,800 bytes free
    .
    - - End Of File - - 6105ED1681257667DF6560C28A214F0A
  19. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Going back to the beginning:
    You might consider contacting the ISP and ask of there has been any problem that could cause this slowdown.

    Removing the game folder:
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
    Code:
    File::
    Folder::
    C:\hegames
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . You do not need to leave this log.
    ==============================================
    Sorry about getting the reinstall mixed up. You might want to take a look at the processes on the Startup menu: Consider using the msconfig utility to remove processes that don't need to start on boot. What can be unchecked: Printers/scanners, media players, auto update for Java, Adobe, iTunes, Quicktime, tc. The only processes that need to start on boot are:
    Antivirus program
    3rd Party firewall
    Touchpad for laptop
    Network process is using are Network.Cisco.
    Nothing else
    --------------------------------
    To remove entries from the Startup Menu using the msconfig utility:
    • Click on Start> Run> type in msconfig> enter>
      [​IMG]
    • Click on Selective Startup
    • Choose the Startup tab:
      [​IMG]
      All images courtesy NetSquirrel
    • To expand the Command Column, (this shows what the process 'belongs' to) hold left mouse button down on the dividing line on frame above Location and move to the right to expand.
    • Uncheck any processes you do not need to start on boot.
    • Click on Apply> OK when finished.
    NOTE:
    When you reboot the system the first time after making changes using the msconfig utility, a nag message comes up that can be ignored and closed after checking 'don't show this message again.' Remain in Selective Startup to retain those changes.
    =====================================
    Removing all of the tools we used and the files and folders they created
    • Uninstall ComboFix and all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      [​IMG]
    • Download OTCleanIt by OldTimer and save it to your Desktop.
    • Double click OTCleanIt.exe.
    • Click the CleanUp! button.
    • Select Yes when the "Begin cleanup Process?" prompt appears.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    -----
    Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
    ------------------------------------------
    • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
    • Go to Start > All Programs > Accessories > System Tools
    • Click "System Restore".
    • Choose "Create a Restore Point" on the first screen then click "Next".
    • Give the Restore Point a name> click "Create".
    • Go back and follow the path to > System Tools.
      [*]Choose Disc Cleanup
      [*]Click "OK" to select the partition or drive you want.
      [*]Click the "More Options" Tab.
      [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


    Empty the Recycle Bin

    Let me know if you have any more questions.
  20. mcIrishgurl

    mcIrishgurl TechSpot Enthusiast Topic Starter Posts: 134

    thank you bobbye...I'll be contacting my isp provider tomorrow..i just wanted to be sure before i called them that my system was clean....thanks again!
  21. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    You're very welcome! Here are a few tips to help keep the system clean:
    Tips for added security and safer browsing: (Links are in Bold Blue)
    1. Browser Security
      [o] Safe Settings (Please ignore the suggestion to use the Registry Editior in this section "Creating a Custom Security Zone")
      [o] ZonedOut. This manages the Zones in Internet Explorer. (For IE7 and IE8, Windows 2000 thru Vista. No Windows 7)
      [o] Replace the Host Files
      [o] Google Toolbar Pop Up Blocker
      [o]Web of Trust (WOT) Site Advisor. Traffic-light rating symbols show which rate the site for Trustworthiness, Vendor Reliability, Privacy, Child Safety.
    2. Have layered Security:
      [o]Antivirus :(only one):Both of the following programs are free and known to be good:
      [o]Avira-AntiVir-Personal-Free-Antivirus
      [o] [o]Avast-Free Antivirus
      [o]Firewall (only one): Use bi-directional firewall. Both of the following programs are free and known to be good:
      [o]Comodo
      [o]Zone Alarm
    3. Antimalware: I recommend all of the following:
      [o]Spywareblaster: SpywareBlaster protects against bad ActiveX.
      [o]Spybot Search & Destroy
    4. Updates: Stay current:
      [o] the Microsoft Download Sitefrequently. All updates marked Critical and the current SP updates.
      [o]Adobe Reader Install current, uninstall old.
      [o]Java Updates Install current, uninstall old.
    5. Tracking Cookies
      Reset Cookie:
      [o]For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> check 'override automatic Cookie handling'> check 'accept first party Cookies'> check 'Block third party Cookies'> check 'allow per session Cookies'> Apply> OK.
      [o]For Firefox: Tools> Options> Privacy> Cookies> check ‘accept Cookies from Sites’> Uncheck 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')
      I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
      AdBlock Plus
      Easy List
      [o]For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
    6. Do regular Maintenance
      [o] Temporary File Cleaner
    7. Restore Points:
      [o]See System Restore Guide
    8. Safe Email Handling
      [o] Don't open email from anyone you don't know.
      [o] Don't open Attachments in the email. Safe to your desktop and scan for viruses using a right click
      [o] Don't leave your personal email address on the internet. Have a separate email account at one of the free web-based emails like Yahoo.
    Please let me know if you find any bad link.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.